Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Persuasive with Modification
Priority: Highest

Specification:

SMART on FHIR (FHIR)
Raised in Version:

2.0.0
Work Group:

FHIR Infrastructure
Related URL:
http://hl7.org/fhir/smart-app-launch/2023Jan/backend-services.html#scopes
Related Page(s):

(NA)
Grouping:
- WGM
Resolution Description:

Hide

After "For Backend Services, requested scopes will be system/ scopes (for example system/Observation.rs, which requests an access token capable of reading all Observations that the client has been pre-authorized to access).", add a sentence that says:

The use of Backend Services with "user/" and "patient/" scopes is not prohibited, but would required out-of-band coordination to establish context (e.g., to establish which user, patient applies).

Show
After "For Backend Services, requested scopes will be system/ scopes (for example system/Observation.rs, which requests an access token capable of reading all Observations that the client has been pre-authorized to access).", add a sentence that says: The use of Backend Services with "user/" and "patient/" scopes is not prohibited, but would required out-of-band coordination to establish context (e.g., to establish which user, patient applies).
Resolution Vote:
Bas van den Heuvel / Yunwei Wang: 13-0-0
Change Category:
Clarification
Change Impact:
Non-substantive

Description

Clarify if it is possible for a back-end service to request user or patient-level scopes. It seems reasonable to me that an app may request authorization for certain activities performed on behalf of a particular user. It may at another time request authorization for activities performed on behalf of another user. When performing those activities, a security conscious app would prefer user scopes rather than system scopes.

Existing Wording:

For Backend Services, requested scopes will be system/ scopes (for example system/Observation.rs, which requests an access token capable of reading all Observations that the client has been pre-authorized to access).

(Comment 37 - imported by: Ron G. Parker)

Attachments

Issue Links

is voted on by

BALLOT-46650 Affirmative - Ron G. Parker : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47229 Affirmative - Joan Harper : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47342 Affirmative - Elliot Silver : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47382 Affirmative - Ken Sinn : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

BALLOT-47421 Affirmative - Harsh Sharma : 2023-Jan-HL7 FHIR IG SMART APP LAUNCH R2 STU

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Ron G. Parker

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-01-09 07:42

Updated:: 2023-04-18 01:47

Resolved:: 2023-01-18 05:30

Vote Date:: 2023-02-13