vault backup: 2023-11-06 13:13:16

fastenhealth · Nov 6, 2023 · 6c5a669 · 6c5a669
1 parent 0961f5b
commit 6c5a669
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 7 deletions.
diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json
@@ -53,7 +53,7 @@
             "state": {
               "type": "markdown",
               "state": {
-                "file": "news/industry-news.md",
+                "file": "funding.md",
                 "mode": "source",
                 "source": false
               }
@@ -170,7 +170,7 @@
             "state": {
               "type": "backlink",
               "state": {
-                "file": "news/industry-news.md",
+                "file": "funding.md",
                 "collapseAll": false,
                 "extraContext": false,
                 "sortOrder": "alphabetical",
@@ -187,7 +187,7 @@
             "state": {
               "type": "outgoing-link",
               "state": {
-                "file": "news/industry-news.md",
+                "file": "funding.md",
                 "linksCollapsed": false,
                 "unlinkedCollapsed": true
               }
@@ -210,7 +210,7 @@
             "state": {
               "type": "outline",
               "state": {
-                "file": "news/industry-news.md"
+                "file": "funding.md"
               }
             }
           },
@@ -241,9 +241,11 @@
       "command-palette:Open command palette": false
     }
   },
-  "active": "8fe76b87431e4584",
+  "active": "8360a188f8a1d092",
   "lastOpenFiles": [
+    "technical/installation-id.md",
     "technical/grants/sbir-sttr.md",
+    "news/industry-news.md",
     "roadmap.md",
     "technical/grants",
     "technical/marketplace/apple-store.md",
@@ -271,8 +273,6 @@
     "technical/LICENSE_MANAGEMENT.md",
     "technical/LOINC_SNOMED_TERMINOLOGY_SERVER.md",
     "technical/NETWORK_ARCHITECTURE.md",
-    "technical/PATIENT_DATA_COLLECTION.md",
-    "technical/PERSISTENT_DATABASE.md",
     "Untitled.canvas",
     "banner-transparent.png",
     "img/Screen Shot 2022-11-23 at 9.09.22 PM.png",

diff --git a/technical/installation-id.md b/technical/installation-id.md
@@ -0,0 +1,25 @@
+---
+title: Installation ID
+parent: Technical
+---
+
+While Fasten has been able to integrate with 27,000+ health care institutions, some of the 
+largest institutions are pushing back because they have concerns about the potential for abuse 
+given the way the Fasten Lighthouse works.
+
+> Just a refresher, Fasten Lighthouse is an auth gateway, providing a publicly accessible server for the provider to 
+> redirect the user to (with their OAuth code) after authentication. Fasten Lighthouse then redirects the user to their 
+> local/localhost installation of Fasten where the code is swapped for an Access Token. (In some cases the Fasten 
+> Lighthouse may also be involved in the OAuth code-> access token swap) 
+> 
+> See: https://docs.fastenhealth.com/faqs.html#what-is-the-fasten-lighthouse-i-thought-fasten-was-self-hosted
+
+
+Here are their concerns in a nutshell:
+- Fasten Lighthouse is a completely stateless application
+- Theres no way to determine how many users are associated with the same Fasten installation (container/desktop app)
+    - **FEAR**: a Fasten self-hoster may offer their server publicly, providing  access to a large number of users  without having to agree to or follow the privacy policy and terms of use that I shared with the provider to get API credentials.
+- Fasten Lighthouse doesn’t(cant?) do any validation that it’s redirecting to an “official” Fasten application
+    - **FEAR**: a completely separate application could use Fasten Lighthouse with their app, completely ignoring the audit and security review process that the Provider has in place for vetting new applications.
+
+Both of these concerns are completely valid, given the 10’s of millions of healthcare records some of these Healthcare providers protect.