[Openid-specs-heart] Draft HEART Meeting Notes 2016-11-28

Mon Nov 28 22:13:37 UTC 2016

I wasn't taking notes but I found the structiring of the work in terms of
Q1-6 very helpful.

Q1 - do we need to profile standard friendly names for resources?
Q2 -
Q3 - do we need to profile patient metadata obfuscation methods?
Q4 - are there any ways to verify claims other than A, B, C? (A=AS
verified, B=RS verified, C=federation verified)
Q5 -
Q6 - do we need to profile the semantics for claims?

Can anyone remember Q2 and Q5?

Adrian

On Mon, Nov 28, 2016 at 5:00 PM Sarah Squire <sarah at engageidentity.com>
wrote:

> Light notes this week since we mostly walked through the use case that Eve
> and Nancy have been working on which will be sent out to the list shortly.
>
>
> Attending:
>
> Debbie Bucci
>
> Adrian Gropper
>
> Celestin Bitjonck
>
> Edmund Jay
>
> Eve Maler
>
> Glen Marshall
>
> Jim Kragh
>
> Jin Wen
>
> Luis Maas
>
> Nancy Lush
>
> Sarah Squire
>
> Scott Shorter
>
> Thomas Sullivan
>
> Walter Kirk
>
> Eve:
>
> We’ve been winnowing down the resources we think people should focus on.
> We want to help people think with the lens of UMA. We might want to profile
> what normal people would say in natural English. So “medicines I take”
> might be friendlier than “current medications”
>
> Adrian:
>
> So we’re saying that our goal is that two RSs would describe the same
> words to describe a resource?
>
> Eve:
>
> We should decide whether or not to standardize that.
>
> Glen:
>
> Well, this might not be as straightforward as you might think to map these
> to FHIR resources.
>
> Adrian:
>
> Is it allowed for a server to list the FHIR resource itself? Rather than
> the friendly name?
>
> Eve:
>
> So we need to decide whether we want friendly names at all, and then
> whether we want to suggest or require them. We have a use case for
> proactive Alice sharing including notifications.
>
> Nancy:
>
> Is it okay to notify the client what Alice’s patient ID is? If the FHIR
> interface knows it and sends it over the wire, then the client should be
> able to know it and send it over the wire.
>
> Adrian:
>
> Why do we need a patient ID?
>
> Eve:
>
> All we really need is the resource endpoint, we don’t need Alice’s patient
> ID. You can notify Dr. Erica with knowledge of that endpoint. We probably
> want the client to pass all the trust elevation tests before it can see the
> URL with a patient ID in it. We don’t want a patient id in the clear.
>
> Nancy:
>
> We really tried to make this as simple as possible.
>
> Eve:
>
> We’re trying to replicate what Google has already done with document
> sharing in a loosely coupled protocol.
>
> Sarah Squire
> Engage Identity
> http://engageidentity.com
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20161128/d0b90777/attachment-0001.html>