Child pages
  • UMA telecon 2021-11-18

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Will continue this discussion next week


  • payer insurance codes are often opaque to the patient/covered person



Proof of Chain of Possession (POCOP) Tokens

https://github.com/uma-email/poc

A client can use any IDToken with any UMA ticket. The Correlated Authorization mechanism ensures that there is some open UMA transactional context included in any pushed ID claims

What is the threat that Proof of Possession (or mTLS) doens't address that requires the "chronological tamper-resistant record"?


Report on FHIR Vulns

reviewed some initial diagrams for this:

Widget Connector
urlhttps://docs.google.com/presentation/d/1aDTD6nv5vza8gDsSRGV6X5tzRoQdIv5V9aU8o3Z632A/edit#slide=id.gfbda75187c_1_8
 

  • FHIR itself is simply the data model
  • FHIR had the author refine their statement that it was 'FHIR Implmentations' that had the vulnerabilities
  • SMART on FHIR is the HL7 'approved' authorization strategy
    • UDAP → artifacts that needs to exist from a trust framework to support DCR/wide-access
    • HEART → profiles of OAuth/UMA for SMARTonFHIR scopes



AOB

  • We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET 
    • Want to make progress on some of the in-progress docs, have them in a consistent state 
    • Eve, Nancy, Alec, Andi 
    • If you're up to attend, please email Alec, or leave a comment on these minutes

...

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

  1. Steve
  2. Alec

Non-voting participants:

  1. Scott G
  2. Scott F

Regrets:

  1. Sal
  2. Nancy
  3. Eve