<p dir="ltr">This follows aligns with ... W3C provenance work (?)</p>
<div class="gmail_quote">On Nov 9, 2015 1:00 PM, "Sarah Squire" <<a href="mailto:sarah@engageidentity.com">sarah@engageidentity.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Ah! That's an interesting model. Thank you for clarifying. I hadn't considered the possibility of combining different resources to achieve specific security goals. That might be a useful architecture to have in a HEART context.</div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Mon, Nov 9, 2015 at 8:59 AM, Moehrke, John (GE Healthcare) <span dir="ltr"><<a href="mailto:John.Moehrke@med.ge.com" target="_blank">John.Moehrke@med.ge.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Sarah,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Fantastic review. As the co-chair in Security that covers the FHIR specification, I want to point out a fact that you might have missed. The Provenance resource can cover any other resource, and thus can cover an AuditEvent. You pointed out that the AuditEvent doesn’t include a signature, well none of the other FHIR resources include a signature. When a signature is needed across a resource a Provenance resource is used for that purpose. There are many use-cases that call upon signatures for non-repudiation or source validation; rather than duplicate this all over the place HL7 FHIR has one special resource, the Provenance, for this purpose. Such as prescribing narcotics, authoring an observation, etc. So, when an AuditEvent needs a signature a Provenance resource would be included with a signature.  In this way FHIR is intended to be compose-able. So, an AuditEvent can be signed just like anything else. <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">John<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Sarah Squire<br><b>Sent:</b> Saturday, November 07, 2015 10:59 AM<br><b>To:</b> <a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a><br><b>Subject:</b> [Openid-specs-heart] Events in UMA, FHIR, and HEART<u></u><u></u></span></p><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">On the call this week, we discussed the overlap between </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__api.consentreceipt.org_doc_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=pkx9qbM2emEy0TZIkp8_xBFSCyR9dAwSbfmxQdohRog&s=5GdWN0sr0deuzEbkTba0Xw5x-XC8JFg1Q5VZS_95lwg&e=" target="_blank"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">consent receipts</span></a><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black"> (or auditable transaction receipts) and FHIR </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__hl7.org_implement_standards_fhir_auditevent.html&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=pkx9qbM2emEy0TZIkp8_xBFSCyR9dAwSbfmxQdohRog&s=5Pfw5Fjk1zDwzlCWNzKmLBq_Vci7tIRkTlOVDE3REIo&e=" target="_blank"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Resource AuditEvents</span></a><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black"> and </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__hl7.org_implement_standards_fhir_provenance.html&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=pkx9qbM2emEy0TZIkp8_xBFSCyR9dAwSbfmxQdohRog&s=uBkaR28kpcrFpwNWDtOI4hhUbF4RRCyR-R2vwpbRC00&e=" target="_blank"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Resource Provenance</span></a><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">. I took an action item to compare the three, and here’s what I found. Please keep in mind throughout that FHIR is an established standard, while consent receipt is not yet. Both projects are subject to change.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">In the context of a </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__iiw.idcommons.net_Consent-5FReceipts-5Fin-5FUMA&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=pkx9qbM2emEy0TZIkp8_xBFSCyR9dAwSbfmxQdohRog&s=VxgoRcPZ9EsVZXH3w4MqIIQR6aWWv7_rIVq45fZoQfk&e=" target="_blank"><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">facilitated workshop</span></a><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black"> at IIW last week, we came to the conclusion that there were many events in a generic UMA workflow where data was exchanged, but only two - 1. Alice configures her AS, and  2. Bob presents claims - where actual “consent” was taking place. We discussed the possibility of having two different kinds of receipts - a consent receipt for when a person is consenting, and an auditable transaction receipt for when data is being exchanged between security boundaries so that both sides of that exchange have signed record of the transaction.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">This is interesting because the FHIR project broke out their events in a similar fashion. Rather than talking about data exchange and consent, they talk about data usage and generation. Data generation is handled by Resource Provenance while data usage is handled by Resource AuditEvent.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">If you’ll come with me down into the weeds, these are the fields that are common to all three:</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">subject/actor/participant</span><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">purpose of use</span><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">policy URL</span><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">timestamp</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Of the fields that are not common, I would like to point out some interesting differences:</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">signature</span></b><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Provenance and consent receipts are both signed, while AuditEvents are not. This is interesting because our group conceived of an auditable event receipt that would be signed by one party and “given” to another. AuditEvents have a record of both parties, but no cryptographic proof.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">subject/object</span></b><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">AuditEvents have a concept of a “subject” and an “object” that might be very useful in a HEART context. Consent receipts have similar “subject” and “issuer” fields.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">period/lifecycle</span></b><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Both FHIR specifications define some kind of bounded time period. This is very interesting because it’s a concept we don’t have in HEART or consent receipts. HEART doesn't yet have any use cases that involve information lifecycle, expiration, or permission revocation. That’s probably something we should look at as a group.</span><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">location/jurisdiction</span></b><u></u><u></u></p><p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">Consent receipts have a jurisdiction field, but not location. Both FHIR specs have location, but not jurisdiction. Do the lawyers in the room have an opinion on whether these are relevant in a HEART context? One? Both? Neither?</span><u></u><u></u></p><p class="MsoNormal"><br><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black">I would love to hear some feedback from the group on what events and/or receipts in HEART would look like. </span><u></u><u></u></p><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:black"><br clear="all"></span><u></u><u></u></p><div><div><div><div><p class="MsoNormal"><span style="color:#888888">Sarah Squire<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="color:#888888">Engage Identity<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="color:#888888"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__engageidentity.com_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=pkx9qbM2emEy0TZIkp8_xBFSCyR9dAwSbfmxQdohRog&s=mlyIZoTbn_wDu6prERBFoN36Cpw1Xcp0kwqsiMfy9jk&e=" target="_blank"><span style="color:#1155cc">http://engageidentity.com</span></a><u></u><u></u></span></p></div></div></div></div></div></div></div></div></div></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div>