Hi Everyone, We have a use case where an entity Patient has data with 2 parts. 1) non confidential details ( like name, last name) & 2) some confidential data associated with it (like medical records).
We want to enable a 2 factor Authentication when retrieving the confidential data when calling ISIS from the REST based swagger API has someone came across a similar use case ? I would like to know if it will be advisable to have apache ISIS own the Model and have both the details confidential and non confidential as part of the entity and do validation via ISIS or will be better To keep the confidential data in an entity/data store outside of apache ISIS ? Application requests → level 1 Authentication → (Gets non confidential data) → based on the data and encrypted key → sends request to another source to get confidential data from it. OR Application Requests → with level 1 and Level 2 access Identifiers→ apache ISIS Identifies it has both tokens → returns the confidential data as well in the response. Regards Nikhil
