<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Cambria",serif;
color:#44546A;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:58288323;
mso-list-type:hybrid;
mso-list-template-ids:894184746 -63933670 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.75in;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:3.25in;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.75in;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">This use case specifically includes the smart phone to introduce a common two-factor authentication process. As Justin said earlier, this and all the other use cases
can be used to branch off into modified versions. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Specifically I wanted to address three points:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">There are two different RP where one is designated by Alice as her single point of truth for her medical record.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Each system has implemented different levels of:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.25in;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">a.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Identity Proofing.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.25in;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">b.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Identity Verification.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.25in;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">c.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Credentialing and Authentication.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">3)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Which lead to the discussion of how the two systems (AS and RP) manage the trust relationship to support Alice’s ability to use single sign on (SSO).<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.25in;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">a.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Upgrading Alice’s weaker Identity Proofing and verification trust level from her PHR based on the PCP registration process (In person and government issued
photo ID vs. simple email).<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.25in;text-indent:-.25in;mso-list:l0 level2 lfo1">
<![if !supportLists]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><span style="mso-list:Ignore">b.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Allow the PCP’s system to authenticate Alice using her stronger two factor credential and authentication process provided by her PHR system.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A">Bill<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria",serif;color:#44546A"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Openid-specs-heart [mailto:openid-specs-heart-bounces@lists.openid.net]
<b>On Behalf Of </b>Justin Richer<br>
<b>Sent:</b> Wednesday, June 17, 2015 8:36 AM<br>
<b>To:</b> Maxwell, Jeremy (OS/OCPO); Debbie Bucci<br>
<b>Cc:</b> openid-specs-heart@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-heart] HEART Use Case: Alice Enrolls with PCP<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">I think you guys are putting too much stock in this use case. Keep in mind that the textual description in this specific use case isn't the only way any of this can transpire. If the patient doesn't have a smart
phone with them they can use the kiosk like in the original description. My workflow description was specifically to address the concern Sarah brought up of people not wanting to log in through the kiosk. Logging in to a remote IdP through a kiosk is already
worlds better than creating a local password (which would be just as susceptible to shoulder surfing security cameras and keylogging, and likely more dangerous). But if the RP is written correctly, we could support this case *also*.<br>
<br>
Each use case is but a tiny branch of the tree of possibilities. We're still deciding which branches we care about and which branches we prune in this group.<br>
<br>
-- Justin<o:p></o:p></p>
<div>
<p class="MsoNormal">On 6/17/2015 8:06 AM, Maxwell, Jeremy (OS/OCPO) wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">But that means 30 million Americans don't have a cell phones. What does the workflow look like for them? <br>
<br>
Sent from my iPhone<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Jun 17, 2015, at 7:17 AM, Debbie Bucci <<a href="mailto:debbucci@gmail.com">debbucci@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Tue, Jun 16, 2015 at 4:00 PM, Maxwell, Jeremy (OS/OCPO) <<a href="mailto:Jeremy.Maxwell@hhs.gov" target="_blank">Jeremy.Maxwell@hhs.gov</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Is a smart phone necessary for the use case work flow? What about folks that don’t have smart phones?
What about folks that don’t have a cell phone?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank"><br>
</a><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">According to PEW report in 2014 90% of adults have cell phones today 75% of them are smartphones. I'd say for this use case - its pretty close to the 80/20 rule<br>
<a href="http://www.pewinternet.org/data-trend/mobile/cell-phone-and-smartphone-ownership-demographics/">http://www.pewinternet.org/data-trend/mobile/cell-phone-and-smartphone-ownership-demographics/</a>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Certainly there are issues to deal with using cell (lost, stolen, replaced) an even short term alternatives must be available. What about use of tablets and other *mobile devices?*. I'd dare to say that a
significant number of those unable to use a cell phone - will have a delegate to stand in their stead.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</blockquote>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>