Child pages
  • Report on FHIR API Vulnerabilities

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • these vulns show why strong authZ tools need to be easy to use/implement
  • this api authZ is also common for provider FHIR access – that should also change to properly enforce patient directed record blocking
  • <diagram to summarize vuln>

Draft Diagrams:

Widget Connector

UMA is made to be additive to this ecosystem in order to enforce appropriate subject directed authorization of their record to the app, services, and other people they want to access their information.