<div dir="ltr"><div><div><div>Unlike the OpenID Foundation, Integrating the Healthcare Enterprise (IHE) is structured to profile the practices of a particular segment of a particular vertical industry: the healthcare _Enterprise_. Authorization of machine-to-machine transactions secured by OAuth2-based protocols can be broader than any single vertical. Authorization can be as broad as authentication.<br><br></div>A broad perspective on authorization (and authentication) will provide healthcare enterprises the opportunity to integrate systems around _people_ that include wearables, home things, smartphones, and Internet patient communities.<br><br></div>HEART can make the assumption that HL7-FHIR adopted OAuth2 and is developing the FHIR standard so as to enable a broad and inclusive perspective on interoperability. In the ideal situation, our work in HEART will inform HL7 as to how to achieve people-centered integration compatible with healthcare-specific practices. <br><br>This leaves open the issue of whether enterprise software security practices are any different in healthcare than any other vertical. Much of that work is being done in IDESG. IHE can participate in IDESG to ensure that the Connectathon is represented as we develop the IDESG framework.<br><br></div>Adrian <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 14, 2015 at 10:43 AM, Justin Richer <span dir="ltr"><<a href="mailto:jricher@mit.edu" target="_blank">jricher@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">I absolutely agree that we need to interact with other groups, even participate in their discussions and events. The connectathons are interesting opportunities and I think that HEART could have a good fit there.<div><br></div><div>But that doesn’t mean that our documents won’t stand on their own in OIDF. I think it’s not a logical conclusion to say that interacting with other groups leads to publishing elsewhere, and that’s the point I was trying to make.<span class="HOEnZb"><font color="#888888"><div><br></div><div> — Justin</div></font></span><div><div class="h5"><div><br><div><blockquote type="cite"><div>On Oct 14, 2015, at 10:01 AM, Glen Marshall [SRS] <<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a>> wrote:</div><br><div>
<div bgcolor="#FFFFFF" text="#000000">
Justin,<br>
<br>
One of the reasons I mentioned IHE yesterday is that there are
annual events, called the Connectathons, in which people who have
implemented IHE profiles test for interoperability. The North
American Connectathon happens in January. Afterwards, Connectathon
participants exhibit their working solutions in the HIMSS
Interoperability Showcase. There is a similar Connectathon in
Europe. The number of vendors in the Connectathons is impressive,
and security is an essential infrastructure element for them. This
would help satisfy the pilot implementation need for HEART. <br>
<br>
The provenance and IP stewardship of the underlying standards for
IHE is very flexible. IHE adds healthcare use case profiling and
testing. There is also a lot of cross-membership between IHE, HL7,
DICOM, and other healthcare SDOs and consortia. It is a good portal
for introducing and coordinating health IT standardization.<br>
<br>
There is some early discussion among some IHE participants regarding
an update to the <a href="http://wiki.ihe.net/index.php?title=Internet_User_Authorization" target="_blank">Internet
User Authorization (IUA) profile.</a> The current profile uses
RFC 6749 and 6750 as the underlying standards. This is all related
to HL7 FHIR and SMART on FHIR. Argonaut is working on security in
parallel, as is the HL7 Security Workgroup. This is all quite
relevant to HEART.<br>
<br>
Your thoughts? <br>
<br>
Disclosure: I am one of the security test monitors at the annual
North American Connectathon and, in the past, was very active in IHE
and HL7 as well as other standardization work.<br>
<br>
Best,<br>
Glen<br>
<br>
<div><p><b>Glen F. Marshall</b><br>
Consultant<br>
Security Risk Solutions, Inc.<br>
698 Fishermans Bend<br>
Mount Pleasant, SC 29464<br>
Tel: <a href="tel:%28610%29%20644-2452" value="+16106442452" target="_blank">(610) 644-2452</a><br>
Mobile: <a href="tel:%28610%29%20613-3084" value="+16106133084" target="_blank">(610) 613-3084</a><br>
<a href="mailto:gfm@securityrs.com" target="_blank">gfm@securityrs.com</a><br>
<a href="http://www.securityrisksolutions.com/" target="_blank">www.SecurityRiskSolutions.com</a></p>
</div>
<br>
</div>
</div></blockquote></div><br></div></div></div></div></div><br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>