Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

POET Application Verification for Consumer Health Apps

224 views

Published on

Addressing the Consumer Right of Access for the emerging world of Health APIs. POET works with OAuth2.0 to address this challenge in a scalable way. This presentation was given to the Security work group at the HL7 Workgroup meeting in San Diego, September 2017.

Published in: Healthcare
  • Login to see the comments

  • Be the first to like this

POET Application Verification for Consumer Health Apps

  1. 1. @ekivemark Solving How Consumers Access their Data Mark Scrimshire
 TransparentHealth.org
  2. 2. @ekivemark <xmlUsed Value="False" /> {“json_used”:True}
  3. 3. @ekivemark My data 
 should be usable
  4. 4. @ekivemark Information Blocking is going to get expensive
  5. 5. @ekivemark It is not just your challenge! Consumers Data Holders Developers
  6. 6. @ekivemark Everyone can benefit Consumers Data Holders Developers
  7. 7. @ekivemark APIs bring solutions and Challenges
  8. 8. @ekivemark Simply Solving 
 the Trust Challenge Policy Technology Governance
  9. 9. @ekivemark Simply Solving 
 the Trust Challenge CARIN Alliance Policy BluePrint POET and Dynamic OAuth Registration Verification Registrar and Endorsing Entities
  10. 10. @ekivemark Token 1.Apps get verified 2.Verifier issues app token 3.App presents token to dynamic registration endpoint 4.Data Holder validates token 5.App is given access to API or blocked 6.Consumer uses app and authenticates and authorizes data exchange National Association for Trusted Exchange (Registry) Verification Body Verification Body Verification Body App Data Holder
  11. 11. Win-Win-Win • Developers get verified once (for each token) • Data Holders have fewer checks to perform on 
 Consumer Apps • The Eco System of Verifiers can build a directory of Apps and Data Holders increasing confidence and discoverability for consumers
  12. 12. Next Steps • The technology is built (Working Code) • CARIN Alliance is developing Trust Framework/ Governance blueprint • Create the Registry and Verification entities • Identify Launch Communities
  13. 13. @ekivemark poet-ri sample >verify_jws_with_jwk.py ./4NRB1-0XZABZI9E6-5SM3R.jws poet.jwk { "scope": "openid profile patient/*.read", "initiate_login_uri": "https://apps-dstu2.smarthealthit.org/cardiac-risk/launch.html", "exp": 1563657181, "iss": "example.com", "software_id": "4NRB1-0XZABZI9E6-5SM3R", "token_endpoint_auth_method": "client_secret_basic", "client_name": "Cardiac Risk App", "logo_uri": "https://gallery.smarthealthit.org/img/apps/66.png", "client_uri": "https://apps-dstu2.smarthealthit.org/cardiac-risk/", "redirect_uris": [ "https://apps-dstu2.smarthealthit.org/cardiac-risk/" ], "iat": 1500585181, "grant_types": [ "authorization_code" ] }
  14. 14. Useful Links • TransparentHealth.org • Pre-OAuth Entity Trust API (POET)
 https://github.com/TransparentHealth/poet • POET Reference Implementation (POET-RI)
 https://github.com/TransparentHealth/python-poetri • Contacts:
 Mark Scrimshire - mark@ekivemark.com
 Alan Viars - aviars@videntity.com

×