Comments (6)
kwboone
commented on July 28, 2024
That’s about ten lines of code for minimal support.
…Sent from my iPhone
On Sep 22, 2020, at 10:20 PM, Spencer LaGesse ***@***.***> wrote:
Section 34.1.1.3 states:
"Resource Server SHALL declare support for IUA in the capabilities endpoint using the element CapabilityStatement.rest.security. and the code "IUA" at system canonical URL "http://profiles.ihe.net/fhir/ihe.securityTypes/CodeSystem/securityTypes"."
Does this requirement hold even when the Resource Server does not expose FHIR APIs? It seems FHIR might be a common use case for IUA but IUA should be generic enough to work in any RESTful environment. Seems like it would be rather odd and possibly an undue burden to apply this requirement to a server that is RESTful but not FHIR.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
from it-infrastructure.
lcmaas
commented on July 28, 2024
Why not add to start of sentence, "If the resource server is a FHIR Server, then the..."
from it-infrastructure.
joostreuzel
commented on July 28, 2024
Agree with @slagesse-epic of trying to avoid IUA to become dependent on FHIR as it should be usable for any type of REST endpoint. In commit 50daa2c (to be merged still) I added the clause that this is mandatory behavior for FHIR-based resource servers only. Other servers may do so as well, but it isn't mandatory.
Not the same, but related: Issue #111 contains a proposal that allows Authorization Clients to figure out what type of grants, tokens, endpoints, options are supported by an Authorization Server. This eases configuration at the client side.
A FHIR server's capability statement may point to the authorization server and this meta-data document will tell the client where and how to obtain the access tokens. Not sure though if such a thing would ever be used in practice as clients are most likely preconfigured to work with IUA and a specific Authorization Server. Moreover, clients typically need to be pre-registered at that AS for authorization to work...
from it-infrastructure.
JohnMoehrke
commented on July 28, 2024
agreed. the capability statement stuff was always intended to be ONLY for when use with a FHIR based use-case. The main reason to have this is to enable automation. A client can see this declaration in a servers metadata endpoint and thus know what they need to do administratively next. It was not intended to fully automate. It is also there as SMART has a code for use when SMART is used, so it is equal feature.
from it-infrastructure.
joostreuzel
commented on July 28, 2024
Was wondering if we need to add something to "IHE Appendix Z on HL7® FHIR" on this topic?
from it-infrastructure.
JohnMoehrke
commented on July 28, 2024
Was wondering if we need to add something to "IHE Appendix Z on HL7® FHIR" on this topic?
@joostreuzel I looked at the Appendix Z and don't find anything specific to add. This appendix already points at IUA, so I would expect any IUA specifics would not be included in Appendix Z. This said, I am happy to be given a specific suggestion on what to add to Appendix Z.
from it-infrastructure.
Related Issues (20)
- update FHIR Brief presentation and record HOT 1
- ITI sex and gender profiling HOT 4
- Move XCPD Revoke Into Its Own Transaction
- Finance and Insurance Services HOT 3
- Federation Directory Grouping HOT 1
- Federated Directory Grouping HOT 5
- XD* On-Demand Delta Detection Option HOT 5
- approved CPs integration
- DSG handling of JSON signature HOT 13
- IG for Accessibility to IPS HOT 4
- Feature: mCSD Explicit Endpoint Accessibility Option HOT 1
- RESTful ATNA: JSON example in section 3.82.4.2.2.1 "JSON encoded array of Syslog Messages"
- Discuss experimenting with R5 on IGs HOT 2
- Update HIE Whitepaper based on recent profiles and updates. HOT 2
- Align DSUB with DSUBm (updates)
- XDW with FHIR HOT 1
- Validate workflow document updates HOT 1
- ITI MHD option to support ITI RMU capability HOT 3
- mCSD additional transaction for Feed HOT 2
- Sharing Verifiable Health Links
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from it-infrastructure.