Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Highest
-
SMART on FHIR (FHIR)
-
2.0.0
-
FHIR Infrastructure
-
(NA)
-
-
Josh Mandel/Rick Geimer: 17-0-0
-
Clarification
-
Non-substantive
Description
Structure and language of section 2.0.2.2.1 and 2.0.2.2.2 is poor. The phrase "for example:" on its own is not good language. Further, the meaningful content of the sections is actually in the section headers.
Suggest replacing 2.0.2.2.1 and 2.0.2.2.2 with a single table (in a new section 2.0.2.2.1 or moved up to 2.0.2.2?) with entries:
| Is your app able to protect a secret? | Suggested profile | Examples |
| yes | confidential app | App runs on a trusted server ... |
| no | public app | ... |
Also, clarify that "profile" in these sections refers to OAuth 2 specification profiles (which you refer to above as "two types of apps", not profiles), and not to the profiles defined in this guide.
Existing Wording:
Use the confidential app profile if your app is able to protect a secret
for example:
App runs on a trusted server with only server-side access to the secret
(Comment 10 - imported by: Ron G. Parker)
Attachments
Issue Links
- is voted on by
-
BALLOT-46623 Affirmative - Ron G. Parker : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed