bulk_data_test_kit 0.12.1 → 0.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bulk_data_test_kit/requirements/bulk_data_test_kit_requirements.csv +959 -0
- data/lib/bulk_data_test_kit/requirements/generated/bulk_data_v101_requirements_coverage.csv +342 -0
- data/lib/bulk_data_test_kit/requirements/generated/bulk_data_v200_client_requirements_coverage.csv +113 -0
- data/lib/bulk_data_test_kit/requirements/generated/bulk_data_v200_requirements_coverage.csv +473 -0
- data/lib/bulk_data_test_kit/requirements/hl7.fhir.uv.bulkdata_1.0.0_reqs.xlsx +0 -0
- data/lib/bulk_data_test_kit/requirements/hl7.fhir.uv.bulkdata_2.0.0_reqs.xlsx +0 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_export_cancel_test.rb +3 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_export_kick_off_test.rb +4 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_export_operation_support_test.rb +1 -1
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_no_auth_test.rb +2 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_output_check_test.rb +8 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_status_check_test.rb +17 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_test_suite.rb +16 -0
- data/lib/bulk_data_test_kit/v1.0.1/bulk_data_valid_resources_test.rb +4 -0
- data/lib/bulk_data_test_kit/v1.0.1/group/bulk_data_group_export_group.rb +4 -1
- data/lib/bulk_data_test_kit/v1.0.1/patient/bulk_data_patient_export_group.rb +3 -0
- data/lib/bulk_data_test_kit/v1.0.1/system_export/bulk_data_system_export_group.rb +3 -0
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_export_cancel_test.rb +4 -0
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_group_export_test_group.rb +48 -2
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_group_outputFormat_param_test.rb +6 -0
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_group_since_param_test.rb +3 -0
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_patient_export_test_group.rb +48 -2
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_since_param_test.rb +3 -1
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_smart_backend_services_v200_group.rb +1 -0
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_system_export_test_group.rb +46 -2
- data/lib/bulk_data_test_kit/v2.0.0/bulk_data_test_suite.rb +16 -0
- data/lib/bulk_data_test_kit/v2.0.0/group/bulk_data_group_export_cancel_group.rb +4 -0
- data/lib/bulk_data_test_kit/v2.0.0/patient/bulk_data_patient_export_cancel_group.rb +4 -0
- data/lib/bulk_data_test_kit/v2.0.0/patient/bulk_data_patient_export_parameters_group.rb +2 -1
- data/lib/bulk_data_test_kit/v2.0.0/system_export/bulk_data_system_export_cancel_group.rb +4 -0
- data/lib/bulk_data_test_kit/v2.0.0/system_export/bulk_data_system_export_parameters_group.rb +4 -2
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_auth_verification_group.rb +20 -0
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_delete_test.rb +0 -2
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_output_test.rb +0 -2
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_registration_group.rb +13 -0
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_status_test.rb +0 -2
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_test_suite.rb +25 -3
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_token_verification_test.rb +14 -0
- data/lib/bulk_data_test_kit/v2.0.0_client/bulk_data_client_wait_test.rb +11 -4
- data/lib/bulk_data_test_kit/v2.0.0_client/docs/suite_description.md +39 -11
- data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/delete.rb +6 -1
- data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/kick_off.rb +17 -5
- data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/output.rb +6 -1
- data/lib/bulk_data_test_kit/v2.0.0_client/endpoints/status.rb +6 -1
- data/lib/bulk_data_test_kit/v2.0.0_client/tags.rb +1 -0
- data/lib/bulk_data_test_kit/v2.0.0_client/urls.rb +7 -3
- data/lib/bulk_data_test_kit/version.rb +2 -2
- data/lib/bulk_data_test_kit.rb +0 -1
- metadata +30 -17
- data/lib/bulk_data_test_kit/requirements/bulk-data-test-kit_out_of_scope_requirements.csv +0 -1
- data/lib/bulk_data_test_kit/requirements/bulk-data-test-kit_requirements.csv +0 -465
- data/lib/bulk_data_test_kit/requirements/generated/bulk-data-test-kit_requirements_coverage.csv +0 -442
- data/lib/inferno_requirements_tools/ext/inferno_core/runnable.rb +0 -22
- data/lib/inferno_requirements_tools/rake/rakefile_template +0 -37
- data/lib/inferno_requirements_tools/tasks/collect_requirements.rb +0 -233
- data/lib/inferno_requirements_tools/tasks/requirements_coverage.rb +0 -283
- data/lib/requirements_config.yaml +0 -14
- data/lib/template_requirements_config.yaml +0 -11
data/lib/bulk_data_test_kit/requirements/generated/bulk_data_v200_client_requirements_coverage.csv
ADDED
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
Req Set,ID,URL,Requirement,Conformance,Actors,Conditionality,Not Tested Reason,Not Tested Details,Bulk Data Access v2.0.0 Client Short ID(s),Bulk Data Access v2.0.0 Client Full ID(s)
|
|
2
|
+
hl7.fhir.uv.bulkdata_2.0.0,15,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#roles,Bulk Data Client - system that requests … access tokens,SHALL,Client,false,,,3.01,bulk_data_v200_client-bulk_data_client_auth_verification-bulk_data_client_token_smart_bsca_verification
|
|
3
|
+
hl7.fhir.uv.bulkdata_2.0.0,16,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#roles,Bulk Data Client - system that ... receives access tokens,SHALL,Client,false,,,3.01,bulk_data_v200_client-bulk_data_client_auth_verification-bulk_data_client_token_smart_bsca_verification
|
|
4
|
+
hl7.fhir.uv.bulkdata_2.0.0,17,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#roles,[A] Bulk Data Client [is a] system that requests ... Bulk Data files,SHALL,Client,false,,,2.02,bulk_data_v200_client-bulk_data_client_export_group-bulk_data_client_kick_off
|
|
5
|
+
hl7.fhir.uv.bulkdata_2.0.0,18,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#roles,[A] Bulk Data Client [is a] system that ... receives ... Bulk Data files,SHALL,Client,false,,,"",""
|
|
6
|
+
hl7.fhir.uv.bulkdata_2.0.0,31,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-kick-off-request,A client MAY repeat kick-off parameters that accept comma delimited values multiple times in a kick-off request.,MAY,Client,false,,,"",""
|
|
7
|
+
hl7.fhir.uv.bulkdata_2.0.0,43,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#headers,A client SHOULD provide [the Accept] header.,SHOULD,Client,false,,,"",""
|
|
8
|
+
hl7.fhir.uv.bulkdata_2.0.0,45,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#headers,"A client SHOULD provide [the prefer] header [with value ""respond-async""].",SHOULD,Client,false,,,"",""
|
|
9
|
+
hl7.fhir.uv.bulkdata_2.0.0,48,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_outputFormat`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
10
|
+
hl7.fhir.uv.bulkdata_2.0.0,54,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_since`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
11
|
+
hl7.fhir.uv.bulkdata_2.0.0,61,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_type`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
12
|
+
hl7.fhir.uv.bulkdata_2.0.0,74,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_elements`: Optionality for Client: optional,MAY,Client,,,,"",""
|
|
13
|
+
hl7.fhir.uv.bulkdata_2.0.0,84,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_patient`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
14
|
+
hl7.fhir.uv.bulkdata_2.0.0,91,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_includeAssociatedData`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
15
|
+
hl7.fhir.uv.bulkdata_2.0.0,95,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,"`includeAssociatedData`: A client MAY include one or more of the following values…
|
|
16
|
+
|
|
17
|
+
- `LatestProvenanceResources`…
|
|
18
|
+
- `RelevantProvenanceResources`…
|
|
19
|
+
- `_[custom value]`…",MAY,Client,false,,,"",""
|
|
20
|
+
hl7.fhir.uv.bulkdata_2.0.0,102,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters,`_typeFilter`: Optionality for Client: optional,MAY,Client,false,,,"",""
|
|
21
|
+
hl7.fhir.uv.bulkdata_2.0.0,104,"https://hl7.org/fhir/uv/bulkdata/STU2/export.html#query-parameters, https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport, https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport, https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport",`_typeFilter`: FHIR search response parameters such as _include and _sort SHALL NOT be used.,SHALL NOT,Client,true,Not Tested,Depends on MAY params requirements for support of _typeFilter,NA,NA
|
|
22
|
+
hl7.fhir.uv.bulkdata_2.0.0,113,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#_typefilter-experimental-query-parameter,"To request finer-grained filtering, a client MAY supply a `_typeFilter` parameter alongside the _type parameter.",MAY,Client,false,,,"",""
|
|
23
|
+
hl7.fhir.uv.bulkdata_2.0.0,114,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#_typefilter-experimental-query-parameter,FHIR search response parameters such as `_include` and `_sort` SHALL NOT be used.,SHALL NOT,Client,true,Not Tested,Depends on MAY params requirements for support of _typeFilter,NA,NA
|
|
24
|
+
hl7.fhir.uv.bulkdata_2.0.0,115,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#_typefilter-experimental-query-parameter,"Since support for `_typeFilter` is OPTIONAL for a FHIR server, clients SHOULD be robust to servers that ignore `_typeFilter`.",SHOULD,Client,false,,,"",""
|
|
25
|
+
hl7.fhir.uv.bulkdata_2.0.0,116,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#_typefilter-experimental-query-parameter,A client MAY repeat the `_typeFilter` parameter multiple times in a kick-off request.,MAY,Client,false,,,"",""
|
|
26
|
+
hl7.fhir.uv.bulkdata_2.0.0,119,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-delete-request,"After a Bulk Data request has been started, a client MAY send a DELETE request to the URL provided in the Content-Location header to cancel the request as described in the FHIR Asynchronous Request Pattern [[definition](http://hl7.org/fhir/R4/async.html].",MAY,Client,true,,,"",""
|
|
27
|
+
hl7.fhir.uv.bulkdata_2.0.0,123,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-status-request,"After a Bulk Data request has been started, the client MAY poll the status URL provided in the `Content-Location` header as described in the FHIR Asynchronous Request Pattern [[definition](http://hl7.org/fhir/R4/async.html].",MAY,Client,true,,,"",""
|
|
28
|
+
hl7.fhir.uv.bulkdata_2.0.0,124,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-status-request,Clients SHOULD follow an exponential backoff approach when polling for status.,SHOULD,Client,true,,,"",""
|
|
29
|
+
hl7.fhir.uv.bulkdata_2.0.0,126,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-status-request,"When provided a [`Retry-After` header is provided], clients SHOULD use this information to inform the timing of future polling requests.",SHOULD,Client,true,,,"",""
|
|
30
|
+
hl7.fhir.uv.bulkdata_2.0.0,130,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-status-request,"When requesting status, the client SHOULD use an Accept header indicating a content type of application/json.",SHOULD,Client,true,,,"",""
|
|
31
|
+
hl7.fhir.uv.bulkdata_2.0.0,135,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#response---in-progress-status,"The client MAY parse the [status] description [sent in the `X-Progress` header], display it to the user, or log it.",MAY,Client,false,,,"",""
|
|
32
|
+
hl7.fhir.uv.bulkdata_2.0.0,200,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-output-file-request,"Using the URLs supplied by the FHIR server in the Complete Status response body, a client MAY download the generated Bulk Data files (one or more per resource type) within the time period specified in the Expires header (if present).",MAY,Client,true,,,"",""
|
|
33
|
+
hl7.fhir.uv.bulkdata_2.0.0,201,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#bulk-data-output-file-request,"If the requiresAccessToken field in the Complete Status body is set to true, the request SHALL include a valid access token.",SHALL,Client,true,,,"",""
|
|
34
|
+
hl7.fhir.uv.bulkdata_2.0.0,205,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#headers-1,"[To request an Output File, a client MAY use the header] Accept (... defaults to application/fhir+ndjson)",MAY,Client,false,,,"",""
|
|
35
|
+
hl7.fhir.uv.bulkdata_2.0.0,221,https://hl7.org/fhir/uv/bulkdata/STU2/artifacts.html#behavior-capability-statements,A FHIR Bulk Data Client has the option of choosing from this list [of supported operations] to access necessary data based on use cases and other contextual requirements.,MAY,Client,false,Not Verifiable,,NA,NA
|
|
36
|
+
hl7.fhir.uv.bulkdata_2.0.0,232,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`_outputFormat`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
37
|
+
hl7.fhir.uv.bulkdata_2.0.0,235,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`_since`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
38
|
+
hl7.fhir.uv.bulkdata_2.0.0,238,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`_type`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
39
|
+
hl7.fhir.uv.bulkdata_2.0.0,241,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`_elements`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
40
|
+
hl7.fhir.uv.bulkdata_2.0.0,244,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`includeAssociatedData`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
41
|
+
hl7.fhir.uv.bulkdata_2.0.0,247,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-export.html#bulkdataexport,`_typeFilter`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
42
|
+
hl7.fhir.uv.bulkdata_2.0.0,252,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`_outputFormat`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
43
|
+
hl7.fhir.uv.bulkdata_2.0.0,255,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`_since`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
44
|
+
hl7.fhir.uv.bulkdata_2.0.0,258,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`_type`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
45
|
+
hl7.fhir.uv.bulkdata_2.0.0,261,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`_elements`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
46
|
+
hl7.fhir.uv.bulkdata_2.0.0,264,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`patient`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
47
|
+
hl7.fhir.uv.bulkdata_2.0.0,267,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`includeAssociatedData`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
48
|
+
hl7.fhir.uv.bulkdata_2.0.0,270,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-group-export.html#grouplevelexport,`_typeFilter`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
49
|
+
hl7.fhir.uv.bulkdata_2.0.0,275,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`_outputFormat`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
50
|
+
hl7.fhir.uv.bulkdata_2.0.0,278,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`_since`: Support is … optional for a client,MAY,Client,false,,,"",""
|
|
51
|
+
hl7.fhir.uv.bulkdata_2.0.0,281,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`_type`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
52
|
+
hl7.fhir.uv.bulkdata_2.0.0,284,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`_elements`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
53
|
+
hl7.fhir.uv.bulkdata_2.0.0,287,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`patient`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
54
|
+
hl7.fhir.uv.bulkdata_2.0.0,290,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`includeAssociatedData`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
55
|
+
hl7.fhir.uv.bulkdata_2.0.0,293,https://hl7.org/fhir/uv/bulkdata/STU2/OperationDefinition-patient-export.html#patientlevelexport,`_typeFilter`: Support is optional for … a client,MAY,Client,false,,,"",""
|
|
56
|
+
hl7.fhir.uv.bulkdata_2.0.0,295,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#privacy-and-security-considerations,All exchanges described herein between a client and a server SHALL be secured using Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246) or a more recent version of TLS.,SHALL,Client,false,,,"",""
|
|
57
|
+
hl7.fhir.uv.bulkdata_2.0.0,296,https://hl7.org/fhir/uv/bulkdata/STU2/export.html#privacy-and-security-considerations,Use of mutual TLS is OPTIONAL.,MAY,Client,false,,,"",""
|
|
58
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,22,https://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#request,"For confidential clients, additional registration-time requirements are defined based on the client authentication method. ... For asymmetric client authentication: a [JSON Web Key Set or JWSK URL](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys) is established",SHALL,Client,,,,1.01,bulk_data_v200_client-bulk_data_client_registration-smart_client_registration_bsca_verification
|
|
59
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,225,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#register-smart-backend-service-communicating-public-keys,"Before a SMART client can run against a FHIR server, the client SHALL register with the server by following the [registration steps described in `client-confidential-asymmetric` authentication](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys).",SHALL,Client,,,,"",""
|
|
60
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,226,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#retrieve-well-knownsmart-configuration,"[T]he app [SHALL discover] the EHR FHIR server’s SMART configuration metadata, including OAuth token endpoint URL",SHALL,Client,,,,"",""
|
|
61
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,227,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request,The app [SHALL issue] an HTTP GET with an `Accept` header supporting `application/json` to retrieve the SMART configuration file [from [base]/.well-known/smart-configuration],SHALL,Client,,,,"",""
|
|
62
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,229,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#obtain-access-token,Use of the client credentials grant type requires that the client SHALL be a “confidential” client capable of protecting its authentication credential.,SHALL,Client,,,,"",""
|
|
63
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,230,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,"To begin the exchange, the client SHALL use the [Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246)](https://tools.ietf.org/html/rfc5246) or a more recent version of TLS to authenticate the identity of the FHIR authorization server and to establish an encrypted, integrity-protected link for securing all exchanges between the client and the FHIR authorization server’s token endpoint.",SHALL,Client,,,,"",""
|
|
64
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,232,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,All exchanges described herein between the client and the FHIR server SHALL be secured using TLS V1.2 or a more recent version of TLS .,SHALL,Client,,,,"",""
|
|
65
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,233,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,"Before a client can request an access token, it [SHALL] generates a one-time-use authentication JWT [as described in `client-confidential-asymmetric` authentication](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#authenticating-to-the-token-endpoint)",SHALL,Client,,,,"",""
|
|
66
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,234,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,"After generating this authentication JWT, the client requests an access token via HTTP `POST` to the FHIR authorization server’s token endpoint URL, using content-type `application/x-www-form-urlencoded`",SHALL,Client,,,,"",""
|
|
67
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,235,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,[When requesting] an access token via HTTP POST to the FHIR authorization server’s token endpoint URL [the] `scope` [parameter is] `required` [and SHALL contain] … the scope of access requested ... following the [SMART Scopes syntax](https://hl7.org/fhir/smart-app-launch/STU2.2/scopes-and-launch-context.html),SHALL,Client,,,,"",""
|
|
68
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,236,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,[when requesting] an access token via HTTP POST to the FHIR authorization server’s token endpoint URL [the] `grant_type` [parameter is] `required` [and SHALL contain the] … Fixed value: `client_credentials`,SHALL,Client,,,,"",""
|
|
69
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,237,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,[when requesting] an access token via HTTP POST to the FHIR authorization server’s token endpoint URL [the] `client_assertion_type` [parameter is] `required` [and SHALL contain] … Fixed value: `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`,SHALL,Client,,,,"",""
|
|
70
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,238,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-1,[when requesting] an access token via HTTP POST to the FHIR authorization server’s token endpoint URL [the] `client_assertion` [parameter is] `required` [and SHALL contain] … [the s]igned authentication JWT value,SHALL,Client,,,,"",""
|
|
71
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,239,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#scopes,"For Backend Services, requested scopes will be `system/` scopes",SHOULD,Client,,,,"",""
|
|
72
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,242,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#scopes,"The use of Backend Services with user/ and patient/ scopes is not prohibited, but would require out-of-band coordination to establish context (e.g., to establish which user or patient applies).",MAY,Client,,,,"",""
|
|
73
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,263,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#issue-access-token,"To establish longer-term access [using backend services given the short-lived duration of access tokens], clients can request new access tokens as needed.",SHOULD,Client,,,,"",""
|
|
74
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,264,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#request-2,The app [SHALL issue] a request [for FHIR data[ that includes an Authorization header that presents the access_token as a “Bearer” token: `Authorization: Bearer {{access_token}}`,SHALL,Client,,,,"",""
|
|
75
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,267,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#response-2,"On occasion, a Backend Service [client] may receive a FHIR resource that contains a “reference” to a resource hosted on a different resource server. The Backend Service [client] SHOULD NOT blindly follow such references and send along its access_token, as the token may be subject to potential theft",SHOULD NOT,Client,,,,3.02,bulk_data_v200_client-bulk_data_client_auth_verification-smart_client_token_use_verification
|
|
76
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,268,https://hl7.org/fhir/smart-app-launch/STU2.2/backend-services.html#response-2,"On occasion, a Backend Service may receive a FHIR resource that contains a “reference” to a resource hosted on a different resource server… The Backend Service [client] SHOULD either ignore the reference, or initiate a new request for access to that resource.",SHOULD,Client,,,,"",""
|
|
77
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,290,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"Before a SMART client can run against a FHIR server, the client SHALL generate or obtain an asymmetric key pair",SHALL,Client,,,,"",""
|
|
78
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,291,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"Before a SMART client can run against a FHIR server, the client SHALL ... register its public key set with that FHIR server’s authorization service (referred to below as the “FHIR authorization server”).",SHALL,Client,,,,"",""
|
|
79
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,292,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"SMART does not require a standards-based registration process, but we encourage FHIR service implementers to consider using the [OAuth 2.0 Dynamic Client Registration Protocol](https://tools.ietf.org/html/draft-ietf-oauth-dyn-reg)",SHOULD,Client,,,,"",""
|
|
80
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,293,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,[Before using the `client-confidential-asymmetric`capability t]he client SHALL register the **public key** that the client will use to authenticate itself to the FHIR authorization server.,SHALL,Client,,,,1.01,bulk_data_v200_client-bulk_data_client_registration-smart_client_registration_bsca_verification
|
|
81
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,294,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"[When registering a public key for the `client-confidential-asymmetric`capability t]he public key SHALL be conveyed to the FHIR authorization server in a [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) structure presented within a JWK Set, as defined in JSON Web Key Set (JWKS).",SHALL,Client,,,,1.01,bulk_data_v200_client-bulk_data_client_registration-smart_client_registration_bsca_verification
|
|
82
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,295,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,The client SHALL protect the associated private key [for the `client-confidential-asymmetric`capability] from unauthorized disclosure and corruption.,SHALL,Client,,,,"",""
|
|
83
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,298,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,clients SHALL choose a server-supported method [for communicating their JWKs] at registration time,SHALL,Client,,,,"",""
|
|
84
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,299,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"[When registering their JWKs to a server for use in the `client-confidential-asymmetric`capability`, clients SHOULD send a] URL to JWK Set (strongly preferred).",SHOULD,Client,,,,"",""
|
|
85
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,300,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"[When registering their JWKs to a server for use in the `client-confidential-asymmetric`capability`, clients MAY send the] JWK Set directly (strongly discouraged)",MAY,Client,,,,"",""
|
|
86
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,301,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"[For the URL to JWK Set method, the value SHALL be] the TLS-protected endpoint where the client’s public JWK Set can be found",SHALL,Client,,,,"",""
|
|
87
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,302,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"[For the URL to JWK Set method to register a JWK for use in the `client-confidential-asymmetric`capability`, the value] ... SHALL be accessible via TLS without client authentication or authorization",SHALL,Client,,,,"",""
|
|
88
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,303,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,[For the URL to JWK Set method to register a JWK for use in the `client-confidential-asymmetric`capability` t]he client SHOULD return a “Cache-Control” header in its JWKS response,SHOULD,Client,,,,"",""
|
|
89
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,304,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"If a client cannot host the JWK Set at a TLS-protected URL [when registering a JWK for use in the `client-confidential-asymmetric`capability,] it MAY supply the JWK Set directly to the FHIR authorization server at registration time",MAY,Client,,,,"",""
|
|
90
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,307,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,The client SHALL be capable of generating a JSON Web Signature in accordance with [RFC7515](https://tools.ietf.org/html/rfc7515).,SHALL,Client,,,,"",""
|
|
91
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,308,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,The client SHALL support ... `RS384` … for the JSON Web Algorithm (JWA) header parameter as defined in [RFC7518](https://tools.ietf.org/html/rfc7518).,SHALL,Client,,,,"",""
|
|
92
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,309,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,The client SHALL support ... `ES384` for the JSON Web Algorithm (JWA) header parameter as defined in [RFC7518](https://tools.ietf.org/html/rfc7518).,SHALL,Client,,,,"",""
|
|
93
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,312,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,clients ... MAY … use additional algorithms for signature validation [when using the `client-confidential-asymmetric`capability].,MAY,Client,,,,"",""
|
|
94
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,313,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"No matter how a JWK Set is communicated to the FHIR authorization server, each JWK SHALL represent an asymmetric key by including `kty` and `kid` properties, with content conveyed using “bare key” properties (i.e., direct base64 encoding of key material as integer values)",SHALL,Client,,,,"",""
|
|
95
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,314,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"For RSA public keys, each JWK SHALL include `n` and `e` values (modulus and exponent)",SHALL,Client,,,,"",""
|
|
96
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,315,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,"For ECDSA public keys, each JWK SHALL include `crv`, `x`, and `y` values (curve, x-coordinate, and y-coordinate, for EC keys)",SHALL,Client,,,,"",""
|
|
97
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,317,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#registering-a-client-communicating-public-keys,[T]he client SHALL use [their assigned `client_id`] when requesting an access token.,SHALL,Client,,,,"",""
|
|
98
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,318,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#authenticating-to-the-token-endpoint,"the client SHALL use the [Transport Layer Security (TLS) Protocol Version 1.2 (RFC5246)](https://tools.ietf.org/html/rfc5246) or a more recent version of TLS to authenticate the identity of the FHIR authorization server and to establish an encrypted, integrity-protected link for securing all exchanges between the client and the FHIR authorization server’s token endpoint.",SHALL,Client,,,,"",""
|
|
99
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,319,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"Before a client can request an access token, it SHALL generate a one-time-use JSON Web Token (JWT) that will be used to authenticate the client to the FHIR authorization server.",SHALL,Client,,,,"",""
|
|
100
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,320,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,The authentication JWT … SHALL be signed with the client’s private key (which SHOULD be an `RS384` or `ES384` signature).,SHALL,Client,,,,"",""
|
|
101
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,321,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`alg`[Authentication JWT header value is] `required` [and SHALL contain t]he JWA algorithm (e.g., RS384, ES384) used for signing the authentication JWT.",SHALL,Client,,,,"",""
|
|
102
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,322,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`kid`[Authentication JWT header value is] `required` [and SHALL contain t]he identifier of the key-pair used to sign this JWT [which] SHALL be unique within the client's JWK Set.,SHALL,Client,,,,"",""
|
|
103
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,323,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`typ`[header value is] `required`[with] Fixed value: JWT.,SHALL,Client,,,,"",""
|
|
104
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,324,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`jku`[header value is] `optional` [and contains t]he TLS-protected URL to the JWK Set that contains the public key(s) accessible without authentication or authorization.,MAY,Client,,,,"",""
|
|
105
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,325,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"When [the `jku` Authentication JWT header value is] present, this SHALL match the JWKS URL value that the client supplied to the FHIR authorization server at client registration time.",SHALL,Client,,,,"",""
|
|
106
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,327,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`iss`[claim is] `required`… [and] SHALL [contain the] Issuer of the JWT --the client's `client_id`, as determined during registration with the FHIR authorization server",SHALL,Client,,,,"",""
|
|
107
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,328,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`sub`[claim is] `required`… [and] SHALL [contain] The client's `client_id`, as determined during registration with the FHIR authorization server (note that this is the same as the value for the iss claim)",SHALL,Client,,,,"",""
|
|
108
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,329,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`aud`[claim is] `required`… [and] SHALL [contain] The FHIR authorization server's ""token URL"" (the same URL to which this authentication JWT will be posted)",SHALL,Client,,,,"",""
|
|
109
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,330,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,"[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`exp`[claim is] `required`… [and] SHALL [contain the] Expiration time integer for this authentication JWT, expressed in seconds since the ""Epoch"" (1970-01-01T00:00:00Z UTC). This time S",SHALL,Client,,,,"",""
|
|
110
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,331,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`exp`[claim] ... SHALL be no more than five minutes in the future.,SHALL,Client,,,,"",""
|
|
111
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,332,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When] a client generate[s] a one-time-use JSON Web Token (JWT)… [the]`jti`[claim is] `required`… [and] SHALL [contain a] nonce string value that uniquely identifies this authentication JWT,SHALL,Client,,,,"",""
|
|
112
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,333,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When the client requests an access token] … [the]`client_assertion_type`[parameter is] `required`… [and] SHALL [contain the] Fixed value: `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`,SHALL,Client,,,,"",""
|
|
113
|
+
hl7.fhir.uv.smart-app-launch_2.2.0,334,https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html#request,[When the client requests an access token] … [the]`client_assertion`[parameter is] `required`… [and] SHALL [contain the] Signed authentication JWT value,SHALL,Client,,,,"",""
|