How can we improve SMART scopes?

Zooming in on FHIR authz

isaac vetter, epic

http://bit.ly/smartscopesv2-devdays2019

HL7®, FHIR® and the flame Design mark are the registered trademarks of Health Level Seven International and are used with permission.

Redmond, June 10 – 12 | @HL7 @FirelyTeam | #fhirdevdays | www.devdays.com/us

​

Exploring SMART on FHIR for Research and Quality Purposes

​

• Tuesday @4:50
• in Sonora
• Sebastiaan Knijnenburg

1

• Wednesday
• 11:05 am - 11:45 am
• in St. Helens
• Josh Mandel

2

SMART App Launch protocol

• HL7 standard
• Authorization (patient, provider, backend system)
• OAuth2 scopes
• Access to FHIR server
• Standalone launch
• User authenticates
• “EHR Launch”
• Single sign-on.

​

www.hl7.org/fhir/smart-app-launch/

Current

http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html

Current

clinical-scope ::=

( 'patient' | 'user' | 'system' )

'/' ( fhir-resource | '*' )

'.' ( 'read' | 'write' | '*' )`

http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html

App requests scopes

Location: https://ehr/authorize?

response_type=code&client_id=app-client-id&

redirect_uri=https%3A%2F%2Fapp%2Fafter-auth& scope=Observation.read+patient%2FPatient.read+openid+fhirUser&

state=98wrghuwuogerg97&

aud=https://ehr/fhir

http://www.hl7.org/fhir/smart-app-launch/#for-example-2

User approves scope

https://sandbox.hspconsortium.org/

User approves scope

https://sandbox.hspconsortium.org/

Machine-facing scopes should be different from consumer-facing scopes!

• Wildcards
• Reading level
• “Purpose of app”
• research, care, ?

​

Current

• patient/Observation.read

FHIR Observation.category

• social-history
• vital-signs
• imaging
• laboratory
• procedure
• survey
• exam
• therapy
• activity

https://www.hl7.org/fhir/valueset-observation-category.html#expansion

FHIR Observation.category

• social-history
• vital-signs
• imaging
• laboratory
• procedure
• survey
• exam
• therapy
• activity

https://www.hl7.org/fhir/valueset-observation-category.html#expansion

patient/Observation.read

Wilcard scopes

• patient/*.*

http://www.hl7.org/fhir/smart-app-launch/scopes-and-launch-context/index.html#wildcard-scopes

​

When a wildcard is requested for the FHIR resource, the client is asking for all data for all available FHIR resources, both now and in the future.

Scopes should sometimes be finer-grained than FHIR resources.

• Observation.category
• Basic.code
• Condition.category?

​

Facebook authz example:

​

​

{dataType}.read

Consumer-facing scopes should be simple and relatable.

• but describing dataTypes for read is okay.

Facebook user explanations

• Consumer-facing write scopes are special
• Consumer authz requires info about the app, not just the data.

Facebook scopes

https://developers.facebook.com/docs/facebook-login/permissions/#reference-pages_messaging

https://developers.facebook.com/docs/facebook-login/permissions/#reference-pages_messaging

31 hardcoded scopes with allowed usages

Simple enhancement

• patient/Observation:lab.read
• patient/Observation:activity.read
• patient/Condition:encounter-diagnosis.read

Complex enhancement (stolen from Josh)

https://docs.google.com/presentation/d/1CqRCrNB17XXzeff0guDo1inM-gdy2k0aBc16OcdZKHM/edit#slide=id.g5b57552282_1_9

Principles

• Machine-facing scopes should be different from consumer-facing scopes!
• Scopes should sometimes be finer-grained than FHIR resources.
• Consumer-facing scopes should be simple and relatable.
• Consumer-facing write scopes are special
• Consumer authz requires info about the app, not just the data.

Next steps?

1. Collect production AS scopes descriptions.
2. Talk through syntaxes for the low-hanging fruit for category.
3. Grahame to write up auth denied OO.
4. Scope to include operations, non-standard webservices.

​

Continue the conversation in #smart zulip stream.

?

26