Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-25882

Why hub.callback unguessable, what security is this adding/what threat is this mitigating?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive
    • Icon: Highest Highest
    • FHIRCast (FHIR)
    • 0.1 [deprecated]
    • Imaging Integration
    • (NA)
    • Subscribing and Unsubscribing
    • Hide

      Question from Jenny Syed:

      Why hub.callback unguessable, what security is this adding/what threat is this mitigating?

      Answer:

      The main reason for this is to comply with WebSub: https://www.w3.org/TR/websub/#subscriber-sends-subscription-request

      "

      hub.callback

      REQUIRED. The subscriber's callback URL where content distribution notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription. (??[capability-urls)

      "

      The reason for this to be unguessable is to controll access to the URL, where using an ubscure unguessable URL reduces unintended access. One could argue that the hub.secret should prevent unauthorised use, but using ubscure URLs are good practice for "capability URLs"

       

      Show
      Question from Jenny Syed: Why hub.callback unguessable, what security is this adding/what threat is this mitigating? Answer: The main reason for this is to comply with WebSub:  https://www.w3.org/TR/websub/#subscriber-sends-subscription-request " hub.callback REQUIRED . The subscriber's callback URL where content distribution notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription. ( ??[capability-urls ) " The reason for this to be unguessable is to controll access to the URL, where using an ubscure unguessable URL reduces unintended access. One could argue that the hub.secret should prevent unauthorised use, but using ubscure URLs are good practice for "capability URLs"  
    • Isaac Vetter / Eric Martin : 5-0-0

    Description

      Why hub.callback unguessable, what security is this adding/what threat is this mitigating?

      Attachments

        Activity

          People

            Unassigned Unassigned
            jenni_syed Jenni Syed (Inactive)
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: