human rights considerations #55
Conversation
✅ Deploy Preview for gnap-resource-servers-editors-draft ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
|
Hi Fabien, I notice, that this comment is from the GNAP to human rights perspective (quite difficult) but looking like you are top of it. The other way is from human rights to GNAP perspective. In this regard, digital identifiers relationship to surveillance, the limitations of authentication based authorisation vs authority based authorisation flows - and the existing contract policy structures vs privacy agreement flow could be pulled apart and data control centric. Happy to work on the second approach if there is interest? |
|
@smartopian yes there's interest. The only limit here is that GNAP is independant from authentification per say, so we just need to make sure what we're saying doesn't change that approach. Apart from that, happy to work further with you on this. |
|
@smartopian I don't understand the distinction you and @fimbault are making and I hope you can clarify. For example, our use-case is access to a health record resource based on accountability rather than identity, as determined by AS policy. The policy, in general, does not care about identity per se. It evaluates the request in terms of accountability for the scope of access based on (verifiable) credentials of the end user. It's equivalent to "break the glass" in legacy EHRs. |
|
An update after IETF 115 is here: https://mailarchive.ietf.org/arch/msg/txauth/wSpYbby1jrce6g4__0vL2_fz_xo/ |
aims to close #54