Stream: blockchain
Topic: OAuth2
Grahame Grieve (Mar 16 2017 at 11:49):
someone claimed to me the other day that we don't need OAuth2 because *blockchain*
Grahame Grieve (Mar 16 2017 at 11:49):
I couldn't make sense of that. Am I wrong?
John Moehrke (Mar 16 2017 at 13:19):
What I have seen is the use of blockchain based smart-contracts to enable a third-party (who satisfies the contract terms) to gain access. From what I understand this contract satisfaction is used by an OAuth authorization service to issue a classic OAuth token, that is then used in classic OAuth ways to access the data via http/REST - FHIR. --- This would be a model that would enable the kind of Research advertisement --> use of data. Like I outline in https://healthcaresecprivacy.blogspot.com/2016/05/healthcare-blockchain-big-data.html In this case the http/REST access looks just like we all have been doing with SMART, HEART, or IHE-IUA. Just the pre-authorization step is different, based on a blockchain enforced contract, that is based on blockchain identities, which are public/private key backed.
Doug Bulleit (Mar 17 2017 at 00:30):
I wouldn't contend that blockchains obviate OAuth. Indeed, depending upon how the blockchain handles its own IAM, its inherent PKI/Hashing methods could be viewed as a material enhancement upon the OAuth2/OIDC framework. But, IMHO, that's only part of the better overall Trust story. And, as John points out, the Smart Contracting capability of more advanced blockchains opens whole new FHIR-app possibilities
Last updated: Apr 12 2022 at 19:14 UTC
