Security for Scalable Registration, Authentication, and Authorization
2.0.0 - STU2 Draft CI build
Security for Scalable Registration, Authentication, and Authorization
2.0.0 - STU2 Draft CI build
Security for Scalable Registration, Authentication, and Authorization, published by HL7 International - Security WG. This guide is not an authorized publication; it is the continuous build for version 2.0.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-udap-security-ig/ and changes regularly. See the Directory of published versions
Changes from the previous version are summarized below with links to the corresponding HL7 ticket. The summaries below are non-normative.
| Ticket | Ticket Description |
|---|---|
| FHIR-41520 | Clarify “state” parameter required for authorization code flow |
| FHIR-42958 | Add guidance for use of PKCE |
| FHIR-43005 | Clarify server may grant a subset of “scopes_supported” |
| FHIR-46113 | Add self-certification example for exchange purpose |
| FHIR-46448 | Add scope guidance based on TEFCA SOP |
| Ticket | Ticket Description |
|---|---|
| FHIR-40459 | Clarify client is required to validate signed_metadata as per the UDAP server metadata profile |
| FHIR-40579 | Correct inactive link in Required UDAP Metadata |
| FHIR-40601 | Correct invalid link to HL7 SMART App Launch IG history |
| FHIR-40791 | Clarify “aud” value in authentication JWTs |
| FHIR-41517 | Clarify algorithm used by servers to sign UDAP metadata |
| FHIR-43002 | Clarify that support for B2B extension is required for servers that support client credentials grants |
| FHIR-43007 | Clarify conformance strength of algorithms by listing as a table |
| FHIR-43008 | Clarify “jti” reuse is permitted after expiration of any previous JWTs using same value |
| FHIR-43014 | Correct status code to be returned by server when community is not recognized or not supported |
| FHIR-43021 | Add missing hyperlinks for certain UDAP profiles |
| FHIR-43048 | Clarify servers must respond to GET requests for metadata |
| FHIR-43116 | Clarify that registration updates are requested within the context of the client’s trust community |
| FHIR-43121 | Remove duplicated requirements for “iss” parameter in software statement |
| FHIR-43554 | Clarify allowed registration claims returned by server may be different than claims submitted in software statement |
IG © 2021+ HL7 International - Security WG and UDAP.org. Package hl7.fhir.us.udap-security#2.0.0 based on FHIR 4.0.1. Generated 2024-11-12
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change