Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Persuasive
Priority: Medium

Specification:

SMART on FHIR (FHIR)
Raised in Version:

2.0.0
Work Group:

FHIR Infrastructure
Outstanding Negatives:
STU
Related Page(s):

Best Practices
Grouping:
- block-vote-0
Resolution Description:
Hide

Add the following to the Best Practices Page:

—
Best practices for app developers include:

Ensure that refresh tokens are never used more than once

Take advantage of techniques to bind refresh tokens to asymmetric secrets managed in hardware, when available (see above)

If an app only needs to connect to EHR when the user is present, maintain secrets with best-available protection (e.g., biometric unlock)

Publicly document any code of conduct that an app adheres to (e.g., CARIN Alliance code of conduct)
Show
Add the following to the Best Practices Page: — Best practices for app developers include: Ensure that refresh tokens are never used more than once Take advantage of techniques to bind refresh tokens to asymmetric secrets managed in hardware, when available (see above) If an app only needs to connect to EHR when the user is present, maintain secrets with best-available protection (e.g., biometric unlock) Publicly document any code of conduct that an app adheres to (e.g., CARIN Alliance code of conduct )
Resolution Vote:
Gino Canessa/Yunwei Wang: 13-0-0
Change Category:
Enhancement
Change Impact:
Non-substantive

Description

The non-normative best practices page should include the following

—

Best practices for app developers include:

Ensure that refresh tokens are never used more than once
Take advantage of techniques to bind refresh tokens to asymmetric secrets managed in hardware, when available (see above)

If an app only needs to connect to EHR when the user is present, maintain secrets with best-available protection (e.g., biometric unlock)

Publicly document any code of conduct that an app adheres to (e.g., CARIN Alliance code of conduct)

Attachments

Issue Links

is voted on by

BALLOT-17397 Negative - Josh Mandel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Withdrawn

BALLOT-17405 Negative - Christopher Schaut : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Withdrawn

BALLOT-17410 Negative - Brett Marquard : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Withdrawn

BALLOT-17881 Negative - Michael Clifton : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Withdrawn

BALLOT-17399 Negative - Jenni Syed : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17425 Negative - Hans Buitendijk : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17736 Negative - Vassil Peytchev : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17791 Negative - Doug Pratt : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17834 Negative - Chris Courville : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17876 Negative - David Sundaram-Stukel : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-17893 Negative - Amit Popat : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

(6 is voted on by)

Activity

People

Assignee:: Carl Anderson (Inactive)

Reporter:: Josh Mandel

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-05-13 08:36

Updated:: 2021-11-29 01:38

Resolved:: 2021-06-29 07:13

Vote Date:: 2021-07-19