Logica/SMART Reference Implementation Collaboration

Owned by Travis Cummings
Last updated: Nov 06, 2019 by Preston Lee
3 min read

Reference Implementation Collaboration Overview

The purpose of the Logica/SMART Reference Implementation is to consolidate the code-base for each organization's code base since, up to this point, both organizations share the same specification. Until one or the other group decides to deviate from either a logical or technical approach, the organizations benefit by sharing resources to accomplish the same end. This page will serve a collaboration portal for the project and will include links to each groups current implementations, decisions on what components from each will be used, the shared code base, and links to the project plan (backlog, current sprints, burn-downs, etc.).

Components Map & Usage Decision Matrix


Security & ContextFHIR Resource ServerFHIR StarterTools
SMART on FHIR Reference Impl

https://github.com/smart-on-fhir/auth-server/

fork of MITREid, plus a mvn overlay for LDAP integration

depends on: LDAP server

deploy as: war or standalone jar


https://github.com/smart-on-fhir/api-server

custom Grails web app

depends on: Postgres

deploy as: war or standalone jar

https://github.com/smart-on-fhir/fhir-starter

static web app (AngularJS 1)

depends on: auth server, api server

deploy as: static web app


Logica Reference Impl

hspc-reference-authorization.war

- openid-connect-server-webapp-1.2.0.war

- openid-connect-server-1.2.0.jar

Tomcat 8

hspc-api.war

- HAPI DSTU1 Resource Server

hspc-reference-api.war

- HAPI DSTU2 Resource Server

MySQL Database

Logica uses SMART on FHIR's version.Data Import Tool
Collaborative Reference Impl

Decision to use:

  • SMART on FHIR LDAP Overlay
    • HRI-327 - Getting issue details... STATUS
  • Logica Launch Context Overlay
    • Need to merge some changes from SMART fork:
      • HRI-414 - Getting issue details... STATUS (persistence of launch context)
      • HRI-415 - Getting issue details... STATUS (allow of key/value pairs)

Decision to use:

  • HSPC HAPI DSTU2 Server
    • Need to add the following features into the current HSPC server that exist currently in the SMART DSTU2 server:
      • HRI-416 - Getting issue details... STATUS (Launch Context handling )
      • HRI-371 - Getting issue details... STATUS (Single Patient authorization)


Project Artifacts

Code Repos

Build Pipeline

  1. Build on commit
    1. https://healthservices.atlassian.net/builds/browse/RIPARENT

Maven Artifacts

Not released to maven yet.

Features Roadmap

ComponentFeatureDetails/JIRA link
Auth ServerPublic able to create accounts
HRI-327 - Getting issue details... STATUS
API ServerAbility to register arbitrary launch context
HRI-415 - Getting issue details... STATUS
Auth ServerAbility to persist launch contexts
HRI-414 - Getting issue details... STATUS
API ServerAccess to resources segregated by patient "compartment"
HRI-371 - Getting issue details... STATUS
API ServerTransaction & Batch SupportAllow submission of multiple items at once. Tx all succeed or fail together, batch they don't all have to succeed together. Part of DSTU2 - may get for free as part of HAPI
API ServerProfile Validation
API ServerConsistent Validation Result RepresentationA resource can be validated against 0...M profiles. Come up with a way to represent the results of that validation consistently.

Project Status

The collaboration project will be managed in JIRA here: JIRA Agile Project. Below is a snapshot of the identified stories and tasks for the collaboration.

key summary type created updated assignee priority status
Refresh

Misc./Collaboration Notes

Notes from first look at HSPC stack:

Josh Mandel (Unlicensed): Authz server: our server uses an LDAP back-end for account management. We currently use a mvn overlay to accomplish this; probably it can be updated to work with the HSPC server (stacked overlays -- I assume this works?)

Travis Cummings: Yes, stacked overlays work.  We will work on the LDAP account management in  HRI-327 - Getting issue details... STATUS

Josh Mandel (Unlicensed): When I sign into the authz server as demo/demo, I see 253 approved sites. It looks like all apps are automatically approved for access, and with specific launch scopes? Are these hard-coded? Apps running multiple times? I'm not sure what's going on here.

Josh Mandel (Unlicensed)

  • LaunchContext needs to accept arbitrary data (not just patient) Current approach to LaunchContext is fragile
  • involves an HTTP REdirect from API server -> Authz server, and so it depends on browser cookies for authorization? I'm not 100% sure on this, but testing the public server seems to confirm. This is a mistake, since launching is an admin act, or requires appropriate scopes. The auth server doesn't know about such things. Diagrams: are confusing on this point, showing LaunchEndpointOrchestration vs. LaunchOrchestrationEndpoint
  • does not store arbitrary params (encounter, need_patient_banner) need to handle arbitrary params to cover the spec and allow room for expansion/exploration
  • are not persisted (currently in ThreadLocal map). Would be good to keep these on record in DB alongside the rest of server state.
  • patient-level scopes like patient/*.read need to be limited in the data they can see. This is an important feature especially for patient-facing apps where the access model is more limited. We're taking this use case on in Argonaut Implementation Program, for example.

Josh Mandel (Unlicensed): DSTU2 links on https://healthservices.atlassian.net/wiki/display/HSPC/HSPC+Sandboxes are broken which made it hard for me to explore live server behavior.

Travis Cummings:  Fixed links