The document discusses a digital commons and open platform for interaction between data called "any14.com". It describes portable authorization where patient data can follow patients and external actors need access to sensitive data. Portable access tokens are proposed to allow approved operations on data through signed requests and tokens even when the third party is unknown. Partners are sought to contribute portable security technologies and analysis to a larger project group.

1. any14.com
• any one for ?
– ”Den ditigale allmening”
– Åpen platform for interaksjon mellom data
Lars Reinertsen
lars.reinertsen@any14.com

2. Portabel autorisasjon
Data er mobil
Pasient data følger pasienten
Eksterne aktører trenger tilgang til sensitive data
Autorisasjons beslutningene må følge etter

3. Portable Access Token
1. I’d like conduct these operations on your
data. I’ve signed it so you know it’s really
from me.
2. That request is approved by adding an
expiration, signing and returning it.
3. I want to do this
operation on some data
you have in your
possession. Here is a
token signed by the
owner of the data that
allows me to do it.
user
owner
Unknown
third party
4. OK, I can see that the token was signed by
you and so is clearly yours.
Further that your token was also signed by
the same key that signed the data you are
requesting.
Finally that your request is included in the
token and is therefore approved by the
owner. The request is therefore granted.
BTW. I don’t know who you are or who the
owner is, but with this token I do not need
to.
0. Non-restricted
data distribution

4. Partnere ?
• Ønsker å bidra med portabel sikkerhet (teknologi, analyse) i
en større prosjekt gruppe.