Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CTF] Example and profiling of Provenance resource #44

Open
joofio opened this issue Feb 8, 2024 · 7 comments
Open

[CTF] Example and profiling of Provenance resource #44

joofio opened this issue Feb 8, 2024 · 7 comments
Assignees
@joofio
Labels
FHIR SPEC MVP3

Comments

@joofio
Copy link
Collaborator

joofio commented Feb 8, 2024

Provenance to accomodate CTF
@joofio joofio added the MVP3 label Feb 8, 2024
@joofio joofio added this to MVP Issues Feb 8, 2024
@joofio joofio moved this from Todo to In Progress in MVP Issues Feb 8, 2024
@joofio joofio self-assigned this Feb 8, 2024
@joofio
Copy link
Collaborator Author

joofio commented Feb 8, 2024

@amedranogil do you already have examples of this? If you do, please let us know. Otherwise, i can try to specify the profile and examples like Lenses and RMM

@amedranogil
Copy link
Contributor

No examples yet, sorry

@joofio
Copy link
Collaborator Author

joofio commented Feb 12, 2024

i will create profile (if needed) and example for you to comment

@joofio
Copy link
Collaborator Author

joofio commented Feb 13, 2024

LINK: https://build.fhir.org/ig/hl7-eu/gravitate-health/branches/master/Provenance-signature.html
check if it makes sense

@joofio joofio moved this from In Progress to Testing in MVP Issues Feb 22, 2024
@gmej
Copy link
Contributor

gmej commented Feb 29, 2024

Regarding this task, I would like to confirm the following statement is true:
All backend services must authenticate with Keycloak. This is essential for provenance.

Is this true @margoraja? If this is true, we need to start planning for this as we should change the backend to authenticate services, which is not trivial.

@jkiddo
Copy link
Collaborator

jkiddo commented Feb 29, 2024

FYI - the G Lens app facade that I use already logs in at keycloak when using the FOSPS

@margoraja
Copy link

margoraja commented Mar 1, 2024
edited
Loading

Regarding this task, I would like to confirm the following statement is true: All backend services must authenticate with Keycloak. This is essential for provenance.

Is this true @margoraja? If this is true, we need to start planning for this as we should change the backend to authenticate services, which is not trivial.

Although I'm not sure from where that sentence is from but it sounds logical and seems to be valid claim. To sign something within CTF (or Content Trust or Data Integrity or Sign .. etc), it is essential that only users with permissions to do so have the access for that. However no such authentication shall be necessary or required for verifications. Verification shall be open for anyone (limited to for users within deployed instance, by firewall rules or configured to be truely open).
Content trust, that we delivered, is already enforcing this. Our service checks wether or not incoming singing request has a token that is allowed to perform signing. It does not require any authentication for verification.
https://github.com/Gravitate-Health/content-trust
Edit: Component does not require any specific who resource in FHIR provenance resource to be defined, it does not define it nor does any validation or evaluations (data in signature (in porvenance) is not compared against who resource under provenance).
Edit2: Content Trust component already signs and verifies the whole FHIR resource, its provenance reousrce or both. That is implemented.

@joofio joofio moved this from Testing to Done in MVP Issues Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joofio joofio

Labels
FHIR SPEC MVP3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jkiddo @margoraja @amedranogil @joofio @gmej