FHIR Chat · IG updates · FHIR at Scale (FAST): Exchange with/without intermediaries

Stream: FHIR at Scale (FAST): Exchange with/without intermediaries

Topic: IG updates

view this post on Zulip Frank McKinney (Nov 22 2021 at 00:49):

IG updates made based on last week's public meeting and other correspondence
http://build.fhir.org/ig/HL7/fhir-exchange-routing-ig/branches/main/index.html

view this post on Zulip Josh Mandel (Nov 22 2021 at 15:07):

http://build.fhir.org/ig/HL7/fhir-exchange-routing-ig/branches/main/specification.html#assumptions-partnership-and-setup-between-the-originator-and-intermediaries header says "setup between the originator and intermediaries" but the content is about setup between destination and intermediaries. Is the word "originator" in the header supposed to say "destination"?

view this post on Zulip Josh Mandel (Nov 22 2021 at 15:11):

Also there are a few references to signing payloads, but I don't see details on how this is accomplished; is that out of scope?

view this post on Zulip Frank McKinney (Nov 22 2021 at 16:16):

Thanks @Josh Mandel for reviewing. Yes... good catch, that should be "destination". I'll fix that

I'll let @Patrick Murta weigh in regarding signing of the payload and how that fits in to the scope. It was definitely discussed as an influencer of certain constraints specified in the guide, like requiring the destination referencing its public URL in returned resources (which is what the originator would expect to see) rather than having intermediaries rewrite those URLs in the payload on the way back to the originator.

view this post on Zulip Frank McKinney (Nov 22 2021 at 20:00):

The IG does make one statement regarding signing of content (on the Specification page):
The payload and token SHALL be signed by the destination and delivered without modification to the originator.

view this post on Zulip Josh Mandel (Nov 22 2021 at 23:55):

That was one of the references to signing that I was wondering about: it's a requirement to sign, but.. how is this accomplished?

view this post on Zulip Patrick Murta (Nov 23 2021 at 13:17):

@Josh Mandel , @Frank McKinney , regarding the requirement to sign, I don't believe we should necessarily reference that is this IG since we are documenting 'passive' pass through intermediary activity. I think signing will need to be a discussion with the security folks and potentially documented there.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -