2015May sdc #71 - Add authorization qualifier to 'vread'

  • Item:operations-top-levelMoreItem:operations-workItem:greenhopper_issue...Item:operations-archiveItem:operations-attach...Item:operations-votesw...Item:operations-subtasksItem:devstatus-cta-listItem:operations-operat...Item:operations-deleteItem:operations-manual...
  • Resolved - No Change
  • AdminItem:operations-fieldsItem:operations-admin-...
  • Item:operations-restore
Item:jira.issue.tools ExportXMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Not Persuasive
    • Priority: Medium
    • FHIR Core (FHIR)
    • DSTU1 [deprecated]
    • FHIR Infrastructure
    • REST (http)
    • Hide

      see 6857

      Show
      see 6857
    • James Agnew / Grahame Grieve: 4-0-0
    • Enhancement

      Proposed Wording: Add something like: ".Only authorized systems/user (those that meet the access control including "Consent" directives) will be allowed to "vread" the resource based on version."

      Comment:

      This operation needs additional explicit caveats to protect unauthorized "vread".

      We need to explain precisely how the security guidance should be applied to this *specific" operation including the use of Consent and Provenance to make access control decisions. (http://hl7.org/fhir/2015May/security.html) including consent to make sure only authorized systems an users are viewing, changing, updating, or reviewing the update history of a resource.

            Panel: location:atl.jira.view.issue.left.context

              Assignee:
              Unassigned
              Reporter:
              jim_kretz
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Panel: location:atl.jira.view.issue.right.context