<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">For my two cents:<div class=""><br class=""></div><div class="">I’ve long said that while the resource server itself is always the ultimate authority on data flow (since it can blissfully ignore any other external inputs), there is a calculus of access rights that needs to occur before an authorization decision can be reached. This calculus is multivariable in nature, with both several inputs and outputs.</div><div class=""><br class=""></div><div class="">The UMA/OAuth access token is one such input variable. It contains aspects such as the scope or permission set, the authorizing party (user), the authorized party (client), and others. This is a powerful construct that can cross security domains. With the right tools (like the HEART profile will define) you can determine who made the token and who sent it and whether or not you care.</div><div class=""><br class=""></div><div class="">But it’s not the only input. The RS could have many other tools at its disposal, and in the healthcare space it likely will. You’ve got heuristic analysis, policy servers, firewalls and gateways, etc, all working along side the access token itself. So if a user get an access token from their personal authorization server, the RS is still going to check its local policies. Are they allowed to access this record at all? Do they only have access on a limited timescale? Are they asking from a suspicious IP address? When was the last time we saw this user in person, anyway? </div><div class=""><br class=""></div><div class="">And a yes/no decision isn’t the only output. Did the token tell me a set of scopes that would cause a privacy leak when used in combination? Is there another policy that would limit the information being sent in this response, no matter who’s asking? </div><div class=""><br class=""></div><div class="">All of this needs to be considered and pulled together for the request. Much of this needs to be expressed in a way that’s centralizable and cacheable, for performance and administration sanity sake. </div><div class=""><br class=""></div><div class="">At the end of the day, the user-managed authorization server is a very important part of this calculus and one of the ones that HEART is focusing on. But we’re not leaving out the organization’s authorization server either. We want to *enable* these different components in such a way that when they exist they can all work together.</div><div class=""><br class=""></div><div class="">You see, all we’re really trying to do here is change the world for the better.</div><div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 20, 2015, at 10:40 AM, Debbie Bucci <<a href="mailto:debbucci@gmail.com" class="">debbucci@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class=""><div style="font-size:13px" class="">Hesitant to speak up but since John asked ...</div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class="">With regard to UMA Authorization Servers, are you suggesting that we consider a mix of personally-controlled and institutionally-controlled Authorization Servers or just one or the other?</div><div style="font-size:13px" class=""><br class=""></div><div class=""><b class="">Mixed. I could see places where an Authorization service would/could be logically stood up outside an institutions borders (in case of Health IT - ACO, HIE etc). Additionally if these entities focus on patient/consumer value add service, those authorization services could/should allow the patient to add additional end points ...perhaps even federate with other known/trusted authorization services. Including Adrian's 5.00 a month service - providing the binding is strong enough to be trusted.</b></div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class="">With regard to interface scopes, are there particular scopes that should be considered before others?</div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class=""><b class="">Don't understand this question. I think its use case driven</b></div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class="">With regard to identity management and identity federation, would we consider patient ID before or after provider ID?</div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class=""><b class="">In order to access the API the identity negotiation would need to be completed upfront. In the in PoF demonstration - we repeated said it was out of scope but if you looked closely ... Alice did use a federated credential. John did bring up identity proofing/LOA/trust in one of the early calls. Even though we do not deal with it directly it does need to be represented/addressed and is a necessary part of the authorization/access "calculus". I know there are a number of folks on this list already tackling this problem space and are looking for way to integrate into these profiles/workflow. We should let them help us. </b></div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class="">With regard to patient matching and discovery, would we try to keep these in or out of scope for the early parts of the roadmap?</div><div style="font-size:13px" class=""><br class=""></div><div class=""><b class="">If we presume the patient is mediating in the center and has a a explicit binding to their resources - there are no matching issues. </b></div><div class=""><b style="font-size:13px" class=""><br class=""></b></div><div class=""><b style="font-size:13px" class="">Client dynamic registration and AS discovery would be in scope from my POV.</b></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><b class="">There has been a very promising discussion on the UMA list about a webfinger-ish personal discovery service. Not real yet though- a gap that I hope get closed in the near future.</b><br class=""></div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class="">Is there a class of providers or data holders (hospitals, payers, labs, public facilities, etc...) that we could prioritize? </div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class=""><b class="">Do we need to prioritize? Who's willing to share? Please let us know!</b></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><b class="">Separate concerns - </b></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><b class="">If we believe the JOSE/JWT is essential for secure data exchange - we should stand behind it not compromise.</b></div><div style="font-size:13px" class=""><b class="">If we unearth some real policy concerns (US and International) or gaps in the standards - how do we place in parking lot/acknowledge for others to tackle. Ae there folk on this list willing to take on some of those challenges?</b></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><b class="">Deb</b></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><b class="">P.S. Disclaimer - Deb's personal views mindfully sent using Deb's personal email.</b></div><div style="font-size:13px" class=""><br class=""></div><div style="font-size:13px" class=""><b class=""><br class=""></b></div><div style="font-size:13px" class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sun, Apr 19, 2015 at 9:47 PM, Adrian Gropper <span dir="ltr" class=""><<a href="mailto:agropper@healthurl.com" target="_blank" class="">agropper@healthurl.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Then this is an excellent discussion. It suggests that there's a roadmap and some metric for achievability.<div class=""><br class=""></div><div class="">For example:</div><div class=""><br class=""></div><div class="">With regard to UMA Authorization Servers, are you suggesting that we consider a mix of personally-controlled and institutionally-controlled Authorization Servers or just one or the other?</div><div class=""><br class=""></div><div class="">With regard to interface scopes, are there particular scopes that should be considered before others?</div><div class=""><br class=""></div><div class="">With regard to identity management and identity federation, would we consider patient ID before or after provider ID?</div><div class=""><br class=""></div><div class="">With regard to patient matching and discovery, would we try to keep these in or out of scope for the early parts of the roadmap?</div><div class=""><br class=""></div><div class="">Is there a class of providers or data holders (hospitals, payers, labs, public facilities, etc...) that we could prioritize? </div><span class="HOEnZb"><font color="#888888" class=""><div class=""><br class=""></div><div class="">Adrian</div><div class=""><br class=""></div><div class=""><br class=""></div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br class=""><div class="gmail_quote">On Sun, Apr 19, 2015 at 9:33 PM, Moehrke, John (GE Healthcare) <span dir="ltr" class=""><<a href="mailto:John.Moehrke@med.ge.com" target="_blank" class="">John.Moehrke@med.ge.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple" class=""><div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">I am not trying to limit the destination. I am trying to define the next achievable step. <u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">John<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class=""> <a href="mailto:agropper@gmail.com" target="_blank" class="">agropper@gmail.com</a> [mailto:<a href="mailto:agropper@gmail.com" target="_blank" class="">agropper@gmail.com</a>] <b class="">On Behalf Of </b>Adrian Gropper<br class=""><b class="">Sent:</b> Sunday, April 19, 2015 5:13 PM</span></p><div class=""><div class=""><br class=""><b class="">To:</b> Moehrke, John (GE Healthcare)<br class=""><b class="">Cc:</b> Eve Maler; <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank" class="">openid-specs-heart@lists.openid.net</a><br class=""><b class="">Subject:</b> Re: [Openid-specs-heart] HEART stepping stones<u class=""></u><u class=""></u></div></div><div class=""><br class="webkit-block-placeholder"></div><div class=""><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><p class="MsoNormal">Hello John,<u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><div class=""><p class="MsoNormal">There's no need for you to take my perspective personally. <u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><div class=""><p class="MsoNormal">"Data created fully by the patient" seems to be urging us to down-scope HEART to the non-HIPAA domain.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><div class=""><p class="MsoNormal">Adrian <u class=""></u><u class=""></u></p></div></div></div><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><p class="MsoNormal">On Sun, Apr 19, 2015 at 5:21 PM, Moehrke, John (GE Healthcare) <<a href="mailto:John.Moehrke@med.ge.com" target="_blank" class="">John.Moehrke@med.ge.com</a>> wrote:<u class=""></u><u class=""></u></p><div class=""><div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">Hi Adrian,</span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">Interesting misrepresentation of what I said. I am disappointed that you feel it necessary to misrepresent what I said. I am also disappointed that you feel it necessary to bring in other negative topics that I said nothing about. I am trying to find ground that we can progress forward on; while you seem to be just wanting to make personal assaults. </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">Looking for the constructive message in your comment, I think you are suggesting that we scope our efforts to the flow of information from the patient possession to points-elsewhere. I am fine with that kind of a scope. It also avoids the issues I was bringing up. I very much agree that data created fully by the patient is, and should be, totally controlled by the patient. This scope also avoids the concerns that encumber healthcare provider environments: Medical Ethics concerns, Safety concerns, and concerns of wrongful disclosure. </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class="">John</span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class=""> <a href="mailto:agropper@gmail.com" target="_blank" class="">agropper@gmail.com</a> [mailto:<a href="mailto:agropper@gmail.com" target="_blank" class="">agropper@gmail.com</a>] <b class="">On Behalf Of </b>Adrian Gropper<br class=""><b class="">Sent:</b> Sunday, April 19, 2015 12:42 PM<br class=""><b class="">To:</b> Moehrke, John (GE Healthcare)<br class=""><b class="">Cc:</b> Eve Maler; <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank" class="">openid-specs-heart@lists.openid.net</a><br class=""><b class="">Subject:</b> Re: [Openid-specs-heart] HEART stepping stones</span><u class=""></u><u class=""></u></p><p class="MsoNormal"> <u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal">John, I find your perspective both paternalistic and unscalable. <u class=""></u><u class=""></u></p><div class=""><div class=""><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">US healthcare is awash in lack of transparency and the result is $1Trillion of unwarranted care. It's paternalistic and incredibly self-serving to presume that just because the institution has been given a right to use patient data without any accountability as long as the data is for Treatment, Payment, or Operations or De-Identified, or "Break the Glass", or prescription drug monitoring, or just plain lack of segmentation for access, that it's good policy. The current regulations are the result of heavy and effective lobbying by a very well organized industry trying to protect its secrets by avoiding the HIPAA accounting for disclosures and and patient right of access because they're "too hard". Think of HEART as trying to fix the "too hard" problem.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">Your perspective is also unscalable as more and more health-related data originates in wearables as well home and environmental monitors, and then ends-up in trans-national analytics completely outside of the HIPAA regs. It's also unscalable as patient data such as genomes can no longer be collected under informed consent because nobody has any idea of how your genomic information will be interpreted three years from now and how that interpretation might affect you or your children. It's also unscalable as the ability to promise de-identification for research becomes less and less realistic.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">The simple fact is that surveillance, data processing, and data storage is now effectively free compared to the economic value of the patient data. Rent-seeking-behavior by politically astute institutions has been effective for the past few years but the natives are getting restless. If you want to read more: <a href="http://thehealthcareblog.com/blog/2015/04/16/last-chance-for-meaningful-use/" target="_blank" class="">http://thehealthcareblog.com/blog/2015/04/16/last-chance-for-meaningful-use/</a> and I hope you make the comments above on the blog.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">Adrian<u class=""></u><u class=""></u></p></div></div></div></div></div></div></div><p class="MsoNormal"><br class=""><br clear="all" class=""><u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><p class="MsoNormal">-- <u class=""></u><u class=""></u></p><div class=""><div class=""><p class="MsoNormal">Adrian Gropper MD<span style="font-size:7.5pt" class=""><br class=""></span><span style="font-size:10.0pt" class="">Ensure Health Information Privacy. Support Patient Privacy Rights.<br class=""><a href="http://patientprivacyrights.org/donate-2/" target="_blank" class="">http://patientprivacyrights.org/donate-2/</a><u class=""><span style="color:blue" class=""> </span></u></span><span style="font-size:11.0pt" class=""><u class=""></u><u class=""></u></span></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div></div></div></div></div></div></div></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div class=""><div dir="ltr" class="">Adrian Gropper MD<span style="font-size:11pt" class=""></span><font size="1" class=""><br class=""><font size="2" class="">Ensure Health Information Privacy. Support Patient Privacy Rights.<br class=""></font></font><span style="font-size:11pt" class=""><font size="1" class=""></font></span><font size="2" class=""><a href="http://patientprivacyrights.org/donate-2/" target="_blank" class=""><font color="blue" class=""><u class="">http://patientprivacyrights.org/donate-2/</u></font></a><font color="blue" class=""><u class=""> </u></font></font><span style="font-size:11pt" class=""></span><span style="font-size:11pt" class=""></span><span style="font-size:11pt" class=""><font size="1" class=""> <br class=""></font><div class=""></div></span><br class=""></div></div>
</div>
</div></div><br class="">_______________________________________________<br class="">
Openid-specs-heart mailing list<br class="">
<a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class="">
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank" class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br class="">
<br class=""></blockquote></div><br class=""></div>
_______________________________________________<br class="">Openid-specs-heart mailing list<br class=""><a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart<br class=""></div></blockquote></div><br class=""></div></body></html>