Stream: smart
Topic: protecting an app's resources from unauthorized AS/RS's
Isaac Vetter (Aug 27 2021 at 15:25):
Just submitted FHIR-33257 to suggest a small enhancement / clarification of best practices for an app which enables access to its own protected resources as part of an EHR Launch and should therefore maintain an allowlist of authorized FHIR servers/auth servers.
Isaac Vetter (Aug 27 2021 at 15:26):
This is kind of common sense, but clearly setting the expectation could help some app developers who don't maintain authorization rules at the level of individual users.
Last updated: Apr 12 2022 at 19:14 UTC
