Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32590

Change to language to SHALL NOT

    XMLWordPrintableJSON

    Details

    • Type: Change Request
    • Status: Applied (View Workflow)
    • Priority: Highest
    • Resolution: Not Persuasive with Modification
    • Specification:
      SMART on FHIR (FHIR)
    • Raised in Version:
      current
    • Work Group:
      FHIR Infrastructure
    • Outstanding Negatives:
      STU
    • Related Artifact(s):
      SMART on FHIR Oauth URIs
    • Related Page(s):
      Overview
    • Grouping:
    • Resolution Description:
      Hide

      Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations.

      Change language with upper-case conformance verbs: Apps SHOULD persist tokens and other sensitive data only in app-specific storage locations, and SHOULD NOT persist them in system-wide-discoverable locations.

      (Note, we aren't introducing "SHALL" level requirements here because in some app architectures (e.g., on an appropriately secured device) persisting data in a discoverable location may be appropriate.)

      Show
      Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations. Change language with upper-case conformance verbs: Apps SHOULD persist tokens and other sensitive data only in app-specific storage locations, and SHOULD NOT persist them in system-wide-discoverable locations. (Note, we aren't introducing "SHALL" level requirements here because in some app architectures (e.g., on an appropriately secured device) persisting data in a discoverable location may be appropriate.)
    • Resolution Vote:
      Gino Canessa/Yunwei Wang: 13-0-0
    • Change Category:
      Clarification
    • Change Impact:
      Non-substantive

      Description

      Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations. Change language to: Apps SHALL not persist tokens and other sensitive data in system-wide-discoverable locations.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              carl-anderson-msft Carl Anderson
              Reporter:
              celine_lefebvre Celine Lefebvre
              Request in-person:
              Celine Lefebvre
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Vote Date: