General Resources
- Introduction to OAuth and OpenID Connect by Justin Richer
- Introduction to UMA (UMA V1, with some HEART context) by Eve Maler
- UMA Legal framework effort
- MITRE RHEx and Blue Button Plus profile efforts
- GTRI-Trustmark Presentation April 2015 (downloads a PowerPoint file about the GTRI “trustmark marketplace”)
Use Cases
- Use case template (GDoc)
- Alice Selectively Shares Health-Related Data with Physicians and Others [UMA, FHIR] (GDoc)
- Alice Registers with PCP and Sets Up Two-Way Exchange of Personal Data Between EHR and PHR [OAuth Only] (GDoc)
- Elderly Mom with Family Caregiver (GDoc)
- Multiple Portals (wiki)
- Post-MI Implant and Rehab (wiki)
- VA Secure RESTful Profiles use case (wiki)
- Patient Data for Clinical and Research Purposes (wiki)
- PCP First Appointment (wiki) – see also PHR to EHR swimlane
Terminology
- IdP = identity provider
- RP = relying party
- SSO = single sign-on
- user = human end-user
- RO = resource owner (typically a user) trying to achieve controlled sharing – could be same as SSO user
- AS = authorization server – could be the same as IdP
- RS = resource server – could be the same as AS
- C = client – an application
- RqP = requesting party (typically but not always a user) – could be same as RO