I think the most important deliverable is a clear explanation and demonstration of how implementing UMA will provide the Resource Server institution increased cybersecurity and a safe harbor for exposing an interface to the public Internet. Although many of us are mostly motivated by other goals including consumer protection and the hope of selling software to the operators of authorization servers, these will not drive adoption of UMA without new laws and regulations. Let's see how far we can get with the current laws.

To this end, Dazza has provided a wonderful document about Restatement of Agency Law.

I've tried to map the essential elements of Agency: Principal, Agent, and Third Party into a very simple document https://docs.google.com/document/d/1N6tocmA0KaBE6v3u-cZSyw0N52lG_LdWHAaPybS_vM0/edit that is open for discussion and editing.

Eve and I had a very long session trying to understand the gaps between the Agency Law and UMA. These gaps are represented in the table toward the end of the Gdocument.

I think that mapping UMA to Agency Law is more important and easier than standardizing or formalizing Terms of Use and Privacy Policies. To the extent that we can map UMA to Agency Law without introducing any specific profiling for healthcare, education, or any other vertical domain, we will be doing the best job of promoting adoption of UMA for the benefit of the RSs, the ROs, and the AS business.

Adrian

On Wed, Sep 2, 2015 at 1:11 PM, Dazza Greenwood <notifications@github.com> wrote:

In conversations during the Legal subgroup meetings, some people have suggested including example, sample or "standard" legal wording for ToS and other legal instruments for use with UMA deployments. Not yet sure what those would say, but it would be a sign of success to get to the point of recommending such terms. If the subgroup deliverables includes both recommended terms and an approach to audit logs for legal compliance or enforceability, we would have a strong set of deliverables.


Reply to this email directly or view it on GitHub.




--

Adrian Gropper MD

RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/