Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Medium
-
US Core (FHIR)
-
5.0.1
-
Cross-Group Projects
-
Security
-
-
Brett Marquard/Juliet Rubini: 17-0-2
-
Clarification
-
Non-substantive
Description
Since US Core was first drafted as a FHIR IG, it's had this requirement:
> For Authentication and Authorization, Systems SHALL support the SMART App Launch Framework for client <-> server interactions. NOTE: The SMART on FHIR specifications include the required OAuth 2.0 scopes for enabling security decisions.
The text has stayed the same this entire time (nice work, spec author!), but the hypertext reference has changed a few times. It's gone from smarthealthit.org to http://www.hl7.org/fhir/smart-app-launch/history.cfml to http://hl7.org/fhir/smart-app-launch
When SMART STU2 was published, I believe the content at http://hl7.org/fhir/smart-app-launch changed from SMART STU1 to SMART STU2, introducing new requirements and capabilities.
Can a server support SMART STU1, not SMART STU2, and still be compliant with US Core STU5 ? Perhaps the intent is to simply require any version of SMART ?
SMART STU1: http://hl7.org/fhir/smart-app-launch/1.0.0/
SMART STU2: http://hl7.org/fhir/smart-app-launch/STU2/
ci
5.0.1:
5.0.0
balloted 4.1.0
- http://hl7.org/fhir/us/core/2022Jan/security.html
- http://www.hl7.org/fhir/smart-app-launch/history.cfml
4.0.0
3.1.1
....
0.0.0