Message exchange signing (e.g., JWS)

ehealthsuisse / ch-epr-fhir

Repository for the swiss implementation guide for the FHIR based profiles

3 stars 5 forks source link

Message exchange signing (e.g., JWS) #94

Closed msmock closed 8 months ago

msmock commented 8 months ago

Change the text to make signed messages for request and response mandatory, if optional in IUA or OAuth:

Authorization Request
Authorization Response
Access Token Request
Access Token Response

msmock commented 8 months ago

Won't be done. Reading of the OAuth specification showed, that the client secret is used to authenticate the client application, while the network may be authenticated with mutual TLS. Thus the client secret replaces the digital signatures.