OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Draft meeting minutes Apr 23, 2018

Minutes for 23 April 2018 TC meeting.

 

Meeting started at 9:30 AM PT.

 

**Attendance:

 

Chris Shawn, Chair (VHA)

Mohammad Jafari (VHA)

Mike Davis (VHA)

Kathleen Connor (VHA)

 

Chair: We have quorum.

 

**Administrivia:

 

- Approval of the last meeting minutes from 04/02/2018:

https://lists.oasis-open.org/archives/xspa/201804/msg00000.html

Unanimously approved.

 

**XSPA SAML Profile:

- Following the discussion in the previous TC call, the XSPA SAML profile is back to working draft status. Working Draft 11 was posted; only the Principal's ID and Purpose of Use are normative now and the rest of the attributes are non-normative.

https://www.oasis-open.org/apps/org/workgroup/xspa/download.php/62887/saml-xspa-v2.0-wd12-20180416.docx

 

**Initiator vs. Principal

Mike mentioned the distinction between the organization entity which makes the request and the original entity such as an end-user who initiates the request.

 

Mike: the entity who is legally liable for making the request and receiving the information is the organization, and because of that the original initiator is not as important in making access control decisions. We need to reflect this distinction and make sure that the organization is a mandatory field.

 

Mohammad: the use of the term "initiator" seems to be not fully aligned with other guides and standards including IHE and Carequality.

 

Kathleen: the ISO use may also be different.

 

Mohammad: Let's discuss this further in the mailing list and bring it up in the next meeting.

 

**Resource ID:

Mohammad: The resource ID should not to be a mandatory field. There are use-cases like bulk request where the resource IDs are not known in advance. Also, if these assertions are to be presented before the patient ID is known, e.g. during patient discovery, the service consumer would not know the patient ID in advance and at the time of creating the assertions.

 

The TC decided to further discuss this in the next meeting.

 

Next meeting will be on May 7th, 2018 at the same time.

 

Adjourned at 10AM PT.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]