FHIR Chat · Conformance.rest.security · conformance

Stream: conformance

Topic: Conformance.rest.security

view this post on Zulip Grahame Grieve (Feb 08 2018 at 11:08):

This section should not become normative. It should be either
- removed, in favour of saying 'just use openAPI'
- harmonised with openAPI
- replaced with a reference to an OpenAPI statement
- simplified down to just a code for type of security
- both simplified to a code and add a reference to an openAPI document

view this post on Zulip Grahame Grieve (Feb 08 2018 at 11:22):

  • marked as informative

view this post on Zulip Grahame Grieve (Feb 08 2018 at 11:22):

the openAPI security section is way more complicated than our security section

view this post on Zulip abhishek gupta (Feb 08 2018 at 12:18):

Hi all,
I want to create the Profiles&Extensions web pages for my selected profiles.
I will send one screenshot for clear understanding
ig.png
In this Profiles and Extensions pages are getting in the top header but I want the Profiles&Extensions pages in the second header also,like build.fhir.org
if anyone knows about that ping me.

view this post on Zulip John Moehrke (Feb 08 2018 at 14:35):

@Grahame Grieve what is this comment about openAPI security? Is there a new section in FHIR on security that came from somewhere else?

view this post on Zulip Grahame Grieve (Feb 17 2018 at 20:17):

we have a section in the CapabilityStatement for specifying the security details on the API. It's been there a long time, and it hasn't had much attention

OpenAPI has an equivalent section, but the details are different and it's much richer. I made my comment after reviewing what they have

view this post on Zulip Grahame Grieve (Feb 17 2018 at 20:18):

@Ewout Kramer @James Agnew @Josh Mandel @Dan Gottlieb @Kevin Shekleton @Isaac Vetter @Jenni Syed @Chris Grenz @John Moehrke please can you comment

view this post on Zulip Josh Mandel (Feb 17 2018 at 20:20):

Obviously we use this element in SMART, so it'd be nice if it didn't disappear. But the content could change while maintaining compatibility (since we just use extensions).

view this post on Zulip Grahame Grieve (Feb 17 2018 at 20:22):

I personally prefer: "simplified to a code and add a reference to an openAPI document & marked as informative"

view this post on Zulip Grahame Grieve (Feb 17 2018 at 20:23):

though I haven't enquired how discovery works in openAPI context

view this post on Zulip Josh Mandel (Feb 17 2018 at 20:33):

As a code, we could still stick extensions in the same spot, so I think that meets my request

view this post on Zulip Grahame Grieve (Feb 17 2018 at 20:36):

wouldn't really be helpful if we changed security to a "code". But it would at least be a CodeableConcept, I think. at minimum

view this post on Zulip Josh Mandel (Feb 17 2018 at 22:47):

Fair enough, yes.

view this post on Zulip John Moehrke (Feb 19 2018 at 12:55):

With the IHE profiles we did struggle. Not because we didn't want to use the SMART elements, but rather because IHE has a similar specification in IUA. I have also worked with the HEART specification, which has a cascading effect. So we needed to understand how variations of OAuth enabling technology can be represented here.

view this post on Zulip John Moehrke (Feb 19 2018 at 13:00):

Not clear what was intended to be the use of the other elements. I would agree with the CodeableConcept and use of extensions.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -