1I/ Application Identity and Trust in Healthcare and beyond

From IIW
Revision as of 21:46, 6 May 2017 by Nobnatu (talk | contribs) (Created page with "'''Application Identity and Trust in healthcare and beyond ''' '''Wednesday 1I ''' '''Convener: '''Alan Viars '''Notes-taker(s):''' Alan Viard '''Discussion notes,...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Application Identity and Trust in healthcare and beyond

Wednesday 1I

Convener: Alan Viars

Notes-taker(s): Alan Viard

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Trebuchet 11

The group discussed primarily health care use cases for application trust and endorsement.


The POET method where a signed JWT is used to convey a pedigree of an application is a reasonable approach with some caveats thought presented by the group:

  • There must be rules and governance for how endorsing bodies (i.e. JWT signers) manage public keys. Perhaps these rules could be based on the same rules used by certificate authorities, but less stringent.
  • A governing body must exists to managing all endorsers who meet this criteria.
  • A uniform display for the endorsement or lack thief should be adopted.  It took the browser community 7 years to come to an agreement.
  • No significant difference between using x509 and JWKs for key pairs.  x509 certificates could be self-signed in this use case.