OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity - 2016-09 core #164

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • FHIR Core (FHIR)
    • DSTU2
    • Security
    • Security
    • 6.1.0.3
    • Hide

      Persuasive with Mod

      Existing Wording: For web-centric use, OAuth may be used to authenticate and/or authorize the users.

      Proposed Wording: For web-centric use, OpenID Connect may be used to authenticate users and OAuth 2.0 (or later) may be used to authorize access.

      Show
      Persuasive with Mod Existing Wording: For web-centric use, OAuth may be used to authenticate and/or authorize the users. Proposed Wording: For web-centric use, OpenID Connect may be used to authenticate users and OAuth 2.0 (or later) may be used to authorize access.
    • Glen Marshal/Judy Fincher: 2-0-0
    • Correction
    • Non-substantive
    • DSTU2

      Existing Wording: For web-centric use, OAuth may be used to authenticate and/or authorize the users.

      Proposed Wording: For web-centric use, OpenID Connect may be used to authenticate users and OAuth 2.0 may be used to authorize access.

      Comment:

      OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity

      Summary:

      OAuth is an authorization protocol, not an authentication protocol. Specify Oauth 2.0 to reduce ambiguity

            Assignee:
            Unassigned
            Reporter:
            Andy Gregorowicz
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: