You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/specification/1.0.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -489,7 +489,7 @@ Field | Optionality | Type | Description
489
489
----- | ----- | ----- | --------
490
490
`type` | REQUIRED | *string* | The type of action being performed. Allowed values are: `create`, `update`, `delete`.
491
491
`description` | REQUIRED | *string* | Human-readable description of the suggested action MAY be presented to the end-user.
492
-
`resource` | OPTIONAL | *object* | Depending upon the `type` attribute, a new resource or the id of a resource. When the `type` attribute is `create`, the `resource` attribute contains a new FHIR resource to be created. For `delete`, this is the id of the resource to remove. In hooks where only one "content" resource is ever relevant, this attribute MAY be omitted for deletes only. For `update`, this holds the updated resource.
492
+
`resource` | OPTIONAL | *object* | Depending upon the `type` attribute, a new resource or the id of a resource. When the `type` attribute is `create`, the `resource` attribute SHALL contain a new FHIR resource to be created. For `delete`, this SHALL be the id of the resource to remove. In hooks where only one "content" resource is ever relevant, this attribute MAY be omitted for deletes only. For `update`, this holds the updated resource.
493
493
494
494
The following example illustrates a create action:
495
495
@@ -614,7 +614,7 @@ The EHR’s authorization server is responsible for enforcing restrictions on th
614
614
615
615
The service agreement negotiated between the EHR vendor/provider and the CDS Service provider will include obligations the EHR vendor/provider commits to the CDS Service provider. Some agreements MAY include the use of mutual TLS, in which both ends of the channel are authenticated.
616
616
617
-
However, mutual TLS is impractical for many organizations, and because the EHR initiates the TLS channel set-up, only the CDS Service endpoint will be authenticated. To enable the CDS Service to authenticate the identity of the EHR, CDS Hooks uses digitally signed [JSON web tokens (JWT)](https://jwt.io/).
617
+
However, mutual TLS is impractical for many organizations, and because the EHR initiates the TLS channel set-up, only the CDS Service endpoint will be authenticated. To enable the CDS Service to authenticate the identity of the EHR, CDS Hooks uses digitally signed [JSON web tokens (JWT)](https://jwt.io/) ([rfc7519](https://tools.ietf.org/html/rfc7519)).
618
618
619
619
Each time an EHR transmits a request to a CDS Service, the request MUST include an `Authorization` header presenting the JWT as a “Bearer” token:
0 commit comments