Security

Josh Mandel edited this page Apr 20, 2016 · 4 revisions

Authentication and authorization

This is still a TODO, but we build on the SMART Authorization specifications -- in particular the "Backend Services" specification that enables servers to establish an authorized connection with no user in the loop. See SMART Backend Services for details.

Using SMART Backend Services, We describe APIs in two directions: the CDS Service exposes an API that the EHR consumes, and the EHR exposes an API that the CDS Service consumes. Ahead of time, OAuth 2.0 client registration occurs on both sides:

  • EHR registers its JSON Web Key Set URL with the CDS Service, obtaining a client_id
  • CDS Service registers its JSON Web Key Set URL with the EHR, obtaining a client_id

Note: it's also possible to use cds-hooks without using OAuth/registration, but this is only appropriate where there is no PHI etc involved (terminology/knowledge CDS stuff not related to an actual patient)

Markdown

We allow cards with details supplied in Markdown. We need to establish rules about what's valid here: e.g. a whitelisted set of elements, and the expectation that we won't have references to external images/links (data URLs should work for embedding images).