Details
-
Comment
-
Resolution: Considered - No action required
-
Medium
-
SMART on FHIR (FHIR)
-
current
-
FHIR Infrastructure
-
Best Practices
-
5
-
Description
Current language: In a complex authorization scenario involving user consent, the complexity of the authorization request presented to the user should be considered and balanced against the concept of least privilege. Make effective use of both wildcard and SMART 2.0 fine grained resource scopes to reduce the number and complexity of scopes requested. The goal is to request an appropriate level of access in a transparent manner that the user fully understands and agrees with.
Comment: Wildcard for future data seems like an overreach – particularly for patients who may not understand the implications and potential risks of such broad access.