Extracted from Binding Obligations
Requesting Party
Resource Server Operator
Authorization Server Operator
Authorizing Party
Statutory Privacy Roles
Extracted from ISO 29100
2.11 PII controller
entity (or entities) that determines the purposes and means for processing PII other than individual persons who use data for personal purposes
NOTE A PII controller sometimes instructs others (e.g., PII processors) to process PII on its behalf while the responsibility for the processing remains with the PII controller.
2.12 PII principal
natural person to whom the PII relates NOTE Depending on the jurisdiction and the particular data protection and privacy legislation, the concept of a “PII principal” may also be defined as a “data subject”.
2.13 PII processor
entity that processes PII on behalf of and in accordance with the instructions of a PII controller
2.26 third party
an entity other than the PII principal, the PII controller and the PII processor, and the persons who are authorized to process the data under the direct authority of the PII controller or the PII processor
UMA Healthcare Use Case Roles
Extracted from Adrian's use cases
Alice
Bob
EHR-1 Operator
EHR-2 Operator
PCP (Primary Care Provider)
Custodian
3.1.1 Extrapolating from Existing Legal Scenarios"