Deferred
Reminder: CRWeb Demo at the next Kantara LC call (Feb 16 @12PM EST)
iGrant.io, Gataca, and Human Colossus will demonstrate how consent notice, or data agreement as it will be called in the demo, is signed between issuers/verifiers (data controllers) with holders (data subjects). The data agreement sets a clear usage purpose, what personal data is collected, how long data is retained, and which lawful basis for processing and other information. The data agreement was initially based on Kantara Consent Receipt and now is being standardized within the ISO standard 27560.
https://zoom.us/j/94897867446?pwd=YSsxdjZLMzFmUmhNd2NBMnlwbEZHZz09
Please find the new working document here: Julie Use-case Report
what are alternative techniques for patient mediated exchange?
should there be a companion technical document/guidance that goes or follows the Julie report? more specificity for those who want to have this problem
UDAP #1, client attestation → clients have a software statement with attestations from one of more other entities (trusted 3rd party). UMA can use UDAP as a valid client registration strategy
UDAP #2, tiered authorization → clients provide a hint to the AS about what IDP the end user may be able to authenticate with. The AS can then federate to that IDP - or some other IDP. AN UMA AS federating to an IDP is very 'normal' UMA deployment
Can/should we create some UDAP & UMA white paper or implementor guidance?
Alec will be attending HIMSS
Nancy will be at Vive the week before
Are there specific messages we want to promote to those healthcare communities?
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
Non-voting participants:
Regrets: