XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Applied (View Workflow)
    • Priority: Highest
    • Resolution: Persuasive
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      2.0.0
    • Work Group:
      FHIR Infrastructure
    • Outstanding Negatives:
      STU
    • Related Page(s):
      Overview
    • Related Section(s):
      1.6.1.1
    • Grouping:
    • Resolution Description:
      Hide

      Move "The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy (e.g., a properly configured random uuid is suitable)." into the table documenting "state" parameter.

      See https://jira.hl7.org/browse/FHIR-32215 for related updates to the paragraph where this sentence originated.

       

       

      Show
      Move "The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy (e.g., a properly configured random uuid is suitable)." into the table documenting "state" parameter. See https://jira.hl7.org/browse/FHIR-32215  for related updates to the paragraph where this sentence originated.    
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Correction
    • Change Impact:
      Non-substantive

      Description

      An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHALL be used for preventing cross-site request forgery or session fixation attacks.

      It might be clearer to move the state entropy requirements to this table.
      This is not a specification element but a purpose. What behavior is required?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              bvdh Bas van den Heuvel
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: