2019-10-01 Meeting notes

Owned by Noreen Whysel
Last updated: Aug 17, 2021
2 min read

Date

Attendees

  • Jeff Brennan
  • Sal D’Agostino
  • Tom Jones
  • Jim Kragh
  • Noreen Whysel

Not attending:

  • Bev Corwin
  • Mary Hodder


Agenda

  • Features of a Trustworthy Ecosystem

  • Funding

Discussion items

TimeItemWhoNotes

Features of a Trustworthy Ecosystem

Jim Kragh

Tom Jones

For all: the following is such a critical building block to our mission I have asked Tom to revisit the components of the Trustworthy Ecosystem he has architect-ed and core features such as the smartphone as a user's multifactor credential and consent to permit binding.  We need to make sure we understand and are in agreement with these cornerstone features as we look forward to next steps next week when Jeff and Sal help us thread the needle with Privacy guidelines.

https://wiki.idesg.org/wiki/index.php/Trustworthy_Healthcare_Ecosystem#Legally_Mandated_Access   

 https://wiki.idesg.org/wiki/index.php/Phone_as_Health_Care_Credential#Full_Title 

https://wiki.idesg.org/wiki/index.php/Consent_to_Create_Binding  

Discussion:

Can user self serve? Access own health Records

Can user give consent to another user (authorize access)?

European model (mentioned in TEFCA documents)  for cross channel communications recommends SAML, but...

SAML was designed to handle very controlling IdP’s, not user.

Passing consent in backchannel doesn’t typically involve user.

Common on college campus

RCE moving from SAML to JSON with Sequoia. Can start with this document


2 use cases

  1. Registration 
  2. How phone is tested (authorization and binding)
    1. User gets IAL2 by entering authorization code
    2. Phone gets AAL2
    3. Happens at the same time

Tom updated the Remote Attestation Use Case under Post Condition:

“The ability to seamlessly register with any other participating entity (covered entity or QHIN)”

QHIN: Qualified Health Information Networks (from TEF)

Remote Attestation is the source of the binding.

Discussed addition to the record matching diagram.

Goal of graphic is to outline relationships. We can add labels on focused versions of the diagram for specific cases.



FundingJim Kragh

Tom paying to host FIRE sandbox (could use funding support); legacy IDESG project wiki funded by Kantara.

Sal: 

Need better structure for keeping minutes.

Action items

  • Need update on grant process (Mary) and where we are with ONC.