1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. HEART

Wiki

Clone wiki

HEART / 2015-01-26

View History

Roll call/stats: There were 21 on the call, 11/19 were voting members 4 additional IPRs this week

Meeting notes approval by John Bradley

HEART Timeline (Deb Bucci) The charter says 12-18 months for completion - that includes profiles implemented with working reference and implementations in the wild.

Tentative schedule:

Now until April

• Identify use cases

• Technology level set

• Divide Use cases into obvious groupings – see if can be resolved with existing Profile work

• Discuss existing pilot/demonstration – reference implementations that may inform profile

• F2F @ HIMSS

May – Aug

• Release first round of profiles

• Start /encourage pilots

• Dig into the more complex use cases

Sept – Dec

• Work through the more complex us case – possibly identify gaps in standards

• Release second round of profiles

Jan – ?

• Access and regroup

Common Terminology - (Eve Maler) Eve introduced various terms that would be used within the different profiles and highlighted some the commonalities and difference.

· IdP = identity provider

· RP = relying party

· user = user trying to achieve single sign-on (SSO)

· RO = resource owner (user trying to achieve controlled sharing – could be same as SSO user)

· AS = authorization server (could be the same as IdP)

· RS = resource server (could be the same as AS)

· C = client

· RqP = requesting party (user trying to achieve authorized access – could be same as RO)

Comment from the discussion

• OAuth has no IDP or PR – Client(API) – focus is to get to the service

• UMA introduces controlled sharing with someone else – introduced Alice to Bob sharing – requesting party

• There are clear use case where multi-parties doing authn/authz job

• Software or person may have multiple roles example – enable sharing

• Could apply to a Person/patient caregiver or provider. Think of Person as one class of user/resource. This enables reuse to support other use cases such as moving information between provider to provider – or referrals without having to create new profiles.

Use Case Format (Deb and Eve) - Deb provided and except from the ACE Use case format for discussion as a possible format to gather use case http://datatracker.ietf.org/doc/draft-ietf-ace-usecases/?include_text=1

Feedback on doc:

The format is useful until it gets in the way of the work and should be viewed with the appropriate lens. Its as good to get started to develop common terms etc but less useful to tightly bind with the profile creation process.

Our approach going forward:

Deb will work with OIDF to understand how to access the wiki space and we will define a template for those who wish to use it. Suggested elements

Capture /classifying

• Who are the actors

• What data

• What are the sticking points

• Potential problems

• Limitations

Where possible try to neutrally state the problem.

Write use cases from multiple perspectives

Identify Use cases for multiple purposes

Use cases past mustard with subject matter experts. As we collect them, we should vet them with authoritative sources.

Not necessary to be technology specific – write in plain English and capture wants and goals

Suggested Initial Use cases:

Kathleen Connor has been the lead on the Privacy on FHIR use case/story board. That work has been vetted with clinicians within the VA. Perhaps we can put her on the spot for next week

Further explore the use cases Justin Richer introduced that are tied to the Secure RESTful Interface Profile – http://secure-restful-interface-profile.github.io/pages/

Explore the Restful Health Exchange (RHEX) use case developed for the Federal Health Architecture (FHA) a couple of years ago

Blue Button Restful API (is that the same as SMART?) Use case

Virtual Clipboard is a potential candidate but that work is just beginning. Catherine Shulten will focus on her work with Virtual Patient Registration

Eve suggested we should explore the National Cybersecurity Center of Exellence (NCCOE) mobile PHR use case

Adrian Gropper is working on a High Security Use case

Deb Bucci will work with (? Did not capture who mentioned) on a home healthcare use case.

Level Set : We will take 15 minutes over the next few weeks for technology level set

• OAUTH – 2/2

• OpenID Connect – 2/9

• UMA 2/16

Updated