[Openid-specs-heart] Confidentiality and sensitivity scopes: needs a bit more discussion and an example

[Eve Maler]

I'm thinking that it wouldn't hurt to have a bit more disquisition on this
topic in the OAuth+FHIR spec. :-)

Here's what the spec says
<http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-oauth2.xml#ConfidentialitySensitivity>
:

"This specification makes no assumptions regarding the ability of resource
servers to tag and filter data. A resource server that is capable of
filtering information MUST advertise this capability through the use of
these scopes. Resource servers SHOULD use this access information to filter
out data being returned to a client, if possible. If an access token does
not contain a given confidentiality or sensitivity marker, the resource
server SHOULD assume that the client does not have access to that
information and SHOULD apply appropriate filters to the data, where
possible."

Maybe a more direct way to state the last sentence is that the RS SHOULD
filter data with such a scope (do we even need to say "where possible"?
what are the conditions for that?) as long as the scope *was not granted*.
And then we should give an example, so that the consequences are brought
home to the reader. Maybe even give the converse example too.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20170609/de895416/attachment.html>