Stream: smart
Topic: Contained resources and smart scopes
Paul Church (Apr 06 2020 at 17:37):
I thought of this on the argonaut call and wanted to bring it up to a larger audience. If the client has Observation/*.read, and they are retrieving an Observation that happens to have a contained resource instance of some other resource type that they don't have access to, should the server strip it out? This will make the resulting resource non-conformant, since references to the contained resource will be broken.
And if the answer is yes, do any implementations actually do this in the wild?
Josh Mandel (Apr 06 2020 at 20:02):
I don't know that we can/should specify much here, but my gut reaction is that a contained resource fully belongs to the thing containing it, and generally wouldn't be stripped. Now, if you give me something pathological like a contained resource that's tagged as more sensitive than the container, I'd call that broken.
Lloyd McKenzie (Apr 06 2020 at 21:51):
You're not allowed to tag contained resources - you have to tag the container
Josh Mandel (Apr 06 2020 at 22:43):
Technically I think you can tag them, but you can't apply security labels (so Lloyd's point stands).
Josh Mandel (Apr 06 2020 at 22:43):
(http://build.fhir.org/domainresource.html#invs)
Lloyd McKenzie (Apr 06 2020 at 23:02):
Thanks for the clarification :)
Last updated: Apr 12 2022 at 19:14 UTC
