Hacker News new | comments | show | ask | jobs | submit login

AMRAs are like physical documents with an instruction to the information guardian, with a signature from the information owner, authorising access.

A lot of it is electronic these days, and is automated to the point that an individual authorises access by clicking a link in an email that calls an endpoint that in turn releases a token and URL to the requestor to view the appropriate records.

So like OAuth?

Partly. OAuth is authentication (who I am), which is part of it, but the real point is authorisation (what I can do).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact