This page is part of the Security for Scalable Registration, Authentication, and Authorization (v1.1.0: STU 1 Update) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions
Changes from the previous version are summarized below with links to the corresponding HL7 ticket. The summaries below are non-normative.
Ticket | Ticket Description |
---|---|
FHIR-40459 | Clarify client is required to validate signed_metadata as per the UDAP server metadata profile |
FHIR-40579 | Correct inactive link in Required UDAP Metadata |
FHIR-40601 | Correct invalid link to HL7 SMART App Launch IG history |
FHIR-40791 | Clarify “aud” value in authentication JWTs |
FHIR-41517 | Clarify algorithm used by servers to sign UDAP metadata |
FHIR-43002 | Clarify that support for B2B extension is required for servers that support client credentials grants |
FHIR-43007 | Clarify conformance strength of algorithms by listing as a table |
FHIR-43008 | Clarify “jti” reuse is permitted after expiration of any previous JWTs using same value |
FHIR-43014 | Correct status code to be returned by server when community is not recognized or not supported |
FHIR-43021 | Add missing hyperlinks for certain UDAP profiles |
FHIR-43048 | Clarify servers must respond to GET requests for metadata |
FHIR-43116 | Clarify that registration updates are requested within the context of the client’s trust community |
FHIR-43121 | Remove duplicated requirements for “iss” parameter in software statement |
FHIR-43554 | Clarify allowed registration claims returned by server may be different than claims submitted in software statement |