<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Philips-Logo;}
@font-face
{font-family:"Microsoft Sans Serif";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m still a little confused on the identity federation being out of scope. A comment was made today on the call to what I understood that clinical organizations
would not accept outside identity systems. But I would assume if Alice had a PHR that it would be unaffiliated with a particular health care organization and therefore have its own Identity Provider. To link up the PHR and the EHR you would have to establish
trust. I would have thought that using OpenID Connect or just OAuth to solve this would have been a key part of HEART. Is it out of scope just for the use case we have been discussing recently? I can understand why the proofing part would be out of scope.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">And also, hi everyone. I’ve been listening for a couple of weeks but haven’t been able to actively participate. I hope to be able to contribute more going forward.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>
Chad<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Chad Evans<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Software Architect</span><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> HealthSuite DigitalPlatform</span><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:Philips-Logo;color:#0070C0">Philips</span><span style="font-size:8.0pt;font-family:"Microsoft Sans Serif","sans-serif";color:#993366"> </span><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Healthcare</span><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+1770-731-0821 (office)</span><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Calibri","sans-serif";color:#1F497D">+1770-330-5228 (cell)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-heart [mailto:openid-specs-heart-bounces@lists.openid.net]
<b>On Behalf Of </b>Eve Maler<br>
<b>Sent:</b> Friday, August 14, 2015 1:16 PM<br>
<b>To:</b> Danny van Leeuwen<br>
<b>Cc:</b> openid-specs-heart@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-heart] Identity Federation?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Danny-- Identity federation is the process of a service or application, such as a website (like an EHR portal) accepting the results of user authentication having been performed by a different service (like a government eID system or
a bank or the AMA, or some other trustworthy party). It's federated, vs. local, because even though the EHR portal has an account for you, they don't have to perform the login duties for that account themselves -- it comes from afar (like a federation of states
or planets :-) that work together).<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">When people say "<b>an</b> identity federation", they usually mean a group of organizations that have agreed to work together under a standard agreement that lays out the responsibilities and rights of the parties. Trusting someone else
to do authentication for you is a big step. If the person's identity needs to have been proofed too (what we've been talking about lately -- the mapping of someone's identity credential to a real-world person), then the trustworthiness requirements on the
"identity provider" go way up. Facebook, for example, simply won't do.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<p><b>Eve Maler<br>
</b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>
Join our <a href="http://forgerock.org/openuma/" target="_blank">ForgeRock.org OpenUMA</a> community!<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Fri, Aug 14, 2015 at 9:07 AM, Danny van Leeuwen <<a href="mailto:danny@health-hats.com" target="_blank">danny@health-hats.com</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">What is Identity Federation?<br>
<br>
On Tuesday, August 11, 2015, <<a href="mailto:openid-specs-heart-request@lists.openid.net" target="_blank">openid-specs-heart-request@lists.openid.net</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">Send Openid-specs-heart mailing list submissions to<br>
<a href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">
http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:openid-specs-heart-request@lists.openid.net">openid-specs-heart-request@lists.openid.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:openid-specs-heart-owner@lists.openid.net">openid-specs-heart-owner@lists.openid.net</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Openid-specs-heart digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Draft HEART Meeting Notes 2015-08-10 (Aaron Seib)<br>
2. Draft HEART Meeting Notes 2015-08-10 (Adrian Gropper)<br>
3. Re: Draft HEART Meeting Notes 2015-08-10 (Aaron Seib)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 11 Aug 2015 09:34:58 -0400<br>
From: "Aaron Seib" <<a href="mailto:aaron.seib@nate-trust.org">aaron.seib@nate-trust.org</a>><br>
To: "'Adrian Gropper'" <<a href="mailto:agropper@healthurl.com">agropper@healthurl.com</a>>, "'Kinsley, William'"<br>
<<a href="mailto:BKinsley@nextgen.com">BKinsley@nextgen.com</a>><br>
Cc: <a href="mailto:openid-specs-heart@lists.openid.net">openid-specs-heart@lists.openid.net</a><br>
Subject: Re: [Openid-specs-heart] Draft HEART Meeting Notes 2015-08-10<br>
Message-ID: <05f601d0d43a$84d61a40$8e824ec0$@<a href="http://nate-trust.org" target="_blank">nate-trust.org</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I am confused or might have a friendly amendment for what you are trying to communicate.<br>
<br>
<br>
<br>
Are you positing to the group that item (3) is out of scope because it is an Identity Federation feature and by definition not part of the charter of the HEART project?<br>
<br>
<br>
<br>
If that is what you are saying could you please tell me who is working on enabling the inclusion of the PCP?s Identity Proofing of Alice in determining the level of assurance associated with her accounts (in any system ? PHR, EMR or the portals thereof)?<br>
<br>
<br>
<br>
This is what I am trying to discover. When the PCP has a patient-provider relationship established with Alice and he is provide with Alice?s URL to her AS I am very interested in how we can reuse this ID proofing event to increase the level of assurance associated
with Alice?s AS. There are many ways to remote Identity proof Alice that have cost associated with them. If we can capture the ID Proofing event (I assume that a URL and some unique Identifier related to Alice is required in the HEART transactions when Alice
has her privacy preferences configured in an AS that has multiple users) from when the PCP trust the URL/GUID associated with Alice for an AS it would create value too.<br>
<br>
<br>
<br>
In other words ? how do we make it possible for relying parties other than Alice?s PCP to discover that her PCP has come to trust the binding of Alice?s Identity to a specific URL/ID for her AS?<br>
<br>
<br>
<br>
Is that being discussed anywhere other than the HEART project?<br>
<br>
<br>
<br>
<br>
<br>
Aaron Seib, CEO<br>
<br>
@CaptBlueButton<br>
<br>
(o) <a href="tel:301-540-2311" target="_blank">301-540-2311</a><br>
<br>
(m) <a href="tel:301-326-6843" target="_blank">301-326-6843</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1">The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified
that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.<br>
</font>
</body>
</html>