Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Highest
-
SMART on FHIR (FHIR)
-
2.0.0
-
FHIR Infrastructure
-
(NA)
-
-
Bas van den Heuvel / Yunwei Wang: 13-0-0
-
Clarification
-
Non-substantive
Description
Clarify if it is possible for a back-end service to request user or patient-level scopes. It seems reasonable to me that an app may request authorization for certain activities performed on behalf of a particular user. It may at another time request authorization for activities performed on behalf of another user. When performing those activities, a security conscious app would prefer user scopes rather than system scopes.
Existing Wording:
For Backend Services, requested scopes will be system/ scopes (for example system/Observation.rs, which requests an access token capable of reading all Observations that the client has been pre-authorized to access).
(Comment 37 - imported by: Ron G. Parker)
Attachments
Issue Links
- is voted on by
-
BALLOT-46650 Affirmative - Ron G. Parker : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-47229 Affirmative - Joan Harper : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-47342 Affirmative - Elliot Silver : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-47382 Affirmative - Ken Sinn : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed
-
BALLOT-47421 Affirmative - Harsh Sharma : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU
- Closed