Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Medium
-
US UDAP Security (FHIR)
-
current
-
Security
-
STU
-
Discovery
-
-
Luis Maas / David Pyke: 11-0-0
-
Enhancement
-
Compatible, substantive
Description
CapabilityStatement at {baseURL}/metadata, that SHALL include the following code in the rest.security.service
Comment
We’ve deprecated this discovery method in SMART App Launch, in favor of well-known discovery which UDAP already defines; UDAP should not re-introduce a /metadata extension, since these can be slow and difficult to deprecate.
The advice not to specify /metadata discovery is especially relevant given the following UDAP suggestion indicating that presence or absence of extensions in /metadata is not a reliable indicator of support:
However, clients MAY attempt to retrieve the UDAP metadata from the metadata endpoint even if the UDAP code is not present in the CapabilityStatement.
If a server returns a 404 Not Found response to a GET request to the UDAP metadata endpoint, the client application SHOULD conclude that the server does not support UDAP workflows, even if the UDAP code is included in the CapabilityStatement.
Attachments
Issue Links
- is voted on by
-
BALLOT-20712 Negative - Josh Mandel : 2021-Sep-FHIR IG UDAP SEC R1 STU
- Balloted