The patient experience. The current way I need to get OAuth key to grant access to my resources on the Google API is not user-friendly. I need my HEART resource servers like Google and Mass. General Hospital to support dynamic registration of _any_ clients that my HEART Authorization Server chooses to allow.<div><br></div><div>To put it another way, once I register my AS with the RS, the AS is delegated full control over what clients can access the resource and I should not have to log into the RS patient portal again (unless I chose to use a different AS). This is consistent with the recommendations of the API Task Force.<br><div><br></div><div>Adrian<br><br>On Tuesday, May 31, 2016, Glen Marshall [SRS] <<a href="mailto:gfm@securityrs.com">gfm@securityrs.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif">Why?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Glen F. Marshall<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Consultant<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Security Risk Solutions, Inc.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">698 Fishermans Bend<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Mount Pleasant, SC 29464<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Tel: (610) 644-2452
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Mobile: (610) 613-3084<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><a href="javascript:_e(%7B%7D,'cvml','gfm@securityrs.com');" target="_blank">gfm@securityrs.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><a href="http://www.securityrisksolutions.com/" target="_blank"><span style="color:#0563c1">www.SecurityRiskSolutions.com</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <a href="javascript:_e(%7B%7D,'cvml','agropper@gmail.com');" target="_blank">agropper@gmail.com</a> [mailto:<a href="javascript:_e(%7B%7D,'cvml','agropper@gmail.com');" target="_blank">agropper@gmail.com</a>]
<b>On Behalf Of </b>Adrian Gropper<br>
<b>Sent:</b> Tuesday, May 31, 2016 16:03<br>
<b>To:</b> Glen Marshall [SRS] <<a href="javascript:_e(%7B%7D,'cvml','gfm@securityrs.com');" target="_blank">gfm@securityrs.com</a>><br>
<b>Cc:</b> Debbie Bucci <<a href="javascript:_e(%7B%7D,'cvml','debbucci@gmail.com');" target="_blank">debbucci@gmail.com</a>>; Justin Richer <<a href="javascript:_e(%7B%7D,'cvml','jricher@mit.edu');" target="_blank">jricher@mit.edu</a>>; <a href="javascript:_e(%7B%7D,'cvml','openid-specs-heart@lists.openid.net');" target="_blank">openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] Pulling out Native Apps<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Sorry, dynamic registration is a MUST.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Adrian<br>
<br>
On Tuesday, May 31, 2016, Glen Marshall [SRS] <<a href="javascript:_e(%7B%7D,'cvml','gfm@securityrs.com');" target="_blank">gfm@securityrs.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif">I also agree to adding native apps.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif">As far as use cases for them, some will map on existing web app uses. But I can imagine a network connectivity hub, e.g., a medical
home, connecting to multiple apps on behalf of multiple native apps. Dynamic registration needs to be a supported option, but not mandatory in HEART’s model. I wonder what this means to scalability. </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Helvetica",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Glen F. Marshall</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Consultant</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Security Risk Solutions, Inc.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">698 Fishermans Bend</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Mount Pleasant, SC 29464</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Tel: (610) 644-2452
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Mobile: (610) 613-3084</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><a>gfm@securityrs.com</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><a href="http://www.securityrisksolutions.com/" target="_blank"><span style="color:#0563c1">www.SecurityRiskSolutions.com</span></a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Openid-specs-heart [mailto:<a>openid-specs-heart-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Debbie Bucci<br>
<b>Sent:</b> Tuesday, May 31, 2016 14:56<br>
<b>To:</b> Justin Richer <<a>jricher@mit.edu</a>><br>
<b>Cc:</b> <a>
openid-specs-heart@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-heart] Pulling out Native Apps</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p>So does that mean dynamic registration would not apply to native apps ?<u></u><u></u></p>
<p>Or could a device/native app/hub(?) dynamically connect for multiple apps? <u></u>
<u></u></p>
<p>Agree adding adding native apps<u></u><u></u></p>
<p>On May 31, 2016 11:54 AM, "Justin Richer" <<a>jricher@mit.edu</a>> wrote:<br>
><br>
> From a conversation in our sister iGov working group, we think there might be a gap in the current client descriptions in HEART. Namely, native applications aren’t called out as being separate from web-based clients. Newer techniques like PKCE can allow native
apps to connect more securely without per-instance registration, and software statements are going to be particularly important for these clients as well. There’s some question as to how we’ll manage key registration here, since we don’t want to encourage
packing the same private key in a million copies of a piece of software.<br>
><br>
> What we’re proposing is that we separate out recommendations and requirements for native apps (and desktop apps) as a fourth category alongside the current “full app”, “in-browser app”, and “batch-process app” categories.<br>
><br>
> Note that we’re not proposing, at this time, relaxing the requirement that the AS make dynamic registration available.<br>
><br>
> — Justin<br>
> _______________________________________________<br>
> Openid-specs-heart mailing list<br>
> <a>
Openid-specs-heart@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">
http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><u></u><u></u></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
-- <u></u><u></u></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Adrian Gropper MD<br>
<br>
<span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!<br>
HELP us fight for the right to control personal health data.<br>
DONATE: <a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span>
<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote></div></div><br><br>-- <br><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div><br>