Update security requirements to reference SMART on FHIR - USCore #87

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive
    • Priority: Medium

      Existing Wording: A server has ensured that every API request includes a valid Authorization token, supplied via: Authorization: Bearer

      {server-specific-token-here}

      Comment:

      This second requirement of the security section seems to be too specific. Binding this specific of a security requirement into US-Core will force a new IG to be written when a new security is needed. Far better US-Core set broad security requirements (such as #3), and recommend us of security IG like SMART-on-FHIR. In this way as SMART evolves those enhancements are available; or as new IG are written for specific security settings they can be used with US-Core without breaking US-Core. (See security considerations section of IHE profiles like MHD)

      Summary:

      Update security requirements to reference SMART on FHIR

            Assignee:
            Unassigned
            Reporter:
            John Moehrke
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: