Merge pull request #440 from /issues/207-added-link-to-jwt-rfc

kpshek · web-flow · commit 75c9a2882740 · 2018-12-10T11:14:04.000-06:00
Fixes #207: Added link to JWT RFC
diff --git a/docs/specification/1.0.md b/docs/specification/1.0.md
@@ -606,7 +606,7 @@ The EHR’s authorization server is responsible for enforcing restrictions on th
 
 The service agreement negotiated between the EHR vendor/provider and the CDS Service provider will include obligations the EHR vendor/provider commits to the CDS Service provider. Some agreements MAY include the use of mutual TLS, in which both ends of the channel are authenticated.
 
-However, mutual TLS is impractical for many organizations, and because the EHR initiates the TLS channel set-up, only the CDS Service endpoint will be authenticated.  To enable the CDS Service to authenticate the identity of the EHR, CDS Hooks uses digitally signed [JSON web tokens (JWT)](https://jwt.io/).
+However, mutual TLS is impractical for many organizations, and because the EHR initiates the TLS channel set-up, only the CDS Service endpoint will be authenticated.  To enable the CDS Service to authenticate the identity of the EHR, CDS Hooks uses digitally signed [JSON web tokens (JWT)](https://jwt.io/) ([rfc7519](https://tools.ietf.org/html/rfc7519)).
 
 Each time an EHR transmits a request to a CDS Service, the request MUST include an `Authorization` header presenting the JWT as a “Bearer” token:
 ```
