[Openid-specs-heart] HEART Scope Design Proposal #1

[Debbie Bucci]

I follow this  - but shouldn't we use existing scopes already defined ?


 "patient/Immunization.read",

 "patient/Confidentiality?code="N"





The logic is as follows:

   - /patient because this applies to only one patient at a time. The
   patient ID is local to the resource server.
   - /date <http://hl7.org/fhir/search.html#date> is defined by FHIR and
   can be a range. Putting it at the highest level in the hierarchy (if a
   scope hierarchy is useful) allows for efficiency in clients requesting
   updates and reduces the cost to the resource server
   - /confidentialityclass
   <http://hl7-fhir.github.io/v3/ConfidentialityClassification/vs.html>
   filters for resources at or below the specified value. Resources that do
   not have a confidentiality class are considered N - Normal. It is up to the
   resource server to provide jurisdictictionally appropriate policies and
   user interfaces for setting confidentiality class other than N on
   particular resources.
   - /resource <http://hl7.org/fhir/resourcelist.html> is any resource
   listed in the particular version of the FHIR specification
   - /edit is "read", "write", "any" operation by the client on the resource

A client might request a scope for immunizations for patient 23 as:

["patient/Patient*.read" "date=le2016-8-8","conclass=N",
"resource=Immunization", "edit=read" ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-heart/attachments/20160809/1711503d/attachment.html>