UMA telecon 2021-10-28
Date and Time
- Primary-week Thursdays 06:30am PT; Secondary-week Thursdays 10:00am PT
The Kantara All members meeting is Dec 8th, 11-1230ET
FHIR Vulnerability Report
Working document here: Report on FHIR API Vulnerabilities
Please take a look, all comments/contributions welcomed! There original report is attached to the confluence page
Delegation Use Cases
- We reviewed user-stories from the pp2pi group
- They are reviewing these user-stories from many aspects: privacy, harms, policy, legal, technical
- there are a few patient personas such as: Adolescent, Adult, Parent, Geriatric
- Reviewed the Adolescent persona around reproductive health and the privacy and harm risks created through proxy access
- Risks both from patient→proxy and proxy→patient
- How can UMA address? How can delegation address? What can't be handled technically?
- delegated administration can solve many, but not all, of the challenges. resource rights constrained by relationships
- can we understand the different states that the data moves through? how do these states change and new data is added/accessed?
- the discrete data elements needs appropriate RO and sensitivity tagging – before access by anyone...
- How far does UMA standard go, and what needs to go beyond into impl/profile?
- We are planning a 3 hour working session on December 9th, we will use extend the normal call from 930-1230ET
- Want to make progress on some of the in-progress docs, have them in a consistent state
- Eve, Nancy, Alec, Andi
- If you're up to attend, please email Alec, or leave a comment on these minutes
Topic Candidates (from previous week's telcon)
- Delegation and Guardianship
Outcome of user stories discussion
PDP architecture includes the concept of governance registry/discovery
TOIP/SSI are starting to define this ecosystem function
ANCR records update
Privacy as Expected/ANCR update : 2/3 weeks out (Sal?)
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)