Recommended TLS and DNS Checks for Patient-Facing Applications
256 views
Skip to first unread message
Cerner FHIR Developers
Apr 29, 2022, 12:12:29 PM4/29/22
to Cerner FHIR Developers
Developers of patient-facing applications,
Cerner is enabling a series of TLS and DNS checks [1] on applications to provide trustworthy information to patients so they can make an informed decision about which parties they wish to share their health information with and to further secure the Cerner Ignite APIs by making it more difficult for bad actors to impersonate your applications.
As part of securing Cerner Ignite APIs, we have outlined a series application best practices [1] that enable Cerner to provide more detailed information about your applications to patients or authorized representatives. The goal of these best practices is to encourage the use of existing internet security features and standards.
These checks will be run as part of the patient facing authorization workflow [2] when your application requests and/or refreshes access tokens. You can review the user experience by manually walking through the patient authorization workflow for your application.
This functionality will be "previewed" beginning 4/29/22 in Cerner’s SMART on FHIR sandbox [3] with an anticipated production date of June 1st. Dates are subject to change and will be followed up with an announcement when the features are released more broadly.
ACTION ITEMS:
[1] https://fhir.cerner.com/authorization/application-registration-prerequisites/
[2] https://fhir.cerner.com/authorization/
[3] https://fhir.cerner.com/millennium/r4/#secure-sandbox
Should you need assistance please reach out through the Cerner FHIR Developers Group.
Cerner is enabling a series of TLS and DNS checks [1] on applications to provide trustworthy information to patients so they can make an informed decision about which parties they wish to share their health information with and to further secure the Cerner Ignite APIs by making it more difficult for bad actors to impersonate your applications.
As part of securing Cerner Ignite APIs, we have outlined a series application best practices [1] that enable Cerner to provide more detailed information about your applications to patients or authorized representatives. The goal of these best practices is to encourage the use of existing internet security features and standards.
These checks will be run as part of the patient facing authorization workflow [2] when your application requests and/or refreshes access tokens. You can review the user experience by manually walking through the patient authorization workflow for your application.
This functionality will be "previewed" beginning 4/29/22 in Cerner’s SMART on FHIR sandbox [3] with an anticipated production date of June 1st. Dates are subject to change and will be followed up with an announcement when the features are released more broadly.
ACTION ITEMS:
- Review the documentation [1].
- Test your patient facing applications to review the user experience by manually walking through the patient authorization flow.
- Make updates as needed to allow Cerner to provide the best description of your application to end users.
[1] https://fhir.cerner.com/authorization/application-registration-prerequisites/
[2] https://fhir.cerner.com/authorization/
[3] https://fhir.cerner.com/millennium/r4/#secure-sandbox
Should you need assistance please reach out through the Cerner FHIR Developers Group.
Scott Bach(Cerner)
May 19, 2022, 11:08:25 AM5/19/22
to Cerner FHIR Developers
Based on feedback from the community, we have updated our guidance around the Application Registration Prerequisites [1], specifically where to store your application's DNS TXT record [2]. This TXT record should be added to the eTLD+1 for the domain hosting the application.
The eTLD+1 is the effective top level domain (TLD) and the part of the domain just before it. For example, given a URL of https://my-project.github.io, the TLD is `io` and the eTLD+1 is `github.io`, which is considered a "site". This domain will be shown to end-users.
Due to this change and the guidance given, we will no longer check other domains/subdomains in the URL of your application for the DNS TXT record.
ACTION ITEMS:
Review the documentation [1].
Test your patient facing applications to review the user experience by manually walking through the patient authorization flow.
Make updates as needed to allow Cerner to provide the best description of your application to end users.
[1] https://fhir.cerner.com/authorization/application-registration-prerequisites/
Should you need assistance please reach out through the Cerner FHIR Developers Group.
Scott Bach(Cerner)
Jun 1, 2022, 2:55:42 PM6/1/22
to Cerner FHIR Developers
This functionality is now live in public Sandbox and Production environments!
Reply all
Reply to author
Forward
0 new messages