HAPI Authentication RFC

[lp]

Write an RFC reasoning about the best options for adding an authentication layer to HAPI.

The RFC should consider the proposed java transformer way https://hapifhir.io/hapi-fhir/docs/security/authorization_interceptor.html as well as other mechanism like adding an authentication proxy or API gateway.

In RFC scope

• how authentication is done
• how to integrate an external authentication provider/service

Outside of RFC scope

• authorization
• the actual authentication provider/service

timebox: 16h expected output: a wiki entry in the current project https://github.com/bonfhir/terminology-server/wiki

RFC structure example https://www.industrialempathy.com/posts/design-docs-at-google/

[biximilien]

Authentication RFC

[lp]

I think that this RFC still needs work @biximilien, here is what I think is still missing:

• The RFC must decide on a winning option, as the purpose is choosing what implementation we'll do next.
• RFC would be better establishing, in its intro, its context, scope, goals & non goals (as mentioned in above RFC structure example) so as to not fall out of scope, ( like when discussing the choice of authentication protocols )