Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36158

Correct JWS Signature rules

    XMLWordPrintableJSON

Details

    • Change Request
    • Status: Duplicate (View Workflow)
    • Medium
    • Resolution: Unresolved
    • FHIR Core (FHIR)
    • R4
    • Modeling & Methodology
    • Datatypes

    Description

      proposal: omit the last bullet from this section:

      2.24.0.17.2 JSON Signature rules 

      When the signature is an JSON Digital Signature (contentType = application/jose), the following rules apply:

      • The Signature.data is base64 encoded JWS-Signature RFC 7515: JSON Web Signature (JWS) 
      • The signature is a Detached   Signature (where the content that is signed is separate from the signature itself)
      • When FHIR Resources are signed, the signature is across the Canonical JSON form of the resource(s)
      • The Signature SHOULD use the hashing algorithm SHA256. Signature validation policy will apply to the signature and determine acceptability
      • The Signature SHALL include a "CommitmentTypeIndication" element for the Purpose(s) of Signature. The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013). The Signature.type shall contain the same values as the CommitmentTypeIndication element.

      Rationale:  There is no  "CommitmentTypeIndication" element in JWS. Nor as far as I can tell a corresponding element.  you could add a private header parameter name.

      Attachments

        Issue Links

          Activity

            People

              john_moehrke John Moehrke
              ehaas Eric Haas
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: