<div dir="ltr"><div><div><div><div><div><div>Debbie,<br><br></div>It's very important for both HEART and the UMA folks to be clear about this. <br><br></div>I don't want either UMA or HEART to create any "burden" on the RS unless there's a clear problem we're fixing. Sticking as close to FHIR as possible seems to be a way that we can avoid an extra burden on the RS. It places the burden of capturing and interpreting Alice's policies entirely on the authorization server. The RS could make Alice's AS job much easier by supporting Confidentiality Codes and other metadata as part of the scope process but that would certainly be an added burden on the RS and should be optional.<br><br></div>Introducing a HEART profile for some particular resource set that is not just plain FHIR seems to me to be a clear burden to the RS. Now they will have two overlapping standards to coordinate: FHIR and HEART, both talking about resources. Interoperability will also suffer because the rule is "be strict in what you offer and liberal in what you accept". A health RS strictly has to offer FHIR for all sorts of reasons including apps like SMART and participation in vendor networks like CommonWell, and directed exchange for the Precision Medicine Initiative.<br><br></div>For the other side of interoperability, the HEART RS must be liberal in what kinds of AS it accepts in order to make patient-directed exchange with HIPAA, non-HIPAA, 42CFR, Things, decision support, and all other clients willing to play by FHIR rules interoperable.<br><br></div>From the AS perspective, HEART can certainly profile subsets of FHIR, DAF, OpenID Connect, WebFinger, and other standards in order to improve the user experience but these would be optional to any particular RS and would not limit interoperability. <br><br></div>Adrian<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 2, 2016 at 10:52 AM, Debbie Bucci <span dir="ltr"><<a href="mailto:debbucci@gmail.com" target="_blank">debbucci@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Resource Set - what purpose it might serve. </div><div><br></div><div>Mind you - I don't know the thinking behind the UMA spec - but In the federated authentication environment when you are dealing with hundreds if not thousands for partners, a methods to group claims together has evolved to help ease the burden on the backend for those having to configure release policies for each and every partner. The ability for a RS to define resource sets that makes sense for their business - may have a similar effect.<br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div></div></div></div>
</blockquote></div><br></div></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><div dir="ltr">Adrian Gropper MD<span style="font-size:11pt"></span><br><br><span style="font-family:"Arial",sans-serif;color:#1f497d">PROTECT YOUR FUTURE - RESTORE Health Privacy!</span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>HELP us fight for the right to control personal health data.</span><span style="font-family:"Arial",sans-serif;color:#1f497d"></span><span style="font-family:"Arial",sans-serif;color:#1f497d"><br>DONATE:
<a href="http://patientprivacyrights.org/donate-2/" target="_blank"><span style="color:#0563c1">http://patientprivacyrights.org/donate-2/</span></a></span><span style="color:#1f497d"></span>
</div></div></div></div></div></div></div></div>
</div>