Dazza and I were chatting about how roles might map between UMA and the MVCR, (which references roles from  ISO 29100).

We thought this might be useful in providing a place to start. 

- Mark  

 

Extracted from Binding Obligations

Requesting Party
Resource Server Operator
Authorization Server Operator
Authorizing Party
Statutory Privacy Roles

Extracted from ISO 29100

2.11 PII controller
entity (or entities) that determines the purposes and means for processing PII other than individual persons who use data for personal purposes

NOTE A PII controller sometimes instructs others (e.g., PII processors) to process PII on its behalf while the responsibility for the processing remains with the PII controller.

2.12 PII principal
natural person to whom the PII relates NOTE Depending on the jurisdiction and the particular data protection and privacy legislation, the concept of a “PII principal” may also be defined as a “data subject”.

2.13 PII processor
entity that processes PII on behalf of and in accordance with the instructions of a PII controller

2.26 third party
an entity other than the PII principal, the PII controller and the PII processor, and the persons who are authorized to process the data under the direct authority of the PII controller or the PII processor

UMA Healthcare Use Case Roles

Extracted from Adrian's use cases

Alice
Bob
EHR-1 Operator
EHR-2 Operator
PCP (Primary Care Provider)
Custodian
3.1.1 Extrapolating from Existing Legal Scenarios"