<div dir="ltr">Hi all,<div><br></div><div>This is the use case that Eve has been hashing out on the call for a few weeks now: <a href="https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR">https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR</a></div><div><br></div><div>Is there anything specifically added by the NYP form that has not already been covered?</div><div><br></div><div>Sarah</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(136,136,136)">Sarah Squire</div><div style="color:rgb(136,136,136)">Engage Identity</div><div style="color:rgb(136,136,136)"><a href="http://engageidentity.com/" style="color:rgb(17,85,204)" target="_blank">http://engageidentity.com</a></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 19, 2016 at 5:43 AM, Adrian Gropper <span dir="ltr"><<a href="mailto:agropper@healthurl.com" target="_blank">agropper@healthurl.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Debbie,<br><br></div><div>In case it's not on the HEART servers, I've put a copy of the NYP Authorization Form here: <a href="https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf" target="_blank">https://dl.dropboxusercontent.com/u/8909568/NYP%20authorization.pdf</a><br></div><div><br></div>Mapping the NYP Authorization Form to actual UMA protocol is way above my pay grade. Here's as far as I get (inline):<br><div class="gmail_extra"><span class=""><br>In the case of Alice authorizing Dr. Bob:</span><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><ul><li>Alice is the Resource Owner <b>[Yes. Notice that we have to handle the case where Alice has a Representative sign for her as at the bottom of the form]</b><br></li></ul></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><ul><li>The requested resource set - is the protected resource. <b>[Someone else needs to propose the mapping to standards]</b> <br></li><span class=""><ul><li>The resource set would need to have date range. </li><li>Form indicates that release of sensitive information is explicitly OPT-IN so a confidentiality code of V (very sensitive) would not release HIV-AIDS/Mental Health/Genetics/Substance Abuse unless explicitly asked for (as a scope?).</li></ul></span><li>Can the Authorization server sign the RPT(ROI) on behalf of Alice?<b> [Yes. That's the whole point of UMA and HEART as far as I can tell.]</b><br></li><li>Probably good hygiene to recommend that claims re: Bob's medical affiliation be recorded as part of the audit or consent receipt if unable to include as part of RPT process. <b>[Maybe but it seems peripheral.]</b><br></li></ul></div></blockquote><div>It's important to note that this form is labeled by NYP as an "authorization" and represents UMA Phase 2 where Dr. Bob is on the scene. Whoever proposes a mapping to standards needs to also deal with UMA Phase 1 where Alice or her representative tells NYP the address of her UMA Authorization Server. This happens before Bob is on the scene and is what I would call "consent".<br><br></div><div>For the purpose of HEART, could we call UMA Phase 1 consent and UMA Phase 2 authorization?<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Adrian <br></div></font></span></div><br></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>