Proposed Wording: Add something like: ".Only authorized systems/user (i.e. the system/user responsible for its "authorship" according the related "Provenance" record) will be allowed to review the "history" of updates for that resource."

Comment:

This operation needs additional explicit caveats to protect unauthorized "history" of update retrieval.

We need to explain precisely how the security guidance should be applied to this *specific" operation including the use of Consent and Provenance to make access control decisions. (http://hl7.org/fhir/2015May/security.html) including consent to make sure only authorized systems an users are viewing, changing, updating, or reviewing the update history of a resource.