...
Expand | ||
---|---|---|
| ||
The PS-CA Specification includes refers to the IHE IUA profile that manages access tokens used for authorization of access to HTTP RESTful services based on the flows and transactions defined in the OAuth 2.1 Authorization Framework [OAuth 2.1]. It recommends the use of asymmetric (public-key based) methods for client authentication [OAuth 2.1, Section 9.1], but allows other suitable HTTP-based authentication schemes matching the security policy of the Authorization Server [OAuth 2.1, Section 2.3.2]. |
Expand | ||
---|---|---|
| ||
Implementation of IUA is recommended, but not mandatory. However, when MHD actors are grouped with IUA actors there are additional security and privacy functionality enabled by this grouping and is therefore encouraged. |
...