Re: [Txauth] Possible Use Case for GNAP
Tom Jones <thomasclinganjones@gmail.com> Thu, 02 July 2020 17:47 UTC
Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1C093A060A for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 10:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kte-LyYWbprC for <txauth@ietfa.amsl.com>; Thu, 2 Jul 2020 10:46:58 -0700 (PDT)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA8FE3A0602 for <txauth@ietf.org>; Thu, 2 Jul 2020 10:46:57 -0700 (PDT)
Received: by mail-ot1-x335.google.com with SMTP id d4so24785885otk.2 for <txauth@ietf.org>; Thu, 02 Jul 2020 10:46:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GI6VJfDd3B5I7XERu/5HjEHvmbMWXJR5M7Mg9stlFOk=; b=fkMZDDa9067U3KWIYuISwVOO+B9PoVFK7N4lTiy+sALGGP2Bfjv7PWqXKZZSb0bhnS ZyPyaVOjKmVp9zHne2+mR1llKTpg7kO/2PGnA08JPrroRXjg8kXuz51erUnXjVkVh/Iw urLHG2fYpkHDI3qOnIras4ItwXLnIhe8Vns5zA3jdMkHXO8hNSoP5yglUD9Le4COzHOU HNOY+dMtJC/ll91NjTxLxZ6f+C/y0zHyoXcPvskLbSa1oHFf5Zddr0Wv+0G8OdbnXGRt txyAWLdhobyjGVOZBOmZR5FP3iw+cSh0WVCRJI1cJbVtq+XngsxXvAp/g5I74hCSQV+j 6JGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GI6VJfDd3B5I7XERu/5HjEHvmbMWXJR5M7Mg9stlFOk=; b=fNLHzoKSA8v2TuXSK9hUoKgt7hTmXoDun+aKGzFCBLfaoT3PLyNR4cT6FIwoa6U29T Eb2tROW1zRtfW/Af/ZHIP7bkHSdZyeLbZkosS6zakS2DJm5SCaN+mG832CFRkvFkBrDI UaQHdpVpYmhX/zHXuiIidmxaO9Mpd1s/2LgvEnLjwCjcGcyD5uuK/r6WltZn+Rl1foCu eC9CBvxSVWg+Eypbmg28AH7jYM0LlCNeot90sXfT809hvfTCpzmMdFBZ/IUkqZk5yUIP V7iQE0AI9thoLEOdebBMFr5CFg8GRG7fLOrPV+5R+8+tBRLs/8KvuxWNSq5BCyNyJ3qS 8K0Q==
X-Gm-Message-State: AOAM533J8d4njEM5m+kdiTgHA51sPDW5ihHAISjRYsTaCxugsx0kZSyO kWL8k/0UJcTwG9W8kpTzeqVVkFIRI2IuAq5+dDbDKskOcuM=
X-Google-Smtp-Source: ABdhPJymPSG7jIgSdloxdKguQwCC3tHWUBwRLdmgDmV33Q4CzSq3ia+GaxqRppeOmwUGEr5JryE7Eb8mrye0oY9m06c=
X-Received: by 2002:a9d:66ca:: with SMTP id t10mr11790676otm.358.1593712016598; Thu, 02 Jul 2020 10:46:56 -0700 (PDT)
MIME-Version: 1.0
References: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com> <CAK2Cwb7ZfDgBjU3920Nemug9ofYVfkDyw5V792cJnrO08ufc=g@mail.gmail.com> <3b8d3690-47e2-ff00-1065-29647d18555b@readycomputing.com> <CAK2Cwb7E2DQ+ykv2b+9-3csZ+z=QW2ahJkExvohsp8zy1EL0Ng@mail.gmail.com> <00827624-7361-4c5f-b34f-0edc8f7493dc@readycomputing.com>
In-Reply-To: <00827624-7361-4c5f-b34f-0edc8f7493dc@readycomputing.com>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Thu, 02 Jul 2020 10:46:44 -0700
Message-ID: <CAK2Cwb6O3N7dZpZc7qehjgQRUaV-A_P8VWx4YwFiCjj6KFc98Q@mail.gmail.com>
To: David Pyke <david.pyke@readycomputing.com>
Cc: txauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009faa4905a978fe35"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/mJQV6ZcSXUH-cfBwQr7jYWq_XiY>
Subject: Re: [Txauth] Possible Use Case for GNAP
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 17:47:01 -0000
My guess is that txauth is only concerned with the link between the user (indirectly to get consent) the destination EHR, which is perversely called the client of the user, and the RS which is the combined HIE in its entirety. The RCE should work out the hop x hop stuff. This link (which i sent out previously) is intended to address the patient as the AS with a self issued ID. The interesting problem from health care is that the AS consent will need to be in terms that the user understands, which is not defined, and not the FHIR claims detail. The HIAWG of Kantara has taken on the challenge of healthcare identity assurance semantics. A different Kantara WG is working on the syntax of these messages. https://wiki.idesg.org/wiki/index.php/High_Assurance_AZ_Token Peace ..tom On Thu, Jul 2, 2020 at 10:02 AM David Pyke <david.pyke@readycomputing.com> wrote: > Each hop relays the information but may have to do a transform on the data > on the way through. So, the data shouldn't be archived as the network is > designed purely to route request and responses from originator to > responder. As such, there's no need for individual access notifications. > However, the data is not necessarily encrypted as this is designed as a > trusted network. The FHIR query would be routed through to the responder, > and the results routed back to the query originator. > > Notifications to the user would be not needed as to the originator system > the network is (should be) transparent. However, to maintain the trust of > the authorization/authentication, each hop will have to capture, and > forward to one or more responders in the network. > > For example > > 1. EHR A sends out a patient record discovery request to it's upstream > actor, that is forwarded to it's upstream HIN. > 2. The HIN sends that request to all other HINs who forward it > (depending on the capabilities of the HIN) to the various actors. The > originating user needs to be identified to the responders for audit and > access consent. However, the cert that is used may (and likely will) change > for each hop and be different the org that was the query source, which will > still need to be identified to the responders > 3. Some of those actors' EHRs respond saying they have data on that > patient. > 4. The responding HINs aggregates the responses and sends on bundle to > the initiating HIN who forwards it via it's network to the query source > 5. That source sends out a requests to saying "Send me the data from > all the sources", that goes out, and results are aggregated on the way back > into one bundle. Same requirements as 2 > > All of that needs to be managed from a trust/authentication/authorization > point of view. Simple, right? > > > On 2020-07-02 12:45 p.m., Tom Jones wrote: > > without a better understanding of the "hop" it is hard to say. Does each > "hop" archive the PHI in FHIR format? if so each would need to notify the > user of access, as i see the problem. That sounds like something that would > scare the patient. If the "hop" just handled (for example) an encrypted > packet, that would not be a problem. OTOH if a federation were involved, > the federation could notify the user. Less scary perhaps. > Peace ..tom > > > On Thu, Jul 2, 2020 at 9:41 AM David Pyke <david.pyke= > 40readycomputing.com@dmarc.ietf.org> wrote: > >> Great to hear! >> >> My main concern is that the cert use may be an issue as it's passed >> through the hops. A hop may want to have their predecessor use the >> predecessor's cert coming in but may swap out their own cert for the next >> connection (and the same happening on the way back). So, the ability to >> trace certs through the relaying would be an issue so that trust is >> maintained even when those certs aren't chained together. It would be good >> if there was one cert or a set of chained certs used for the two traversal >> but that's not likely to be the case.. >> >> Thanks! >> On 2020-07-02 12:26 p.m., Tom Jones wrote: >> >> We discussed that use case this morning in OIDC. A proposal has been made >> for a new endpoint that I would like to see working from the EHR endpoints. >> Did you have other concerns besides the source and destination endpoints >> for the data? >> Peace ..tom >> >> >> On Thu, Jul 2, 2020 at 8:30 AM David Pyke <david.pyke= >> 40readycomputing.com@dmarc.ietf.org> wrote: >> >>> I am working on a Healthcare IT project that requires multi-hop >>> transmission of REST based (FHIR: fhir.hl7.org) resources. The >>> established protocol uses OAuth2 which doens't lend itself to multi-hop >>> relay. >>> >>> I saw a presentation on XYZ/GNAP and thought it might be early enough to >>> get on the train to consider how it might address that structure. The >>> system I'm working on is from the US Office of the National Coordinator for >>> Healthcare IT (ONC) called TEFCA. At minimum there would be 4 hops, at >>> maximum, could be 8-10 and no bypassing of the network can be done. As I >>> said, OAuth2 doesn't handle that without significant issues. >>> >>> If this is not a use case that can be considered, please accept my >>> apologies. >>> >>> Thanks >>> >>> Dave Pyke >>> -- >>> >>> *David Pyke* >>> >>> Manager, Strategic Consulting >>> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >>> >>> [image: Logo] <http://www.readycomputing.com/> >>> >>> [image: LinkedIn icon] >>> <https://www.linkedin.com/company/ready-computing> [image: Twitter icon] >>> <https://twitter.com/ready_computing?lang=en> [image: Youtbue icon] >>> <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> >>> >>> Office: +1 212 877 3307 x5001 >>> >>> * david.pyke@readycomputing.com <david.pyke@readycomputing.com>* >>> >>> * www.readycomputing.com <http://www.readycomputing.com/>* >>> >>> 150 Beekman Street, Floor 3, New York, NY 10038 >>> >>> The information in this e-mail communication together with any >>> attachments is intended only for the person or entity to which it is >>> addressed and may contain confidential and/or privileged material. If you >>> are not the intended recipient of this communication, please notify us >>> immediately. Any views expressed in this communication are those of the >>> sender, unless otherwise specifically stated. Ready Computing does not >>> represent, warrant or guarantee that the integrity of this communication >>> has been maintained or the communication is free of errors, virus or >>> interference. >>> >>> This is not a secure transmission. The information contained in this >>> transmission is highly prohibited from containing privileged and >>> confidential information, including patient information protected by >>> federal and state privacy laws. It is intended only for the use of the >>> person(s) named above. If you are not the intended recipient, you are >>> hereby notified that any review, dissemination, distribution, or >>> duplication of this communication is strictly prohibited. If you are not >>> the intended recipient, please contact the sender by reply email and >>> destroy all copies of the original message. -- >>> Txauth mailing list >>> Txauth@ietf.org >>> https://www.ietf.org/mailman/listinfo/txauth >>> >> >> -- >> >> *David Pyke* >> >> Manager, Strategic Consulting >> >> >> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >> >> [image: Logo] <http://www.readycomputing.com/> >> >> [image: LinkedIn icon] <https://www.linkedin.com/company/ready-computing> [image: >> Twitter icon] <https://twitter.com/ready_computing?lang=en> [image: >> Youtbue icon] <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> >> >> Office: +1 212 877 3307 x5001 >> >> * david.pyke@readycomputing.com <david.pyke@readycomputing.com>* >> >> * www.readycomputing.com <http://www.readycomputing.com/>* >> >> 150 Beekman Street, Floor 3, New York, NY 10038 >> >> The information in this e-mail communication together with any >> attachments is intended only for the person or entity to which it is >> addressed and may contain confidential and/or privileged material. If you >> are not the intended recipient of this communication, please notify us >> immediately. Any views expressed in this communication are those of the >> sender, unless otherwise specifically stated. Ready Computing does not >> represent, warrant or guarantee that the integrity of this communication >> has been maintained or the communication is free of errors, virus or >> interference. >> >> This is not a secure transmission. The information contained in this >> transmission is highly prohibited from containing privileged and >> confidential information, including patient information protected by >> federal and state privacy laws. It is intended only for the use of the >> person(s) named above. If you are not the intended recipient, you are >> hereby notified that any review, dissemination, distribution, or >> duplication of this communication is strictly prohibited. If you are not >> the intended recipient, please contact the sender by reply email and >> destroy all copies of the original message. -- >> Txauth mailing list >> Txauth@ietf.org >> https://www.ietf.org/mailman/listinfo/txauth >> > -- > > *David Pyke* > > Manager, Strategic Consulting > > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > [image: Logo] <http://www.readycomputing.com/> > > [image: LinkedIn icon] <https://www.linkedin.com/company/ready-computing> [image: > Twitter icon] <https://twitter.com/ready_computing?lang=en> [image: > Youtbue icon] <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> > > Office: +1 212 877 3307 x5001 > > * david.pyke@readycomputing.com <david.pyke@readycomputing.com>* > > * www.readycomputing.com <http://www.readycomputing.com/>* > > 150 Beekman Street, Floor 3, New York, NY 10038 > > The information in this e-mail communication together with any attachments > is intended only for the person or entity to which it is addressed and may > contain confidential and/or privileged material. If you are not the > intended recipient of this communication, please notify us immediately. Any > views expressed in this communication are those of the sender, unless > otherwise specifically stated. Ready Computing does not represent, warrant > or guarantee that the integrity of this communication has been maintained > or the communication is free of errors, virus or interference. > > This is not a secure transmission. The information contained in this > transmission is highly prohibited from containing privileged and > confidential information, including patient information protected by > federal and state privacy laws. It is intended only for the use of the > person(s) named above. If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution, or > duplication of this communication is strictly prohibited. If you are not > the intended recipient, please contact the sender by reply email and > destroy all copies of the original message.
- [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP Justin Richer
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Steinar Noem
- Re: [Txauth] Possible Use Case for GNAP Justin Richer