Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-34333

UDAP Consent Check needs Authorization

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive
    • Icon: Medium Medium
    • US Da Vinci HRex (FHIR)
    • current
    • Clinical Interoperability Council
    • (NA)
    • Authorization with Consent, section 8.5
    • Hide

      Per FHIR-34523, we're removing UDAP as a mechanism for handling consent, so all of the UDAP guidance is being removed.  As a result, this issue is no longer relevant.

      Show
      Per FHIR-34523 , we're removing UDAP as a mechanism for handling consent, so all of the UDAP guidance is being removed.  As a result, this issue is no longer relevant.
    • Lloyd McKenzie/David Pyke: 10-0-0

    Description

      Per the UDAP B2B spec, the consent_reference must be resolvable by the receiving party, but does not describe authorization requirements. Is there an expectation that the token-issuing party authenticate with the Consent resource owner in order to retrieve that information, and if so is there guidance on how that should be done?

       

      Per discussion here: https://chat.fhir.org/#narrow/stream/235286-Da-Vinci.20PDex/topic/Resolving.20UDAP.20consent_references, this endpoint could be protected by mTLS.  

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            skathol-j2 Spencer Kathol (Inactive)
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: