The FAST Security Tiger Team focused on proposed solutions to address barriers related to security for FHIR-based solutions at scale.
The group of SMEs invited to participate in this session will be asked to evaluate the team's proposed solutions: UDAP Trusted Dynamic Client Registration, UDAP Tiered OAuth, UDAP JWT-Based Client Authentication, UDAP JWT-Based Authorization Assertions and provide their expert insight and opinion on these solutions.
The solutions aim to answer the following questions:
- How do we know the service consumer has permission to ask or see?
- What do scalable authentication and authorization models for FHIR based information exchange look like?
- Will a scalable solution support millions of patients/payers/providers?
- How do we leverage existing security guidelines and best practices?
- How do we know the FHIR consumer has permission to ask or see?
These solutions are focused on determining how to manage permissions and security of millions of transaction between patients, payers and providers