isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikhil Dhamapurkar <nikhil.dhamapur...@healthengine.com.au>
Subject Accessing confidential data - 2 step authentication support
Date Wed, 29 Nov 2017 11:13:18 GMT
Hi Everyone,

We have a use case where an entity Patient has data with 2 parts.  1) non confidential details
( like name, last name)  &  2) some confidential data associated with it (like medical
records).

We want to enable a 2 factor Authentication when retrieving the confidential data when calling
ISIS from the REST based swagger API has someone came across a similar use case ?

I would like to know if it will be advisable to have apache ISIS own the Model and have both
the details confidential and non confidential as part of the entity and do validation via
ISIS or will be better
To keep the confidential data in an entity/data store outside of apache ISIS ?

Application requests → level 1 Authentication → (Gets  non confidential data) → based
on the data and encrypted key → sends request to another source to get confidential data
from it.

OR

Application Requests → with level 1 and Level 2 access Identifiers→ apache ISIS Identifies
it has both tokens → returns the confidential data as well in the response.

Regards
Nikhil


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message