Security for sender sending endpoint

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Highest
    • US Da Vinci Alerts (FHIR)
    • 0.2.0 [deprecated]
    • Infrastructure & Messaging
    • (many)
    • Hide

      Considering the concern regarding authentication.
      1) will NOT to document how to transmit sensitive endpoint data
      2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere.

      see related FHIR-NNNN

      Show
      Considering the concern regarding authentication. 1) will NOT to document how to transmit sensitive endpoint data 2) will add guidance describing using accepted authentication and authorization (e.g. oauth 2.0) described elsewhere. see related FHIR-NNNN
    • Craig Newman/Paul Knapp: 3-0-1
    • Enhancement
    • Non-substantive

      Regardless of if and how the sender's accessible endpoint is provided to the recipient, it's important that this endpoint NOT contain sensitive access information. The recipient of the endpoint, regardless of the number of hops, must still be expected to authenticate to the sender's endpoint.

      Existing Wording:

      We are actively seeking input input on whether or not to document how to transmit endpoint data intended only for the immediate recipient (which may be the final recipient or an intermediary) recipient of the operation and to provides the recipient with the technical details for getting additional information from the medical record for the alert - Note that this has serious security implications as it may contain sensitive access information.

            Assignee:
            Unassigned
            Reporter:
            Isaac Vetter
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: