Adrian
- Fri Sep 11 8-9am PT
- Voice: Skype: +99051000000481 or US +1-805-309-2350 (international dial-in lines), room code 178-2540#
- Screen sharing: http://join.me/findthomas - NOTE: IGNORE the join.me dial-in line shown here in favor of the dial-in info above (Kantara "line C" and the Skype line)
- UMA calendar: http://kantarainitiative.org/confluence/display/uma/Calendar
For this call, let us take the following “negative use case”, growing out of the agency and “RS risk” discussion we’ve been having:“I, a US hospital, have an online service that exposed a FHIR API for electronic medical records. Alice set up policies at her consumer-grade AS, and I accepted outsourcing authorization there. The token from the AS told me that it was okay to give client MobileApp and requesting party Bob access, so I did. But then Alice sued me/complained/reported me/(something else bad)”. (Adrian can comment on real-life examples somewhat analogous to this, with breaches and such.)Dazza has offered to facilitate a discussion of the following points:
- What are the key legal issues presented by this scenario?
- What legal role(s) and corresponding rules apply to the actions and data of the parties in this scenario?
- What are the potential or probable outcomes if things go wrong (eg: result of enforcement actions, allocation of loss or other dispute resolutions)?
- What advice or other resources for parties seeking to adopt UMA could help them manage legal risks and/or structure legal affairs to expand or create new value?
And I will scribe. :-)Talk to you soon!
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma