-
Type:
Change Request
-
Resolution: Persuasive with Modification
-
Priority:
Medium
-
US Da Vinci DTR (FHIR)
-
STU3
-
Clinical Decision Support
-
(profiles) [deprecated]
-
Execution of CQL
-
-
Bob Dieterle / Rachael Foerster: 7-0-1
-
Correction
-
Non-substantive
Existing Wording: The SMART on FHIR application MUST be provided with a token that allows it to access all relevant information for the patient in question.
Comment:
This is not a useful requirement. The SMART app specifies the scopes it wants during launch. The authorization server (sometimes in conjunction with the authorizing user) determines the list of scopes the app is allowed to have. This sentence should be delted.
Summary:
OAuth server doesn't know what "all relevent info" entails. Authorization rules must be enforced regardless.
- is voted on by
-
BALLOT-8347 Affirmative - Michael Clifton : 2019-May-FHIR IG DTR R1
- Closed