alias shall match the JWT token's "aud" parameter
user shall match the JWT token's "sub" parameter
issuer shall match the JWT token's "iss" parameter
I am unclear why the "aud" parameter is included. And what would happen if the aud is multiple servers?
Note that for SAML the "alias" was the property from the SAML assertion that contained the human readable name of the user. That is nothing like the OAuth "aud" parameter.
Recommend that for similar "alias" in IUA OAuth, the ihe_iua:subject_name be used as the alias.
Further note that the method of making a string is not as useful when using FHIR AuditEvent.
In section 3.72.5.1 Security Audit Considerations
the following is stated
I am unclear why the "aud" parameter is included. And what would happen if the aud is multiple servers?
Note that for SAML the "alias" was the property from the SAML assertion that contained the human readable name of the user. That is nothing like the OAuth "aud" parameter.
Recommend that for similar "alias" in IUA OAuth, the ihe_iua:subject_name be used as the alias.
Further note that the method of making a string is not as useful when using FHIR AuditEvent.