Loading...

XML

Word

Printable

JSON

Type: Question
Resolution: Unresolved

Specification:

FHIR R5 Subscriptions Backport (FHIR)
Raised in Version:

0.1.0 [deprecated]
Work Group:

FHIR Infrastructure
Related URL:
http://hl7.org/fhir/uv/subscriptions-backport/2021JAN/safety_security.html#safety-security
Related Page(s):

Safety and Security

Given this guideline (which I agree with) Subscription.header is a problematic feature.

Existing Wording:

Subscription resources are not intended to be secure storage for secrets (e\.g\., OAuth Client ID or Tokens, etc\.)\. Implementers MAY use their judgement on including limited-use secrets (e\.g\., a token supplied in Subscription\.header to verify that a message is from the desired source)\.

(Comment 25 - imported by: Gino Canessa)

is voted on by

BALLOT-15807 Affirmative - Christopher Schaut : 2021-Jan-FHIR IG R5 SUBSCR 2R4 R1 STU

Balloted

Assignee:: Unassigned
Reporter:: Isaac Vetter
Watchers:: 1 Start watching this issue

Created:: 2021-03-08 04:17
Updated:: 2021-03-08 04:18

Details

Description

Existing Wording:

Attachments

Issue Links

Activity

People

Dates