FHIR Chat · fine-grained access control · smart

Stream: smart

Topic: fine-grained access control

view this post on Zulip Keith Boone (Feb 01 2020 at 20:57):

A question crossed one of my streams regarding the lack of fine-grained access control in SMART on FHIR. I point out in this blog post that a SMART on FHIR implementer CAN support fine-grained access control, even if the base specification doesn't say anything about it. http://motorcycleguy.blogspot.com/2020/01/fine-grained-access-control-with-smart.html

view this post on Zulip John Moehrke (Feb 03 2020 at 01:37):

There is occational interest in advancing SMART scopes... but never seem to get a group of people together to do the work.
There is similar work in IHE to profile OAuth for use with FHIR...

view this post on Zulip Josh Mandel (Feb 06 2020 at 19:17):

Should mention this is one of the candidate Argonaut projects for 2020. We should know within the next couple of weeks if it's selected.

view this post on Zulip John Moehrke (Feb 06 2020 at 22:09):

Please have Argonaut work in the light-of-day along side with the Security wg. It is very frustrating to have these things ironed out elsewhere and have them imposed upon the workgroup.

view this post on Zulip Josh Mandel (Feb 06 2020 at 22:10):

Agreed! If we wind up picking this project we'll post call details publicly for broad participation.

view this post on Zulip Josh Mandel (Feb 06 2020 at 22:13):

Also, re: Keith's blog post: I agree there's very strong value in letting each authz server offer its own UX and capabilities for limiting access, effectively out-of-band (i.e., without communicating those restructions via OAuth scopes). The Argonaut project would be about seeing whether there's more we can standardize in-band -- i.e., the kind of stuff we've noodled about at https://github.com/HL7/smart-app-launch/blob/master/spec/scopes-and-launch-context/scopes-v2.md

view this post on Zulip John Moehrke (Feb 06 2020 at 22:17):

There are also multiple suggestions for improved scopes that were provided as ballot comments. Ballot comments that were deferred under the Argonaut mandate. I really think that the HL7 ballot process should be respected and have these ballot comments re-considered as the deferred status intends. This is now a work of HL7, and needs to be revised under HL7 rules.

view this post on Zulip Isaac Vetter (Feb 07 2020 at 00:04):

I'm pretty sure that some of my SMART comments got deferred during our STU1 ballot a few years ago! It'd be great not only for the matter-of-course HL7 process to reconsider these, but also for anyone from the community working within the accelerator to do so as well.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -