We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Fixed terminology table in Section 4.2.
Per Argonaut Security SME request, made "actor" sequence graphic more generic EHR-to-EHR. Also, in step 7 of the enumerated steps below the detailed sequence diagram, clarified that the EHR-A authorization server may transfer the token to an EHR application.
Corrected typo in 4.5.4 ("authorization JWT must be digitally signed..." to "authentication JWT must be digitally signed..."
Changed paragraph ref. for RFC6750 from 5.1 to 5.2.
In 4.5.2, clarified that "EHR-B servers" refers to both AS and RS.
Corrected inconsistency regarding the priority of the "iat" parameter (OPTIONAL to REQUIRED) and its use as a replay countermeasure, in sections 4.5.3 and 4.5.4.
Added parameters for passing access token from EHR-B to EHR-A (section 4.5.5).
Updated cross organizational auth (markdown)
Added content re countermeasures to threats to bearer tokens. Added example conformance statement.
Digital signing optional.
Removed details regarding format of access token.
Added "bearer token" definition.
Updated per discussions with Josh.
Added specific language from RFC6750 re retrieval methods.
Simplified detailed sequence diagram and added labeling for steps corresponding to enumerated list below the diagram.
Simplified actors and transactions diagram.
Incorporated Josh's comments
Added replay protection.
Added resource retrieval section. Minor edits to sequence diagram.
Added Access Token section.
Edited authorization JWT and authentication JWT sections.
Revised Authorization JWT section, using in puts from applicable standards and MITRE documentation.
Added TLS.