Release 5

This page is part of the FHIR Specification (v5.0.0: R5 - STU). This is the current published version in it's permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

6.1.2 Digital Signatures

Security icon Work GroupMaturity Level: 1Standards Status: Trial Use

This specification recommends the use of W3C Digital Signatures icon or JSON Digital Signatures icon for digital signatures. Resources can be signed using the Provenance resource to carry a detached digital signature icon. The Signature datatype is available to support various signature types including non-repudiation purposes. Further details on creation and validation of Signatures are defined.

  • The Signature SHOULD conform to XAdES-X-L icon for support of Long Term signatures icon. The XAdES-X-L specification adds the timestamp of the signing, inclusion of the signing certificate, and statement of revocation.
  • The JSON Digital-Signature SHOULD conform to JAdES icon for support of Long Term signatures.

In addition, documents may be signed using an enveloped icon signature. A specification for enveloped signature is profiled in the IHE DSG profile icon.

Neither of these definitions prohibits policies that accept the use of other ways of using digital signatures or scanned wet signatures.

Note to Implementers: The use of signatures with RESTful interfaces is a poorly understood area, and we would welcome reports of implementation experience. See discussion on use of Digital Signature in FHIR icon

Feedback is welcome here icon.