2015May sdc #72 - Add authorization qualifier to 'update'

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Not Persuasive
    • Priority: Medium
    • FHIR Core (FHIR)
    • DSTU1 [deprecated]
    • FHIR Infrastructure
    • REST (http)
    • Hide

      see resolution for 6855

      Show
      see resolution for 6855
    • James Agnew / Grahame Grieve: 4-0-0
    • Enhancement

      Proposed Wording: Add something like: ".Only authorized systems/user (i.e. the system/user responsible for its "authorship" according the related "Provenance" record) will be allowed to "update."

      Comment:

      This operation needs additional explicit caveats to protect unauthorized "update" from a system that is not the original source of information.

      We need to explain precisely how the security guidance should be applied to this *specific" operation including the use of Consent and Provenance to make access control decisions. (http://hl7.org/fhir/2015May/security.html) including consent to make sure only authorized systems an users are viewing, changing, updating, or reviewing the update history of a resource.

            Assignee:
            Unassigned
            Reporter:
            jim_kretz
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: