Eve,Thanks for documenting this. Is the "dynamic" creation of resource sets to meet a particular client's request supported by the current UMA spec?Adrian
On Thursday, August 18, 2016, Eve Maler <eve@xmlgrrl.com> wrote:BTW, Adrian and I managed to discuss this yesterday, and as it happens, I'd recently been having a conversation with someone working to use UMA with FHIR health data about the same topic.Focusing specifically on the use case of date-range queries, not queries generally, it doesn't seem that scopes are the right tool for the job because they wanted scopes to be actions: read, write, delete, etc., and even maybe eventually "read in a de-identified way". Seeing dates there would be odd and inconsistent, and lead to "scope explosion".It's looking like resource sets that get created in a purposeful way for specific "investigations" or "events" may be a better tool: "The patient just broke their leg, so we'll consider this data set to have a firm start date of that event and go to an indeterminate future; any API call for some date range within any of that span for that resource set would count as valid." There's more work to do in order to prove this out, but that was the idea.On Wed, Aug 10, 2016 at 8:08 AM, Adrian Gropper <agropper@healthurl.com> wrote:AdrianIssuing an API authorization for a date or page range is very common. It occurs when accessing a resource like a journal with a limited subscription or a page within a much larger collection.Assuming a resource has date or page metadata and is registered with an AS, how does UMA issue a range-limited authorization?
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
--Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/