Meeting minutes
RDF Lists
jim: A little bit stuck. Need to step through it carefully. If you put an RDF list into file and use the same nodes in axiom annotation, something gets confused in the OWL API algorithm. Annotations in the list get transferred into another axiom entirely.
jim: We want to treat the list as obj property assertions. It causes a problem if you try to put annotations on them.
Concept IRIs
https://
david: How do we want these things to be transformed?
stemIRI = http://example.org/ code = "foo/bar" --> http://example.org/foo/bar ? http://example.org/foo%2fbar ? code = "frib#jam" --> http://example.org/frib#jam ? http://example.org/frib%23jam ?
eric: People might want to make their codes hierarchical.
gaurav: What if someone puts a "../.." in their code?
eric: What's the attack? In FHIR it's just a string. When it's interpreted in RDF, it becomes a type arc that goes outside of where they thought.
gaurav: What if you access a FHIR server, and supply a dodgy code. Nothing bad happens until a server tries to dereference the IRI.
dbooth: What if instead of accessing blood pressure with code "bp", a code "../../../patientName" is supplied?
eric: But the hacker could have crafted that URI anyway.
dbooth: but it could have been an internal IRI that is not shown to the user, that controls access.
gaurav: A current FHIR system would have a problem. We're considering a future scenario.
gaurav: Concept IRIs are sometimes useful to dereference.
… But that always opens a security issue.
… "Tell me everything about http://...../../../
dbooth: Confused deputy attack?
eric: Could I trick the system into thinking a LOINC code is actually a SNOMED code?
… Or changing a prescription from aspirin to fentanyl?
eric: I don't think it makes the attack vectors worse.
dbooth: Principle of least surpise?
gaurav: I don't expect codes to be percent-encoded.
gaurav: FHIR doesn't use IRIs at all. Should we simplify to limit to URIs?
dbooth: Homework to please put in more examples to the document
ADJOURNED