Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-33280

Publish discovery metadata in .well-known, and avoid duplication in /metadata

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US UDAP Security (FHIR)
    • current
    • Security
    • STU
    • Discovery
    • Hide

      Remove CapabilityStatement requirement and associated artifacts;
      remove list item #1 from 2.1;
      remove the list itself as only one item remains;
      remove references to UDAP code and CapabilityStatement in final paragraph of 2.1; remove CapabilityStatement example.

      Show
      Remove CapabilityStatement requirement and associated artifacts; remove list item #1 from 2.1; remove the list itself as only one item remains; remove references to UDAP code and CapabilityStatement in final paragraph of 2.1; remove CapabilityStatement example.
    • Luis Maas / David Pyke: 11-0-0
    • Enhancement
    • Compatible, substantive

    Description

      CapabilityStatement at {baseURL}/metadata, that SHALL include the following code in the rest.security.service
       
       Comment

      We’ve deprecated this discovery method in SMART App Launch, in favor of well-known discovery which UDAP already defines; UDAP should not re-introduce a /metadata extension, since these can be slow and difficult to deprecate.

      The advice not to specify /metadata discovery is especially relevant given the following UDAP suggestion indicating that presence or absence of extensions in /metadata is not a reliable indicator of support:

      However, clients MAY attempt to retrieve the UDAP metadata from the metadata endpoint even if the UDAP code is not present in the CapabilityStatement.

      If a server returns a 404 Not Found response to a GET request to the UDAP metadata endpoint, the client application SHOULD conclude that the server does not support UDAP workflows, even if the UDAP code is included in the CapabilityStatement.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jmandel Josh Mandel
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: