This wiki has undergone a migration to Confluence found Here

SecurityGroup FHIR Resource Proposal

From HL7Wiki
Jump to navigation Jump to search


Rejected due to the content of a Security Group and Role is not a healthcare specific concept, or is sufficiently profiled elsewhere. Use of the standards identified are recommended without HL7 defined constraints. See the FHIR Security page for details.

Owning committee name

FHIR Core Project

Contributing or Reviewing Work Groups

  • Security
  • IHE

FHIR Resource Development Project Insight ID

FHIR core project

Scope of coverage

See FHIR Security Management Subsystem for scope of the security sub-systems.

The SecurityGroup resource allows a system to define a common claim of rights to a reused by several identities

  • subject: an abstract group
  • usage: manage authentication and/or authorization
  • this resource is not limited by discipline/context/locality

RIM scope

  • A group is an entity (Entity, determinerCode=KIND) playing the role of Licensed Entity (LIC)

Resource appropriateness

This resource represents:

  • a well understood, "important" concept in the business of healthcare - an set of authorization claims that are used by an arbitrary group of security principals
    • note: this concept is not healthcare specific, which is why this resource and it's related resources are a subsystem that are not allowed to become and API dependency
  • a concept (group) expected to be tracked with distinct, reliable, unique ids
  • a concept that is created, queried and maintained
  • the initial proposal expects 5 elements
  • is well decoupled from other concepts

Expected implementations

  • the FHIR reference server will implement this
  • several other connectathon attendees have asked for this functionality

Content sources

  • OpenID Connect
  • Microsoft Documentation - WCF Security & LDAP documentation

Example Scenarios

  • define claims for rights that apply to a group of security Principals

Resource Relationships

  • this resource is referred to from SecurityPrincipal group for claims of rights
  • there is also a SecurityRole group for defining additional roles a user may claim


For development for QA/DSTU2

gForge Users

Core team