1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. HEART

Wiki

Clone wiki

HEART / 2016-05-02

View History

Attendees:

Cait Ryan

Tom Sullivan

Justin Richer

Sarah Squire

Dale Moberg

Debbie Bucci

Glen Marshall

Eve Maler

Scott Shorter

Nancy Lush

Thompson Boyd

Jin Wen

Kathleen Connor

Jim Kragh

Discussion:

Eve presented the current status of the use case. It now has technical preconditions. We now have “sharing scenarios” rather than “use case steps.” Eve read through some newer parts of the use case.

Eve: We do have some sections that need discussion. Alice’s physician requires a lot of Alice’s information and she wants to introduce her PHR to provide that. The administrator will tell Alice about the resources and scopes they need. We need to figure out who this sharing is directed to. Target? Audience? Subject?

Debbie: There’s been a lot of talk about what a developer would call these things, but has anyone done research about consumers? Which boxes they would check and what they would understand?

Glen: I don’t know if consumers understand them at all, particularly in an emergency situation.

Debbie: There are consent directives and advanced directives

Eve: We could make this specific to the purpose we are looking at. What I’ve chosen for starters is more in line with a proactive “share” button, rather than Alice being reactive to being asked for information. Dr. Bob’s office requests access in a verbal way, and Alice’s side shares her information in a technical way. Another way to do it would be for Dr. Bob to try to get access to Alice’s information, and have her approve it.

Access approval approach: Pro: Alice only needs to provision something simple Con: Requires Alice to interact after the fact Requires the doctor to know what they want

Tom: This could be called a handshake. It implies initial trust.

Justin: So, are we talking about client registration and discovery?

Eve: Yes

Justin: Can we just call it that?

Debbie: So if you have hundreds of patients, would providers have to manage hundreds of client credentials? Should we talk about that?

Eve had to leave, so the discussion was tabled. Justin presented the refreshed version of the working group drafts.

Justin: The major change here is to point out that HEART servers only have to be HEART-compliant when talking to other HEART-compliant parties. This allows multi-purpose servers to talk to non-HEART-compliant parties for other purposes.

We have also made audience and subject optional. This is to prevent possible privacy-compromising leakage of that information.

Updated