Stream: smart
Topic: Firewall concern
Yunwei Wang (Mar 21 2018 at 14:56):
We are developing a SMART client. It has a Angular front end and a .NET Web API service. Instead of using fhir-client.js, all SMART and FHIR calls are handled by Web API. But this model could have a problem when hospital put OAuth and FHIR calls behind a firewall.
Could that happen? If so, what options do we have to deal with that?
Josh Mandel (Mar 21 2018 at 15:07):
Is this an app that runs in the EHR, inside the hospital? In general, if you want to run queries from outside the hospital's environment, then you need to be sure this is allowed -- which in general it should be!
Josh Mandel (Mar 21 2018 at 15:07):
The basic premise of SMART on FHIR is that EHRs are implementing APIs on the web -- and this should be the case for patient- as well as provider-facing apps.
Yunwei Wang (Mar 21 2018 at 15:16):
The app is intended to be registered and used by doctors inside EHR. When we discussed two deployment scenarios. One is install our web applications (Anguar and Web API) inside hospital. The 2nd is we host the web applications on our own server out of hospital. The benefit of the 2nd scenario is that one installation serving multiple hospitals. The firewall question is for the 2nd scenario.
One suggestion we heard is that we should use fhir-client.js. Since it runs in browser, there is no firewall concerns. Is that correct?
Josh Mandel (Mar 21 2018 at 15:45):
That's correct -- you can statically host the app from outside the firewall and issue requests from within the browser inside the firewall.
Yunwei Wang (Mar 21 2018 at 15:47):
Thank you. @Josh Mandel
BTW, where I can read the latest SMART spec?
Josh Mandel (Mar 21 2018 at 15:48):
http://hl7.org/fhir/smart-app-launch is what we balloted; still reconciling changes (slowly)...
Last updated: Apr 12 2022 at 19:14 UTC
