In SMART on FHIR wordt gebruik gemaakt van AQL scopes, deze willen we gaan mappen op de nuts-openEHR spec.
Demographics (Patient, Practitioner, RelatedPerson) wordt met name in FHIR gedaan.
NUTS service devs in did:web:
FHIR API for Demographics
openEHR API for clinical data Advanced Care Planning (ACP)
Context selection
launch/patient: Need patient context at launch time (FHIR Patient resource and openEHR EHR). When launching outside the EHR, ask for the openEHR EHR instance to be selected.
Launch/episode: Need episode context at launch time (this is experimental, the semantic and the resource is to be determined). Not relevant for the ACP use case.
The context data populated by the Platform is returned in the token response along with the id_token and access_token. The following additional parameters (besides those described by FHIR) are added to the token response:
ehrId: The ID of the openEHR EHR instance associated with the FHIR Patient resource selected in the launch.
episodeId: The ID of the Episode selected in the launch (this is experimental, the semantic and the resource is to be determined).
Scopes for openEHR REST API
The scopes are based on 3 different compartments:
patient/*: These scopes are used when the EHR ID is present in the context. Only access to resources in the compartment of the EHR ID is allowed.
user/*: These scopes are used when the user is identified by the Platform. It is usually a practitioner or an administrator. Only access to resources that the user would usually have access to is allowed.
system/*: These scopes are used when the user is not available and the application is a backend confidential application. These scopes are obtained in advance while registering the application and provides (unrestricted) access to resources in the Platform.
For the openEHR REST APIs the following resource expressions are supported:
template-: Templates which match the expression.
composition-: Compositions of the templates which match the expression.
aql-: AQL Queries that match the expression. If the is *, then all queries as well as ad-hoc queries are allowed.
The in the above definition follows the blob pattern matching delimited by a . period. For example:
MyHospital.Template.v0 - Matches only MyHospital.Template.v0
*.Template.v0 - Matches MyHospital.Template.v0 and OtherHospital.Template.v0
MyHospital.** - Matches MyHospital.Template.v0, MyHospital.Template.v2 and MyHospital.OtherTemplate.v0
Matches all templates in the system
The in the above definition follows the blob pattern matching delimited by . a period. For example:
org.openehr::compositions - Matches only org.openehr::compositions
org.openehr::* - Matches org.openehr::compositions and org.openehr::bloodpressure
The following permission expressions are supported:
c: The ability to create a resource.
r: The ability to read a resource.
u: The ability to update a resource.
d: The ability to delete a resource.
s: The ability to search a resource. In case of aql- scope, this means the ability to execute the query.
The following table is a maximal representation of the scopes made possible in different compartment, resource and permission combinations:
patient/composition-.crud : Permission to create, read, update and delete compositions of that are within the EHR of the patient in context.
user/composition-.crud : Permission to create, read, update and delete compositions of that are within the EHRs the logged-in user has access to.
system/composition-.crud : Permission to create, read, update and delete compositions of of all EHRs in the system.
patient/template-.r : Permission to read a template with
user/template-.crud : Permission to create and read a template with
system/template-.crud : Permission to create, read, update and delete a template with
patient/aql-.rs : Permission to read and execute AQL with on EHR ID of the patient in context.
user/aql-.cruds : Permission to create, read, update, delete and execute AQL with on EHR IDs that the logged-in user has access to. If is equal to the wildcard *, this scope will allow the ad-hoc query endpoint.
system/aql-.cruds : Permission to create, read, update, delete and execute AQL with . If is equal to the wildcard *, this scope will allow the ad-hoc query endpoint.
Example ACP use case:
Scope: patient/aql-ACP%20DUTCH.rs : Permission to read and execute AQL with on EHR ID of the patient in context
patient AQL query name dan kun je in de query meerdere templates opnemen
Scope: patient/composition-ACP-DUTCH.crud
TemplateID dan beperkt je het tot alleen de ACP template en bijhorende archetypes
NUTS service devs in did:web:
Context selection
The context data populated by the Platform is returned in the token response along with the id_token and access_token. The following additional parameters (besides those described by FHIR) are added to the token response:
Scopes for openEHR REST API The scopes are based on 3 different compartments:
For the openEHR REST APIs the following resource expressions are supported:
The in the above definition follows the blob pattern matching delimited by a . period. For example:
The in the above definition follows the blob pattern matching delimited by . a period. For example:
The following permission expressions are supported:
The following table is a maximal representation of the scopes made possible in different compartment, resource and permission combinations:
Example ACP use case: Scope: patient/aql-ACP%20DUTCH.rs : Permission to read and execute AQL with on EHR ID of the patient in context
patient AQL query name dan kun je in de query meerdere templates opnemen
Scope: patient/composition-ACP-DUTCH.crud
TemplateID dan beperkt je het tot alleen de ACP template en bijhorende archetypes
Source: https://specifications.openehr.org/releases/ITS-REST/latest/smart_app_launch.html
Composition, template, archetype. voorkeur
FHIR scopes: https://build.fhir.org/ig/HL7/smart-app-launch/scopes-and-launch-context.html