Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Persuasive with Modification
Priority: Highest

Specification:

CDS Hooks (FHIR)
Raised in Version:

1.0
Work Group:

Clinical Decision Support
Related URL:
https://cds-hooks.hl7.org/ballots/2020Sep/index.html#fhir-resource-access
Related Page(s):

(NA)
Grouping:
- Block-Vote-1
Resolution Description:

Hide

Proposed wording to denote that the CDS Client may not do the "creating" of a token when there is a separate authorization server. Updated the first instance from "the CDS Client creates" to "the CDS Client creates or obtains". Updated the second instance from "remains in control of creating an access token" to "remains in control of providing an access token".

Over all, update wording from:

With CDS Hooks, if the CDS Client wants to provide the CDS Service direct access to FHIR resources, the CDS Client creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The CDS Client remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation.

to:

With CDS Hooks, if the CDS Client wants to provide the CDS Service direct access to FHIR resources, the CDS Client creates or obtains an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The CDS Client remains in control of providing an access token that is associated with the specific CDS Service, user, and context of the invocation.

Show
Proposed wording to denote that the CDS Client may not do the "creating" of a token when there is a separate authorization server. Updated the first instance from "the CDS Client creates " to "the CDS Client creates or obtains ". Updated the second instance from "remains in control of creating an access token" to "remains in control of providing an access token". Over all, update wording from: With CDS Hooks, if the CDS Client wants to provide the CDS Service direct access to FHIR resources, the CDS Client creates an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The CDS Client remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation. to: With CDS Hooks, if the CDS Client wants to provide the CDS Service direct access to FHIR resources, the CDS Client creates or obtains an access token prior to invoking the CDS Service, passing this token to the CDS Service as part of the service call. This approach remains compatible with OAuth 2.0's bearer token protocol while minimizing the number of HTTPS round-trips and the service invocation latency. The CDS Client remains in control of providing an access token that is associated with the specific CDS Service, user, and context of the invocation.
Resolution Vote:
Dennis Patterson/Peter Muir: 23-0-0
Change Category:
Clarification
Change Impact:
Non-substantive

Description

again there seems to be ambiguity here between the CDS Service client and the Oauth server. Creating a token is exclusively done by the Oauth server which is a separate entity from the CDS client --and if there is an assumption that the client and the OAuth server are the same entity it should be explicily clarified earlier on.

Existing Wording:

The CDS Client remains in control of creating an access token that is associated with the specific CDS Service, user, and context of the invocation.

Proposed Wording:

The CDS Client remains in control of obtaining an access token that is associated with the specific CDS Service, user, and context of the invocation\.

Attachments

Issue Links

is duplicated by

FHIR-28787 Clarify ambiguity between CDS client and OAuth server

Duplicate

is voted on by

BALLOT-13420 Negative - Vannak Kann : 2020-Sep-HL7 XPARADIGM CDS HOOKS R1 STU

Closed

Activity

People

Assignee:: Isaac Vetter

Reporter:: Mohammad Jafari

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-09-29 03:32

Updated:: 2022-09-14 08:57

Resolved:: 2020-10-05 04:38

Vote Date:: 2020-10-21