<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"><meta name="Generator" content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
border:none;
padding:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:328020171;
mso-list-type:hybrid;
mso-list-template-ids:-1728038584 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for starting this new thread.<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I am not expert in this space (yet) but let me see if I can repeat back what I think you are proposing. <o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Are you suggesting that for Resource Server (RS) be able to accept a standard profile authorization assertion (based on the UMA profile) from a standard (UMA-based) Authorization Server (AS)? <o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I maybe out of date but I seem to remember reading that the UMA profile states that the Authorization Policy service capabilities (as required to implement an AS) are out of scope for the UMA profile - as are the specific policies for how you label assets (network, applications, data) managed by the RS with access tokens that are registered with and managed by the AS. <o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">To echo back your language is your suggestion that </span><span style="font-size:14.0pt;font-family:"Cambria","serif";background:yellow;mso-highlight:yellow">it</span><span style="font-size:14.0pt;font-family:"Cambria","serif""> ^would^ <span style="background:yellow;mso-highlight:yellow">be simpler to have consistent patterns (libraries) implemented</span></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> that would address what the UMA profile has intentionally said is out of scope? I.e., <o:p></o:p></span></p><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman""> </span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">addressing the need for a standard way to label assets managed by the RS; and (?) <o:p></o:p></span></p><p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman""> </span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">a standard way to represent the inputs to an Authorization Policy Service<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In my mind this would allow us to not only solve the simple cases but also enable us to develop libraries that represent the applicable policy of a given Federal Reg or libraries of applicable state law that could be re-used by everyone. It might also enable the different associations to provide recommended policies to be adopted by their members and plugged into the solution following a period of local policy tweaking by a given institution or Agency.<o:p></o:p></span></p><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Am I getting this right?</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Aaron Seib, CEO<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">@CaptBlueButton <o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> (o) 301-540-2311<o:p></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">(m) 301-326-6843<o:p></o:p></span></p><p class="MsoNormal"><a href="nate-trust.org"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;text-decoration:none"><img border="0" width="205" height="48" id="Picture_x0020_1" src="cid:image001.jpg@01D0B8DE.515108A0"></span></a><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p><div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-heart [mailto:openid-specs-heart-bounces@lists.openid.net] <b>On Behalf Of </b>Kinsley, William<br><b>Sent:</b> Monday, July 06, 2015 8:45 PM<br><b>To:</b> openid-specs-heart@lists.openid.net<br><b>Subject:</b> [Openid-specs-heart] Flip the question of “Vanilla" OAuth vs. UMA<o:p></o:p></span></p></div></div><p class="MsoNormal"><o:p> </o:p></p><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">I am starting a new thread … I think we need to flip the question of “Vanilla" OAuth vs. UMA”. I feel confident that we are going to discover use cases that cannot be supported by “Vanilla” OAuth or would be greatly simplified by using UMA. <o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""> <o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Maybe the real question to ask is: Are there any augments (use case, technology restriction, cost, etc.) that justifies NOT using (requiring) UMA?<o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""> <o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">From a interoperability, quality, security and development perspective, would it be simpler to have consistent patterns (libraries) implemented that are more likely to be “drop-in compatible” without source changes. While the standard itself would be considered rigid, it would be flexible by the use and implementation of the UMA profiles. <o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif""> <o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">The caveat here is the resource server (RS) would need to be able to accept/process a UMA profile without developing custom code to interpret it. Would this require resource servers to adhere to a standard set of UMA profiles or a defined UMA profile taxonomy that could describe the healthcare consent models (if one exists)?<o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif"">Bill<o:p></o:p></span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><div style="margin-top:6.7pt;margin-bottom:6.7pt"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="1117" style="width:670.45pt;margin-left:5.4pt"><tr style="height:26.25pt"><td style="padding:.75pt .75pt .75pt .75pt;height:26.25pt"><p class="MsoNormal" align="right" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in;text-align:right"><span style="font-family:"Arial","sans-serif""> </span><o:p></o:p></p></td><td style="padding:.75pt .75pt .75pt .75pt;height:26.25pt"><p class="MsoNormal" align="right" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in;text-align:right"><span style="font-family:"Arial","sans-serif""><img border="0" width="181" height="50" id="_x0000_i1025" src="rtfimage://"></span><o:p></o:p></p></td></tr></table><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif";display:none"><o:p> </o:p></span></p><table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="1117" style="width:670.45pt;margin-left:5.4pt"><tr><td style="padding:.75pt 9.85pt .75pt 9.85pt"></td></tr></table><p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Cambria","serif";display:none"><o:p> </o:p></span></p><table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="1117" style="width:670.45pt;margin-left:5.4pt"><tr><td style="padding:.75pt .75pt .75pt .75pt"><p class="MsoNormal" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in"><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif"">William Kinsley<br></span></b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Enterprise Architect, Ambulatory<o:p></o:p></span></p><div><p class="MsoNormal" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in"><b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif"">NEXTGEN HEALTHCARE<br></span></b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif"">Solutions for: Ambulatory, Inpatient and Community Connectivity<br>795 Horsham Road, Horsham, PA 19044<br>(215) 657-7010 x21128 [o] <br><a href="mailto:BKinsley@nextgen.com">BKinsley@nextgen.com</a><o:p></o:p></span></p></div></td><td style="padding:.75pt .75pt .75pt .75pt"><p class="MsoNormal" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in"><span style="font-family:"Arial","sans-serif";color:blue"><a href="http://www.oneugm.com"><span style="text-decoration:none"><img border="0" width="248" height="92" id="_x0000_i1026" src="rtfimage://"></span></a></span><o:p></o:p></p></td></tr></table><div style="margin-top:6.7pt;margin-bottom:6.7pt"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="813" style="width:487.5pt;margin-left:5.4pt"><tr><td style="padding:.75pt .75pt .75pt .75pt"><p class="MsoNormal" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in"><b><i><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#E46C0A">Be ready for MU and ICD-10 in 2015. Start your EHR version 5.8 and KBM version 8.3 upgrade today. Get the resources you need at </span></i></b><span style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#E46C0A"><a href="http://www.nextgen.com/upgradecentral"><b><i><span style="color:#007CB9">www.nextgen.com/upgradecentral</span></i></b></a></span><o:p></o:p></p></td></tr></table><div style="margin-top:6.7pt;margin-bottom:6.7pt"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="820" style="width:492.0pt;margin-left:5.4pt"><tr><td style="padding:.75pt .75pt .75pt .75pt"><p class="MsoNormal" style="mso-margin-top-alt:6.7pt;margin-right:0in;margin-bottom:6.7pt;margin-left:0in"><span style="font-size:6.0pt;font-family:"Arial","sans-serif"">This message, and any documents attached hereto, may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. Thank you for your cooperation.</span><o:p></o:p></p></td></tr></table><div style="margin-top:6.7pt;margin-bottom:6.7pt"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div><div style="margin-top:6.7pt;margin-bottom:6.7pt"><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""> </span><span style="font-size:14.0pt;font-family:"Cambria","serif""><o:p></o:p></span></p></div></div></body></html>