Access control - Githubissues

IHE / DEV.SDPi

IHE Devices Service-oriented Device Point-of-care Interoperability (SDPi) profiles supplement specification materials and related tooling.

7 stars 0 forks source link

Access control #197

Open AnnaFeiler opened 1 year ago

AnnaFeiler commented 1 year ago

Since most hospitals currently don't support access control, we need to provide allowlists for our devices.

Define a common format for allowlists
Specify the allowlist format in SDPi - use of allowlists is not mandatory, if hospitals can do access control in a different way. If they are used, they need to follow the defined format.
If needed, specify how to improve access control in the future without using allowlists

ToddCooper commented 1 year ago

@MartinKasp - this is a simple list of endpoint references Question also about similar approaches in common use in hospitals (e.g., OAuth) (note: gRPC & FHIR use). Do not want to "reinvent the wheel" ... especially in the area of cybersecure devices NOTE: TF-2 Appendix C Security will be the place to collect this information.