Stream: smart
Topic: dynreg
Debbie Bucci (Nov 30 2017 at 21:06):
Reposting from Nov 7 ballot reconciliation
Debbie Bucci
12:44 PM
I was looking at the ballot spreadsheet and could not for the life of me figure out if this made it to the list.
Although revocation is a manual process the spec (if I am looking in the right place does support the use of dynamic client registration. Wouldn't in be reasonable to extend that statement to include RFC 7009 for an out of the box solution ...text I'm referring to ": EHR implementers to consider the OAuth 2.0 Dynamic Client Registration Protocol for an out-of-the-box solution "
Isaac Vetter (Nov 30 2017 at 21:34):
Hey Debbie, I don't think that it did, here's the list that Josh has been working off of: https://docs.google.com/spreadsheets/d/1j-Dp6B3VetJ_dMseTl6F9qu4GIZr5b9HFRB4iURfSLw/edit#gid=569200369
Josh Mandel (Dec 01 2017 at 03:52):
Do you mean revocation of access, or of app registration @Debbie Bucci? (We don't currently address either of these.)
Debbie Bucci (Dec 01 2017 at 06:21):
Well I think in the case of a rouge client you want/may need to deresgister but the it’s more to allow the client to do its own cleanup.
Debbie Bucci (Dec 01 2017 at 06:26):
Must admit I was comparing SMART with other specs. Looks like SMART is silent on token introspection as well. (perhaps this is separate thought/thread)
Debbie Bucci (Dec 01 2017 at 06:30):
Looks like S4S has introspection (introspector?) as a separate API that may be used
Last updated: Apr 12 2022 at 19:14 UTC
