Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-26139

Security for sender sending endpoint

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • US Da Vinci Alerts (FHIR)
    • 0.2.0 [deprecated]
    • Infrastructure & Messaging
    • (many)
    • Hide

      Considering the concern regarding authentication.
      1) will NOT to document how to transmit sensitive endpoint data
      2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere.

      see related FHIR-NNNN

      Show
      Considering the concern regarding authentication. 1) will NOT to document how to transmit sensitive endpoint data 2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere. see related FHIR-NNNN
    • Craig Newman/Paul Knapp: 3-0-1
    • Enhancement
    • Non-substantive

    Description

      Regardless of if and how the sender's accessible endpoint is provided to the recipient, it's important that this endpoint NOT contain sensitive access information. The recipient of the endpoint, regardless of the number of hops, must still be expected to authenticate to the sender's endpoint.

      Existing Wording:

      We are actively seeking input input on whether or not to document how to transmit endpoint data intended only for the immediate recipient (which may be the final recipient or an intermediary) recipient of the operation and to provides the recipient with the technical details for getting additional information from the medical record for the alert - Note that this has serious security implications as it may contain sensitive access information.

      Attachments

        Activity

          People

            Unassigned Unassigned
            Isaac.Vetter Isaac Vetter
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: