[Openid-specs-heart] HEART WG MEETING Monday March 23

Sun Mar 15 14:15:41 UTC 2020

With the IETF107 meeting cancelled and virtual meetings scheduled, I had hope that the conflict would no longer be the case, but unfortunately this proposed meeting is exactly during the TxAuth virtual session now. As many of you know, TxAuth is a newly proposed working group in the IETF where I’m submitting the work I’ve been doing on XYZ (https://oauth.xyz/) that incorporates a lot of things from OAuth, OIDC, UMA, and their extensions into a simpler, more comprehensive protocol. This might one day turn into OAuth 3, but that’s far in the future if it happens. I do encourage everyone to follow along with the TXAuth mailing list in the IETF and hopefully join the working group when it comes online.

 — Justin

> On Mar 6, 2020, at 1:13 PM, Debbie Bucci <debbucci at gmail.com> wrote:
> 
> Hello All
> 
> My apologies I thought I posted this to the list
> 
> 
> If you have something to present (encouraged!) please let use know and  we will generate a new agenda to accommodate. 
> 
> ---------- Forwarded message ---------
> From: Adrian Gropper <agropper at healthurl.com <mailto:agropper at healthurl.com>>
> Date: Thu, Mar 5, 2020, 11:10 AM
> Subject: Re: [Openid-specs-heart] HEART WG MEETING Monday March 23
> To: Debbie Bucci <debbucci at gmail.com <mailto:debbucci at gmail.com>>
> 
> 
> Yes. I would like to present the Separation of Concerns work that is defining the overlap between IETF Oauth3 / transactional authorization and the SSI standards work. Justin and I are currently the only ones with a foot in both camps (UMA and SSI). That’s why I would prefer he be present but I can do my best anyway. 
> 
> I can also talk about HIE of One Trustee as the implementation of the current state of the art in these two camps, of course.
> 
> - Adrian 
> 
> On Thu, Mar 5, 2020 at 10:48 AM Debbie Bucci <debbucci at gmail.com <mailto:debbucci at gmail.com>> wrote:
> Hi Adrian
> 
> Agree it would be great if Justin were there as well but scheduling is tight on my end.   Hesitant to push out much further.  If we agree there is a path forward then we can discuss an alternate time that does not conflict with other schedules and time zone.
> 
> Starting a list .... we have 90 minutes.  We could dedicate a good portion of that time for presentations,  would you like to present something?
> 
> 
> 
> On Thu, Mar 5, 2020 at 9:48 AM Adrian Gropper <agropper at healthurl.com <mailto:agropper at healthurl.com>> wrote:
> Justin, IMHO, is essential for this meeting. I suggest we reschedule. 
> 
> - Adrian
> 
> On Thu, Mar 5, 2020 at 9:41 AM Justin Richer <jricher at mit.edu <mailto:jricher at mit.edu>> wrote:
> Unfortunately, this time conflicts with the OAuth working group meeting at IETF107 in Vancouver. As a consequence, I won’t be able to make it, as much as I’d like to.
> 
>  — Justin
> 
>> On Mar 4, 2020, at 4:20 PM, Debbie Bucci <debbucci at gmail.com <mailto:debbucci at gmail.com>> wrote:
>> 
>> Hi everybody,
>> 
>> We are convening a 90-minute HEART meeting on March 23 from 4:00pm Eastern time (our traditional start time) to gather and discuss possible paths forward for the group.
>> 
>> When: 1 PM PST/4 PM EST 
>> Duration: 1.5 hrs
>> Where: Gotomeeting  – https://global.gotomeeting.com/join/785234357 <https://global.gotomeeting.com/join/785234357>
>> After our specifications were approved as Implementer's Drafts, our Working Group went into a holding pattern for a little while to see what implementation experience would tell us.
>> 
>> Over the last couple of months, we, the co-chairs, have been approached by a number of people interested in the HEART profiles and/or hoping to extend the work we have done to date.   We believe it may be an opportune time for a discussion of where to go from here. 
>>    
>> We have been approached about the following discussion points/areas of focus.
>> 
>> Hear from and potentially incorporate work that has been done to support healthcare in other countries and from the Open Banking community.
>> Promoting the use of OpenID Connect/OAUTH2 Discovery.
>> Define `fhir_url` in Discovery and perhaps other endpoints.
>> Provide guidance for the use of Dynamic Client Registration.
>> Update the profiles to codify how IAL/AAL/FAL are transmitted in the id_token.
>> Fine-grained OAuth extensions – leveraging updated OAuth* work such as RAR/PAR.
>> Incorporating Decentralized Identity.
>> Providing guidance on how to choose FHIR Resource type patterns.
>> 
>> I assume those that have reached out to us are also following along on the list. We hope you or someone on your team(s) will join us.   
>> 
>> Comments/updates to the list of discussion points are appreciated.
>> 
>> _______________________________________________
>> Openid-specs-heart mailing list
>> Openid-specs-heart at lists.openid.net <mailto:Openid-specs-heart at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-heart <http://lists.openid.net/mailman/listinfo/openid-specs-heart>
> 
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net <mailto:Openid-specs-heart at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-heart <http://lists.openid.net/mailman/listinfo/openid-specs-heart>
> _______________________________________________
> Openid-specs-heart mailing list
> Openid-specs-heart at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-heart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20200315/ab5a3857/attachment.html>