Loading...

XML

Word

Printable

JSON

Details

Type: Question
Resolution: Persuasive

Specification:

FHIR R5 Subscriptions Backport (FHIR)
Raised in Version:

0.1.0 [deprecated]
Work Group:

FHIR Infrastructure
Related URL:
http://hl7.org/fhir/uv/subscriptions-backport/2021JAN/safety_security.html#safety-security
Related Page(s):

Safety and Security
Duplicate Issue:

FHIR-31457 example contradicts Security guidance.

Description

Given this guideline (which I agree with) Subscription.header is a problematic feature.

Existing Wording:

Subscription resources are not intended to be secure storage for secrets (e\.g\., OAuth Client ID or Tokens, etc\.)\. Implementers MAY use their judgement on including limited-use secrets (e\.g\., a token supplied in Subscription\.header to verify that a message is from the desired source)\.

(Comment 25 - imported by: Gino Canessa)

Attachments

Issue Links

duplicates

FHIR-31457 example contradicts Security guidance.

Published

is voted on by

BALLOT-15807 Affirmative - Christopher Schaut : 2021-Jan-FHIR IG R5 SUBSCR 2R4 R1 STU

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Isaac Vetter

Watchers:: 1 Start watching this issue

Dates

Created:: 2021-03-08 04:17

Updated:: 2021-05-24 05:44

Resolved:: 2021-05-24 05:44