Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Not Persuasive with Modification
Priority: Highest

Specification:

SMART on FHIR (FHIR)
Raised in Version:

current
Work Group:

FHIR Infrastructure
Outstanding Negatives:
STU
Related URL:
http://hl7.org/fhir/smart-app-launch/2021May/index.html#security-and-privacy-considerations
Related Artifact(s):

SMART on FHIR Oauth URIs [deprecated]
Related Page(s):

Overview
Grouping:
- block-vote-0
Resolution Description:

Hide

Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations.

Change language with upper-case conformance verbs: Apps SHOULD persist tokens and other sensitive data only in app-specific storage locations, and SHOULD NOT persist them in system-wide-discoverable locations.

(Note, we aren't introducing "SHALL" level requirements here because in some app architectures (e.g., on an appropriately secured device) persisting data in a discoverable location may be appropriate.)

Show
Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations. Change language with upper-case conformance verbs: Apps SHOULD persist tokens and other sensitive data only in app-specific storage locations, and SHOULD NOT persist them in system-wide-discoverable locations. (Note, we aren't introducing "SHALL" level requirements here because in some app architectures (e.g., on an appropriately secured device) persisting data in a discoverable location may be appropriate.)
Resolution Vote:
Gino Canessa/Yunwei Wang: 13-0-0
Change Category:
Clarification
Change Impact:
Non-substantive

Description

Current language: Apps should persist tokens and other sensitive data in app-specific storage locations only, not in system-wide-discoverable locations. Change language to: Apps SHALL not persist tokens and other sensitive data in system-wide-discoverable locations.

Attachments

Issue Links

is duplicated by

FHIR-32206 SHOULD persist tokens in a secure location

Duplicate

FHIR-31915 Capitalize "should"

Duplicate

is voted on by

BALLOT-17626 Negative - Celine Lefebvre : 2021-May-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

Activity

People

Assignee:: Carl Anderson (Inactive)

Reporter:: Celine Lefebvre

Request in-person:: Celine Lefebvre

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-05-17 11:15

Updated:: 2021-11-29 01:38

Resolved:: 2021-06-29 05:04

Vote Date:: 2021-07-19