Skip to content

Authentication Authorization (WIP)

Jump to bottom
Sarah McDougall edited this page Dec 29, 2021 · 1 revision

Systems:

  • Client: Gathers data of interest, then assembles and executes submit-data request
  • EHR: Data source for Client, implements FHIR API that supports query parameters needed to gather data of interest
  • Receiving Server: Receives and stores data of interest, calculates measures and care gap reports
  • Auth Server: OAuth2 implementation to provide access control for Receiving Server
  • Program Server: Provides functionality related to a specific quality program

Workflow

Client Workflow

  1. Client queries $data-requirements endpoint for Measure
  • Receiving Server returns Library with populated dataRequirement
  1. Client creates queries from Library.dataRequirement, and queries EHR for data of interest
  • EHR processes queries and returns data needed
  1. Client creates MeasureReport, Provenance resource (w/empty target)
  2. Client creates Parameters resource with embedded MeasureReport, resources
  3. Client authenticates with Auth Server, and receives an authorization token
  4. Client executes $submit-data on Receiving System with Parameters resource, X-Provenance header, and authorization token

Server Workflow

  1. Receiving Server receives Parameters, X-Provenance and authorization token from Client
  2. Receiving Server verifies user authorization with Auth server using authorization token
  • Creates AuditEvent with record of success/failure of authorization
  1. Receiving Server sends credentials to Program Server, to verify that user may submit AND is authorized to submit on behalf of an Organization
  • (TODO More detail on this handshake)
  • Creates AuditEvent with record of success/failure of program authorization
  1. On Success, Receiving Server extracts data from Parameters.parameter resource and persists into database for the Organization that was authorized in Step #9
  • CreatesProvenance resource, linked to all resources that were persisted
  • Creates AuditEvent resource, linked to all resources that were persisted
  1. Receiving Server returns 200 Success to the Client, along with X-Provenance header in response using Provenance resource created in Step #10
Clone this wiki locally