james-answer
commented
6 years ago Added additional guidance
Closed james-answer closed 6 years ago
james-answer
commented
6 years ago Added additional guidance
The "Cross Organisation Audit & Provenance" guidance for the 0.5.0 specification does not give any guidance for the fhir resources within the JWT.
The test suite and provider implementations from the origional rc.5 make the assumption the resources are the GP Connect resources so expect some elements to be mandatory, such as NHS Number in the patient and the name element in the practitioner. This is not stated in the specification and this is going to cause problems for the consumers developing. We should add guidance to say that the fhir resources in the JWT should conform to the profiles from that time.
The other option is to ask the providers to remove the validation and re-write the section in the specification so that the providers will accept any content within the JWT and be specific about what consumers should send.
https://developer.nhs.uk/apis/gpconnect-0-5-0/integration_cross_organisation_audit_and_provenance.html
Additional Consumer Specific Notes
Due to an error in the test suite for RC.5 all the providers have built their consumer and providers to use the incorrect identifier system for the practitioner user id within the JWT.
Consumers need to include a SDS user ID in the JWT with the incorrect system "http://fhir.nhs.net/sds-user-id" rather than the correct one of "http://fhir.nhs.net/Id/sds-user-id". If any provider is building against the specification they should not validate the fhir resources within the JWT for content.