<p dir="ltr">So. I think best step forward is to say that some magic will happen on the resource server side that will tag data using the _confidentiality codes. This should include patient UX that aids with this setting. Yes it is known today this is poorly done. Default is N when it is not set. </p>
<p dir="ltr">But setting the tags on the RS is not in HEART scope. It is a precondition.</p>
<p dir="ltr">UMA will control authorization to the various _confidentiality levels. </p>
<p dir="ltr">UMA can also control resource types.</p>
<p dir="ltr">UMA can also control specific instances of a resource.</p>
<p dir="ltr">Nice clean separation.</p>
<p dir="ltr">John</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Jul 26, 2016 2:56 PM, "Eve Maler" <<a href="mailto:eve.maler@forgerock.com">eve.maler@forgerock.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">No, sorry, I meant UMA resource set types -- semantic types, not security labels. Yikes.<div><br></div><div><a href="https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#resource-set-desc" style="font-size:12.8px" target="_blank">https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#resource-set-desc</a></div><div><br></div><div>In other words, we should be defining a profile that literally standardizes UMA resource set types, because that's the only thing in UMA that makes sense to standardize.</div><div><br></div><div>I promise never to leave off a qualifying name again, cross my heart. (Uh, no pun intended.)<br><div><br></div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br><b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">are coming to</a> <b>Sydney, London, and Paris!</b></p></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 26, 2016 at 12:26 PM, John Moehrke <span dir="ltr"><<a href="mailto:johnmoehrke@gmail.com" target="_blank">johnmoehrke@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">You are reinventing the securityLabels solution that already exists and that I have recommended. It is frustrating that this committee can't focus in what UMA does and leverage the work others have already put in place.</p><span><font color="#888888">
<p dir="ltr">John</p></font></span><div><div>
<div class="gmail_extra"><br><div class="gmail_quote">On Jul 26, 2016 12:06 PM, "Eve Maler" <<a href="mailto:eve.maler@forgerock.com" target="_blank">eve.maler@forgerock.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">If we have Alice check off the FHIR resources she wants to share individually and not share them as a prepackaged "first visit" bundle, then a number of things get a bit easier for the services involved (though the "HIV problem" doesn't get solved).<div><br></div><div>We can next set about defining UMA resource sets and their attendant scopes for that list of FHIR resources. Note that the scopes <i>can</i> be unique per resource set, but need not be.</div><div><br></div><div>I recommend that we plan for these to be profiled UMA resource set <b>types</b>. Alice's instance of a medication list type would differ from Carol's, which would differ from David's, and so on.</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" value="+14253456756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br><b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">are coming to</a> <b>Sydney, London, and Paris!</b></p></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Jul 25, 2016 at 7:19 PM, Nancy Lush <span dir="ltr"><<a href="mailto:nlush@lgisoftware.com" target="_blank">nlush@lgisoftware.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">Hello all,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">My sense is that we want to start with a simple example. Like, Alice can choose which resources she wants to share. Those can be from the list Debbie displayed today or the list I sent – or whatever the final list turns out to be. (The list can be changed later.) But that list is a list of ‘FHIR Resources’. Alice can choose to share either all, or she can specify which in the list she wishes to share. (I think this is consistent with Adrian’s most recent ‘b’ point.)<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">While we can have resource sets, I don’t think we need to confuse the conversation with that yet.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">Also, we have talked about confidentiality codes and the desire to have Alice share her conditions, but exclude her HIV condition. I think as a group we would like to be able to do that, but because it is confusing it takes us off track. Just temporarily, let’s skip that detail. <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">If we start with Alice’s ability to share the FHIR resources, we can work that through the more technical issues, and reach a point where we agree. We can then add additional detail on top of that.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">As a group we all come from different places, often each of those very different places are technical in nature. As a result, one term can have different meanings to each individual. I think we are close. The next step would be to define the flow for this, then bring it back to the team for review.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79">-Nancy<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12.0pt;color:#1f4e79"><u></u> <u></u></span></p><table border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse"><tbody><tr style="height:1.0pt"><td width="342" colspan="2" valign="top" style="width:256.7pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><div style="border:none;border-bottom:solid windowtext 1.5pt;padding:0in 0in 1.0pt 0in"><p class="MsoNormal" style="line-height:115%;border:none;padding:0in"><span style="font-size:8.0pt;line-height:115%;color:#1f4e79"><u></u> <u></u></span></p></div><p class="MsoNormal" style="line-height:115%"><span style="font-size:8.0pt;line-height:115%;color:#1f4e79"><u></u> <u></u></span></p></td></tr><tr style="height:1.0pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><b><span style="font-size:10.0pt;line-height:115%;color:#222a35">Nancy Lush </span></b><b><span style="font-size:10.0pt;line-height:115%;color:#222a35"><u></u><u></u></span></b></p></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><a href="mailto:nancy.lush@lgisoftware.com" target="_blank">nancy.lush@lgisoftware.com</a></span><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><u></u><u></u></span></p></td></tr><tr style="height:1.0pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><b><span style="font-size:10.0pt;line-height:115%;color:#222a35">Lush Group, Inc<u></u><u></u></span></b></p></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79">Office: <a href="tel:%28401%29%20423-9111" value="+14014239111" target="_blank">(401) 423-9111</a></span><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><u></u><u></u></span></p></td></tr><tr style="height:1.0pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79">28 Narragansett Ave<u></u><u></u></span></p><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79">PO Box 651</span><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><u></u><u></u></span></p></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><a href="http://www.lgisoftware.com" target="_blank">www.lgisoftware.com</a></span><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"> <u></u><u></u></span></p><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79">Cell:<a href="tel:%28401%29%20965-9347" value="+14019659347" target="_blank">(401) 965-9347</a><u></u><u></u></span></p></td></tr><tr style="height:1.0pt"><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79">Jamestown, RI 02835<u></u><u></u></span></p></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt;height:1.0pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><u></u> <u></u></span></p></td></tr><tr><td width="342" colspan="2" valign="top" style="width:256.7pt;padding:0in 5.75pt 0in 5.75pt"><p class="MsoNormal" style="line-height:115%"><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><img width="153" height="50" style="width:1.5937in;min-height:.5208in" src="cid:image001.gif@01D1E6C2.AB567930" alt="LGI_logo_small"></span><span style="font-size:10.0pt;line-height:115%;color:#1f4e79"><u></u><u></u></span></p></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="139" valign="top" style="width:1.45in;padding:0in 5.75pt 0in 5.75pt"></td><td width="203" valign="top" style="width:152.3pt;padding:0in 5.75pt 0in 5.75pt"></td></tr><tr><td width="342" colspan="2" valign="bottom" style="width:256.7pt;padding:0in 5.75pt 0in 5.75pt"></td></tr></tbody></table><p class="MsoNormal"><span style="color:#1f4e79"><u></u> <u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div></div>
</div></div></blockquote></div><br></div>
</blockquote></div></div>