Stream: australia
Topic: Securing with NASH/OAuth
Brian Postlethwaite (Jan 15 2020 at 00:54):
I've drafted up a proposal for doing FHIR Authentication (not authorization) using the NASH digital certificates.
It is very similar to the backend services security spec, with the difference being that it leverages the NASH certificates to remove the need for public keys to be pre-registered. (although the CA is required to be registered)
https://confluence.hl7australia.com/display/PA/2020-01-15+Minutes
Would love to get feedback from others on this to see if it is something that is worth considering for standardization.
Last updated: Apr 12 2022 at 19:14 UTC
