<div dir="ltr">Dale,<div><br></div><div>I am one of the leads on the FHIR Consent work. There is significant editing going on right now. The github site is a perspective into the editing process, it is the result of the continuous build. So what you see might be good stuff, or might be simply one random thought. </div><div><br></div><div>Is there a question?</div><div><br></div><div>John</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">John Moehrke<br>Principal Engineering Architect: Standards - Interoperability, Privacy, and Security<br>CyberPrivacy – Enabling authorized communications while respecting Privacy<br>M +1 920-564-2067<br><a href="mailto:JohnMoehrke@gmail.com" target="_blank">JohnMoehrke@gmail.com</a><br><a href="https://www.linkedin.com/in/johnmoehrke" target="_blank">https://www.linkedin.com/in/johnmoehrke</a><br><a href="https://healthcaresecprivacy.blogspot.com" target="_blank">https://healthcaresecprivacy.blogspot.com</a><br>"Quis custodiet ipsos custodes?" ("Who watches the watchers?")</div></div></div>
<br><div class="gmail_quote">On Wed, Jun 22, 2016 at 3:24 PM, Dale Moberg <span dir="ltr"><<a href="mailto:dale.moberg@orionhealth.com" target="_blank">dale.moberg@orionhealth.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<span>
<div dir="ltr">
<div style="margin-left:15px"><br>
<a href="http://hl7-fhir.github.io/consent.html" target="_blank">http://hl7-fhir.github.io/consent.html</a></div>
</div>
</span>
<div><br>
</div>
<div>From section 6.7.3</div>
<div>[…]</div>
<div>“ The enforcement of the Privacy Consent Directive is not included, but is expected that enforcement can be done using a mix of the various Access Control enforcement methodologies (e.g. OAuth, UMA, XACML). This enforcement includes the details of the
enforcement meaning of the elements of the Privacy Consent Directive, such as the rules in place when there is an opt-in consent would be specific about which organizational roles have access to what kinds of resources (e.g. RBAC, ABAC). The specification
of these details are not in scope for the Consent resource. "</div>
<span>
<div dir="ltr">
<div style="margin-left:15px"><br>
</div>
</div>
</span>
</div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>