2015May core #1239 - All FHIR Data Exhange should be via HTTPS.

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Not Persuasive
    • Priority: Medium
    • FHIR Core (FHIR)
    • DSTU1 [deprecated]
    • Security
    • REST (http)
    • 2.1.0.3
    • Hide

      Motion: Move to find non-persuasive. (Note that a server can and https and prevent any client from connecting over http.)

      Show
      Motion: Move to find non-persuasive. (Note that a server can and https and prevent any client from connecting over http.)
    • MH / RM: 11-1-0
    • Enhancement

      Existing Wording: Using HTTPS is optional, but all production exchange of healthcare data SHOULD use SSL and additional security as appropriate. See HTTP Security for further information.

      Proposed Wording: Using HTTPS is required. All production exchange of healthcare data SHALL use SSL and additional security as appropriate. See HTTP Security for further information.

      Comment:

      HTTPS is not a significant burden for servers or clients to support, and mandating that HTTPS is used in all FHIR exchanges will promote the development of clients and servers toward using HTTPS, as well as make FHIR more secure

            Assignee:
            Unassigned
            Reporter:
            seanmoore
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: