-
Type:
Change Request
-
Resolution: Not Persuasive
-
Priority:
Medium
-
FHIR Core (FHIR)
-
DSTU1 [deprecated]
-
FHIR Infrastructure
-
REST (http)
-
-
James Agnew / Grahame Grieve: 4-0-0
-
Enhancement
Proposed Wording: Add something like: Only authorized systems/user will be allowed to review the history of changes for the server.
Comment:
This operation needs additional explicit caveats to protect unauthorized.
We need to explain precisely how the security guidance should be applied to this *specific" operation including the use of Consent and Provenance to make access control decisions. (http://hl7.org/fhir/2015May/security.html) including consent to make sure only authorized systems an users are viewing, changing, updating, or reviewing the update history of a resource.
- is voted on by
-
BALLOT-1968 Affirmative - James Kretz : 2015-May-FHIR SDC R1
- Closed