Versions Compared

Old Version 15

changes.mady.by.user Allana Cameron

Saved on

compared with

New Version 16

changes.mady.by.user Allana Cameron

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleWhat guidance does the PS-CA Specification provide for authentication and security?

The PS-CA Specification includes  refers to the IHE IUA profile that manages access tokens used for authorization of access to HTTP RESTful services based on the flows and transactions defined in the OAuth 2.1 Authorization Framework [OAuth 2.1]. It recommends the use of asymmetric (public-key based) methods for client authentication [OAuth 2.1, Section 9.1], but allows other suitable HTTP-based authentication schemes matching the security policy of the Authorization Server [OAuth 2.1, Section 2.3.2].


Expand
titleIs it required that the IUA for authentication between systems be implemented for each of the profiles utilized (e.g., Find Document References ITI-67)?

Implementation of IUA is recommended, but not mandatory. However, when MHD actors are grouped with IUA actors there are additional security and privacy functionality enabled by this grouping and is therefore encouraged.

...