2019-09-24 Meeting notes
Date
Attendees
- Jeff Brennan
- Sal D’Agostino
- Tom Jones
- Jim Kragh
- Noreen Whysel
Regrets:
- Bev Corwin
- Mary Hodder
Agenda
- HealthcareÂ
- ISO
- FIRE Minutes
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Phone as Healthcare Credential | Tom Jones |
Tom is focusing on JSON Web Token which is not compatible with SAML, which is XML. Can write a program that translates from SML to JSON but it doesn’t translate the protocol. JSON Web Token is a translation gateway like Microsoft ADFS. Sequoia is building national interoperability framework, but appears to be addressing it only technologically, not via trust or patient/consumer concern. Need trust registry to function: basis for registry to have trust. Sequoia received $900,000 on first year of a 4 year award for measuring compliance. Jeff asks if they have thought through beyond measuring the data? Tom says no, just measuring. No incentive for consumers to go to IAL2 because EPIC does a good job with their REST portal without this level of assurance. Tom has two assumptions:
So need to make sure level 2 assurinac is something they can tolerate
GOAL: create consumer IAL2 assurance Consent to create binding Our registry could have requirements for patient agents, similar to those for services. Q: Can the phone protect the key? How can we help NIST understand how a patient controlled device can be a level 2 device? Right now patient devices aren’t controlled by any central agent. But there is a central authority that can measure control (FIRE WG). In order for an identity to be useful, you need to be able to create a binding. Needs to be approved by OpenID Connect. (OpenID Connect self-identity has some problems). Redress/recovery requires some identification (GUID as in above image) to process, such as an email or text or other way to sent a notification to the user. Would require its own set of requirements. (Tom currently has it running on Windows and Android). All physicians are registered at AAL3 by federal government. Critical to signing process of authentication sequence. AML is similar to what drives healthcare via TEFCA (preventing fraud). | |
Research for Next Call | Sal D'Agostino | UMA Legal Subgroup Notes: creating vocabulary for legal terminology (versus branding) UMA home page https://kantara.atlassian.net/wiki/display/uma/Home UMA Meeting notes https://kantara.atlassian.net/wiki/display/uma/UMA+legal+subgroup+notes#UMAlegalsubgroupnotes-2019-09-24<https://kantara.atlassian.net/wiki/display/uma/UMA+legal+subgroup+notes>Â Â UMA Business Model Report (draft) https://kantarainitiative.org/file-downloads/uma-business-model-0-7e-2018-02-01-pdf/ Business Model Mapping Graphics PPT https://docs.google.com/presentation/d/1uigCMQI_TKuFyOstQTngYuZaqs36wwbE3BBjBB7xGb4/edit?usp=sharing (requires permission to access) | |
FIRE Minutes | Jim Kragh | Colin and Andrew requested more formal documentation of our minutes on the Kantara FIRE wiki pages: https://kantara.atlassian.net/wiki/display/WT/Meeting+notes |
Action items
- Research for Next Call
- Tom to take notes from call and integrate into his model.
- Sal/Noreen suggested format for meeting minutes to be posted to wiki.