- HEART profile for OAuth 2.0.
- HEART profile for OpenID Connect.
- HEART profile for User-Managed Access (UMA).
These have been stable since April, so they have been available for comment for 7 months. The specific call right now is to get these closed out as Implementer Draft status in two to three weeks. So now is the time to look at them if you have not yet looked at them. If you have looked at them, then now is the time to comment.
How to Comment and get involvedPlease get involved, this is an important effort to the advancement of healthcare user authentication, authorization, privacy, and security. This work is critical to success of FHIR, and usable for any HTTP (RESTful) efforts in healthcare.
To get involved go to the HEART home and follow the instructions: https://openid.net/wg/heart/
- HEART profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 scopes.
Might be useful to have scopes that are more broad? Might be useful to have scopes that are considering DICOM WADO/QIDO?
Future HEARTThere is continuing work going on in the HEART workgroup. So please don't look to these three profiles as the only work from HEART. They are actually work finished 6 months or more ago. The effort today is on defining patient managed authorizations, such as consent as controlled by the patient themselves.
Clearly this will enhance the scopes beyond the fixed list in the scopes profile.
Also, See my blog on FHIR Security initiatives