Skip to content

Commit

Permalink
Merge pull request #150 from ehealthsuisse/ql_trace_context
Browse files Browse the repository at this point in the history
Specify use of trace context
  • Loading branch information
oliveregger authored Mar 5, 2024
2 parents ab97b47 + 51004c8 commit c4c0157
Show file tree
Hide file tree
Showing 18 changed files with 272 additions and 7 deletions.
5 changes: 5 additions & 0 deletions input/ch.fhir.ig.ch-epr-mhealth.xml
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,11 @@ Relationship in the Swiss examples (CN=CommunityA:00000001001,OU=Relationship,DC
<title value="Sequence Diagrams"/>
<generation value="markdown"/>
</page>
<page>
<nameUrl value="tracecontext.html"/>
<title value="Trace Context"/>
<generation value="markdown"/>
</page>
<page>
<nameUrl value="openissues.html"/>
<title value="Open Issues / Change Log"/>
Expand Down
171 changes: 171 additions & 0 deletions input/examples/auditevent/ex-auditProvideBundle-source.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
{
"resourceType" : "AuditEvent",
"id" : "ex-auditProvideBundle-source",
"meta" : {
"profile" : ["https://profiles.ihe.net/ITI/MHD/StructureDefinition/IHE.MHD.ProvideBundle.Audit.Source"],
"security" : [
{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "HTEST"
}
]
},
"type" : {
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110106",
"display" : "Export"
},
"subtype" : [
{
"system" : "urn:ihe:event-type-code",
"code" : "ITI-65",
"display" : "Provide Document Bundle"
}
],
"action" : "R",
"recorded" : "2020-06-29T12:01:30+00:00",
"outcome" : "0",
"purposeOfEvent" : [
{
"coding" : [
{
"system" : "urn:oid:2.16.756.5.30.1.127.3.10.5",
"code" : "NORM",
"display" : "Normal Access"
}
]
}
],
"agent" : [
{
"type" : {
"coding" : [
{
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110153",
"display" : "Source Role ID"
}
]
},
"who" : {
"display" : "ihe-sourceId"
},
"requestor" : false,
"network" : {
"address" : "myDevice.example.com",
"type" : "1"
}
},
{
"type" : {
"coding" : [
{
"system" : "http://dicom.nema.org/resources/ontology/DCM",
"code" : "110152",
"display" : "Destination Role ID"
}
]
},
"who" : {
"display" : "myMachine.example.org"
},
"requestor" : false,
"network" : {
"address" : "http://server.example.com/fhir",
"type" : "5"
}
},
{
"type" : {
"coding" : [
{
"system" : "http://terminology.hl7.org/CodeSystem/v3-RoleClass",
"code" : "PROV",
"display" : "healthcare provider"
}
]
},
"role" : [
{
"coding" : [
{
"system" : "urn:oid:2.16.756.5.30.1.127.3.10.6",
"code" : "HCP",
"display" : "Healthcare professional"
}
]
}
],
"who" : {
"identifier" : {
"system" : "urn:gs1:gln",
"value" : "2000000090108"
}
},
"name" : "Martina Musterarzt",
"requestor" : true,
"policy" : [
"c5436729-3f26-4dbf-abd3-2790dc7771a"
]
}
],
"source" : {
"site" : "1.3.6.1.4.1.12559.11.13.2.5",
"observer" : {
"display" : "ihe-sourceId"
},
"type" : [
{
"system" : "http://terminology.hl7.org/CodeSystem/security-source-type",
"code" : "1",
"display" : "User Device"
}
]
},
"entity" : [
{
"what" : {
"reference" : "http://example.org/Patient/FranzMusterNeedsAbsoluteUrl"
},
"type" : {
"system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code" : "1",
"display" : "Person"
},
"role" : {
"system" : "http://terminology.hl7.org/CodeSystem/object-role",
"code" : "1",
"display" : "Patient"
}
},
{
"what" : {
"identifier" : {
"system" : "urn:ietf:rfc:3986",
"value" : "urn:oid:1.3.6.1.4.1.12559.11.13.2.6.2949"
}
},
"type" : {
"system" : "http://terminology.hl7.org/CodeSystem/audit-entity-type",
"code" : "2",
"display" : "System Object"
},
"role" : {
"system" : "http://terminology.hl7.org/CodeSystem/object-role",
"code" : "20",
"display" : "Job"
}
},
{
"what" : {
"identifier" : {
"value" : "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
}
},
"type" : {
"system" : "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType",
"code" : "Traceparent"
}
}
]
}
7 changes: 6 additions & 1 deletion input/fsh/ex-audit-65.fsh
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
/*
This instance is temporarily defined in examples/auditevent/ex-auditProvideBundle-source.json because sushi complains about the entity[transaction] slice
Instance: ex-auditProvideBundle-source
InstanceOf: IHE.MHD.ProvideBundle.Audit.Source
Title: "Audit Example of ITI-65 at source"
Expand Down Expand Up @@ -42,4 +45,6 @@ Usage: #example
* entity[submissionSet].role = http://terminology.hl7.org/CodeSystem/object-role#20 "Job"
* entity[submissionSet].what.identifier.system = "urn:ietf:rfc:3986"
* entity[submissionSet].what.identifier.value = "urn:oid:1.3.6.1.4.1.12559.11.13.2.6.2949"

* entity[transaction].what.identifier.value = "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
* entity[transaction].type = https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType#Traceparent
*/
2 changes: 1 addition & 1 deletion input/images-source/overview.plantuml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ left to right direction
component "mHealth: App" {
[IUA Authorization Client] as IUAClient

[Patient DemographicsvConsumer] as PDQmConsumer
[Patient Demographics Consumer] as PDQmConsumer

[PIXm Patient Identifier Cross-reference Consumer] as PIXmConsumer
[PIXm Patient Identity Source] as PIXmSource
Expand Down
3 changes: 3 additions & 0 deletions input/includes/menu.xml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@
<li>
<a href="sequencediagrams.html">Sequence diagrams</a>
</li>
<li>
<a href="tracecontext.html">Trace Context</a>
</li>
<li>
<a href="openissues.html">Open Issues / Change Log</a>
</li>
Expand Down
2 changes: 1 addition & 1 deletion input/pagecontent/iti-103.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ There are no CapabilityStatement resources defined for this transaction.

### Security Consideration

There are no special security requirements for this transaction.
The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

Expand Down
3 changes: 3 additions & 0 deletions input/pagecontent/iti-104.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ Add Patient [Franz Muster](Patient-PatientPIXmFeed.json.html):
PUT http://example.org/fhir/Patient?identifier=urn:oid:2.16.756.888888.3.1|8734 HTTP/1.1
Accept: application/fhir+json
Content-Type: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
{
"resourceType" : "Patient",
Expand Down Expand Up @@ -120,6 +121,8 @@ Patient Identifier Cross-reference Manager using the IUA profile with basic acce
the _Patient Identity Feed FHIR_ [ITI-104] request must authorize using the
[_Incorporate Access Token_ [ITI-72]](iti-72.html) transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Patient Identity Source Audit
Expand Down
2 changes: 2 additions & 0 deletions input/pagecontent/iti-20.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,5 @@ The CapabilityStatement resource for the **Audit Record Repository** is
### Security Consideration

TLS SHALL be used.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).
2 changes: 2 additions & 0 deletions input/pagecontent/iti-65.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,8 @@ Document Recipient using the IUA profile with extended access token. Consequentl
the _Provide Document Bundle_ [ITI-65] request must authorize using the [_Incorporate Access Token_ [ITI-72]](iti-72.html)
transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Document Source Audit
Expand Down
3 changes: 3 additions & 0 deletions input/pagecontent/iti-66.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ _Find Document List_ example **request**:
```
GET [base]/List?patient.identifier=urn:oid:2.999|11111111 HTTP/1.1
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```

#### Find Document Lists Response Message
Expand All @@ -53,6 +54,8 @@ TLS SHALL be used. This national extension enforces authentication and authoriza
Responder using the IUA profile with extended access token. Consequently the _Find Document Lists_ [ITI-66] request
must authorize using the [_Incorporate Access Token_ [ITI-72]](iti-72.html) transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Document Consumer Audit
Expand Down
1 change: 1 addition & 0 deletions input/pagecontent/iti-67.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ _Find Document Reference_ example **request**:
```
GET [base]/DocumentReference?patient.identifier=urn:oid:2.999|11111111 HTTP/1.1
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```

#### Find Document References Response Message
Expand Down
2 changes: 2 additions & 0 deletions input/pagecontent/iti-68.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ Document Responder using the IUA profile with extended access token. Consequentl
the _Retrieve Document_ [ITI-68] request must authorize using the [_Incorporate Access Token_ [ITI-72]](iti-72.html)
transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Document Consumer Audit
Expand Down
2 changes: 2 additions & 0 deletions input/pagecontent/iti-71.md
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,8 @@ There are no CapabilityStatement resources defined for this transaction.
IUA Authorization Clients, Authorization Servers and Resource Server actors SHALL use the JWS (signed) alternative
of the JWT token as specified in the IUA Trial Implementation. The JWE alternative SHALL not be used.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

There is no audit event required for this transaction.
4 changes: 4 additions & 0 deletions input/pagecontent/iti-78.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ Query for a patient with name Muster and birthdate 1995-01-27.
```
GET [base]/Patient?name=Muster&birthdate=1995-01-27
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```
[Example response to above query](Bundle-PDQm-QueryResponse.json.html)

Expand All @@ -57,6 +58,7 @@ Query for a patient with name M returning too many results:
```
GET [base]/Patient?name=M
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```
[Example response to above query](Bundle-PDQm-QueryResponseTooManyResults.json.html)

Expand Down Expand Up @@ -88,6 +90,8 @@ Patient Identifier Cross-reference Manager using the IUA profile with basic acce
the _Mobile Patient Identifier Cross-reference Query_ [ITI-83] request must authorize using the
[_Incorporate Access Token_ [ITI-72]](iti-72.html) transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Patient Demographics Consumer Audit
Expand Down
7 changes: 6 additions & 1 deletion input/pagecontent/iti-83.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,10 @@ Query for a patient with a local id of 123 by AssigningAuthority oid 1.2.3 which
community where the Assigning Authority is oid 5.6.7 and the MPI-PID and EPR-SPID are requested:

```
GET [base]/Patient/$ihe-pix?sourceIdentifier=urn:oid:2.999.1.2.3|123&targetSystem=urn:oid:2.999.5.6.7&targetSystem=urn:oid:2.16.756.5.30.1.127.3.10.3
GET [base]/Patient/$ihe-pix?sourceIdentifier=urn:oid:2.999.1.2.3|123&targetSystem=urn:oid:2.999.5.6.7&targetSystem=urn:oid:2.16.756.5.30.1.127.3.10.3 HTTP/1.1
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```

#### Response message
Expand Down Expand Up @@ -109,6 +112,8 @@ Patient Identifier Cross-reference Manager using the IUA profile with basic acce
the _Mobile Patient Identifier Cross-reference Query_ [ITI-83] request must authorize using the
[_Incorporate Access Token_ [ITI-72]](iti-72.html) transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

##### Patient Identifier Cross-reference Consumer Audit
Expand Down
10 changes: 8 additions & 2 deletions input/pagecontent/iti-90.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,17 @@ The _Find Matching Care Services_ message is a FHIR search operation on the mCSD
A _Care Services Selective Consumer_ initiates a search request using HTTP GET or POST:

```
GET [base]/[resource]?[parameters]
GET [base]/[resource]?[parameters] HTTP/1.1
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
```

or

```
POST [base]/[resource]/_search
POST [base]/[resource]/_search HTTP/1.1
Accept: application/fhir+json
traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-00
Content-Type: application/x-www-form-urlencoded
param1=value&param2=value
Expand Down Expand Up @@ -158,6 +162,8 @@ TLS SHALL be used. This national extension enforces authentication and authoriza
Selective Supplier_ using the IUA profile with basic access token. Consequently, the _Find Matching Care Services_
[ITI-90] request must authorize using the [_Incorporate Access Token_ [ITI-72]](iti-72.html) transaction of the IUA profile.

The `traceparent` header is required, as described in [Trace Context header](tracecontext.html).

#### Security Audit Considerations

Note that the same audit message is recorded by both **Care Services Selective Supplier** and **Care Services
Expand Down
3 changes: 2 additions & 1 deletion input/pagecontent/openissues.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ See open issues on [GitHub](https://github.com/ehealthsuisse/ch-epr-mhealth/issu
* [IUA Refresh token handling](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/20)
* [IUA ihe_saml token option supported for the generic mHealth Option](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/21)
* [IUA ihe-jwt token option handling in XDS environment](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/22)
* [MHD extension for RMU](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/25)
* [MHD extension for RMU](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/25)
* [Adapt IHE profiles for the Trace Context support](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/153)

### DSTU2 Informative Ballot 2022 - Resolved Issues
* Changes due to the adjustments in the new version of the derived [IHE ITI MHD](https://profiles.ihe.net/ITI/MHD/) IG [#47](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/47)/[#50](https://github.com/ehealthsuisse/ch-epr-mhealth/issues/50):
Expand Down
Loading

0 comments on commit c4c0157

Please sign in to comment.