Closed slagesse-epic closed 1 year ago
clarify that this failure to retrieve is not a technical-failure, but a positive indication that there is no consent on file.
add to security considerations that handling technical failures (failure-modes) should be guided by policy. For example under treatment purposes technical failures tend to fail-open, where under non-treatment purposes tend to fail closed.
Contact Details
slagesse@epic.com
Section Number
53.4.2.3.2 Consent Access Control Process Flow
What is wrong
Diagram step 5 states:
"The Consent Authorization Server receives the available consents. –> Note that failure to get a consent means that the default Implicit policy that is active is enforced."
The behavior when the consent authorization server fails to retrieve the available consents will be dependent on trust domain policy. A reasonable policy might be that the overarching implicit policy is permit, but in the event that patient consent cannot be determined the transaction should fail.
Describe the solution you'd like
Define this as a failure mode dependent on trust domain policy.
Relevant log output
No response
Priority
{"Medium"=>"Significant issue or clarification. Requires discussion, but should not lead to long debate."}
Code of Conduct