Re: [Txauth] Possible Use Case for GNAP

Tom Jones <thomasclinganjones@gmail.com> Thu, 02 July 2020 16:27 UTC

Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAB9A3A0A78 for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 09:27:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qemF4OtxUVBw for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 09:27:09 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EED8B3A0A73 for <txauth@ietf.org>; Thu, 2 Jul 2020 09:27:08 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id g37so826057otb.9 for <txauth@ietf.org>; Thu, 02 Jul 2020 09:27:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=33tKroyE2JrbSAnKcBWQgJx0+mwiJwAoiiZWamEpK4o=; b=SxHtVtMyfcUl4UZNFENtyydICZ/1keDDH47dIwZMIy1cqUyd07rGMcccUTZ6mW46Dc IBjCMj1UKbAFzXeTM8I9mTj85hhcQvzRo8hM3f90crGJQCTxcXgBEKiCFzKZOCv3aCUY nhOjtJkaEZzTila4wSbTADDEn7yWLBUHI82Glvivy9nzpeBHgJWMP1RrD7VJ9j7+28tv 8wkqizUOm/B7F7zWMFFM+JDLZcNgkZZ42dxmnx/qlICzzZL/fOKMfNM69nDPUTphVtw6 vKb35q+At8C8w1srgbeiO1s6Ni8DIg+5fh0hZj/3BCozQB6F9Cw8nmfsNjsPAMSvwNmP cA7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=33tKroyE2JrbSAnKcBWQgJx0+mwiJwAoiiZWamEpK4o=; b=ZdYdV+AsKC6v/oGaYo4cno9He5vNxPPsJjjf3tL6m6a9J9RFFWMGuiUlhK/RImvQur GCTnpmuIx6GQQmDtP4fT06DQnJP0BF1qTlp3BzfFnTb2fWMb3Df644Z1aWhzmhcUFEox vnO1t13R1hxvDQoJY1D5jGJOwmh9gW9u5Q0N7rnFlKfoAa1ZAo+NfWqz9tiKmEBQgmZk n2HWtJ/fbE7Owlr7jXn62pEC0MhtRNb2VrfRcmnRibZibUH1a9pb1za4sgOsVlUQu0G7 z/YasrQ4ZcT8OkTPYUZYeDahrH65RIWwgli5Aqx44DCnjskjbyEIgiFHjPfsmOxrzivO iw3A==
X-Gm-Message-State: AOAM533z7UytHD5uOwdglBNlACF+6csuGmir2+rj9oNjQbmwpjHHv1zu HONCAQj9auPVxE97f3VF9wo3JUYryi7C/8cqeb9a+ovd
X-Google-Smtp-Source: ABdhPJwd1Fax1gRSD7J6MTsxCCUyoGhrWZjs/BwXexswMoC2CxIjZtSZcCPefVLX4R048bk2sg5IIZqavlme7P8rlEk=
X-Received: by 2002:a05:6830:3151:: with SMTP id c17mr28769439ots.143.1593707228015; Thu, 02 Jul 2020 09:27:08 -0700 (PDT)
MIME-Version: 1.0
References: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com>
In-Reply-To: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Thu, 02 Jul 2020 09:26:54 -0700
Message-ID: <CAK2Cwb7ZfDgBjU3920Nemug9ofYVfkDyw5V792cJnrO08ufc=g@mail.gmail.com>
To: David Pyke <david.pyke=40readycomputing.com@dmarc.ietf.org>
Cc: txauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000033af8c05a977e1fd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/inzNsHSooain6QVgYzsBrW3Pw4Q>
Subject: Re: [Txauth] Possible Use Case for GNAP
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 16:27:11 -0000

We discussed that use case this morning in OIDC. A proposal has been made
for a new endpoint that I would like to see working from the EHR endpoints.
Did you have other concerns besides the source and destination endpoints
for the data?
Peace ..tom


On Thu, Jul 2, 2020 at 8:30 AM David Pyke <david.pyke=
40readycomputing.com@dmarc.ietf.org> wrote:

> I am working on a Healthcare IT project that requires multi-hop
> transmission of REST based (FHIR: fhir.hl7.org) resources.  The
> established protocol uses OAuth2 which doens't lend itself to multi-hop
> relay.
>
> I saw a presentation on XYZ/GNAP and thought it might be early enough to
> get on the train to consider how it might address that structure.  The
> system I'm working on is from the US Office of the National Coordinator for
> Healthcare IT (ONC) called TEFCA.  At minimum there would be 4 hops, at
> maximum, could be 8-10 and no bypassing of the network can be done.  As I
> said, OAuth2 doesn't handle that without significant issues.
>
> If this is not a use case that can be considered, please accept my
> apologies.
>
> Thanks
>
> Dave Pyke
> --
>
> *David Pyke*
>
> Manager, Strategic Consulting
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> [image: Logo] <http://www.readycomputing.com/>
>
> [image: LinkedIn icon] <https://www.linkedin.com/company/ready-computing> [image:
> Twitter icon] <https://twitter.com/ready_computing?lang=en> [image:
> Youtbue icon] <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ>
>
> Office: +1 212 877 3307 x5001
>
> * david.pyke@readycomputing.com <david.pyke@readycomputing.com>*
>
> * www.readycomputing.com <http://www.readycomputing.com/>*
>
> 150 Beekman Street, Floor 3, New York, NY 10038
>
> The information in this e-mail communication together with any attachments
> is intended only for the person or entity to which it is addressed and may
> contain confidential and/or privileged material. If you are not the
> intended recipient of this communication, please notify us immediately. Any
> views expressed in this communication are those of the sender, unless
> otherwise specifically stated. Ready Computing does not represent, warrant
> or guarantee that the integrity of this communication has been maintained
> or the communication is free of errors, virus or interference.
>
> This is not a secure transmission. The information contained in this
> transmission is highly prohibited from containing privileged and
> confidential information, including patient information protected by
> federal and state privacy laws. It is intended only for the use of the
> person(s) named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution, or
> duplication of this communication is strictly prohibited. If you are not
> the intended recipient, please contact the sender by reply email and
> destroy all copies of the original message. --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>