Stream: fhircast-github
Topic: fhircast-docs / Issue #189 May 2019 Ballot Comment:
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot opened Issue #189
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot labeled Issue #189
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot labeled Issue #189
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot labeled Issue #189
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Apr 30 2019 at 19:53):
hl7-fhircast-bot edited Issue #189
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (May 06 2019 at 19:44):
ajuliansr commented on Issue #189
since the client is an entity as is the server, does entity mean host?
Github Notifications (FHIRcast) (May 07 2019 at 03:13):
isaacvetter commented on Issue #189
Hey @ajuliansr ,
Entity does not mean host.
Ultimately, I intend for it to mean some combination of the same systems/the same owning and responsible organization / the same security and authorization framework.
#27 contains both the thoughtful concern and discussion that caused this statement to be inserted into the spec.
The reason the Hub needs to treat the subscriber and system-that-owns-the-callback-url as the same thing is because the callback url doesn't authenticate to the hub and it's possible for a promiscuous subscriber to authorize other actors or systems to receive notifications on its behalf by creating subscriptions for them, There's no way for the hub to differentiate between a callback url "owned" by the subscriber and one not owned by the subscriber.
Maybe "system" is generic enough? But, I think that two "systems" can have a trust relationship that makes them the same entity. "Actor"? ugh, this isn't IHE. Organization? We're not talking about people, here.
Given that background, what is the better word than "entity" ?
Github Notifications (FHIRcast) (Jun 18 2019 at 15:47):
isaacvetter commented on Issue #189:
## :telephone_receiver: II Working Group Vote (6-18-2019)
Meeting notes: https://confluence.hl7.org/display/IMIN/Teleconferences
Ricardo Quintano Neira moved the following disposition, seconded by Alex Goel
Disposition: Persuasive
Disposition Comment: Change this wording:Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
to
The client that creates the subscription may not be the same system as the server hosting the callback url. (For example, some type of federated authorization model could possibly exist between these two systems). However, in FHIRcast, the hub assumes that the same authorization and access rights apply to both the subscribing client and the callback url.
Also, we'll update the Security Considerations to mention this concern.
:+1: For: 12
:expressionless: Abstain: 0
:-1: Against: 0:tada: The motion passed! :tada:
Github Notifications (FHIRcast) (Jun 18 2019 at 16:02):
isaacvetter labeled Issue #189:
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Jun 28 2019 at 14:16):
wmaethner labeled Issue #189:
## May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Github Notifications (FHIRcast) (Aug 19 2019 at 14:09):
wmaethner closed Issue #189:
May 2019 Ballot Comment:
Submitted by Anthony Julian
Chapter/section: Subscription Request
Url: https://fhircast.hl7.org/specification/May2019Ballot/index.html
Type: NEG :exclamation: Clarification
In Person requested: Yes :bust_in_silhouette:Summary:
Comment: " the same entity" What does this mean? Same building, same organization, same host?
Existing wording: Within FHIRcast, the client that creates a subscription and the server that hosts the callback url are the same entity. If these roles are split, the Hub assumes that the same authorization and access rights apply to both systems.
_This issue was imported by @hl7-fhircast-bot from the consolidated FHIRcast May 2019 ballot spreadsheet._
Last updated: Apr 12 2022 at 19:14 UTC
