Server Authentication Support

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive with Modification
    • Priority: Medium
    • US Da Vinci PAS (FHIR)
    • 0.1 [deprecated]
    • Financial Mgmt
    • (many)
    • 5.3
    • Hide

      It is unlikely that there will more clients (e.g. native EHR implementations or provider adopted Smart clients) than the number of PAS servers.

      However, we will indicate in the PAS IG a SHOULD support server-server OAuth and an MAY for mutually authenticated TLS for the PAS Server with direction that in a future release we will limit the option to server-server OAuth only.

      Show
      It is unlikely that there will more clients (e.g. native EHR implementations or provider adopted Smart clients) than the number of PAS servers. However, we will indicate in the PAS IG a SHOULD support server-server OAuth and an MAY for mutually authenticated TLS for the PAS Server with direction that in a future release we will limit the option to server-server OAuth only.
    • Bob Dieterle / Dave Hill : 18-0-2
    • Enhancement
    • Compatible, substantive

      The PAS IG References HRex for Security and Privacy. This implies PAS servers can implement either server-server OAuth or mutually authenticated TLS. This puts the burden on the client to support both methods of authentication. Since there will be many more clients than PAS servers it makes sense to flip the burden.

      Suggest updating the PAS IG to say the server must support server-server OAuth and mutually authenticated TLS.

      Note: Introduced on 10/7 Burden Reduction Call (https://confluence.hl7.org/pages/viewpage.action?pageId=91996542) 

            Assignee:
            Unassigned
            Reporter:
            blangley
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: