Stream: cds hooks
Topic: docs / Issue #7 Determine an approach to security
Github Notifications (May 06 2017 at 04:56):
kpshek reopened Issue #7
Github Notifications (May 06 2017 at 04:56):
Re-opening this issue; I accidentally closed it when I incorrectly referenced it in 9ff155a ☹️
Github Notifications (May 06 2017 at 05:36):
kpshek milestoned Issue #7
Github Notifications (May 06 2017 at 06:25):
I (finally!) wrote up a summary of our past security discussion from the January 2017 Connectathon in San Antonio, TX which touches upon the topic discussed here.
Github Notifications (May 06 2017 at 08:42):
Thanks @kpshek! For the final section, I've added a quick proposal for a signed token scheme.
John Moehrke (May 06 2017 at 08:43):
Two thoughts I have on this approach. First, I think you are prematurely presuming that OAuth can't be performant. Im not too worried about this right now, but you should keep this open for improvement in the future. Second, how do you assure that the CDS gets only the data that the user would have access too? For example a scenario where a Patient consent has blocked some data from a provider; where a decision using that data would have exposed the data; for example where the provider is knolwdgable that a specific decision could only have been made by CDS if X data was available.
Last updated: Apr 12 2022 at 19:14 UTC
