Details
-
Change Request
-
Resolution: Unresolved
-
Medium
-
Interoperable Digital Identity and Patient Matching (FHIR)
-
current
-
Patient Administration
-
Patient Matching
-
4.2.2
Description
Comparing the B2B with User Authorization Extension Object to the B2B Authorization Extension Object, the following need to be addressed:
- "The same requirements for use of hl7-b2b apply in the use of hl7-b2b-user." What does this mean? Which requirements specifically? I'm guessing those in section 5.2.1.2; any others?
- It says "includes this object in the extensions object of the Authentication JSON Web Token (JWT), as per UDAP Security 5.2.1.1". What does "as per" imply here? Analogously? Similarly to? It can't mean "follow 5.2.1.1 as well", can it?
- Is this intended to be included in addition to or instead of hl7-b2b? Given the overlap of fields, it appears the latter. But:
- 5.2.1 requires hl7-b2b for B2B client apps using the client_credentials flow. This will need to be rewritten to allow for either.
- There is no equivalent requirement in the Identity IG saying it SHALL be included in <specific cases>.