Details
-
Change Request
-
Resolution: Persuasive
-
Highest
-
US Specialty Rx (FHIR)
-
0.1.0 [deprecated]
-
Pharmacy
-
Security
-
-
Frank McKinney / Tim McNeil : 11-0-3
-
Clarification
-
Non-substantive
-
0.1.0 [deprecated]
Description
Personally, I think OAuth is the de factor security layer for FHIR and the SMART Backend Services profile of OAuth 2's client credentials flow works really well for this IG. Why not simplify implementer's lives and recommend or even require it?
Existing Wording:
Implementers may consider use of SMART Backend Services Authorization, as the exchanges in this guide do not require user access authorization and may run autonomously.
Proposed Wording:
Implementers SHOULD use SMART Backend Services Authorization, as the exchanges in this guide do not require user access authorization and may run autonomously.
(Comment 16 - imported by: Jean Duteau)
Attachments
Issue Links
- is voted on by
-
BALLOT-14859 Affirmative - Christopher Schaut : 2021-Jan-FHIR IG SPECMEDRX R1 STU
- Closed