[WG-UMA] Draft minutes of UMA telecon 2021-07-01

0 views

Skip to first unread message

Alec Laws

unread,

Jul 1, 2021, 2:04:28 PM7/1/21

to wg-uma@kantarainitiative.org WG

https://kantarainitiative.org/confluence/display/uma/UMA+telecon+2021-07-01

Minutes

Roll call

Quorum was NOT reached.

Approve minutes

Approve minutes of UMA telecon 2021-06-10, UMA telecon 2021-06-17, UMA telecon 2021-06-24

Deferred

Relationship Manager - user stories

As RqP Bob(reserach), I want to be able to request access to a set of Alice's resources (heath information) directly from Alice's AS without knowledge of their location(health record repositories), because I don't have to bother getting or caring about all the locations from Alice first (since there is no direct relationship between Alice and the researcher)

A reseacher may discover health records that have been authorized for them to access, without needing a direct relationship with the RO. In this case, Alice can mark her resources at the AS as being approved for someone with a specific claim. THis isn't a specific consent, ie to a specific RqP, instead she's specifying the claims that the RqP must present (such as a particular study, or researchers from specific IDPS). How she knows which avaialble studies/research institutes would have to be part of the trust ecosystem known to the AS. The AS can define the size of this ecosystem. The rule at the AS "I Alice allow people with claim=researcher from idp=[baylor, acme] to access these specific health resources=[A@RS1, B@RS2, Immz@RS2]". This next component of this is how that Client/RqP can understand the scheme/type of the resource being accessed. The Client should be requesting and receiving resources that are useful to it and not other ones (data minimization).

This reflects the "three layers or interop", ecosystem, protocol, schema. If 3/3 aren't there things don't work...

How granular can these rules be (resource type, specific resource, resource + scopes) be? , "my health record = patient/*.*" "read my heath record *.read" FHIR has some ability to be queried in graph-y ways, however usually it's very scope based. in SMARTonFHIR, the whole RS is the Resource and you specific scopes for specific "patient.read oberervation.read ..." then you can further apply confidentiality (conf/*) or sensitivity scopes (sens/*), however those apply to the entire set of scopes.

In genetic disease, the gene has a list of many mutations that could be queries, relevant to specific conditions. Or the entire gene, or types of how that gene is captures (microarray, single cell experiment). ANother example where the client/RqPs ability to understand and use the data should be assessed before giving access to the data. They might only need to know if there is a specific mutation, not the whole sequence. Or a set of genes relevant to breast cancer. There is a need to understand the purpose before giving more holistic information, it depends on the person who is investigating

Is the gene the resource? Resource=(gene), scopes=(diseaseA, diseaseB, phenotypeD, specific-featureC, single-cell-experiment). The client/rqp can be filtered against the avaialbe gene resources based on those scopes. There are vocabularies that are standardized through industry that would help create this language to drive interoperability (the schema level interop)

What audit capabilities would Alice have to see who/what institutes actually access her information? The AS should be able to provide this, and the RS would be able to provide even more specificity. Alice must be able to understand up front what level of audit she will receive. There is a dichomoty of behaviour a) people who wont' check and b) people who will and take action on this information. ANCR intersection, when the CLient is granted access lodge a consent receipt for Alice's records? This CR can be pushed as a claim (json) for Alice to understand how the Client will treat her data, who to contact etc

Alice is delegating some interrogation of Clients to the AS, the blanket consent statement can't consider all Client terms (since Alice isnt' present at that time),

There is a need for Bob to know the AS at which to request access from

As RqP Bob(financial advisor), I want to be able to request access to a set of Alice's resources (pension information) directly from Alice's AS without knowledge of their location(specific pension providers), because I don't have to bother getting or caring about all the locations from Alice first (since this is cumbersome to Alice and the Advisor)

The rule at the AS "I Alice allow people with claim=advisor, myad...@advisingcompany.com from idp=[advisor idp] to access these specific pension resources=[A@PP1, B@PP2]". The resources available in this rule are the registered resources from an earlier discovery/registration step (both cases). This also allwos the RS to not guess what resources and scopes the Client needs based on the inititial request with the URL (RPT-less request), the AS has a much clearer idea about the Clients capability and what specificifally has been granted after claims gathering has occured.

Reviewing the Diagram: https://groups.google.com/g/kantara-initiative-uma-wg/c/WAnizgl08Fg/m/YjflL1EbAwAJ

Is there an alternative where Alice tells the AS, my resources are here (RS)? This could be the AS as RelationshipManageer, where the RM reaches out to the RS to read the available resources. The challenges is still in PAT establishment.

Could Alice create policy before resources are registered? This is getting closer to delegation/consent vs protocol level

UMA Interop Testing

Deferred

AOB

Attendees

As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)

Voting:

Peter
Alec
Domenico

Non-voting participants:

Zhen
Ian
Scott

Regrets:

Steve

Reply all

Reply to author

Forward

0 new messages