<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">OpenID Foundation can support the proposed F2F at the HIMSS</div><div class=""><br class=""></div><div class="">We often look to member direct funding to support the cost of meeting rooms etc.</div><div class=""><br class=""></div><br class=""><div class="">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="">Don Thibeau</div><div class=""><a href="http://openid.net" class="">The OpenID Foundation</a></div><div class=""><br class=""></div></span><br class="Apple-interchange-newline">
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 28, 2015, at 10:08 AM, Debbie Bucci <<a href="mailto:debbucci@gmail.com" class="">debbucci@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Roll call/stats:
There were 21 on the call, 11/19 were voting members 4 additional IPRs
this week</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Meeting notes approval by John Bradley</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">HEART Timeline (Deb
Bucci) The charter says 12-18 months for completion - that includes profiles implemented with
working reference and implementations in the wild. </p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Tentative schedule:</p><p class="MsoNormal">Now until April</p><p class="MsoNormal">• Identify use
cases</p><p class="MsoNormal">• Technology
level set </p><p class="MsoNormal">• Divide Use
cases into obvious groupings – see if can be resolved with existing Profile
work</p><p class="MsoNormal">• Discuss
existing pilot/demonstration – reference implementations that may inform profile</p><p class="MsoNormal">• F2F @ HIMSS </p><p class="MsoNormal">May – Aug</p><p class="MsoNormal">• Release
first round of profiles</p><p class="MsoNormal">• Start
/encourage pilots</p><p class="MsoNormal">• Dig into the
more complex use cases</p><p class="MsoNormal">Sept – Dec</p><p class="MsoNormal">• Work through
the more complex us case – possibly identify gaps in standards </p><p class="MsoNormal">• Release
second round of profiles</p><p class="MsoNormal">Jan – ?</p><p class="MsoNormal">• Access and
regroup</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Common Terminology - (Eve Maler) Eve introduced various
terms that would be used within the different profiles and highlighted some the
commonalities and difference. </p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>IdP
= identity provider</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>RP
= relying party</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>user
= user trying to achieve single sign-on (SSO)</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>RO
= resource owner (user trying to achieve controlled sharing – could be same as
SSO user)</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>AS
= authorization server (could be the same as IdP)</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>RS
= resource server (could be the same as AS)</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>C
= client</p><p class="" style=""><span style="font-size:10pt;font-family:Symbol" class="">·<span style="font-size:7pt;font-family:'Times New Roman'" class=""> </span></span>RqP
= requesting party (user trying to achieve authorized access – could be same as
RO)</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Comment from the discussion</p><p class="MsoNormal">• OAuth has no
IDP or PR – Client(API) – focus is to get to the service</p><p class="MsoNormal">• UMA
introduces controlled sharing with someone else – introduced Alice to Bob
sharing – requesting party</p><p class="MsoNormal">• There are
clear use case where multi-parties doing authn/authz job</p><p class="MsoNormal">• Software or
person may have multiple roles example – enable sharing</p><p class="MsoNormal">• Could apply
to a Person/patient caregiver or provider.
Think of Person as one class of user/resource. This enables reuse to support other use cases
such as moving information between provider to provider – or referrals without
having to create new profiles.</p><div class=""> <br class="webkit-block-placeholder"></div><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Use Case Format (Deb and Eve) - Deb provided and except from the ACE Use
case format for discussion as a possible format to gather use case <a href="http://datatracker.ietf.org/doc/draft-ietf-ace-usecases/?include_text=1" class="">http://datatracker.ietf.org/doc/draft-ietf-ace-usecases/?include_text=1</a></p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Feedback on doc:</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">The format is useful until it gets in the way of the work
and should be viewed with the appropriate lens.
Its as good to get started to develop common terms etc but less useful
to tightly bind with the profile creation process.</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Our approach going forward:</p><p class="MsoNormal">Deb will work with OIDF to understand how to access the wiki
space and we will define a template for those who wish to use it. Suggested elements</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Capture /classifying </p><p class="MsoNormal">• Who are the
actors</p><p class="MsoNormal">• What data</p><p class="MsoNormal">• What are the
sticking points</p><p class="MsoNormal">• Potential
problems</p><p class="MsoNormal">• Limitations</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Where possible try to neutrally state the problem. </p><p class="MsoNormal">Write use cases from multiple perspectives </p><p class="MsoNormal">Identify Use cases for multiple purposes</p><p class="MsoNormal">Use cases past mustard with subject matter experts. As we
collect them, we should vet them with authoritative sources.</p><p class="MsoNormal">Not necessary to be technology specific – write in plain
English and capture wants and goals</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Suggested Initial Use cases:</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Kathleen Connor has been the lead on the Privacy on FHIR use
case/story board. That work has been
vetted with clinicians within the VA.
Perhaps we can put her on the spot for next week</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Further explore the use cases Justin Richer introduced that
are tied to the Secure RESTful Interface
Profile – <a href="http://secure-restful-interface-profile.github.io/pages/" class="">http://secure-restful-interface-profile.github.io/pages/</a> </p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Explore the Restful Health Exchange (RHEX) use case
developed for the Federal Health Architecture (FHA) a couple of years ago </p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Blue Button Restful API (is that the same as SMART?) Use case</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Virtual Clipboard is a potential candidate but that work is
just beginning. Catherine Shulten will
focus on her work with Virtual Patient Registration</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Eve suggested we should explore the National Cybersecurity Center of Exellence (NCCOE) mobile PHR use
case</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Adrian Gropper is working on a High Security Use case</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">Deb Bucci will work with (? Did not capture who mentioned)
on a home healthcare use case.</p><div class=""> <br class="webkit-block-placeholder"></div><div class=""> <br class="webkit-block-placeholder"></div><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">We will take 15 minutes over the next few weeks for
technology level set</p><div class=""> <br class="webkit-block-placeholder"></div><p class="MsoNormal">• OAUTH – 2/2</p><p class="MsoNormal">• OpenID
Connect – 2/9</p><p class="MsoNormal">• UMA 2/16</p><div class=""> <br class="webkit-block-placeholder"></div><div class=""> <br class="webkit-block-placeholder"></div>
</div>
_______________________________________________<br class="">Openid-specs-heart mailing list<br class=""><a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart<br class=""></div></blockquote></div><br class=""></body></html>