[Openid-specs-heart] Bi-weekly HEART call starting Nov 6th - update of profiles

Sat Oct 28 03:39:12 UTC 2017

Eve, I was remiss in not thanking you for answering my question quite
effectively! Apologies.

We do need to look at where we go from here. I think starting with email
would be good.

Will people list their opinion for why HEART has zero uptake so far? Maybe
a vote is in order? Check your inbox...

Adrian

On Fri, Oct 27, 2017 at 10:57 PM Eve Maler <eve.maler at forgerock.com> wrote:

> We don't have to copy any of the SCA stuff, and in fact, I'm not even sure
> the FAPI profiles themselves reference SCA. They just underpin the OB
> specs. As I said, the FAPI profiles are like a *much more detailed,
> thorough, and restrictive version* of the profiles we have put together,
> targeted at a *much more detailed, specific, and demanding regulatory
> environment*.
>
> (Hey, you asked for description and color...)
>
>
> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
> Technology
> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
>
> On Fri, Oct 27, 2017 at 5:51 PM, Adrian Gropper <agropper at healthurl.com>
> wrote:
>
>> The bank analogy is concerning for healthcare. Banks take direct
>> responsibility for fraud, healthcare institutions pass responsibly to
>> physicians or to the patient. HEART needs to be clear about how we support
>> “Strong Customer Authentication”. We need to be clear that the customer is
>> the patient or the physician and not the client tech that they’re using.
>> Otherwise, SCA will be used as an excuse for information blocking by
>> introducing certification requirements for the client.
>>
>> Adrian
>>
>>
>> On Fri, Oct 27, 2017 at 1:23 PM Eve Maler <eve.maler at forgerock.com>
>> wrote:
>>
>>> Open Banking (see the website of its UK government-mandated
>>> Implementation Entity here <https://www.openbanking.org.uk>) is a
>>> regulation requiring at least the UK's biggest nine banks (the "CMA9", CMA
>>> standing for Competition Market Authority) to present a standard set of
>>> APIs to foster a payment initiation and account information application
>>> ecosystem, for giving customers choice. The open APIs in effect
>>> disintermediate credit card issuers and enable the use of bank accounts
>>> directly as payment instruments for things like paying Amazon (as a
>>> third-party client app) for buying an item etc. The OB approach and specs,
>>> which work with the OpenID Foundation's Financial API (FAPI
>>> <http://openid.net/wg/fapi/>) WG's specs, discourage "screen scraping"
>>> and encourage the by-now-familiar OAuth and OpenID Connect pattern of
>>> having the client app offer for the user to identify, and authenticate at,
>>> and authorize action through, a service (the bank). The regulation mandates
>>> "SCA", Strong Customer Authentication. The FAPI profiles are like a much
>>> more detailed, thorough, and restrictive version of the profiles we have
>>> put together, targeted at a much more detailed, specific, and demanding
>>> regulatory environment. OB operates in a broader EU regulatory context,
>>> PSD2 (Payment Services Directive 2). There is currently a "NextGenPSD2"
>>> effort being undertaken by The Berlin Group; a conference
>>> <https://www.berlin-group.org/nextgenpsd2-conference-2017> was held two
>>> days ago to start to collect input towards that.
>>>
>>>
>>> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
>>> Technology
>>> Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter:
>>> @xmlgrrl
>>>
>>> On Fri, Oct 27, 2017 at 8:15 AM, Adrian Gropper <agropper at healthurl.com>
>>> wrote:
>>>
>>>> I'm new to Open Banking. Is it related to Distributed Public Ledgers?
>>>> Can someone provide a bit more description and color?
>>>>
>>>> On Fri, Oct 27, 2017 at 7:53 AM, Debbie Bucci <debbucci at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello Everyone,
>>>>>
>>>>> Now that the fall conferences are winding down and the UMA 2.0 spec is
>>>>> nearing completion, we would like to start up the HEART WG for a few
>>>>> session/discussion and see where it might go from there.   Given the
>>>>> holiday seasons, starting Nov 6th seems to minimize holiday interruptions.
>>>>>
>>>>> On the short list of topics/potential actions  ...
>>>>>
>>>>> 1. Updating the UMA related profiles to reflect UMA 2.0
>>>>> 2. Given recent action of Open Banking and better understand of the
>>>>> SMART profiles,  I do think we missed the mark by not including public
>>>>> clients in the specs.   SMART (assumed trusted environment ) and Open
>>>>> Banking (probable us by 3rd party API) have different perspectives.
>>>>> Perhaps it referencing/Leveraging/aligning with other OpenID  Profiles --
>>>>> FAPI, igov, EAP  (?)
>>>>>
>>>>> If you are interested and have other topics - updates to the profile
>>>>> we should consider - please post to the list.
>>>>>
>>>>> Thanks in advance
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-heart mailing list
>>>>> Openid-specs-heart at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Adrian Gropper MD
>>>>
>>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>>> HELP us fight for the right to control personal health data.
>>>> DONATE: https://patientprivacyrights.org/donate-3/
>>>>
>>>> _______________________________________________
>>>> Openid-specs-heart mailing list
>>>> Openid-specs-heart at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>>
>>>>
>>> --
>>
>> Adrian Gropper MD
>>
>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>> HELP us fight for the right to control personal health data.
>> DONATE: https://patientprivacyrights.org/donate-3/
>>
>
> --

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20171028/dbb7223a/attachment.html>