Loading...

XML

Word

Printable

JSON

Type: Change Request
Resolution: Persuasive with Modification
Priority: Medium

Specification:

FHIR Core (FHIR)
Raised in Version:

DSTU1 [deprecated]
Work Group:

Security
Related URL:
http://hl7.org/fhir/2015May/http.html#2.1.0.4
Related Page(s):

REST (http)
Related Section(s):
2.1.0.3
Resolution Description:

Hide

Motion: Add to the existing language something like "unless you have a specific reason, you should always return a 404".

Show
Motion: Add to the existing language something like "unless you have a specific reason, you should always return a 404".
Resolution Vote:
Jonathan Coleman / Grahame Grieve: 14-0-0
Change Category:
Enhancement
Change Impact:
Non-substantive
Applied for Version:

DSTU1 [deprecated]

Existing Wording: The choice of whether to return 403 or 404 depends upon the specific situation and specific local policies, regulations, and laws.

Proposed Wording: Servers SHALL respond with 403 responses when a client is not authorized.

Comment:

403 Responses ensure that a PI disclosure to an unauthorized client do not occur, and are standard practice for common authorization solutions. See Comment #2 for rationale on SHALL versus SHOULD.

is voted on by

BALLOT-1671 Negative - Nell Lapres : 2015-May-FHIR R1

Balloted

Assignee:: Unassigned
Reporter:: seanmoore
Watchers:: 3 Start watching this issue

Created:: 2015-05-10 05:58
Updated:: 2019-11-28 01:23
Resolved:: 2015-09-25 03:47
Vote Date:: 2015-05-13

Details

Description

Attachments

Issue Links

Activity

People

Dates