[Openid-specs-heart] Bi-weekly HEART call starting Nov 6th - update of profiles
Eve Maler
eve.maler at forgerock.com
Sat Oct 28 04:37:32 UTC 2017
I’m not sure we have zero uptake; there may be uses in the wild. In any case:
- None of the specs are official finalized, which could be one simple reason. Busy deplores might look at specs labeled “draft” and say “I’ll wait”.
- UMA 2.0 had been in flux, causing us to wait on our finalization process. We don’t have to put that off any longer.
- Serving the needs of public client ecosystems could be another, or maybe the profiles are missing other features (as Debbie mused).
- It may be that general awareness of what the profiles do is too low. My CIS talk (linked from our home page) was one attempt to get specifics out. I can also share a new doc at our next meeting that would be a good companion guide for implementers along with the profiles. (It walks through 2-3 realistic messaging flows.)
Eve (from my iPad)
> On Oct 27, 2017, at 8:39 PM, Adrian Gropper <agropper at healthurl.com> wrote:
>
> Eve, I was remiss in not thanking you for answering my question quite effectively! Apologies.
>
> We do need to look at where we go from here. I think starting with email would be good.
>
> Will people list their opinion for why HEART has zero uptake so far? Maybe a vote is in order? Check your inbox...
>
> Adrian
>
>
>
>> On Fri, Oct 27, 2017 at 10:57 PM Eve Maler <eve.maler at forgerock.com> wrote:
>> We don't have to copy any of the SCA stuff, and in fact, I'm not even sure the FAPI profiles themselves reference SCA. They just underpin the OB specs. As I said, the FAPI profiles are like a much more detailed, thorough, and restrictive version of the profiles we have put together, targeted at a much more detailed, specific, and demanding regulatory environment.
>>
>> (Hey, you asked for description and color...)
>>
>> Eve Maler
>> ForgeRock Office of the CTO | VP Innovation & Emerging Technology
>> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
>>
>>
>>> On Fri, Oct 27, 2017 at 5:51 PM, Adrian Gropper <agropper at healthurl.com> wrote:
>>> The bank analogy is concerning for healthcare. Banks take direct responsibility for fraud, healthcare institutions pass responsibly to physicians or to the patient. HEART needs to be clear about how we support “Strong Customer Authentication”. We need to be clear that the customer is the patient or the physician and not the client tech that they’re using. Otherwise, SCA will be used as an excuse for information blocking by introducing certification requirements for the client.
>>>
>>> Adrian
>>>
>>>
>>>> On Fri, Oct 27, 2017 at 1:23 PM Eve Maler <eve.maler at forgerock.com> wrote:
>>>> Open Banking (see the website of its UK government-mandated Implementation Entity here) is a regulation requiring at least the UK's biggest nine banks (the "CMA9", CMA standing for Competition Market Authority) to present a standard set of APIs to foster a payment initiation and account information application ecosystem, for giving customers choice. The open APIs in effect disintermediate credit card issuers and enable the use of bank accounts directly as payment instruments for things like paying Amazon (as a third-party client app) for buying an item etc. The OB approach and specs, which work with the OpenID Foundation's Financial API (FAPI) WG's specs, discourage "screen scraping" and encourage the by-now-familiar OAuth and OpenID Connect pattern of having the client app offer for the user to identify, and authenticate at, and authorize action through, a service (the bank). The regulation mandates "SCA", Strong Customer Authentication. The FAPI profiles are like a much more detailed, thorough, and restrictive version of the profiles we have put together, targeted at a much more detailed, specific, and demanding regulatory environment. OB operates in a broader EU regulatory context, PSD2 (Payment Services Directive 2). There is currently a "NextGenPSD2" effort being undertaken by The Berlin Group; a conference was held two days ago to start to collect input towards that.
>>>>
>>>> Eve Maler
>>>> ForgeRock Office of the CTO | VP Innovation & Emerging Technology
>>>> Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
>>>>
>>>>
>>>>> On Fri, Oct 27, 2017 at 8:15 AM, Adrian Gropper <agropper at healthurl.com> wrote:
>>>>> I'm new to Open Banking. Is it related to Distributed Public Ledgers? Can someone provide a bit more description and color?
>>>>>
>>>>>> On Fri, Oct 27, 2017 at 7:53 AM, Debbie Bucci <debbucci at gmail.com> wrote:
>>>>>> Hello Everyone,
>>>>>>
>>>>>> Now that the fall conferences are winding down and the UMA 2.0 spec is nearing completion, we would like to start up the HEART WG for a few session/discussion and see where it might go from there. Given the holiday seasons, starting Nov 6th seems to minimize holiday interruptions.
>>>>>>
>>>>>> On the short list of topics/potential actions ...
>>>>>>
>>>>>> 1. Updating the UMA related profiles to reflect UMA 2.0
>>>>>> 2. Given recent action of Open Banking and better understand of the SMART profiles, I do think we missed the mark by not including public clients in the specs. SMART (assumed trusted environment ) and Open Banking (probable us by 3rd party API) have different perspectives. Perhaps it referencing/Leveraging/aligning with other OpenID Profiles -- FAPI, igov, EAP (?)
>>>>>>
>>>>>> If you are interested and have other topics - updates to the profile we should consider - please post to the list.
>>>>>>
>>>>>> Thanks in advance
>>>>>>
>>>>>> _______________________________________________
>>>>>> Openid-specs-heart mailing list
>>>>>> Openid-specs-heart at lists.openid.net
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Adrian Gropper MD
>>>>>
>>>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>>>> HELP us fight for the right to control personal health data.
>>>>> DONATE: https://patientprivacyrights.org/donate-3/
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-heart mailing list
>>>>> Openid-specs-heart at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-heart
>>>>>
>>>>
>>>
>>> --
>>>
>>> Adrian Gropper MD
>>>
>>> PROTECT YOUR FUTURE - RESTORE Health Privacy!
>>> HELP us fight for the right to control personal health data.
>>> DONATE: https://patientprivacyrights.org/donate-3/
>>
>
> --
>
> Adrian Gropper MD
>
> PROTECT YOUR FUTURE - RESTORE Health Privacy!
> HELP us fight for the right to control personal health data.
> DONATE: https://patientprivacyrights.org/donate-3/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20171027/ba746490/attachment.html>
More information about the Openid-specs-heart
mailing list