[WG-UMA] Transform e-magazine

Neil McEvoy neil.mcevoy at l5consulting.net
Sun Nov 25 12:00:38 EST 2012


Hi Adrian

Yes some thoughts on possible implementation scenarios would be great
content to add to the piece.

I am just reading up on the 'EnCoRe' system from HP, which would seem to
offer a possible software option for implementing UMA:

http://www.hpl.hp.com/techreports/2012/HPL-2012-36.pdf

Having this implemented via a SaaS model would therefore describe how
these mechanisms will be built "into the Cloud".

Regards, Neil.


> Eve's perception matches mine: consent has proved to be insufficient in
> practice and it is slowly being replaced by authorization as the key to
> scaling health information exchange. Kairon (a project of MITRE) is among
> the more advanced in this area but the "Pull" method Automate Blue Button
> Initiative of ONC is completely based on authorization on top of OAuth.
> (Please see the UMA health care use-case for links since my iPad gmail is
> link-challenged.)
>
> Adrian
>
> On Monday, November 19, 2012, Eve Maler wrote:
>
>> Aha, I know Bob from the earliest days of SAML -- say hello for me. :-)
>> One of the things I'd love to understand is the health establishment's
>> view
>> of "consent". Is it defined parochially, as passive consent of the "yes,
>> I
>> agree" sort? Or does it admit a broader definition that I prefer to call
>> "authorization" through pre-configured policy? I believe that the
>> broadly
>> defined version can be much more powerful than mere passive consent
>> because
>> it enables the individual to offer terms of access rather than accept
>> other
>> parties' already worked-out terms. I made that case here...
>>
>> http://www.w3.org/2010/policy-ws/papers/18-Maler-Paypal.pdf
>>
>>         Eve
>>
>> On 19 Nov 2012, at 4:52 AM, Neil McEvoy <neil.mcevoy at l5consulting.net>
>> wrote:
>>
>> >
>> > Hi Eve
>> >
>> > Yes, I am reading Adrian's paper now - It is excellent and I'd love to
>> > include this in TRANSFORM.
>> >
>> > As mentioned the key opportunity is that this issue is being organized
>> > around the recent eHealth/Cloud strategy published by the main
>> standards
>> > body for EHR in Canada, who is at a uniquely open time given how new
>> this
>> > all is to them.
>> >
>> > I.e. it's an ideal opportunity for influence, such as recommending
>> > adoption of UMA as best practices.
>> >
>> > Other authors include Robert Griffin, Chief Security Architect for EMC
>> > RSA, and lead for OASIS KMIP, so we can propose a very complete view
>> of
>> > the possible ecosystem.
>> >
>> > Kind regards, Neil.
>> >
>> >
>> >> Finally catching up after all the work and personal travel...
>> >>
>> >> Neil, I'm really glad to see these artifacts being published. Your
>> use
>> >> case scenario of pharmacists getting access to eHeath info in order
>> to
>> >> dispense flu shots is a good one (and timely...I plan to go get my
>> shot
>> >> tomorrow :). I've kept Mario on cc because I wanted to let him know
>> that I
>> >> recorded a specific action item for him to contribute content to you,
>> so
>> >> that we can track progress.
>> >>
>> >> I also cc'd Adrian, who has been working on a use-case writeup of his
>> own
>> >> (sent to the list -- hopefully you came across this material), and I
>> >> wanted to invite you two to engage however makes sense. I realize US
>> and
>> >> Canadian health use cases might look a bit different given the heavy
>> role
>> >> of regulations in this area, but it would be cool either to
>> >> coordinate/align or to collect country-specific case study catalogs
>> as
>> we
>> >> go.
>> >>
>> >> Our current plan is to review Adrian's writeup in depth in our Nov 29
>> >> meeting, so perhaps we can add the Shoppers Drug Mart angle
>> dynamically.
>> >>
>> >>      Eve
>> >>
>> >> On 1 Nov 2012, at 8:18 AM, Neil McEvoy <neil.mcevoy at l5consulting.net>
>> >> wrote:
>> >>
>> >>>
>> >>> Hi Mario
>> >>>
>> >>> Here is some more info, and suggested focus areas.
>> >>>
>> >>> You'll see the headline news is that the Canada Health Infoway, the
>> main
>> >>> healthcare standards organization for Canada, has recently published
>> >>> their
>> >>> Cloud strategy document.
>> >>>
>> >>> Integration between different systems is the key message, so we can
>> >>> position Identity & UMA as a central component of how to achieve
>> this.
>> >>>
>> >>> See: http://cloudbestpractices.net/2012/11/01/transform-2/
>> >>>
>> >>> I have started dialogue about the Personal Cloud Ecosystem, to
>> create a
>> >>> context for UMA.
>> >>>
>> >>> In terms of a good use case scenario, one example is how they have
>> now
>> >>> enabled pharmacists to now dispense flu shots - So how might
>> retailers,
>> >>> like Shoppers Drug Mart, look up the relevant EHealth info to
>> administer
>> >>> this?
>> >>>
>> >>> Neil.
>> >>>
>> >>>
>> >>>> Dear Eve, Neil,
>> >>>>
>> >>>> Thanks for keeping us in the loop!
>> >>>>
>> >>>> @Neil: attached you will find the complete slideset that I sent
>> Joni
>> >>>> Brennan for the London event I couldn't join, unfortunately. It
>> >>>> illustrates some eGov service scenarios that we currently partly
>> >>>> address
>> >>>> in a nationally funded R&D project in Germany called SealedCloud.
>> >>>> Please, don't hesitate to reuse some slides if helpful; mentioning
>> >>>> Fraunhofer AISEC and myself would then be highly appreciated :)
>> >>>>
>> >>>> Regarding the e-magazine we are interested in contributing an
>> article
>> >>>> about the apporach that is illustrated in the slideset. If this is
>> >>>> something that might be interesting for your readers, please, don't
>> >>>> hesitate to contact me.
>> >>>>
>> >>>> Thank you and kind regards
>> >>>
>
>
>
> --
> Adrian Gropper MD
>


-- 
Neil McEvoy
Founder and CEO
http://CloudBestPractices.net



More information about the WG-UMA mailing list