Details
-
Change Request
-
Resolution: Unresolved
-
Medium
-
FHIR Core (FHIR)
-
R4
-
Modeling & Methodology
-
Datatypes
-
FHIR-36000 Json digital signature committmentTypeIndication is wrong
Description
proposal: omit the last bullet from this section:
2.24.0.17.2 JSON Signature rules
When the signature is an JSON Digital Signature (contentType = application/jose), the following rules apply:
- The Signature.data is base64 encoded JWS-Signature RFC 7515: JSON Web Signature (JWS)
- The signature is a Detached
Signature (where the content that is signed is separate from the signature itself)
- When FHIR Resources are signed, the signature is across the Canonical JSON form of the resource(s)
- The Signature SHOULD use the hashing algorithm SHA256. Signature validation policy will apply to the signature and determine acceptability
The Signature SHALL include a "CommitmentTypeIndication" element for the Purpose(s) of Signature. The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013). The Signature.type shall contain the same values as the CommitmentTypeIndication element.
Rationale: There is no "CommitmentTypeIndication" element in JWS. Nor as far as I can tell a corresponding element. you could add a private header parameter name.
Attachments
Issue Links
- duplicates
-
FHIR-36000 Json digital signature committmentTypeIndication is wrong
-
- Published
-