April 12, 2017
Attending:Valerie, Scott, Luke, Joel, Prasad,
Valerie will get in touch with Toufeeq and James to clarify their status.
1 Quick update on API work
Valerie summarized that api then area for each working group. sep docs different calls.
P - rep name. can we have rep for each group? will help to maintain.
V - interdependence with xml schemas.
P they have not had dependencies. will we define json schema using schema.org.
J - need to see what payloads look like. Most rest apis don't have schemas. If we get to larger payload, will need to define rigorously, probably using json schema.We will continue to watch closely and decide. Subsets, things drawn from different places. Don't want to redefine things.
Valerie indicated there would be lots of overlap with schemas.
Joel noted some professional profile uses were very small. We will focus on this in future meetings. He can try to talk to API leaders at the annual conference. We could make this a topic for annual meeting. Valerie will coordinate with Joel regarding participation from a few select api developers. Next time we'll look at github.
2 Discuss comments on Security Guidelines
Joel commented that sections 1-3 were available for review.
Luke - key definitions. Resource is in there twice. The information about end user should be further up. It gets referred to before we see it. The terminology is confusing.
Joel moved to section 4. He recommended adding more text to describe the scenario. 4.1 recommends using OAuth 2 and SAML. What is the most important use case for us? Valerie noted organization to organization is most common. Prasad noted one application for data commons was downloading certification credentials. In concept, in the future at some point. Applications would be able to get data on the users on their behalf, with their permission. At ABFM, they integrate with CME providers using OAuth. Prasad will add some examples to the use cases.Valerie asked if Luke and Scott could add examples as well. Joel summarized that prasad would add examples; Scott and Luke will send him examples from their domains.
3 Next steps on Security Guidelines
We have a meeting May 10. Prasad will have something reviewable by then. Valerie will send calendar appointment to Joel. Joel will help Prasad develop a slide deck.We can plan on inviting them and making the draft available afterwards. Scott indicated another representative from MedHub may attend. Valerie will explore changing the room to enable teleconference.