Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32227

Why mandate launch context?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive
    • Icon: Highest Highest
    • SMART on FHIR (FHIR)
    • 2.0.0
    • FHIR Infrastructure
    • STU
    • App Launch: Scopes and Launch Context
    • 2
    • Hide

      Clients requesting patient-level scopes need a way understand which patient these scopes apply to. A patient-level scope is essentially meaningless without knowing which patient it is bound to. While it might be possible for clients to infer the "patient" context value in some circumstance, leaving this as an exercise for the client is likely to cause confusion and incorrect imputation.

      Note that we call out patient context here as a special case, specifically because it is so closely tied to the functionality of patient-level scopes.

      Providing a "patient" context value whenever a patient-level scope is granted 1) is simple for servers, 2) provides a consistent developer experience for clients.

       

      We already say:

       

      > The application could choose to also provide launch/patient and/or launch/encounter as “hints” regarding which contexts the app would like the EHR to gather. The EHR MAY ignore these hints (for example, if the user is in a workflow where these contexts do not exist).

       

      > The EHR MAY refuse authorization requests including patient/ that do not also include a valid launch, or it MAY infer the launch/patient scope.

      Show
      Clients requesting patient-level scopes need a way understand which patient these scopes apply to. A patient-level scope is essentially meaningless without knowing which patient it is bound to. While it might be possible for clients to infer the "patient" context value in some circumstance, leaving this as an exercise for the client is likely to cause confusion and incorrect imputation. Note that we call out patient context here as a special case, specifically because it is so closely tied to the functionality of patient-level scopes. Providing a "patient" context value whenever a patient-level scope is granted 1) is simple for servers, 2) provides a consistent developer experience for clients.   We already say:   > The application could choose to also provide  launch/patient  and/or  launch/encounter  as “hints” regarding which contexts the app would like the EHR to gather. The EHR MAY ignore these hints (for example, if the user is in a workflow where these contexts do not exist).   > The EHR MAY refuse authorization requests including patient/ that do not also include a valid launch, or it MAY infer the launch/patient scope.
    • Christiaan Knaap / Gino Canessa: 8-0-0

    Description

      When granting a patient-level scopes like patient/*.rs, the server SHALL provide a "patient" launch context parameter.

      Why is this the case? I think launch context SHALL only be provided when requested and granted. Not all applications require context information, so why mandate this?

      Servers may also filter the data returned for the current patient.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bvdh Bas van den Heuvel
            Bas van den Heuvel
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: