Request the ability to define the scope by user, and the ability to use “*” to allow the user to have access to all FHIRcast events (read and write)

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Persuasive
    • Priority: Highest
    • FHIRCast (FHIR)
    • 0.1 [deprecated]
    • Imaging Integration
    • (NA)
    • Session Discovery
    • Hide

      Will update spec to allow a wildcard (""*) in terms of both the FHIRcast event and the related OAuth2 scopes, meaning that this asterisk syntax can be used in both the subscription and in the OAuth2 exchange. In other words, in lieu of either a specific fhir resource or open|close verb or a read|write action, an asterick may be used.

      For example: 

      fhircast/*-open.write authorizes a subscribing app to request to open a patient's chart, an imaging study, an encounter, or any other FHIR resource ...

      Similarly, fhircast/-.* authorizes the subscribing app to receive and request any context change that can be describing in FHIRcast.  

       

      Will also add in example of a hub.events string using this syntax.

       

      Show
      Will update spec to allow a wildcard ( " "*) in terms of both the FHIRcast event and the related OAuth2 scopes, meaning that this asterisk syntax can be used in both the subscription and in the OAuth2 exchange. In other words, in lieu of either a specific fhir resource or open|close verb or a read|write action, an asterick may be used. For example:  fhircast/*-open.write authorizes a subscribing app to request to open a patient's chart, an imaging study, an encounter, or any other FHIR resource ... Similarly, fhircast/ - .* authorizes the subscribing app to receive and request any context change that can be describing in FHIRcast.     Will also add in example of a hub.events string using this syntax.  
    • Eric Martin / Bas van der Heuval: 6-0-0
    • Enhancement
    • Non-substantive

      FHIRcast scope does not seem to align with SMART on FHIR scope, i.e. by patient or by user (http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html#clinical-scope-syntax). Currently FHIRcast defines scope by event type or by FHIR resource. The issue with this approach is that each event will need to be setup for every single user (could be 500,000+ users in our case) for read and write. Not to mention whenever a new event is added, we will need to add the new event scope to all 500,000+ users, which is not sustainable. Could FHIRcast provide the ability to define the scope by user, and the ability to use “*” to allow the user to have access to all FHIRcast events (read and write)?

            Assignee:
            Isaac Vetter
            Reporter:
            Cindy Jiang
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: