Canonical Resource Management Infrastructure Implementation Guide
2.0.0-ballot - STU 2 - Ballot
Canonical Resource Management Infrastructure Implementation Guide
2.0.0-ballot - STU 2 - Ballot
This page is part of the Canonical Resource Management Infrastructure Implementation Guide (v2.0.0-ballot: STU 2 Ballot) based on FHIR (HL7® FHIR® Standard) R4. This version is a pre-release. The current official version is 1.0.0. For a full list of available versions, see the Directory of published versions
| Page standards status: Informative |
<Library xmlns="http://hl7.org/fhir">
<id value="ExampleSignatureLibrary"/>
<meta>
<extension
url="http://hl7.org/fhir/uv/crmi/StructureDefinition/crmi-artifact-signature">
<valueSignature>
<type>
<system value="http://uri.etsi.org/01903/v1.2.2"/>
<code value="ProofOfCreation"/>
</type>
<when value="2025-05-12T10:17:55.135Z"/>
<who>
<display value="CRMI Server"/>
</who>
<sigFormat value="application/jwt"/>
<data
value="ZXlKaGJHY2lPaUpTVXpNNE5DSjkuZXlKcGMzTWlPaUpvZEhSd2N6b3ZMMnh2WTJGc2FHOXpkRG96TURBd0wyOXBaR01pTENKb1lYTm9Jam9pT0RreVl6azRaVGcyTmpCak0ySTROR1k0T0dObVptTTBOelU1T0Rnd1pXRTJaamN6WVdaaE9XWTFPR0UxWldVMVpHUXlaamhpTjJNME9ESTFNR1JqWVNKOS5UNTgxX1prUWVlN1JuSnBlUG5BcERJZ1d0SENPNkdVRmx0SEYzcmlNMHdFRUFNdVZLOFg2M09yQlpwUk1DRlpXd0o5X1JRazNKbzlxNFR5dTVXeG5aYUZ4eUgwY0RDczIxZ0Z1Q3RVYW5SZjRqZXAyWmZTaGpWam1tOTBBR3lBeno2RWVUb2RwV3lOTDQ4SnNfX1pTbUs4SGFoa0ZvczVEV1pkaTkzQlphbE9QdlItcEFuektneHlycmtkbUxGWkJqS0M2ZHJ6cWhmVHlUWTBQMnlMWlYweDZYM2J0dmtkY2NpOF90cUtEbDh4ejg0R3V0NGlIcjBmaXZQN0NiekJvSU82RGx3MWdTY0ZXYUU5QVRSRHZrVG5TWXUzSlZwdE1abzR4Z0tockwzWlFrdHJRWm0xQ0lROHRuTW41aENkVDdXLUR5c2VqeHhIOXQxMjhGWUJBMVEK"/>
</valueSignature>
</extension>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<div>
<table class="grid dict">
<tr>
<th scope="row"><b>Id: </b></th>
<td style="padding-left: 4px;">ExampleSignatureLibrary</td>
</tr>
<tr>
<th scope="row"><b>Version: </b></th>
<td style="padding-left: 4px;">2.0.0-ballot</td>
</tr>
<tr>
<th scope="row"><b>Url: </b></th>
<td style="padding-left: 4px;"><a href="Library-ExampleSignatureLibrary.html">ExampleSignatureLibrary</a></td>
</tr>
<tr>
<th scope="row">
<b>
</b>
</th>
<td style="padding-left: 4px;">
<p style="margin-bottom: 5px;">
<span>urn:oid:2.16.840.1.113883.4.642.40.38.28.13</span>
</p>
</td>
</tr>
<tr>
<th scope="row"><b>Type: </b></th>
<td style="padding-left: 4px;">
<p style="margin-bottom: 5px;">
<b>system: </b> <span><a href="http://terminology.hl7.org/6.5.0/CodeSystem-library-type.html">http://terminology.hl7.org/CodeSystem/library-type</a></span>
</p>
<p style="margin-bottom: 5px;">
<b>code: </b> <span>logic-library</span>
</p>
</td>
</tr>
<tr>
<th scope="row"><b>Date: </b></th>
<td style="padding-left: 4px;">2025-08-01 18:39:13+0000</td>
</tr>
<tr>
<th scope="row"><b>Publisher: </b></th>
<td style="padding-left: 4px;">HL7 International / Clinical Decision Support</td>
</tr>
<tr>
<th scope="row"><b>Description: </b></th>
<td style="padding-left: 4px;"><div><p>This example now demonstrates how to properly attach an artifact signature to a
FHIR Library resource using the CRMI signature extension.</p>
<p>The generated SHA256 checksum of the current resource (which excludes <code>id</code>,
<code>text</code>, and <code>meta</code>), in minified JSON form is:</p>
<pre><code>892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca
</code></pre>
<p>The signature <code>data</code> value after base64 decoding is a JWT:</p>
<pre><code>eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q
</code></pre>
<p>The decoded JWT payload contains the following fields:</p>
<ul>
<li><code>iss</code>: The issuer of the signature, which is the CRMI server URL.</li>
<li><code>hash</code>: The SHA256 checksum of the resource in minified JSON form.</li>
</ul>
<pre><code>{
"iss": "https://localhost:3000/oidc",
"hash": "892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca"
}
</code></pre>
<p>The signature is created using the private key of the CRMI server, ensuring the
integrity and authenticity of the resource. Clients can verify JWT signature
using the public key provided by the CRMI server, and then verify the SHA256
checksum against the resource's content to ensure it has not been altered.</p>
</div></td>
</tr>
<tr>
<th scope="row"><b>Jurisdiction: </b></th>
<td style="padding-left: 4px;">001</td>
</tr>
</table>
</div>
</div>
</text>
<url value="http://hl7.org/fhir/uv/crmi/Library/ExampleSignatureLibrary"/>
<identifier>
<system value="urn:ietf:rfc:3986"/>
<value value="urn:oid:2.16.840.1.113883.4.642.40.38.28.13"/>
</identifier>
<version value="2.0.0-ballot"/>
<status value="active"/>
<type>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/library-type"/>
<code value="logic-library"/>
</coding>
</type>
<date value="2025-08-01T18:39:13+00:00"/>
<publisher value="HL7 International / Clinical Decision Support"/>
<contact>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/dss"/>
</telecom>
</contact>
<description
value="This example now demonstrates how to properly attach an artifact signature to a
FHIR Library resource using the CRMI signature extension.
The generated SHA256 checksum of the current resource (which excludes `id`,
`text`, and `meta`), in minified JSON form is:
```
892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca
```
The signature `data` value after base64 decoding is a JWT:
```
eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q
```
The decoded JWT payload contains the following fields:
- `iss`: The issuer of the signature, which is the CRMI server URL.
- `hash`: The SHA256 checksum of the resource in minified JSON form.
```
{
"iss": "https://localhost:3000/oidc",
"hash": "892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca"
}
```
The signature is created using the private key of the CRMI server, ensuring the
integrity and authenticity of the resource. Clients can verify JWT signature
using the public key provided by the CRMI server, and then verify the SHA256
checksum against the resource's content to ensure it has not been altered."/>
<jurisdiction>
<coding>
<system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
<code value="001"/>
<display value="World"/>
</coding>
</jurisdiction>
</Library>
IG © 2022+ HL7 International / Clinical Decision Support. Package hl7.fhir.uv.crmi#2.0.0-ballot based on FHIR 4.0.1. Generated 2025-08-01
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change