Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-33643

CapabilityStatement example implies UDAP meanings that are not specified

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • US UDAP Security (FHIR)
    • current
    • Security
    • STU
    • UDAP Server CapabilityStatement [deprecated]
    • Artifacts Summary
    • 8.1.9
    • Hide

      FHIR-33280 removes the need, example will be removed as well

      Show
      FHIR-33280 removes the need, example will be removed as well
    • Luis Maas / David Pyke: 11-0-0
    • Enhancement
    • Compatible, substantive

    Description

      As far as I can tell, the only normative requirement relating to the Capability Statement is for the UDAP code in rest.security.service. But the example Capability Statement shows values for multiple fields, most notably the rest.security.extension extensions for OAuth server URLs. The example shows a server that adheres to both SMART and UDAP with the same URLs.

      Is it the intent to say that UDAP capabilities may be advertised using the soon-to-be deprecated SMART Capability Statement fields? If so, this needs to be made explicit.

      Further, when using the alternative mechanism of the .well-known URL, the IG intentionally keeps the UDAP definition separate from the SMART definition. This allows the endpoints to differ or not. Should the same separation be required when advertising UDAP and SMART endpoints in the Capability Statement?

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlamy Joseph M. Lamy
            John Moehrke
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: