UMA telecon 2021-11-18
...
- Approve minutes of UMA telecon 2021-09-09, UMA telecon 2021-09-16, UMA telecon 2021-09-23, UMA telecon 2021-09-30, UMA telecon 2021-10-14, UMA telecon 2021-10-21, UMA telecon 2021-10-28, UMA telecon 2021-11-04, UMA telecon 2021-11-11
- Delegation Use Cases
- Proof of Chain of Possession (POCOP) Tokens
- AOB
Minutes
Roll call
- Quorum: No
...
Will continue this discussion next week
- payer insurance codes are often opaque to the patient/covered person
Proof of Chain of Possession (POCOP) Tokens
https://github.com/uma-email/poc
A client can use any IDToken with any UMA ticket. The Correlated Authorization mechanism ensures that there is some open UMA transactional context included in any pushed ID claims
What is the threat that Proof of Possession (or mTLS) doens't address that requires the "chronological tamper-resistant record"?
Report on FHIR Vulns
reviewed some initial diagrams for this:
| Widget Connector | ||
|---|---|---|
|
- FHIR itself is simply the data model
- FHIR had the author refine their statement that it was 'FHIR Implmentations' that had the vulnerabilities
- SMART on FHIR is the HL7 'approved' authorization strategy
- UDAP → artifacts that needs to exist from a trust framework to support DCR/wide-access
- HEART → profiles of OAuth/UMA for SMARTonFHIR scopes
AOB
- We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET
- Want to make progress on some of the in-progress docs, have them in a consistent state
- Eve, Nancy, Alec, Andi
- If you're up to attend, please email Alec, or leave a comment on these minutes
...
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
- Steve
- Alec
Non-voting participants:
- Scott G
- Scott F
Regrets:
- Sal
- Nancy
- Eve