Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-43515

Application vs. Server for subscription authorization

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium
    • FHIR R5 Subscriptions Backport (FHIR)
    • R6
    • FHIR Infrastructure
    • STU
    • Safety and Security
    • Hide

      Yes, propose aligning with the actors defined in the IG as requested.

      Show
      Yes, propose aligning with the actors defined in the IG as requested.
    • Rick Geimer / Corey Spears: 13-0-0
    • Clarification
    • Non-substantive

    Description

      https://hl7.org/fhir/uv/subscriptions-backport/2024Jan/safety_security.html has this sentence:

      Applications SHOULD take a subscription's SubscriptionTopic and filters into account when authorizing the creation of a Subscription, and SHOULD ensure that authorization is (still) in place when sending any event notifications.

       

      I think this should be "Servers" rather than "Spplications", right?  The server is what authorizes the creation of the Subscription.  

       

      If something else was meant, should we use the term "Client" rather than "Application" to be consistent with the actors and roles defined in 3.9.1?  (but I think it should be "Servers" so this part is probably moot).

      Attachments

        Activity

          People

            ginocanessa Gino Canessa
            cooper.thompson Cooper Thompson
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: