Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-37317

Clarify security considerations of event content

XMLWordPrintableJSON

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • FHIRCast (FHIR)
    • 2.0.0
    • Infrastructure & Messaging
    • Security considerations [deprecated]
    • 4.3
    • Hide

      Applications mustn't receive information for which they are not authorized. It's incumbent upon the Hub to enforce authorization. 

      • For example, a subscriber without authorization to access Observation resources, shouldn't receive Observations as part of a DxReport-update event.
      • This is interestingly mitigated because FHIRcast's typical use-case is that the same user is using the various apps. 

      We will update the security section in the specification to state (editorial discretion):

      Authorization to receive and send events is checked upon subscription. FHIRcast hubs are not required to enforce access restrictions on FHIR resources included in events. FHIRcast assumes that applications can only access and share content the user is allowed to access.

       

       

      Show
      Applications mustn't receive information for which they are not authorized. It's incumbent upon the Hub to enforce authorization.  For example, a subscriber without authorization to access Observation resources, shouldn't receive Observations as part of a DxReport-update event. This is interestingly mitigated because FHIRcast's typical use-case is that the same user is using the various apps.  We will update the security section in the specification to state (editorial discretion): Authorization to receive and send events is checked upon subscription. FHIRcast hubs are not required to enforce access restrictions on FHIR resources included in events. FHIRcast assumes that applications can only access and share content the user is allowed to access.    
    • Bas van den Heuvel / Eric Martin: 6-0-0
    • Clarification
    • Non-substantive

      Security should include discussion of PHI in event context and content, and context/content that a particular subscriber may not have SMART on FHIR scope or other authorization to see (e.g., a client is permitted to subscribe to DiagnosticReport-update events, but isn't permitted to see ImagingStudy resources).

      (Comment 45 - imported by: Lloyd McKenzie)

            bvdh Bas van den Heuvel
            esilver Elliot Silver
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: