...
- Review the emerging WG roadmap use cases
- Discuss the "RO access limit discretion" use case
- Discuss other open editorial issues for the candidate model text, as outline outlined in previous meeting notes below
Attending: Eve, Ann, Adrian, Jim, Jon, Mark, Sal, Thomas
What Eve calls the "Adrian clause" is this part of UMA Core Sec 3.3.3: "The resource server MAY apply additional authorization controls when determining how to respond."
What does the "RS authorization discretion" use case mean? Should the AS be made officially aware that the RS still didn't give access (similar to the "Shoebox" technical idea), or could the RS somehow need some other assurances that it can be compliant? This goes right back to the Adrian clause, and complementarily, to the Shoebox idea. The RS could either warn Alice, or could verify the requesting party on its own. Is this broad-based, or truly healthcare-specific? To how many jurisdictions does it apply? Adrian suggests another case of a warning. A data processing process might take some time to complete, and only licensed practitioners can receive in-process results.
Would it be useful to develop a model clause, or even a pair of model clauses? Sounds like it's useful to try, and then go back and see if it's getting used.
What does the "RO access limit discretion" use case mean? There is something of an opposite to the Adrian clause in the same section: "The resource server MUST NOT give access in the case of an invalid RPT or an RPT associated with insufficient authorization."
A way of looking at it is:
- Conditions: RO wants sharing to happen; AS executes those directions appropriately, such that the RPT is valid and is associated with sufficient authorization data:
- RS gives access - normal case
- RS doesn't give access
- To remain compliant with the law of some jurisdiction - MUST PRODUCE NOTIFICATION?
- For some other reason - MUST NOT HAPPEN WITHIN AN UMA FLOW GOVERNED BY THE PAT MINTED WITH THE AS ABOVE?
- Conditions: RO doesn't want sharing to happen; AS executes those directions appropriately, such that the RPT is invalid or is associated with insufficient authorization data:
- RS doesn't give access - normal case
- RS does give access
- To remain compliant with the law of some jurisdiction - MUST PRODUCE NOTIFICATION?
- For some other reason - MUST NOT HAPPEN WITHIN AN UMA FLOW GOVERNED BY THE PAT MINTED WITH THE AS ABOVE?
The idea of getting notices is that the RO could severe the relationship with the RS if they want. Of course, sometimes there are legal constraints on even getting a notification.
Can you ever trust the AS to serve the RS, versus the RO? Only at the business agreement level could an AS start to consider jurisdictional issues that RS's care about.
Please note: No meeting next week! We'll resume the week after.
...
2016-01-08
- Review proposed mission and timeline
- Review high-level requirements
- Review latest candidate model text
...