FHIR Chat · Generalized Credential as a new FHIR Composition-based obj? · smart/health-cards

Stream: smart/health-cards

Topic: Generalized Credential as a new FHIR Composition-based obj?

view this post on Zulip Vitor Pamplona (Dec 01 2021 at 17:07):

Has anybody explored the idea of extending FHIR to include a native Composition-like object that would include Credential-related fields like the JWT Claims set ("iss", "nbf", "exp", "iat", etc) ?

view this post on Zulip Josh Mandel (Dec 01 2021 at 17:28):

Not to my knowledge. We don't currently have a great (i.e. widely tested/adopted, see discussion) way to canonicalize FHIR JSON, so I've been more focused on using JWS.

view this post on Zulip Vitor Pamplona (Dec 01 2021 at 17:53):

The DDCC (WHO) has a Composition object that is trying to be this Credential type. Maybe this is a good time to start that discussion with the broader FHIR community.

view this post on Zulip Josh Mandel (Dec 01 2021 at 19:19):

Back on 001-reissuance-endpoint.md I captured some clarifications + ideas from discussion here.

view this post on Zulip Grahame Grieve (Dec 02 2021 at 00:46):

why would we clone work w3c is doing?

view this post on Zulip Josh Mandel (Dec 02 2021 at 00:50):

What do you see that's cloning work W3C is doing?

view this post on Zulip Josh Mandel (Dec 02 2021 at 00:55):

Oh, you mean if we were to take on this "FHIR composition JWT alternative" -- I agree!

view this post on Zulip Josh Mandel (Dec 02 2021 at 00:56):

(For some reason I had the VC API on my brain.)

view this post on Zulip Vitor Pamplona (Dec 02 2021 at 01:42):

Grahame Grieve said:

why would we clone work w3c is doing?

It's not a clone, just a different way to represent the Credential data that aligns with FHIR Objects. On top of that, you would still need all the cryptographic suite they work on.

view this post on Zulip Vitor Pamplona (Dec 02 2021 at 01:46):

Plus, one gets all the FHIR tooling for free that the W3C doesn't even dream on having.

view this post on Zulip Grahame Grieve (Dec 02 2021 at 05:16):

I'm still not seeing a convincing use case. how would we make use of it>

view this post on Zulip Grahame Grieve (Dec 02 2021 at 05:17):

or maybe we just need a mapping between JWT and Composition?

view this post on Zulip Vitor Pamplona (Dec 02 2021 at 13:53):

Just imagine running a CQL over Credential-related fields or reusing a FHIR API to download credentials directly. Or, frankly, just imagine processing SHCs without having to parse the JSON to remove the JWT before sending the payload to your FHIR library, leaving important information out of the FHIR system in the process.

view this post on Zulip Vitor Pamplona (Dec 02 2021 at 13:54):

The WHO's new credential style is using a Composition to store Credential fields. But it feels very off-place. There's no good position for all of the usual JWT claims in a Composition. But there's no better option at the moment.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -