[Openid-specs-ab] Spec Call Notes 11-Jan-24
Joseph Heenan
joseph at authlete.com
Fri Jan 12 01:40:16 UTC 2024
Hi all,
> On 12 Jan 2024, at 05:20, George Fletcher via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> OpenID Connect - initial authorize call
> Spec says authorization services must support a POST to the /authorization endpoint
> Certification suite does not test for POST to the endpoint
> 3.1.2.1 Authentication Request
> 3.2.2.1 Authorization Request
> HL7 FHIR spec also adopted the requirement to support POST
> This is now federal law in the US -
> Any AS who wants to support MUST support the POST HTTP Method
> https://hl7.org/fhir/smart-app-launch/app-launch.html#request-4 <https://urldefense.com/v3/__https://hl7.org/fhir/smart-app-launch/app-launch.html*request-4__;Iw!!FrPt2g6CO4Wadw!Oegf08haUVnG23qsEk0bkGXfpZvQ0nSbi85Rf7UT9QBSq60xON6OOETDXVIYfoZUBohzy4_qp3UbUMqUtWsdnA$>
> https://www.healthit.gov/topic/laws-regulation-and-policy/health-data-technology-and-interoperability-certification-program <https://urldefense.com/v3/__https://www.healthit.gov/topic/laws-regulation-and-policy/health-data-technology-and-interoperability-certification-program__;!!FrPt2g6CO4Wadw!Oegf08haUVnG23qsEk0bkGXfpZvQ0nSbi85Rf7UT9QBSq60xON6OOETDXVIYfoZUBohzy4_qp3UbUMrCE0RC-A$>
> https://www.federalregister.gov/documents/2024/01/09/2023-28857/health-data-technology-and-interoperability-certification-program-updates-algorithm-transparency-and <https://urldefense.com/v3/__https://www.federalregister.gov/documents/2024/01/09/2023-28857/health-data-technology-and-interoperability-certification-program-updates-algorithm-transparency-and__;!!FrPt2g6CO4Wadw!Oegf08haUVnG23qsEk0bkGXfpZvQ0nSbi85Rf7UT9QBSq60xON6OOETDXVIYfoZUBohzy4_qp3UbUMotD7Z6ag$>
> Short term action - add a test for this to the certification suite
Aaron opened an issue here (thanks!):
https://gitlab.com/openid/conformance-suite/-/issues/1293
However it would be helpful if the working group can be explicit about which certification profile(s) they want this test added to, if any. My initial guess might be “basic”, “implicit” and “hybrid.
(The certification profiles are defined here: https://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf )
Thanks
Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240112/2bf00630/attachment.html>
More information about the Openid-specs-ab
mailing list