[Openid-specs-heart] Bi-weekly HEART call starting Nov 6th - update of profiles

Sat Oct 28 00:51:09 UTC 2017

The bank analogy is concerning for healthcare. Banks take direct
responsibility for fraud, healthcare institutions pass responsibly to
physicians or to the patient. HEART needs to be clear about how we support
“Strong Customer Authentication”. We need to be clear that the customer is
the patient or the physician and not the client tech that they’re using.
Otherwise, SCA will be used as an excuse for information blocking by
introducing certification requirements for the client.

Adrian

On Fri, Oct 27, 2017 at 1:23 PM Eve Maler <eve.maler at forgerock.com> wrote:

> Open Banking (see the website of its UK government-mandated Implementation
> Entity here <https://www.openbanking.org.uk>) is a regulation requiring
> at least the UK's biggest nine banks (the "CMA9", CMA standing for
> Competition Market Authority) to present a standard set of APIs to foster a
> payment initiation and account information application ecosystem, for
> giving customers choice. The open APIs in effect disintermediate credit
> card issuers and enable the use of bank accounts directly as payment
> instruments for things like paying Amazon (as a third-party client app) for
> buying an item etc. The OB approach and specs, which work with the OpenID
> Foundation's Financial API (FAPI <http://openid.net/wg/fapi/>) WG's
> specs, discourage "screen scraping" and encourage the by-now-familiar OAuth
> and OpenID Connect pattern of having the client app offer for the user to
> identify, and authenticate at, and authorize action through, a service (the
> bank). The regulation mandates "SCA", Strong Customer Authentication. The
> FAPI profiles are like a much more detailed, thorough, and restrictive
> version of the profiles we have put together, targeted at a much more
> detailed, specific, and demanding regulatory environment. OB operates in a
> broader EU regulatory context, PSD2 (Payment Services Directive 2). There
> is currently a "NextGenPSD2" effort being undertaken by The Berlin Group; a
> conference <https://www.berlin-group.org/nextgenpsd2-conference-2017> was
> held two days ago to start to collect input towards that.
>
>
> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
> Technology
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
>
> On Fri, Oct 27, 2017 at 8:15 AM, Adrian Gropper <agropper at healthurl.com>
> wrote:
>
>> I'm new to Open Banking. Is it related to Distributed Public Ledgers? Can
>> someone provide a bit more description and color?
>>
>> On Fri, Oct 27, 2017 at 7:53 AM, Debbie Bucci <debbucci at gmail.com> wrote:
>>
>>> Hello Everyone,
>>>
>>> Now that the fall conferences are winding down and the UMA 2.0 spec is
>>> nearing completion, we would like to start up the HEART WG for a few
>>> session/discussion and see where it might go from there.   Given the
>>> holiday seasons, starting Nov 6th seems to minimize holiday interruptions.
>>>
>>> On the short list of topics/potential actions  ...
>>>
>>> 1. Updating the UMA related profiles to reflect UMA 2.0
>>> 2. Given recent action of Open Banking and better understand of the
>>> SMART profiles,  I do think we missed the mark by not including public
>>> clients in the specs.   SMART (assumed trusted environment ) and Open
>>> Banking (probable us by 3rd party API) have different perspectives.
>>> Perhaps it referencing/Leveraging/aligning with other OpenID  Profiles --
>>> FAPI, igov, EAP  (?)
>>>
>>> If you are interested and have other topics - updates to the profile we
>>> should consider - please post to the list.
>>>
>>> Thanks in advance
>>>
>>> _______________________________________________
>>> Openid-specs-heart mailing list
>>> Openid-specs-heart at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>
>>>
>>
>>
>> --
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: https://patientprivacyrights.org/donate-3/
>>
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>
>>
> --

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20171028/f18b7ba2/attachment.html>