Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-40459

No requirement for client to validate signed_metadata

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium
    • US UDAP Security (FHIR)
    • 1.0.0
    • Security
    • Discovery
    • 2.3
    • Hide

      Propose to include the following in 2.0

      "The client and the server SHALL conform to the underlying server metadata profile."

      Include above the note in 2.3

      "The client and server SHALL validate the signed endpoints as per Section 3 (insert link) in UDAP Server Metadata."

      Add note at the end of Section 2.4

      "The authors recommend that the client be prepared to handle server metadata signed with a key for a different trust community than expected, regardless if the community parameter was used."

      Show
      Propose to include the following in 2.0 "The client and the server SHALL conform to the underlying server metadata profile." Include above the note in 2.3 "The client and server SHALL validate the signed endpoints as per Section 3 (insert link) in UDAP Server Metadata." Add note at the end of Section 2.4 "The authors recommend that the client be prepared to handle server metadata signed with a key for a different trust community than expected, regardless if the community parameter was used."
    • Clarification
    • Non-compatible
    • current

    Description

      The IG references https://www.udap.org/udap-server-metadata-stu1.html, but doesn't normatively require the client to do the behavior in section 3. Client validation of signed endpoints. It should.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlamy Joseph M. Lamy
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: