1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. HEART

Wiki

Clone wiki

HEART / 2015-03-02

View History

Roll call stats - https://bitbucket.org/openid/heart/wiki/Roll_Call

25 in attendance - 11 members
Reminder re: IPR - reminder - http://openid.net/intellectual-property. specify the working group as “OpenID HEART"

Listserv count : 91

Next week - Focus on Delegation : PRIVO will present their Parent/Child delegation registration/authorization model for COPPA. Deb has seen their presentation before and believes the flows are relevant to Health Delegation Use case

Eve will present some UMA-related options for handling custodial delegation.

Adrian presents Post-MI Implant and Rehab

This is based on a real clinical situation. It’s severe and complicated, but not necessarily unusual. It’s designed to highlight patient Alice’s perspective. There are four devices and attendant vendors. He has made some assumptions about what sorts of standards we might have in the future.

Implantable cardiac defibrillator (ICD) - this is a two-way device. It both senses and acts on the heart. It treats fainting. It interacts with an ICD programmer, which has a local low-power link. This is monitored by a vendor. There’s an device relay and control, using, say, an iPhone. These are currently proprietary, but that has no benefit to Alice.

Alice is working with two doctors who don’t trust each other. So she’s a go-between. This is to stress the fact that, for wearables or attached devices, you can’t count on federation to solve everything. When it’s your car or your ICD, you want to have the opportunity to be the “middle person” for how these things communicates because there isn’t always another choice.

There is the patient domain, the VA domain, and the Rwanda domain when she’s in that country. Adrian counts 8 different services, though there’s controversy about who you count that.

Alice’s alma mater offers her an UMA AS.

She adds a second device, a FitBit, where FIPPs and data minimization come in. She chooses a device that meets her requirements along these lines.

This involves multiple portals, akin to Kathleen’s use case.

Nate DiNiro asks: Is anyone using this today? No one’s using an UMA AS today, but people do use ICDs and so on. Two cardiologists have looked it over from that perspective.

Justin is only concerned about the FIDO connection and the “backup token kept with the sister” element. He thinks that technology path won’t work and advocates identity federation for solving these elements vs. proof of possession of a secure token. Adrian agrees that we should be doing the federation case, and believes there’s a way to do this use case that way, but isn’t sure how to write the use case that way. Account recovery is the thing that needs to be solved.

Andy observes that account recovery seems peripheral to the use case.

AI: Justin and Adrian: Work on revisions to capture the central spirit of the Post-MI use case without the distraction of too many account recovery details.

Justin likes that the use case crosses multiple security domains, which is important.

Adrian’s manifesto of sorts: When you look at UMA and FHIR, and the proposition of enabling the personal building/running/outsourcing of services, it will seem silly for there to be secret ingredients of devices, and also secret ingredients of pills. In neither case will people accept secrecy for very much longer.

Adrian’s take on what this use case has to teach us vs. Kathleen’s is that his takes a “hard” patient-centered perspective.

Privacy on FHIR tackles how we include consent with a patient-centered point of view.

Debbie noted that, although Federation or discussions about Trust are out of scope for the workgroup, the technical means to describe should be part of the profiles.

Jim Kraugh notes that the “trustmark” concept is relevant to what we’re doing here.

F2F planning

We are seriously thinking about doing a HEART F2F, likely Wednesday April 15, but possibly late afternoon Tuesday April 14. Our agenda would be to consolidate our use cases into a single document, and to start work on our technical profiles. Update: We are targeting 2-3 hours on Wednesday April 15th - hope to have timeslot finalized next week.

AI: Eve & Debbie: Coordinate the HIMSS meeting on behalf of HEART WG / OIDF. Advise the group when we’ll meet F2F.

AI: Eve: Advertise the Kantara breakfast to the group. [DONE]

We would also have opportunities to get together informally at RSA the week after, and during the VRM day on the Monday of IIW one week before. Adrian has been asked to present on VRM day. Debbie and Eve are presenting on HEART at the OpenID Foundation meeting on the Monday prior to IIW.

AI: Debbie: Consolidate a use case draft for two weeks hence.

Updated