FHIR Chat · Relation between targets and signatures in Provenance · Security and Privacy

Stream: Security and Privacy

Topic: Relation between targets and signatures in Provenance

view this post on Zulip Morten Ernebjerg (Jul 03 2020 at 14:14):

Hi :wave: I'm trying to understand whether it is possible to use a single instance of Provenance to carry digital signatures for multiple resources (say, when uploading a whole bundle of resources). Both Provenance.target and Provenance.signature have cardinality 0..*, but it is not quite clear to me if this use case can be covered. In particular, I'm not sure how one can clearly show which signature goes with which resource (other than by adopting a convention saying that the entry with index i in signature corresponds to the entry with index i in target). Is there any guidance on this?

view this post on Zulip John Moehrke (Jul 03 2020 at 16:40):

anything is possible. The core specification is intentionally flexible.

view this post on Zulip John Moehrke (Jul 03 2020 at 16:42):

That said, the multiplicy on signature is more to support variations on the type of signature (xml signature, json signature, ink signature). The expectation is that the signature would cover all the resources pointed to by the .target. In the case of xml signature, the xml signature standard covers the manifest of objects included and how they are seralized.

view this post on Zulip Morten Ernebjerg (Jul 04 2020 at 21:13):

OK thanks, I'll look into the signature standards.

That said, the multiplicy on signature is more to support variations on the type of signature (xml signature, json signature, ink signature).

This sounds a bit like the discussion around multiple entries in DocumentReference.content cf. Issue #23732. Might it similarly be worth extending the documentation in the spec to describe the meaning of/use cases for multiple signatures? - it was not clear to me from reading the current description (I'd be happy to put in an issue for it).

view this post on Zulip John Moehrke (Jul 06 2020 at 12:48):

There is much that will happen in the signature space. We point at a page where we have itemized many issues that we can't resolve without engagement from the community actually using signature.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -