Stream: social
Topic: Blog - FHIR security model is enterprise centric
John Moehrke (Apr 13 2017 at 14:35):
I find that many think that FHIR is bound to an OAuth model that is enterprise centric. This is NOT true... See the article https://healthcaresecprivacy.blogspot.com/2017/04/fhir-security-model-is-enterprise.html
John Moehrke (Apr 13 2017 at 14:36):
I love and support SMART. But it is perceived as the only solution, and that is not healthy overall for FHIR.
Michel Rutten (Apr 13 2017 at 15:09):
Great article, thank you for clearing this up!
Jenni Syed (Apr 13 2017 at 15:28):
Also important to note that nothing about SMART really makes auth enterprise centric. That's only if you assume the auth server must be owned by the vendor. While I think that may be generally true in practice right now (as you mention "making it real" in production), I don't think there's anything in SMART that would dictate that.
John Moehrke (Apr 13 2017 at 15:34):
Good point Jenni. I think though that the minimalistic constraints in SMART do tend to cover enterprise use, and not handle very well Patient use. Where as HEART is more focused on patient, and expects layered OAuth to add the enterprise perspective...
Last updated: Apr 12 2022 at 19:14 UTC
