Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-43284

Clarify when to include B2B with User Authorization Extension Object

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Medium Medium
    • Interoperable Digital Identity and Patient Matching (FHIR)
    • current
    • Patient Administration
    • Patient Matching
    • 4.2.2

    Description

      Comparing the B2B with User Authorization Extension Object to the B2B Authorization Extension Object, the following need to be addressed:

      • "The same requirements for use of hl7-b2b apply in the use of hl7-b2b-user." What does this mean? Which requirements specifically? I'm guessing those in section 5.2.1.2; any others?
      • It says "includes this object in the extensions object of the Authentication JSON Web Token (JWT), as per UDAP Security 5.2.1.1". What does "as per" imply here? Analogously? Similarly to? It can't mean "follow 5.2.1.1 as well", can it?
      • Is this intended to be included in addition to or instead of hl7-b2b? Given the overlap of fields, it appears the latter. But:
        • 5.2.1 requires hl7-b2b for B2B client apps using the client_credentials flow. This will need to be rewritten to allow for either.
        • There is no equivalent requirement in the Identity IG saying it SHALL be included in <specific cases>.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlamy Joseph M. Lamy
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: