[WG-UMA] Draft testing materials for review

Eve Maler eve at xmlgrrl.com
Sat Dec 4 11:41:27 EST 2010

I've gotten permission from the MITRE/Project hData folks to share with you the following draft materials and status report from their testing effort for the UMA bounty program.  As you may recall, the health data scenario (http://kantarainitiative.org/confluence/display/uma/hdata_scenario) has some specialized features, and these materials focus on testing these features.  This is a good opportunity to take a look and offer comments and questions.

Please also note that Cordny Nederkoorn has been preparing an UMA conformance test plan that takes a more comprehensive view, and we'll see that material soon as well.  (I'll be putting relevant questions about conformance and spec details into the next few agendas as a result.)



Begin forwarded message:

> From: "Kramer, Mark A." <MKRAMER at mitre.org>
> Date: 3 December 2010 11:07:11 AM PST
> Subject: RE: UMA bounty program
> Hello Eve,
> I am writing on behalf of the hData project and our submission to the UMA
> validation bounty program. We are in the process of finalizing a workflow
> for Oauth/UMA based authorization for health information sharing. What we
> are providing today consists of two workflow diagrams outlining the steps
> involved in registering primary and secondary data providers. To facilitate
> sharing and editing, we used the websequencediagrams.com to develop the
> swimlane diagrams.
> One of the features of hData is the use of a Discovery and Authorization
> Service (DAS), which combines functions of an Authorization Manager and a
> Discovery Service. The DAS plays a central role in how health data providers
> and consumers find each other and access authorized patient data from other
> health data providers. To clarify the dual role of the DAS, we have create
> two adjacent swimlanes in the enclosed diagrams.
> The first diagram (http://tinyurl.com/2fc5v8a) covers the process of (a)
> registering a user with the DAS, and (b) registering the patient's Primary
> Care Physician (PCP) with the DAS. The workflow is general enough to allow
> user authorization of the PCP to occur by a number of alternatives,
> including by direct interaction by the patient, or by interpreting a
> pre-configured policy that the user has set up with the DAS.  This allows
> additional flexibility and convenience for the patient.
> The second diagram (http://tinyurl.com/2euop2z) brings an Emergency Room (a
> third party data consumer/provider) into the picture. The process of
> authorizing the ER is identical to authorizing the PCP, and is therefore
> omitted from this diagram. The diagram focuses on the interaction of the ER
> and PCP, allowing the ER to access the medical record of the patient (or
> authorized parts thereof). We also cover how the ER receives updates to the
> patient's medical records, and the possibility of expiry of the
> authorization token held by the ER.
> For our final submission, we will submit a number of test cases for these
> scenarios, based on the Gherkin language. Gherkin allows designers and
> developers to describe behavior in plain text, and through a simple process,
> translate the text description into executable test cases. Since these test
> cases are written in readable text, it facilitates developer interactions
> with those who create the business logic.
> If you have any questions at this stage, or concerning our upcoming
> submission, please do not hesitate to contact me or Gerald Beuchelt.
> Sincerely,
> Mark A. Kramer, PhD  

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

More information about the WG-UMA mailing list