Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-31456

Characterize threats per payload type to aid other IG authors.

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Highest Highest
    • FHIR R5 Subscriptions Backport (FHIR)
    • 0.1.0 [deprecated]
    • FHIR Infrastructure
    • Safety and Security
    • Hide

      Add brief documentation to the Payloads page for each type discussing some of the security topics (e.g., when it may or may not be appropriate to use).  Content will be based off of the information already present in the Safety and Security page, with links to it for further reading.

      Show
      Add brief documentation to the Payloads page for each type discussing some of the security topics (e.g., when it may or may not be appropriate to use).  Content will be based off of the information already present in the Safety and Security page, with links to it for further reading.
    • Gino Canessa / Yunwei Wang : 10-0-0
    • Enhancement
    • Non-substantive

    Description

      A careful reading of the great advice on this page leads one to the conclusion that id-only is the best (safest) payload type. As IG authors build on top of Subscriptions, the default mandated payload type seems to be full. It would help a lot if this spec characterized the known threat vectors per payload type.

      (Comment 27 - imported by: Gino Canessa)

      Attachments

        Activity

          People

            ginocanessa Gino Canessa
            Isaac.Vetter Isaac Vetter
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: