<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>Hi Eve,<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>These are desirable scenarios, but start to add different complications. I am suggesting that we do the simple case (Share all) for the first pass.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>FYI, we discussed your second point in the meeting. We discussed using the medication statement (medications) as an example in the first use case.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>I think there are other complications around ‘first visit’ that will quickly get us back in the mud. While this is something that will be valued by patients, if we address it first I think it will confuse our core objectives. I also think that if we define our core user stories, the implementers will find ways to implement this particular objective.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'>-Nancy<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Eve Maler [mailto:eve.maler@forgerock.com] <br><b>Sent:</b> Tuesday, September 13, 2016 7:49 AM<br><b>To:</b> Nancy Lush <nlush@lgisoftware.com><br><b>Cc:</b> Sarah Squire <sarah@engageidentity.com>; HEART List <openid-specs-heart@lists.openid.net><br><b>Subject:</b> Re: [Openid-specs-heart] Draft HEART Meeting Notes 2016-09-12<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>I thought "first visit" was the specific circumstance that gave form, shape, and purpose to <i>why</i> Alice was sharing her data in the first place (for example, different data may be involved if it's a first visit vs. if it's a switch in doctors, which means the resource set profiling might be different). Otherwise, why is Alice taking this action?<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>(Another circumstance could be "Alice shares her medication list (or allergies list) with her husband". This is something I'd like to do.)<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>But I may be wrong.<o:p></o:p></p></div></div></div><div><p class=MsoNormal><br clear=all><o:p></o:p></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br><b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">are coming to</a> <b>London and Paris!</b><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Tue, Sep 13, 2016 at 1:31 PM, Nancy Lush <<a href="mailto:nlush@lgisoftware.com" target="_blank">nlush@lgisoftware.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'>In keeping with the objective of ‘</span><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>we need to significantly narrow this document</span><span style='font-family:"Calibri",sans-serif;color:#1F497D'>’ we should not be diverted by the “first visit” in this first pass. That should be added to the list of ‘challenges’ that need to be discussed and addressed later. We are having difficulty just finishing one simple user story using the full set of technology we would like to use. We are continually bogged down in the exceptions.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'>Keep it simple, that is complicated enough: Alice proactively gives Dr. Bob access to all of her basic data.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'>I suspect that once we walk through this story completely, then the others will be much simpler to expand.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'>-Nancy</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Openid-specs-heart [mailto:<a href="mailto:openid-specs-heart-bounces@lists.openid.net" target="_blank">openid-specs-heart-bounces@lists.openid.net</a>] <b>On Behalf Of </b>Eve Maler<br><b>Sent:</b> Tuesday, September 13, 2016 4:34 AM<br><b>To:</b> Sarah Squire <<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>><br><b>Cc:</b> HEART List <<a href="mailto:openid-specs-heart@lists.openid.net" target="_blank">openid-specs-heart@lists.openid.net</a>><br><b>Subject:</b> Re: [Openid-specs-heart] Draft HEART Meeting Notes 2016-09-12</span><o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi folks-- Sorry I couldn't make this meeting due to my travel. I agree with getting more specific about the use cases. This is what the "flows" were/are supposed to accomplish. Did people look at those on the call? One question of specificity that came up earlier was sharing "first visit" data prior to going to the appointment vs. arranging for transfer of records when switching doctors. We could imagine a matrix of these two against the option of proactive (Alice shares) vs. reactive (Alice approves an access request) flows.<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Regarding delegating access to the policies themselves, I continue to think that this is "PhD-level UMA" (or not an UMA use case, e.g., XACML or something), and Occam's Razor suggests leaving this this out unless/until someone can state the specific need for Alice to share her policies. Then we'd know the context(s) for doing so.<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br clear=all><o:p></o:p></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell <a href="tel:%2B1%20425.345.6756" target="_blank">+1 425.345.6756</a> | Skype: xmlgrrl | Twitter: @xmlgrrl<br><b>ForgeRock Summits and UnSummits</b> <a href="http://summits.forgerock.com/" target="_blank">are coming to</a> <b>London and Paris!</b><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Mon, Sep 12, 2016 at 11:07 PM, Sarah Squire <<a href="mailto:sarah@engageidentity.com" target="_blank">sarah@engageidentity.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Attendees:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie Bucci</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Adrian Gropper</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Dale Moberg</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Edmund Jay</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Glen Marshall</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Jim Kragh</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Julie Maas</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Kenneth Salyards</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Luis Maas</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Nancy Lush</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah Squire</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Thomas Sullivan</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Walter Kirk</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Meeting is still on for September 19th.</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>MEETING CANCELLED on September 26th.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><o:p> </o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>The UMA use case as it stands now (</span><a href="https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR" target="_blank"><span style='font-size:11.0pt;font-family:"Arial",sans-serif'>https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR</span></a><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>) is extremely broad and talks about a lot of different scenarios. If we want to optimize for interoperability (which I think we do) we need to significantly narrow this document. I think it might help to write a few short user stories - things like “Dr. Bob can request Alice’s current medications” “Alice can reactively approve or deny Dr. Bob’s request.” </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Smaller bite-size stories like this will make it much easier for us to actually write the spec and make sure that the features we want are possible in a wide-ecosystem cross-domain context without any requirement for systems to agree beforehand on how to format requests across the wire.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Does that make sense?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Nancy:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>I agree completely.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Is the suggestion to boil this down to smaller peices?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Right, shorter user stories that indicate specific features.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Adrian:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Do we need to discuss how Dr. Bob got the address for the resource?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>We talk a little about that in the security profile, I think maybe we suggest webfinger? We could certainly talk about it more in the semantic profile.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Is there something we should start walking through?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>My question to the group is whether there are things in this use case, flows or functionality, that we don’t want to profile?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Glen:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>I don’t think we should address discovery beyond recommendations. It would be a significant increase in scope.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Agreed</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Adrian:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>But we do have to be clear about how we relate resource discovery to the use cases that we present. </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Nancy:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Let’s note that it exists and revisit it later.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Is there anything in the Data and Services section that we would take out?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>We need to figure out which features and flows we want to enable and how one server would indicate to another server which flow it is using.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Adrian:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Can we do the medications use case first?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>It’s actually irrelevant which FHIR resource we talk about. We don’t define the FHIR taxonomy. We are talking about features and flows that we will need to enable.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Nancy:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>We can use medication as an example, but we should be generic in the specification as to which FHIR resource we are talking about.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Ken:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>I don’t think it’s scalable to have a patient decide the policies on their resources.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>It will be much simpler in practice. I do think that a patient will be able to say “share my medication list with Dr. Bob”</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>So, for example, we need to decide whether we want a proactive or reactive flow or both.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>So I think we’ve always said that consent and delegation are in scope.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>So we’re looking at the “Summary of sharing scenarios” section of the document. Do we want to profile all of these flows? We also need to profile how claims are going to work. If Alice is proactively setting policies, she will need to indicate what claims Dr. Bob has to fulfill before he gets access to her resources.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>I would also like to see a flow where Alice delegates access.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Are we talking about delegating access to data? Or access to the policies themselves?</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>The policies themselves.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Sarah:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Okay, because there’s really no concept of that in the UMA protocol. It would just be switching the Resource Owner.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>Debbie:</span><o:p></o:p></p><p style='margin:0in;margin-bottom:.0001pt'><span style='font-size:11.0pt;font-family:"Arial",sans-serif;color:black'>So we can talk about that in the spec. Maybe just make it auditable.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'> </span><o:p></o:p></p><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'>Sarah Squire</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'>Engage Identity</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'><a href="http://engageidentity.com/" target="_blank"><span style='color:#1155CC'>http://engageidentity.com</span></a></span><o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>_______________________________________________<br>Openid-specs-heart mailing list<br><a href="mailto:Openid-specs-heart@lists.openid.net" target="_blank">Openid-specs-heart@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><o:p></o:p></p></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>