Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Persuasive
Priority: Highest

Specification:

SMART on FHIR (FHIR)
Raised in Version:

2.0.0
Work Group:

FHIR Infrastructure
Related URL:
http://hl7.org/fhir/smart-app-launch/2023Jan/app-launch.html#app-protection
Related Page(s):

(NA)
Grouping:
- block
Resolution Description:

Hide

Change "Apps SHALL ensure that sensitive information (authentication secrets, authorization codes, tokens) is transmitted ONLY to authenticated servers, over TLS-secured channels." to say:

"Apps SHALL ensure that when protocol steps include transmission of sensitive information (authentication secrets, authorization codes, tokens), transmission is ONLY to authenticated servers, over TLS-secured channels."

Show
Change "Apps SHALL ensure that sensitive information (authentication secrets, authorization codes, tokens) is transmitted ONLY to authenticated servers, over TLS-secured channels." to say: "Apps SHALL ensure that when protocol steps include transmission of sensitive information (authentication secrets, authorization codes, tokens), transmission is ONLY to authenticated servers, over TLS-secured channels."
Resolution Vote:
Josh Mandel/Rick Geimer: 17-0-0
Change Category:
Clarification
Change Impact:
Non-substantive

Description

A strict reading of this statement prohibits out-of-band communication of sensitive information, and communication to anything other than the actual server; for example, a generated password cannot be communicated to the administrator of client system via telephone.

Clarify that the scope of the statement.

Existing Wording:

Apps SHALL ensure that sensitive information (authentication secrets, authorization codes, tokens) is transmitted ONLY to authenticated servers, over TLS-secured channels.

(Comment 9 - imported by: Ron G. Parker)

Attachments

Issue Links

is voted on by

BALLOT-46622 Affirmative - Ron G. Parker : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47257 Affirmative - Joan Harper : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47370 Affirmative - Elliot Silver : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47410 Affirmative - Ken Sinn : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47449 Affirmative - Harsh Sharma : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Ron G. Parker

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-01-09 07:42

Updated:: 2023-04-18 01:47

Resolved:: 2023-01-18 07:27

Vote Date:: 2023-01-30