<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Correct, and at the time of binding there’s a *lot* more context available to make sure the matching is done correctly. The rest of the system flows from that match being made.<div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 18, 2015, at 10:34 AM, Maxwell, Jeremy (OS/OCPO) <<a href="mailto:Jeremy.Maxwell@hhs.gov" class="">Jeremy.Maxwell@hhs.gov</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)" class="">
<style class=""><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div lang="EN-US" link="blue" vlink="purple" class="">
<div class="WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">To parrot what I heard…identity matching happens at binding time not exchange time, therefore matching is not necessary to the exchange use case. Am I tracking?<o:p class=""></o:p></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span></p>
<div class="">
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" class=""><p class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class=""> Justin Richer [<a href="mailto:jricher@mit.edu" class="">mailto:jricher@mit.edu</a>]
<br class="">
<b class="">Sent:</b> Tuesday, August 18, 2015 10:12 AM<br class="">
<b class="">To:</b> Maxwell, Jeremy (OS/OCPO)<br class="">
<b class="">Cc:</b> Adrian Gropper; Sarah Squire; <a href="mailto:openid-specs-heart@lists.openid.net" class="">openid-specs-heart@lists.openid.net</a><br class="">
<b class="">Subject:</b> Re: [Openid-specs-heart] Draft HEART Meeting Notes 2015-08-17<o:p class=""></o:p></span></p>
</div>
</div><p class="MsoNormal"><o:p class=""> </o:p></p><p class="MsoNormal">Right, but they do it during the initial binding of alice’s identity and access tokens to the record. They don’t take in a bunch of attributes from Alice’s IdP and say, “oh, well, let’s go find some Alice that might fit this”. As long as
they have the right record up during the binding, then that same record can be pulled up by its local identifier. At that point, the system doesn’t even care that Alice is Alice, they just know that account X has access to record Y because of a specific (and
auditable) action.<o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><o:p class=""> </o:p></p>
</div>
<div class=""><p class="MsoNormal"> — Justin<o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><o:p class=""> </o:p></p>
</div>
<div class=""><p class="MsoNormal"><o:p class=""> </o:p></p>
<div class="">
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class="">
<div class=""><p class="MsoNormal">On Aug 18, 2015, at 9:51 AM, Maxwell, Jeremy (OS/OCPO) <<a href="mailto:Jeremy.Maxwell@hhs.gov" class="">Jeremy.Maxwell@hhs.gov</a>> wrote:<o:p class=""></o:p></p>
</div><p class="MsoNormal"><o:p class=""> </o:p></p>
<div class="">
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class="">Wait, I’m confused. I know we called identity matching out of scope, which I agree with, but what did I miss that it’s unnecessary? Even though Alice is mediating
the exchange, the provider still needs to know <i class="">which</i> Alice in the EHR, right?</span><o:p class=""></o:p></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D" class=""> </span><o:p class=""></o:p></p><p class="MsoNormal"><b class=""><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class="">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"" class=""> Openid-specs-heart [<a href="mailto:openid-specs-heart-bounces@lists.openid.net" class="">mailto:openid-specs-heart-bounces@lists.openid.net</a>]
<b class="">On Behalf Of </b>Adrian Gropper<br class="">
<b class="">Sent:</b> Monday, August 17, 2015 6:41 PM<br class="">
<b class="">To:</b> Sarah Squire<br class="">
<b class="">Cc:</b> <a href="mailto:openid-specs-heart@lists.openid.net" class="">openid-specs-heart@lists.openid.net</a><br class="">
<b class="">Subject:</b> Re: [Openid-specs-heart] Draft HEART Meeting Notes 2015-08-17</span><o:p class=""></o:p></p><p class="MsoNormal"> <o:p class=""></o:p></p><p class="MsoNormal">Great notes. One flaw:<o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"> <o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal">"<span style="font-size:10.0pt" class="">The data exchange in this use case is patient-mediated, so identity matching is necessary."</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"> <o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:10.0pt" class="">should be is NOT necessary.</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"> <o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:10.0pt" class="">Adrian</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" class=""><br class="">
</span><br class="">
On Monday, August 17, 2015, Sarah Squire <<a href="mailto:sarah@engageidentity.com" class="">sarah@engageidentity.com</a>> wrote:<o:p class=""></o:p></p>
<div class="">
<div class=""><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Attendees:</span></b><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Debbie Bucci</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Abbie Barbir</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Adrian Gropper</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">William Kinsley</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Glen Marshall</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Justin Richer</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Sarah Squire</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Michael Magrath</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Jim Kragh</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Josh Mandel</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Chad Evans</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Corey Spears</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Edmund Jay</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Jeremy Maxwell</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Andrew Hughes</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Eve Maler</span><o:p class=""></o:p></p>
</div><p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Notes:</span></b><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Alice Enrolls at PCP Use Case</span></b><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Justin’s comment was intended to convey that Alice should be able to login with whatever digital identity she chooses. We don’t want Alice to have to create multiple usernames
and passwords. </span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Is federated identity core to the HEART project? The ability to use federated identities is core to HEART, but they are not required.</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Identity proofing policies are out of scope for the HEART project</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Leveraging common identity attributes is a core part of the problem statement for this use case.
</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Are we using OIDC in this use case? Yes, we are.</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">The data exchange in this use case is patient-mediated, so identity matching is necessary.</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">We have now finalized this use case.</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">New Use Cases</span></b><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">We would like the next use case to involve UMA, and we would like to be able to influence and harmonize with the FHIR API. What is it that we must profile vs what FHIR must
profile?</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">We want to bias toward wide ecosystems.</span><o:p class=""></o:p></p>
</div><p class="MsoNormal"><br class="">
<span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class="">Adrian will elaborate on his use cases and we can discuss next week.</span><o:p class=""></o:p></p>
<div class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"" class=""><br clear="all" class="">
</span><o:p class=""></o:p></p>
<div class="">
<div class="">
<div class="">
<div class=""><p class="MsoNormal"><span style="color:#888888" class="">Sarah Squire</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="color:#888888" class="">Engage Identity</span><o:p class=""></o:p></p>
</div>
<div class=""><p class="MsoNormal"><span style="color:#888888" class=""><a href="http://engageidentity.com/" target="_blank" class=""><span style="color:#1155CC" class="">http://engageidentity.com</span></a></span><o:p class=""></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div><p class="MsoNormal"><br class="">
<br class="">
-- <o:p class=""></o:p></p>
<div class="">
<div class="">
<div class="">
<div class=""><p class="MsoNormal"> <o:p class=""></o:p></p>
<div class=""><p class="MsoNormal">Adrian Gropper MD<br class="">
<br class="">
<span style="font-family:"Arial","sans-serif";color:#1F497D" class="">RESTORE Health Privacy!<br class="">
HELP us fight for the right to control personal health data.<br class="">
DONATE: <a href="http://patientprivacyrights.org/donate-2/" target="_blank" class=""><span style="color:#0563C1" class="">http://patientprivacyrights.org/donate-2/</span></a></span>
<o:p class=""></o:p></p>
</div>
</div>
</div>
</div>
</div><p class="MsoNormal"> <o:p class=""></o:p></p>
</div><p class="MsoNormal">_______________________________________________<br class="">
Openid-specs-heart mailing list<br class="">
<a href="mailto:Openid-specs-heart@lists.openid.net" class="">Openid-specs-heart@lists.openid.net</a><br class="">
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" class="">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p class=""></o:p></p>
</div>
</blockquote>
</div><p class="MsoNormal"><o:p class=""> </o:p></p>
</div>
</div>
</div>
</div></blockquote></div><br class=""></div></body></html>