Re: [Txauth] Possible Use Case for GNAP
Tom Jones <thomasclinganjones@gmail.com> Thu, 02 July 2020 16:46 UTC
Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37AC43A0BFB for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 09:46:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7my60jITV0oO for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 09:45:59 -0700 (PDT)
Received: from mail-oo1-xc44.google.com (mail-oo1-xc44.google.com [IPv6:2607:f8b0:4864:20::c44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6ABE3A0B6A for <txauth@ietf.org>; Thu, 2 Jul 2020 09:45:58 -0700 (PDT)
Received: by mail-oo1-xc44.google.com with SMTP id i4so2142819ooj.10 for <txauth@ietf.org>; Thu, 02 Jul 2020 09:45:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mhyj0iM9Zw4vdAxza6R0J699IEZ9HcUN2I7PmOeG37g=; b=qUBkNrzJf0HclSiOkTMtMOMu9O5YoMItj5+WVkQwiuSBmI8aXzeIVEuOP47fk2Dixy Lx6LRO4/hcQ2ugJ7rNU3odFxth6wtShMwvEae167bSG01k3hCheNLRGImhnCbXLrRzO4 t673kO7ezlsQOVAYBPp6cdJPPo/iqqpzAUNgOjBwBNKagzJC13GVoG+uGwVhznOoQ4Df CT1UONJTRScPG8WXEAt+qdYVY20yL+mwtN1LRjoKPyws5U9ETydR/F/M3oZ9JibDpcUN VcjMG6bfLhxjDFd63chqjAeWpjsAAi3DOQk/Z7o7u28eZ3d4Y/UdX0ASJ1H+9nF+Yopt gL6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mhyj0iM9Zw4vdAxza6R0J699IEZ9HcUN2I7PmOeG37g=; b=OJ4Afl+mZ0Gevie3Id1Ny5IjEkYFRc7f4rYCgtSY3Nribz9dxnt/hBy3RUWshkS/wi e+2puvPfbtq5A5GclImcgOL61mFHGYf1irASspHxSP47/RJvCLx/eUbW9xaOZvpuUU8l YKPPenH/i9SjbA//sPMw9UAPG575Ec6I1fzXS5ybn7BTCdWSzdUuYq9EdaKMwVGFMKJV kfHvZIAQsDK2ymCGez6lkXFKBcTNPknJyk5pz6ZrItsBikJbU/bXU33UGDWlwZBoREbV 3xb98w2IjXHbzSw4Citq/3NtARGnkTMSE7wYfQAglJBDhr5hPxJUOVIaQjjEIUh/MW2P Xftw==
X-Gm-Message-State: AOAM530SIKoo5aoCVL9GHUSDmfN5BTNzcb38F8r+9de2BWU4NXHgw41J 91n2tnyXm/3CNxBjv0f31Q2CDhaqrqUKJTcD1cI=
X-Google-Smtp-Source: ABdhPJxtb1q8AFJCvbcMAhK4XFNvBub73DXCEdwtlVFg93lfS2QyvtnWBr1+YOw4j7w6MWuLFxSwOyyrY0Mgvz8sWyQ=
X-Received: by 2002:a4a:dfb5:: with SMTP id k21mr19960775ook.27.1593708357797; Thu, 02 Jul 2020 09:45:57 -0700 (PDT)
MIME-Version: 1.0
References: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com> <CAK2Cwb7ZfDgBjU3920Nemug9ofYVfkDyw5V792cJnrO08ufc=g@mail.gmail.com> <3b8d3690-47e2-ff00-1065-29647d18555b@readycomputing.com>
In-Reply-To: <3b8d3690-47e2-ff00-1065-29647d18555b@readycomputing.com>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Thu, 02 Jul 2020 09:45:44 -0700
Message-ID: <CAK2Cwb7E2DQ+ykv2b+9-3csZ+z=QW2ahJkExvohsp8zy1EL0Ng@mail.gmail.com>
To: David Pyke <david.pyke=40readycomputing.com@dmarc.ietf.org>
Cc: txauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008accd105a97824cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/Zd5TkRTeIr814OYOkwle-GlEHMY>
Subject: Re: [Txauth] Possible Use Case for GNAP
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 16:46:10 -0000
without a better understanding of the "hop" it is hard to say. Does each "hop" archive the PHI in FHIR format? if so each would need to notify the user of access, as i see the problem. That sounds like something that would scare the patient. If the "hop" just handled (for example) an encrypted packet, that would not be a problem. OTOH if a federation were involved, the federation could notify the user. Less scary perhaps. Peace ..tom On Thu, Jul 2, 2020 at 9:41 AM David Pyke <david.pyke= 40readycomputing.com@dmarc.ietf.org> wrote: > Great to hear! > > My main concern is that the cert use may be an issue as it's passed > through the hops. A hop may want to have their predecessor use the > predecessor's cert coming in but may swap out their own cert for the next > connection (and the same happening on the way back). So, the ability to > trace certs through the relaying would be an issue so that trust is > maintained even when those certs aren't chained together. It would be good > if there was one cert or a set of chained certs used for the two traversal > but that's not likely to be the case. > > Thanks! > On 2020-07-02 12:26 p.m., Tom Jones wrote: > > We discussed that use case this morning in OIDC. A proposal has been made > for a new endpoint that I would like to see working from the EHR endpoints. > Did you have other concerns besides the source and destination endpoints > for the data? > Peace ..tom > > > On Thu, Jul 2, 2020 at 8:30 AM David Pyke <david.pyke= > 40readycomputing.com@dmarc.ietf.org> wrote: > >> I am working on a Healthcare IT project that requires multi-hop >> transmission of REST based (FHIR: fhir.hl7.org) resources. The >> established protocol uses OAuth2 which doens't lend itself to multi-hop >> relay. >> >> I saw a presentation on XYZ/GNAP and thought it might be early enough to >> get on the train to consider how it might address that structure. The >> system I'm working on is from the US Office of the National Coordinator for >> Healthcare IT (ONC) called TEFCA. At minimum there would be 4 hops, at >> maximum, could be 8-10 and no bypassing of the network can be done. As I >> said, OAuth2 doesn't handle that without significant issues. >> >> If this is not a use case that can be considered, please accept my >> apologies. >> >> Thanks >> >> Dave Pyke >> -- >> >> *David Pyke* >> >> Manager, Strategic Consulting >> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> [image: Logo] <http://www.readycomputing.com/> >> >> [image: LinkedIn icon] <https://www.linkedin.com/company/ready-computing> [image: >> Twitter icon] <https://twitter.com/ready_computing?lang=en> [image: >> Youtbue icon] <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> >> >> Office: +1 212 877 3307 x5001 >> >> * david.pyke@readycomputing.com <david.pyke@readycomputing.com>* >> >> * www.readycomputing.com <http://www.readycomputing.com/>* >> >> 150 Beekman Street, Floor 3, New York, NY 10038 >> >> The information in this e-mail communication together with any >> attachments is intended only for the person or entity to which it is >> addressed and may contain confidential and/or privileged material. If you >> are not the intended recipient of this communication, please notify us >> immediately. Any views expressed in this communication are those of the >> sender, unless otherwise specifically stated. Ready Computing does not >> represent, warrant or guarantee that the integrity of this communication >> has been maintained or the communication is free of errors, virus or >> interference. >> >> This is not a secure transmission. The information contained in this >> transmission is highly prohibited from containing privileged and >> confidential information, including patient information protected by >> federal and state privacy laws. It is intended only for the use of the >> person(s) named above. If you are not the intended recipient, you are >> hereby notified that any review, dissemination, distribution, or >> duplication of this communication is strictly prohibited. If you are not >> the intended recipient, please contact the sender by reply email and >> destroy all copies of the original message. -- >> Txauth mailing list >> Txauth@ietf.org >> https://www.ietf.org/mailman/listinfo/txauth >> > > -- > > *David Pyke* > > Manager, Strategic Consulting > > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > [image: Logo] <http://www.readycomputing.com/> > > [image: LinkedIn icon] <https://www.linkedin.com/company/ready-computing> [image: > Twitter icon] <https://twitter.com/ready_computing?lang=en> [image: > Youtbue icon] <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> > > Office: +1 212 877 3307 x5001 > > * david.pyke@readycomputing.com <david.pyke@readycomputing.com>* > > * www.readycomputing.com <http://www.readycomputing.com/>* > > 150 Beekman Street, Floor 3, New York, NY 10038 > > The information in this e-mail communication together with any attachments > is intended only for the person or entity to which it is addressed and may > contain confidential and/or privileged material. If you are not the > intended recipient of this communication, please notify us immediately. Any > views expressed in this communication are those of the sender, unless > otherwise specifically stated. Ready Computing does not represent, warrant > or guarantee that the integrity of this communication has been maintained > or the communication is free of errors, virus or interference. > > This is not a secure transmission. The information contained in this > transmission is highly prohibited from containing privileged and > confidential information, including patient information protected by > federal and state privacy laws. It is intended only for the use of the > person(s) named above. If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution, or > duplication of this communication is strictly prohibited. If you are not > the intended recipient, please contact the sender by reply email and > destroy all copies of the original message. -- > Txauth mailing list > Txauth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP Justin Richer
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Steinar Noem
- Re: [Txauth] Possible Use Case for GNAP Justin Richer