Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32212

Unclear state definition

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Highest Highest
    • SMART on FHIR (FHIR)
    • 2.0.0
    • FHIR Infrastructure
    • STU
    • Overview
    • 1.6.1.1
    • Hide

      Move "The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy (e.g., a properly configured random uuid is suitable)." into the table documenting "state" parameter.

      See https://jira.hl7.org/browse/FHIR-32215 for related updates to the paragraph where this sentence originated.

       

       

      Show
      Move "The app SHALL use an unpredictable value for the state parameter with at least 122 bits of entropy (e.g., a properly configured random uuid is suitable)." into the table documenting "state" parameter. See https://jira.hl7.org/browse/FHIR-32215  for related updates to the paragraph where this sentence originated.    
    • Gino Canessa/Yunwei Wang: 13-0-0
    • Correction
    • Non-substantive

    Description

      An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHALL be used for preventing cross-site request forgery or session fixation attacks.

      It might be clearer to move the state entropy requirements to this table.
      This is not a specification element but a purpose. What behavior is required?

      Attachments

        Activity

          People

            carl-anderson-msft Carl Anderson (Inactive)
            bvdh Bas van den Heuvel
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: