https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2020-07-23 MinutesRoll call Quorum was reached. Approve minutes - Approve minutes of UMA telecon 2020-07-09 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2020-07-09> , 2020-07-16 <https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2020-07-16> Deferred. New profiles - Resource definition profile status - Wallet profile We should be driving towards revised spec text, ideally putting it into GitHub. Last week, folks concentrated on the ASCII "spiral" diagram and draft spec text. Alec has a new draft diagram to try on us. In the original UMA diagram, "manage" and "control" are out of scope. Alec is proposing that we bring these functions in scope. He states this explicitly by saying that he's specifying the "management and control interfaces". In UMA1 we used to call this Phase 1 vs. Phase 2. Now we think of this as the grant mechanism and the federated authorization mechanism, which is modular and optional with respect to grant. Is the wallet extension/profile modular and optional with respect to federated authorization? Alec illustrated it with a concentric Venn. Since "wallet" is such a fraught term, calling it something else, ideally descriptive, could help us get beyond the challenge that it means something really specific elsewhere. What about "relationship manager"? That goes back to our roots. Eve asks everyone to think about what could be a good name that would serve us, for now, in a spec. Maybe something around the fact that we are finally standardizing the user side of the management and control interface (ironic that we are finally doing something about deeply standardizing "user management of access", eh?). The cascading authorization server <https://confluence.hl7.org/download/attachments/66931686/Cascaded_Authorization-2018-01-15.pdf?version=1&modificationDate=1578094706430&api=v2> notion, which Pauldron implemented, bears some similarity to this idea. It has a "principal AS" within a specific domain, and a secondary AS that is RO-controlled. However, that original notion was intended to explicitly empower (in a sense) the AS against the RO's wishes, rather than to privacy-enhance the AS to protect the RO. FHIR meetup For those interested in HealthCare, Nancy provides this three-hour video from the FHIR meetup: [see wiki] She suggests checking out at least the first half-hour. It is important to understand the perspective of the HL7 security group as they will be moving this along in Healthcare as the recognized experts. She also points to this FHIR chat <https://chat.fhir.org/#narrow/stream/179247-Security-and.20Privacy> (anyone can get a login). Nancy recommends that UMA's perspective be represented here. HEART came up, a little bit. Justin presented. Our webinar content could usefully be presented here. Here is info on the video structure (original here <https://docs.google.com/spreadsheets/d/15za6DXk0Cnn97CYWrZRw-1l14Hw3juKmG8bkcm9Yxh8/edit#gid=0> ): Overview of fine-grained authorization approaches in FHIR Josh Mandel 15min Slides here <https://docs.google.com/presentation/d/1ZGh-ls0VpRBpT_-Ei7rCd4D0HQv4rc-5k_lR7HYtyrc/present?slide=id.g8a28f5f635_0_0> Access control in aidbox Nikolai Ryzhikov 15min Slides here <https://github.com/niquola/devdays-us-2020-slides/blob/gh-pages/README.md> XYZ Justin Richer 15min Slides here <https://www.dropbox.com/s/dr459qyy3t4l5yw/FHIR%20Days%20-%20XYZ.pdf?dl=0> An ABAC Architecture Approach Matthew Tyler 15min Yes, can't share yet Classification and Locality Chris Grenz 15min Slides here <https://docs.google.com/presentation/d/1dkznJa0KNPs299NDK73-QuuIIplqtzHJRJErt-reTA8/edit?usp=sharing> FHIR Data Segmentation for Privacy IG Kathleen Connor 15min http://hl7.org/fhir/uv/security-label-ds4p/2020May/ Parameterized compartments Michael Hansen 15min Slides here <https://1drv.ms/p/s!AuADpL-pKlsYoQjmFJx2h9fDGk06?e=dWM6pC> *AI:* Nancy: Find out how we get onto the agenda of the next HL7 meetup or the next appropriate gathering. Adrian also suggests reaching out to Josh. Nancy suggests also John Moehrke, Kathleen, and Graham. We will, in the meantime, figure out the right content to present. Webinar report Alec reports pretty good attendance and some really good questions afterwards. Colin thought the content flowed well and was pitched just right. It was at the right technical level and had a relaxed tone. Nancy attended and thought it was great too. People can find the recording <https://kantarainitiative.org/download/uma-21st-century-health-information-interoperability-user-control/> on the Kantara site's Resources area (Adrian says Safari is a better browser than Firefox due to a bug that's being worked on). The FHIR folks could handle more technical detail than was provided. Attendees As of July 8, 2020, quorum is 6 of 10. (Michael, Domenico, Peter, Sal, Gaurav, Thomas, Andi, Maciej, Eve, Mike) 1. Michael 2. Domenico 3. Sal 4. Thomas 5. Maciej 6. Eve Non-voting participants: - Colin - Alec - Nancy - George - Adrian - Anik - Lisa - Patrick - Bjorn *Eve Maler*Cell or Signal +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl