Health – Relationship – Turst: Come hare about the new HEART WG at Open ID Foundation
Session Topic: HEART Workgroup
Convener: Eve Maler, Deb Bucci
Notes-taker: Eve Maler
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
We discussed the formation of the new HEART WG. We didn't project slides, but worked from the following slide deck:
We also discussed the FHIR API as a key exemplar of what we're protecting: http://www.hl7.org/implement/standards/fhir/
Everyone is welcome to join the new group; this page is a placeholder:
To take part, you will need to fill out this IP form:
We are lining up membership in the next few weeks and will be meeting formally in teleconferences in the new year, if not sooner. We plan to hold a F2F meeting at the HIMSS conference in April 2015 in Chicago:
The Venn diagram below is an extension of a set of slide deck notes that can be found here:
Adrian Gropper and Jin Wen made some really good observations on the Venn, respectively:
OAuth represents an institution focus; OpenID Connect represents a federation focus; and UMA represents an individual focus. OAuth represents a service availability focus; OpenID Connect represents a security/authentication/integrity/confidentiality focus; and UMA represents a privacy focus.
The profile specs we will be producing are layered. We don't actually know yet if the OpenID Connect and UMA profiles will be separately layerable on top of the OAuth profiles, or if the UMA specs will depend on the OpenID specs, or what.
Some information is outside individual control, but nonetheless needs to be monitored for sharing; this is what "accounting of disclosures" is for.