Addressing the Consumer Right of Access for the emerging world of Health APIs. POET works with OAuth2.0 to address this challenge in a scalable way. This presentation was given to the Security work group at the HL7 Workgroup meeting in San Diego, September 2017.
10. @ekivemark
Simply Solving â¨
the Trust Challenge
CARIN Alliance
Policy BluePrint
POET
and
Dynamic OAuth
Registration
VeriďŹcation Registrar
and
Endorsing Entities
11. @ekivemark
Token
1.Apps get veriďŹed
2.VeriďŹer issues app token
3.App presents token to dynamic registration endpoint
4.Data Holder validates token
5.App is given access to API or blocked
6.Consumer uses app and authenticates and authorizes data exchange
National Association for
Trusted Exchange
(Registry)
VeriďŹcation
Body
VeriďŹcation
Body
VeriďŹcation
Body
App
Data
Holder
12. Win-Win-Win
⢠Developers get veriďŹed once (for each token)
⢠Data Holders have fewer checks to perform on â¨
Consumer Apps
⢠The Eco System of VeriďŹers can build a directory of Apps
and Data Holders increasing conďŹdence and
discoverability for consumers
13. Next Steps
⢠The technology is built (Working Code)
⢠CARIN Alliance is developing Trust Framework/
Governance blueprint
⢠Create the Registry and VeriďŹcation entities
⢠Identify Launch Communities