Stream: fhircast-github
Topic: fhircast-docs / Issue #185 May 2019 Ballot Comment:
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot opened Issue #185
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot labeled Issue #185
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot labeled Issue #185
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot edited Issue #185
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (May 06 2019 at 16:04):
isaacvetter labeled Issue #185
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (May 06 2019 at 16:16):
isaacvetter commented on Issue #185
Hey Tony,
Great question! Note that this optionally originated from the WebSub spec. While we're trying to preserve compatibility with WebSub, there are already places we're we've changed WebSub optionality to FHIRcast mandatory (MAY or SHOULD to SHALL; for example,
hub.secretis mandatory in FHIRcast and optional in WebSub).If the subscriber's callback url is guessable (via a static url or known heuristic), there's a potential risk that an attacker could insert bad notifications into the subscriber. This wouldn't threaten to expose PHI, but would wreak havoc on the user's session. The existing mechanism that protects this is the
hub.secret. which the subscriber provides to the Hub during the subscription request and which the Hub uses to authenticate to thehub.callback` for each notification.In order to send artificial notifications to a subscriber, the attacker would not only need to know the
hub.callbackurl, but also thehub.secret. Thehub.secretis the actual authentication mechanism. An unguessable callback url simply provides obscurity (not security). This is likely why WebSub made this a best practice, not a requirement.Overall, I think that WebSub had it right. It's a best practice for the subscriber's callback url to be unguessable. the
hub.secretis what secures this exchange.Thoughts?
Github Notifications (FHIRcast) (May 06 2019 at 19:45):
ajuliansr commented on Issue #185
withdrawn
Github Notifications (FHIRcast) (May 30 2019 at 02:19):
isaacvetter labeled Issue #185:
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Sep 11 2019 at 20:41):
wmaethner commented on Issue #185:
Closed as withdrawn by the author
Github Notifications (FHIRcast) (Sep 11 2019 at 20:41):
wmaethner closed Issue #185:
May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: A-Q Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: Is the SHOULD strong enough?
Existing wording: The Subscriber's callback URL where notifications should be delivered. The callback URL SHOULD be an unguessable URL that is unique per subscription.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Last updated: Apr 12 2022 at 19:14 UTC
