[Openid-specs-heart] HEART WG MEETING Monday March 23

Steven Deng stevend_online at hotmail.com
Mon Mar 16 15:13:44 UTC 2020 

Thanks Justin for the clarification. Could you please share the TxAuth mailing list?

Regards,
Steven
________________________________
From: Openid-specs-heart <openid-specs-heart-bounces at lists.openid.net> on behalf of Justin Richer <jricher at mit.edu>
Sent: March 16, 2020 11:01 AM
To: Tom Jones <thomasclinganjones at gmail.com>
Cc: openid-specs-heart at lists.openid.net <openid-specs-heart at lists.openid.net>
Subject: Re: [Openid-specs-heart] HEART WG MEETING Monday March 23

Hi Tom,

XYZ is a project I’ve been working on for over a year and we have several implementations in a few languages. It’s far from perfect, but I am really pleased with where it’s going. XAuth is Dick Hardt’s proposed alternative protocol to solve what he considers to be the same space. I have a lot of problems with XAuth, which I’ve detailed on the TxAuth mailing list and will continue to discuss there. So far, XAuth is just a paper specification, I am not aware of any implementations. As the WG forms, it will create a TxAuth specification, which will likely be based on XYZ or XAuth but with aspects and/or features of both. That decision hasn’t been made yet.

I’m also involved in the DID standards space. The communities are solving different problems in related spaces, and the solutions can work together. XYZ explicitly calls out a few places where this can happen, including returning a VC from the Tx response, providing a DID as a key identifier, etc. I think that it can provide a bridge between the HTTP and DIDCOMM worlds through the security protocol layer.

 — Justin

On Mar 15, 2020, at 11:11 AM, Tom Jones <thomasclinganjones at gmail.com<mailto:thomasclinganjones at gmail.com>> wrote:

How is this different from the xauth proposal from dick hardt. It seems like w3c did and dif- com are working on solutions as well. I guess we have a whole alphabet soup of competing solutions to pick from.

thx ..Tom (mobile)

On Sun, Mar 15, 2020, 7:33 AM Justin Richer <jricher at mit.edu<mailto:jricher at mit.edu>> wrote:
With the IETF107 meeting cancelled and virtual meetings scheduled, I had hope that the conflict would no longer be the case, but unfortunately this proposed meeting is exactly during the TxAuth virtual session now. As many of you know, TxAuth is a newly proposed working group in the IETF where I’m submitting the work I’ve been doing on XYZ (https://oauth.xyz/) that incorporates a lot of things from OAuth, OIDC, UMA, and their extensions into a simpler, more comprehensive protocol. This might one day turn into OAuth 3, but that’s far in the future if it happens. I do encourage everyone to follow along with the TXAuth mailing list in the IETF and hopefully join the working group when it comes online.

 — Justin

On Mar 6, 2020, at 1:13 PM, Debbie Bucci <debbucci at gmail.com<mailto:debbucci at gmail.com>> wrote:

Hello All

My apologies I thought I posted this to the list


If you have something to present (encouraged!) please let use know and  we will generate a new agenda to accommodate.

---------- Forwarded message ---------
From: Adrian Gropper <agropper at healthurl.com<mailto:agropper at healthurl.com>>
Date: Thu, Mar 5, 2020, 11:10 AM
Subject: Re: [Openid-specs-heart] HEART WG MEETING Monday March 23
To: Debbie Bucci <debbucci at gmail.com<mailto:debbucci at gmail.com>>


Yes. I would like to present the Separation of Concerns work that is defining the overlap between IETF Oauth3 / transactional authorization and the SSI standards work. Justin and I are currently the only ones with a foot in both camps (UMA and SSI). That’s why I would prefer he be present but I can do my best anyway.

I can also talk about HIE of One Trustee as the implementation of the current state of the art in these two camps, of course.

- Adrian

On Thu, Mar 5, 2020 at 10:48 AM Debbie Bucci <debbucci at gmail.com<mailto:debbucci at gmail.com>> wrote:
Hi Adrian

Agree it would be great if Justin were there as well but scheduling is tight on my end.   Hesitant to push out much further.  If we agree there is a path forward then we can discuss an alternate time that does not conflict with other schedules and time zone.

Starting a list .... we have 90 minutes.  We could dedicate a good portion of that time for presentations,  would you like to present something?



On Thu, Mar 5, 2020 at 9:48 AM Adrian Gropper <agropper at healthurl.com<mailto:agropper at healthurl.com>> wrote:
Justin, IMHO, is essential for this meeting. I suggest we reschedule.

- Adrian

On Thu, Mar 5, 2020 at 9:41 AM Justin Richer <jricher at mit.edu<mailto:jricher at mit.edu>> wrote:
Unfortunately, this time conflicts with the OAuth working group meeting at IETF107 in Vancouver. As a consequence, I won’t be able to make it, as much as I’d like to.

 — Justin

On Mar 4, 2020, at 4:20 PM, Debbie Bucci <debbucci at gmail.com<mailto:debbucci at gmail.com>> wrote:

Hi everybody,

We are convening a 90-minute HEART meeting on March 23 from 4:00pm Eastern time (our traditional start time) to gather and discuss possible paths forward for the group.


  *
When: 1 PM PST/4 PM EST
  *
Duration: 1.5 hrs
  *   Where: Gotomeeting  – https://global.gotomeeting.com/join/785234357

After our specifications were approved as Implementer's Drafts, our Working Group went into a holding pattern for a little while to see what implementation experience would tell us.

Over the last couple of months, we, the co-chairs, have been approached by a number of people interested in the HEART profiles and/or hoping to extend the work we have done to date.   We believe it may be an opportune time for a discussion of where to go from here.



We have been approached about the following discussion points/areas of focus.


  *
Hear from and potentially incorporate work that has been done to support healthcare in other countries and from the Open Banking community.
  *
Promoting the use of OpenID Connect/OAUTH2 Discovery.
  *
Define `fhir_url` in Discovery and perhaps other endpoints.
  *
Provide guidance for the use of Dynamic Client Registration.
  *
Update the profiles to codify how IAL/AAL/FAL are transmitted in the id_token.
  *
Fine-grained OAuth extensions – leveraging updated OAuth* work such as RAR/PAR.
  *
Incorporating Decentralized Identity.
  *
Providing guidance on how to choose FHIR Resource type patterns.

I assume those that have reached out to us are also following along on the list. We hope you or someone on your team(s) will join us.

Comments/updates to the list of discussion points are appreciated.

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart
_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20200316/c05711c6/attachment.html>

More information about the Openid-specs-heart mailing list