BTW, Adrian and I managed to discuss this yesterday, and as it happens, I'd
recently been having a conversation with someone working to use UMA with
FHIR health data about the same topic.
Focusing specifically on the use case of date-range queries, not queries
generally, it doesn't seem that scopes are the right tool for the job
because they wanted scopes to be actions: read, write, delete, etc., and
even maybe eventually "read in a de-identified way". Seeing dates there
would be odd and inconsistent, and lead to "scope explosion".
It's looking like resource sets that get created in a purposeful way for
specific "investigations" or "events" may be a better tool: "The patient
just broke their leg, so we'll consider this data set to have a firm start
date of *that event* and go to an indeterminate future; any API call for
some date range within any of that span for that resource set would count
as valid." There's more work to do in order to prove this out, but that was
the idea.
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Wed, Aug 10, 2016 at 8:08 AM, Adrian Gropper
Issuing an API authorization for a date or page range is very common. It occurs when accessing a resource like a journal with a limited subscription or a page within a much larger collection.
Assuming a resource has date or page metadata and is registered with an AS, how does UMA issue a range-limited authorization?
Adrian
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma