Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32600

wildcard for future data seems like an overreach

    XMLWordPrintableJSON

Details

    • Icon: Comment Comment
    • Resolution: Considered - No action required
    • Icon: Medium Medium
    • SMART on FHIR (FHIR)
    • current
    • FHIR Infrastructure
    • Best Practices
    • 5
    • Hide

      Thank you for the comment – it's true that wildcard scopes are powerful and broad. But in many cases (e.g., bringing data into a secure PHR app that a patient trusts – possibly even trusts more than the clinical systems where data are coming from) this is a correct expression of the intended delegation.

      Show
      Thank you for the comment – it's true that wildcard scopes are powerful and broad. But in many cases (e.g., bringing data into a secure PHR app that a patient trusts – possibly even trusts more than the clinical systems where data are coming from) this is a correct expression of the intended delegation.

    Description

      Current language: In a complex authorization scenario involving user consent, the complexity of the authorization request presented to the user should be considered and balanced against the concept of least privilege. Make effective use of both wildcard and SMART 2.0 fine grained resource scopes to reduce the number and complexity of scopes requested. The goal is to request an appropriate level of access in a transparent manner that the user fully understands and agrees with.

      Comment: Wildcard for future data seems like an overreach – particularly for patients who may not understand the implications and potential risks of such broad access.

      Attachments

        Activity

          People

            Unassigned Unassigned
            celine_lefebvre Celine Lefebvre
            Celine Lefebvre
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: