Release 4B Snapshot 3: Connectathon 32 Base

This page is part of the FHIR Specification (v4.3.0: R4B - STU (v5.0.0-snapshot3: R5 Snapshot #3, to support Connectathon 32 ). The current version which supercedes this version is 5.0.0 . For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

6.1.2 Digital Signatures

FHIR Infrastructure Security icon Work Group Maturity Level : N/A 1 Standards Status : Trial Use

This specification recommends the use of W3C Digital Signatures icon or JSON Digital Signatures icon for digital signatures. Resources can be signed using the Provenance resource to carry a detached digital signature icon . The Signature datatype is available to support various signature types including non-repudiation purposes. Further details on creation and validation of Signatures are defined.

  • The Signature SHOULD conform to XAdES-X-L icon for support of Long Term signatures icon. The XAdES-X-L specification adds the timestamp of the signing, inclusion of the signing certificate, and statement of revocation.
  • The JSON Digital-Signature SHOULD conform to JAdES icon for support of Long Term signatures.

In addition, documents may be signed using an enveloped icon signature. A specification for enveloped signature is profiled in the IHE DSG profile icon .

Neither of these definitions prohibits policies that accept the use of other ways of using digital signatures or scanned wet signatures.

Trial-Use Note: Note to Implementers: The use of signatures with RESTful interfaces is a poorly understood area, and we would welcome reports of implementation experience. See discussion on use of Digital Signature in FHIR icon

Feedback is welcome here icon .