[Openid-specs-heart] Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes
Thomas Rieneck
THRE at sundhedsdata.dk
Fri Aug 26 07:51:27 UTC 2016
Why include patient ids in scopes?
If patient is Resource Owner, the Resource Server can deduct the patient id from resource_set_id, if somebody else is Resource Owner it will require this party to register a potentially large number of permissions on the Authorization Server with the different patient ids embedded.
Best regards
Thomas Rieneck
Nationale Health Data Agency
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160826/efe8096f/attachment.html>
More information about the Openid-specs-heart
mailing list