<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I thought the working group would want to know about this white paper from Cerner:<div class=""><br class=""></div><div class=""><a href="https://github.com/whitehatguy/healthcare-authorization/blob/master/Framework for Three-Party Authentication and Authorization of HTTP-Delivered Services in a Healthcare Setting.pdf" class="">https://github.com/whitehatguy/healthcare-authorization/blob/master/Framework%20for%20Three-Party%20Authentication%20and%20Authorization%20of%20HTTP-Delivered%20Services%20in%20a%20Healthcare%20Setting.pdf</a></div><div class=""><br class=""></div><div class="">They’re looking at it over at the SMART/Argonauts project recently, and it contains some good things. (And also some bad things, like client-specified IDs with no registry.)</div><div class=""><br class=""></div><div class=""> — Justin<br class="">
<br class=""></div></body></html>