Stream: fhircast-github
Topic: fhircast-docs / Issue #113 May 2019 Ballot Comment: Is TL...
Github Notifications (FHIRcast) (Apr 30 2019 at 19:51):
hl7-fhircast-bot opened Issue #113
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:51):
hl7-fhircast-bot labeled Issue #113
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:51):
hl7-fhircast-bot labeled Issue #113
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:51):
hl7-fhircast-bot edited Issue #113
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (May 06 2019 at 22:24):
isaacvetter commented on Issue #113
During conversation at the Montreal, May 2019 working group meeting, @RicardoQuintano, @wmaethner, @NiklasSvenzen and myself talked through this issue and would like to:
Propose a resolution: TLS (HTTPS) is always required to be compliant with the specification. SMART on FHIR is recommended, but not required and this will be clarified in #125 for SMART.
Github Notifications (FHIRcast) (May 16 2019 at 06:50):
lbergnehr labeled Issue #113:
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Jul 16 2019 at 14:45):
isaacvetter commented on Issue #113:
Proposed resolution: Persuasive with Mod
Proposed resolution comment: A FHIRcast-compliant context synchronization will always use TLS; regardless of the launch mechanism.
Github Notifications (FHIRcast) (Jul 24 2019 at 14:06):
wmaethner commented on Issue #113:
## :landline: II Working Group Vote (7-24-2019)
Block vote 3Ricardo Quintano Neira moved the following disposition, seconded by @isaacvetter
Disposition: Persuasive
Disposition Comment: Will fix as described in the issue comments or by the commenter:+1: For: 11
:expressionless: Abstain: 1
:-1: Against: 0:tada: The motion passed! :tada:
Github Notifications (FHIRcast) (Jul 24 2019 at 14:09):
wmaethner labeled Issue #113:
## May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Sep 05 2019 at 02:14):
isaacvetter labeled Issue #113:
May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Sep 10 2019 at 13:55):
isaacvetter closed Issue #113:
May 2019 Ballot Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Submitted by Ricardo Quintano Neira on behalf of @bvdh
Chapter/section: Overview
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: CorrectionSummary: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
Comment: Is TLS and Smart of FHIR necessary in the case that authorization is not used?
The sentence
"MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol"
contradicts a later comment that other launch mechanism are allowed. These might not require TLS.
Existing wording: MUST be transmitted over channels secured using the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS), also known as HTTPS and defined in RFC2818. FHIRcast is modeled on the webhook design pattern and specifically the W3C WebSub RFC and builds on the HL7 SMART on FHIR launch protocol
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Last updated: Apr 12 2022 at 19:14 UTC
