[Openid-specs-heart] Draft HEART Meeting Notes 2017-04-25

Sarah Squire sarah at engageidentity.com
Tue Apr 25 21:08:05 UTC 2017 

Attending:

Debbie Bucci

Celestin Bitjonck

Edmund Jay

Eve Maler

Justin Richer

Luis Maas

Nancy Lush

Sarah Squire

Thomas Sullivan

Justin:

There are two changes to the OAuth FHIR profile. The description of the
document has changed to clarify that this applies to any FHIR resource.
That was always the intent. There’s also new guidance about the patient
compartment. We also have new examples of scopes.

Luis:

We might also want to reference the URL of the FHIR specification, but
people could find it from the patient compartment website. We might want to
say that the normative definitions of these are governed by FHIR, not by us.

Justin:

Agreed. That should be easy to do.

We have changed a MAY to a SHOULD with regard to ETH scopes. I think that
still gives enough wiggle room for people to disregard it in special
circumstances.

We changed section 2.1 to talk about resources or compartments, since
talking about a compartment might be more valuable.

We changed compartments and scope definitions in the UMA FHIR spec.

Eve:

Can you say more about compartments?

Debbie:

It’s a resource type that’s commonly referenced in FHIR implementations.

Eve:

Great. That makes sense to me.

Justin:

If people can propose example text on the list, that would be very helpful.

We also took out purpose of use. We might see it come back in in a
different place, but I don’t think that we were using it well.

Nancy:

I think the VA might have been using it. I’ll ask them.

Luis:

Fundamentally, it’s an assertion by the user, similar to break the glass

Justin:

Right, break the glass is a scope.

Luis:

Does the break the glass section belong in the OAuth spec or the UMA spec?

Justin:

It’s in both. It’s defined in OAuth and referenced in UMA.

Thomas:

I just sent the break the glass text used by the VA.

Debbie:

Is emergency access different from break the glass?

Luis:

So typically hipaa describes emergency access as like when the system is
down, whereas break the glass is getting access to something you wouldn’t
normally have.

Debbie:

So really we’re talking about break the glass.

Luis:

Right.

Debbie:
So there’s no meeting next Monday. We have an open review period and then a
vote, and then they’re published as implementer’s drafts. It was suggested
by the OpenID Foundation that once the drafts are final, we should still
keep the group active so implementers can ask questions.

Sarah Squire
Engage Identity
http://engageidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170425/00234ab7/attachment.html>

More information about the Openid-specs-heart mailing list