Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-26139

Security for sender sending endpoint

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Published (View Workflow)
    • Priority: Highest
    • Resolution: Persuasive with Modification
    • Specification:
      US Da Vinci Alerts (FHIR)
    • Raised in Version:
      0.2.0
    • Work Group:
      Infrastructure & Messaging
    • Related Page(s):
      (many)
    • Resolution Description:
      Hide

      Considering the concern regarding authentication.
      1) will NOT to document how to transmit sensitive endpoint data
      2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere.

      see related FHIR-NNNN

      Show
      Considering the concern regarding authentication. 1) will NOT to document how to transmit sensitive endpoint data 2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere. see related FHIR-NNNN
    • Resolution Vote:
      Craig Newman/Paul Knapp: 3-0-1
    • Change Category:
      Enhancement
    • Change Impact:
      Non-substantive

      Description

      Regardless of if and how the sender's accessible endpoint is provided to the recipient, it's important that this endpoint NOT contain sensitive access information. The recipient of the endpoint, regardless of the number of hops, must still be expected to authenticate to the sender's endpoint.

      Existing Wording:

      We are actively seeking input input on whether or not to document how to transmit endpoint data intended only for the immediate recipient (which may be the final recipient or an intermediary) recipient of the operation and to provides the recipient with the technical details for getting additional information from the medical record for the alert - Note that this has serious security implications as it may contain sensitive access information.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              Isaac.Vetter Isaac Vetter
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: