Giter VIP home page Giter VIP logo

mobileaccessgateway's Introduction

Mobile Access Gateway

The Mobile Access Gateway is an implementation based on the CH EPR mHealth (CI-Build) implementation guide.
It provides a FHIR Gateway supporting the PIXm and MHD server actors and uses XDS/PIXV3 to communicate with an XDS Affinity Domain.

It uses IPF and HAPI-FHIR.

Test setup

Current configuration works with XDSTools7, a simulator is setup where the Mobile Access Gateway connects.

Patient Manager is used for simulating PIX V3.

See client.http for example calls to the Mobile Access Gateway.

Run the JAR

  1. Clone https://github.com/oehf/ipf.git
  2. run mvn clean install -DskipTests in this directory, this should produce 4.0-SNAPSHOT (you need at least jdk11)
  3. Clone this repo
  4. Install the dependencies: mvn install
  5. Either run it from your favorite IDE or in the CLI: mvn clean compile && mvn exec:java -Dexec.mainClass="ch.bfh.ti.i4mi.mag.MobileAccessGateway"

To run your own configuration stored in a properties file use the -Dspring.config.additional-location switch. Any config parameter that is not specified in the file will be taken from the defaults. If your config file is called "myownconfig.properties" run it using: mvn clean compile && mvn exec:java -Dexec.mainClass="ch.bfh.ti.i4mi.mag.MobileAccessGateway" -Dspring.config.additional-location=file:myownconfig.properties

publish docs

documentation is maintained in docs folder using mkdocs-material:

  • develop docs: mkdocs serve
  • publish docs: mkdocs gh-deploy --force

docs are then available at https://ahdis.github.io/matchbox/

Caution

  • a @ComponentScan had to be added to the main Application class, otherwise the routes / component could note be defined (see open issues)

Dev environment

Eclipse setup

  • install lombok
  • in pom.xml xpp3 has to be excluded, otherwise there is an error message with the java compiler (The package javax.xml.namespace is accessible from more than one module: , java.xml)

VSCode

  • Java Extension needed

open issues

  • ipf-platform-camel-ihe-fhir-r4-pixpdq works not nicely with spring-boot together, is the META-INF directory not added to the output source?

GUI

The GUI is an Angular project stored in the angular/ directory. The compiled project is stored in the Java application resources (src/main/resources/static/). If you modify the Angular project, you have to rebuild it:

cd angular
npm install
npm run build-mag

Deployment

The Mobile Access Gateway can run in a docker container and can be deployed to a Kubernetes cluster.

Building an image

To create a new docker image run:

mvn clean package
docker build -t mag:v059 .

Where "mag" is the image name and v030 is the version. Then push to a registry.

Creating a configuration

  • Create an empty folder ("myconfig" in this example) and copy the contents of the example-config directory.
  • Edit the application.yml. Leave the pathes for the keystores as they are.
  • Provide p12 or jks keystores for the client certificate, the server certificate and for IDP.

Deploying to Kubernetes

  • Edit myconfig/kubernetes-config.yml as you need it
  • Create a config map for "application.yml" kubectl create configmap mobile-access-gateway-configmap --from-file=application.yml=myconfig/application.yml
  • Create a secret for the certificates and keys kubectl create secret generic mobile-access-gateway-secret --from-file=client.jks=myconfig/client-certificate.jks --from-file=server.p12=myconfig/server-certificate.jks --from-file=idp.jks=myconfig/idp.jks
  • Upload configuration kubectl apply -f myconfig/kubernetes-config.yml

Adding a new identity provider

1. Preparations

Select a short identifier (no spaces, no special characters) for the IDP you want to connect to. This identifier will be called in this guide. (example: "trustid")

Which instance of the MAG should be able to connect to the IDP? You need a separate registration for each instance. The base-url of the MAG instance including protokoll, domain, port (if not 80 or 443) and base path will be called . (example: "https://test.ahids.ch/mag-test")

2. Ask for IDP metadata

You need a metadata file from the IDP. Either this metadata is freely available in the internet under a fixed URL or you need to receive the file through another channel and store the metadata XML file in the MAGs configuration directory. An example IDP metadata file (for gazelle) can be found here: https://ehealthsuisse.ihe-europe.net/metadata/idp-metadata.xml

3. Generate signing and encryption keys

Signing and encryption keys for SAML are in an extra keystore specified in the "mag.iua.idp" section. It is possible to reuse keys from the keystore for multiple IDPs, but it might be better to have separate keys for each provider so that you can exchange the keys for a single provider only. Each provider might have different requirements about the keys and certificates used. (for example the certificate needs to contain a support email address) Here is an example how to create a signing key. Adopt according to requirements of IDP.

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout signKey.key -out signKey.crt

Repeat the same for the TLS key: (another example with extended requirements)

openssl req -x509 -sha256 -nodes -days 1460 -newkey rsa:4096 -extensions client_ext -extfile myssl.conf -outform PEM -keyout tlsKey.key -out tlsKey.cer 

myssl.conf must contain section:

# Client Certificate Extensions
[ client_ext ]
basicConstraints        = CA:FALSE
keyUsage                = critical, digitalSignature
extendedKeyUsage        = critical, clientAuth
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always
issuerAltName           = issuer:copy

Convert your keys into keystores and merge those. Choose an "alias" (a name) for both keys. Replace and with the chosen aliases.

openssl pkcs12 -export -in signKey.crt -inkey signKey.key -name "<sign-key-alias>" -out signKey.p12
openssl pkcs12 -export -in tlsKey.crt -inkey tlsKey.key -name "<tls-key-alias>" -out tlsKey.p12
keytool -importkeystore -srckeystore signKey.p12 -destkeystore tlsKey.p12 -alias <sign-key-alias>

5. Change MAGs configuration file

In the application.yml file for the MAG instance add a section to "mag.iua.idps". A section looks like this:

mag:
  iua:
     idps:
        <idp-name>:
          metadata-url: <metadata-url>
          key-alias: <sign-key-alias>
          key-password: <sign-key-password>
          tls-key-alias: <tls-key-alias>
          tls-key-password: <tls-key-password>

The is either the URL from step 2 or if you have a file instead it is the file path (without a prefix) for example "secret/metadata.xml". If the IDP has problems with the artifact resolution step you can put "noArtifactResolution: true" into the section. For the and use the keystore password for keys without additional password.

6. Run MAG and retrieve SP metadata file/url

Run the MAG with the updated configuration. You can now download the SP metadata file which needs to be communicated to the IDP provider. The metadata XML file may be downloaded from /saml/metadata/alias/ This file contains certificates, the SP entityID and URLs.

7. Register instance to IDP

Write an email to the IDP provider with either the metadata file itself and/or the URL where the metadata file can be downloaded.

8. Adopt frontend

In angular/src/app/mag/mag.component.html is the provider select list which may be extended with new entries.

mobileaccessgateway's People

Contributors

alexander-kreutz avatar oliveregger avatar qligier avatar lfdesousa avatar leonardostaffolani avatar unixoid avatar staffoleo avatar heg2 avatar ziegm avatar dependabot[bot] avatar

Stargazers

Sébastien Quarez avatar avatar avatar Thomas Papke avatar Panayiotis Savva avatar avatar avatar Ronaldo Loureiro avatar Petrick avatar avatar avatar Cyrill avatar avatar

Watchers

James Cloos avatar avatar avatar avatar avatar

Forkers

trifork ahdis zzllkk2003 adonis2014 staffoleo swisspost lfdesousa unixoid

mobileaccessgateway's Issues

Improve ITI-67 to ITI-18 conversion

MobileAccessGateway/src/main/java/ch/bfh/ti/i4mi/mag/mhd/iti67/Iti67RequestConverter.java

Lines 63 to 75 in 6363161

if (searchParameter.get_id() != null || searchParameter.getIdentifier() != null) {
GetDocumentsQuery query = new GetDocumentsQuery();
if (searchParameter.getIdentifier() != null) {
String val = searchParameter.getIdentifier().getValue();
if (val.startsWith("urn:oid:")) {
query.setUniqueIds(Collections.singletonList(val.substring("urn:oid:".length())));
} else if (val.startsWith("urn:uuid:")) {
query.setUuids(Collections.singletonList(val.substring("urn:uuid:".length())));
}
} else {
query.setUuids(Collections.singletonList(searchParameter.get_id().getValue()));
}
searchQuery = query;

In the ITI-67 request processing, if the id or identifier search parameter is used, all others are ignored.
id is not an official ITI-67 search parameter.
identifier is then mapped to uniqueId or entryUuid depending on if it's a UUID or an OID, which is suspicious because the uniqueId can be both a UUID or an OID. We should do two GetDocuments queries to make sure we get all documents.

Access rights to the repository

Could I get access rights for creating new branches in this repository please?
Thanks!

Edit: And to be able to manage/get assigned issues here.

Document.reference date is an instant and should not provide an error when translating

  1. caused by: org.openehealth.ipf.commons.ihe.xds.core.validate.XDSMetaDataException: Invalid time format: 202205121104360400
    at org.openehealth.ipf.commons.ihe.xds.core.metadata.Timestamp.fromHL7(Timestamp.java:126) ~[ipf-commons-ihe-xds-4.2.0.jar!/:4.2.0]
    at ch.bfh.ti.i4mi.mag.mhd.iti65.Iti65RequestConverter.timestampFromDate(Iti65RequestConverter.java:298) ~[classes!/:na

ProvideBundle_MAGMED005.txt
]

  1. follow up error message: The patient ID in the document entry does not match the client auth

PDQm: Retrieve Patient contains telecom without system

On CARA INT we have test patients which have a telecom

"telecom": [
{
"value": "mailto:[email protected]",
"use": "home"
}
],

Patient targetId: Patient/2.16.756.5.30.1.191.1.0.2.1-e7963774-9098-445f-9cab-5d52234b52c3

Trong Sang NEFF-WINGEIER, 1987-10-08
MAGMED001 / urn:oid:2.16.756.5.30.1.196.3.2.1

however the system is missing in the telecom, this should be added, otherwise it will give follow up errors when using them for MHD.

ITI-57: Delete Fails in specific configuration 

					<ns2:Classification classificationScheme="urn:uuid:93606bcf-9494-43ec-9b4e-a7748d1a838d" classifiedObject="50c84d3e-3bc5-b31c-47d9-fafa4f4b185f" nodeRepresentation="" id="urn:uuid:d51f87d6-bcc3-4409-9996-6897eb98bc2d">
						<ns2:Slot name="authorPerson">
							<ns2:ValueList>
								<ns2:Value>^first name^last name^^^^^^&amp;&amp;ISO</ns2:Value>
							</ns2:ValueList>
						</ns2:Slot>

ISO is wrong here. This looks like it is coming from the angular mobile access gateway app, when you want to delete a test patient on CARAPMP002,

image

Document retrieval only works on some deployment URLs

MobileAccessGateway/angular/src/app/mag/mag.component.ts

Lines 821 to 832 in 14d6ebb

const url =
entry.content && entry.content.length > 0
? entry.content[0].attachment.url
: 'undefined';
let completeUrl = url.replace(
'http://test.ahdis.ch/mag-pmp/camel/xdsretrieve',
'https://test.ahdis.ch/mag-pmp/camel/xdsretrieve'
);
let completeUrl2 = completeUrl.replace(
'http://test.ahdis.ch/mag-pmp2/camel/xdsretrieve',
'https://test.ahdis.ch/mag-pmp2/camel/xdsretrieve'
);

Browsers will block HTTP requests when executed from an HTTPS page

Deletion of DocumentReferences

  1. Operation DELETE on Document Reference shall be implemented, mapped to setting a deletion flag in an XDS Document Entry.
  2. On metadata retrieval, only Document References without a deletion flag shall be returned.

Swiss Post + adesso will implement this and submit a pull request, most probably in July.

@staffoleo: FYI

PDQm: Handling Patient queries restriction to 5 results

When doing a patient query with quite generic search criteria (e.g. only postal code), the search result may be more than 5 patients. This is however restricted and the search result is replaced by the message Patient queries are restricted to a maximum of 5 results, please use more restrictive query criteria! (see attached SOAP response).

The MAG however doesn't pass this message on to the user, but only returns an empty search set bundle. This is not optimal, since the user has no possibility to find out why no results are returned for his query.

restricted-response.txt

See also:

<ns1:detectedIssueEvent classCode="ALRT" moodCode="EVN">
    <ns1:code xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:CD" code="ActAdministrativeDetectedIssueCode" codeSystem="2.16.840.1.113883.5.4" />
    <ns1:triggerFor typeCode="TRIG">
        <ns1:actOrderRequired classCode="ACT" moodCode="RQO">
            <ns1:code code="LivingSubjectAdministrativeGenderRequested" codeSystem="2.16.756.5.30.1.127.3.10.2.1" />
        </ns1:actOrderRequired>
    </ns1:triggerFor>
    <ns1:triggerFor typeCode="TRIG">
        <ns1:actOrderRequired classCode="ACT" moodCode="RQO">
            <ns1:code code="PatientAddressRequested" codeSystem="2.16.756.5.30.1.127.3.10.2.1" />
        </ns1:actOrderRequired>
    </ns1:triggerFor>
    <ns1:triggerFor typeCode="TRIG">
        <ns1:actOrderRequired classCode="ACT" moodCode="RQO">
            <ns1:code code="BirthNameRequested" codeSystem="2.16.756.5.30.1.127.3.10.2.1" />
        </ns1:actOrderRequired>
    </ns1:triggerFor>
</ns1:detectedIssueEvent>

mag.iua.idp and mag.iua.idps

We now support mag.iua.idp and mag.iua.idps, can we remove support for the former, since it's supported via the latter?

Support for ITI-18 federation to Initiating Gateway

The Swiss EPR platform currently requires two ITI-18 queries for a patient.

  1. A ITI-18 query for the Registry of the community
  2. A ITI-18 query to the Initiating Gateway for documents in the remote community

The follow up ITI-43 query needs for 2) the homeCommunity added needs also the Initiating Gateway as end point.

It would be nice to have an optional configuration that the ITI-67 Find Document References transaction https://profiles.ihe.net/ITI/MHD/ITI-67.html can be configured that the both queries are done in one step.

IUA: Authorization use Bearer instead of IHE-SAML

Feedback von Dmytro, auch relevant für die Umsetzung von IUA in den mHealth Profilen, aktuell wird im Mobile Access Gateway auch IHE-SAML gebraucht anstellen von Bearer:

Dmytro: Die CH:ATC Spezifikation basiert (implizit) auf der Revision 1.3 des IHE IUA Supplement. Die aktuelle Fassung des IUA Supplement ist Revision 2.1 und beinhaltet eine nicht-rückwärtskompatible Änderung — im HTTP-Header «Authorization:» soll als Tokentyp «Bearer» und nicht mehr «IHE-SAML» angegeben werden (Abschnitt 3.72.4.2).

https://profiles.ihe.net/ITI/IUA/index.html

Feature Request: Support for PPQm

eHealth Suisse has published a first draft for the PPQm profile:

This Implementation Guide is a part of the Swiss EPR specifications and contains definitions necessary for the Swiss national integration profile “Privacy Policy Query for Mobile” (CH:PPQm). The goal of this profile is to provide a possibility to manage privacy policies using a lightweight technology stack suitable for mobile devices — as opposed to the classic CH:PPQ which is based on XACML 2.0 and SAML 2.0.

The implementation of the PPQm profile and translation would be a nice addition in a future version.

PDQm result does not contain identifiers specified in otherID's

The PDQ V3 query returns three identifiers, however two (the ones in otherID) are not returned in the quey.

/run.sh /Users/oliveregger/Documents/github/k8s-fhir.ch/configurations/mag-pmp

the PDQm query

GET {{host}}/fhir/Patient?family=OVIE&given=Bergan HTTP/1.1
Accept: application/fhir+json

returns then entry

{
        "resourceType": "Patient",
        "id": "2.16.756.5.30.1.191.1.0.12.3.101-080607d8-c68b-4c74-812f-5159c38a1af2",
        "identifier": [
          {
            "system": "urn:oid:2.16.756.5.30.1.191.1.0.12.3.101",
            "value": "080607d8-c68b-4c74-812f-5159c38a1af2"
          }
        ],
        "active": true,
        "name": [
          {
            "family": "Ovie",
            "given": [
              "Bergan"
            ]
          }
        ],
        "telecom": [
          {
            "value": "[email protected]",
            "use": "home"
          }
        ],
        "gender": "male",
        "birthDate": "1975-10-09"
      }

but the two otherID's are not added to the identifier list of the patient (2.16.756.5.30.1.191.1.0.2.1, 2.16.756.5.30.1.127.3.10.3)

            <ns1:subject typeCode="SUBJ" contextConductionInd="false">
                    <ns1:registrationEvent classCode="REG" moodCode="EVN">
                        <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" nullFlavor="NA"/>
                        <ns1:statusCode code="active"/>
                        <ns1:subject1 typeCode="SBJ">
                            <ns1:patient classCode="PAT">
                                <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="2.16.756.5.30.1.191.1.0.12.3.101" extension="080607d8-c68b-4c74-812f-5159c38a1af2"/>
                                <ns1:statusCode code="active"/>
                                <ns1:patientPerson classCode="PSN" determinerCode="INSTANCE">
                                    <ns1:name xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:PN">
                                        <ns1:given>Bergan</ns1:given>
                                        <ns1:family>Ovie</ns1:family>
                                    </ns1:name>
                                    <ns1:telecom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:TEL" value="[email protected]" use="HP"/>
                                    <ns1:administrativeGenderCode code="M"/>
                                    <ns1:birthTime xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:TS" value="19751009"/>
                                    <ns1:asCitizen classCode="CIT">
                                        <ns1:politicalNation classCode="NAT" determinerCode="INSTANCE">
                                            <ns1:code code="CH"/>
                                        </ns1:politicalNation>
                                    </ns1:asCitizen>
                                    <ns1:asOtherIDs classCode="PAT">
                                        <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="2.16.756.5.30.1.127.3.10.3" extension="761337610435209810" assigningAuthorityName="SPID"/>
                                        <ns1:statusCode code="active"/>
                                        <ns1:scopingOrganization classCode="ORG" determinerCode="INSTANCE">
                                            <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="2.16.756.5.30.1.127.3.10.3"/>
                                        </ns1:scopingOrganization>
                                    </ns1:asOtherIDs>
                                    <ns1:asOtherIDs classCode="PAT">
                                        <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="2.16.756.5.30.1.191.1.0.2.1" extension="713d79be-058e-4f55-82a8-e1f81f5e0047" assigningAuthorityName="XDS Affinity Domain"/>
                                        <ns1:statusCode code="active"/>
                                        <ns1:scopingOrganization classCode="ORG" determinerCode="INSTANCE">
                                            <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="2.16.756.5.30.1.191.1.0.2.1"/>
                                        </ns1:scopingOrganization>
                                    </ns1:asOtherIDs>
                                    <ns1:birthPlace>
                                        <ns1:addr xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:AD">
                                            <ns1:country>Suisse</ns1:country>
                                            <ns1:city>Luzern</ns1:city>
                                        </ns1:addr>
                                    </ns1:birthPlace>
                                </ns1:patientPerson>
                                <ns1:providerOrganization classCode="ORG" determinerCode="INSTANCE">
                                    <ns1:id xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:II" root="1.3.6.1.4.1.21367.13.20.2000"/>
                                    <ns1:contactParty classCode="CON"/>
                                </ns1:providerOrganization>
                                <ns1:subjectOf1>
                                    <ns1:queryMatchObservation classCode="COND" moodCode="EVN">
                                        <ns1:code xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:CD" code="IHE_PDQ"/>
                                        <ns1:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:INT" value="100"/>
                                    </ns1:queryMatchObservation>
                                </ns1:subjectOf1>
                            </ns1:patient>

CH:XUA Get X-User Assertion: PurposeOfUse Claim missing attributes

The request to get an assertion by providing the claims has missing attributes in the PurposeOfUse element:

POST {{host}}/camel/assertion HTTP/1.1
Scope: person_id=761337610435209810^^^&2.16.756.5.30.1.127.3.10.3&ISO purpose_of_use=urn:oid:2.16.756.5.30.1.127.3.10.5|NORM subject_role=urn:oid:2.16.756.5.30.1.127.3.10.6|HCP

translates to the CH:XUA Get X-User Assertion (snip):

             <saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">

                    <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">

                        <PurposeOfUse xmlns="urn:hl7-org:v3" code="NORM"/>

                    </saml2:AttributeValue>

                </saml2:Attribute>

attributes @codesystem and @xsi:type are missing for the PuposeOfUse.

-->

<PurposeOfUse xmlns="urn:hl7-org:v3" code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" codeSystemName="eHealth Suisse Verwendungszweck" displayName="Normalzugriff" xsi:type="CE"/>

add oauth endpoints to cabability statement

we would like to use the https://github.com/i4mi/fhir-wrappers.ts for authorization. this library excepts a token / authorize endpoint in the metadata capabilitystatement, the current mag capability statement has not yet info inside

        <security>
            <extension url="http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris">
                <extension url="token">
                    <valueUri value="https://test.midata.coop/v1/token"></valueUri>
                </extension>
                <extension url="authorize">
                    <valueUri value="https://test.midata.coop/authservice"></valueUri>
                </extension>
            </extension>
        </security>

for the mag it would be e.

https://test.ahdis.ch/mag-pmp2/camel/authorize
https://test.ahdis.ch/mag-pmp2/camel/token

NP for fhir/metadata with latest version

@host = http://localhost:9090/mag-pmp

GET {{host}}/fhir/metadata
Accept: application/fhir+json

returns:
Caused by: java.lang.NullPointerException: null
at ca.uhn.fhir.rest.server.RestfulServerConfiguration.collectMethodBindings(RestfulServerConfiguration.java:359) ~[hapi-fhir-server-5.4.2.jar:na]
at ca.uhn.fhir.rest.server.RestfulServerConfiguration.provideBindings(RestfulServerConfiguration.java:252) ~[hapi-fhir-server-5.4.2.jar:na]
at ca.uhn.fhir.rest.server.provider.ServerCapabilityStatementProvider.getServerConformance(ServerCapabilityStatementProvider.java:194) ~[hapi-fhir-server-5.4.2.jar:na]
... 144 common frames omitte

Support for Replace according to IHE MHD

The current implementation reads directly the uuid from Document.relatesTo.reference.value and adds it to the XDS RPLC associations (which works).

According to https://profiles.ihe.net/ITI/MHD/Bundle-ex-comprehensiveProvideDocumentBundleReplace.json.html
the DocumentReference which is replaced needs to be added in the transaction and the Mobile Access Gateway would need to determine the uuid from the referenced DocumentReference.

This might be further complicated, that a TCU user in the Swiss EPR has no read access to DocumentReferences.

Do not invent a family name in ITI-65 request conversion

MobileAccessGateway/src/main/java/ch/bfh/ti/i4mi/mag/mhd/iti65/Iti65RequestConverter.java

Lines 1017 to 1020 in 6363161

// CARA PMP
// At least an authorPerson, authorTelecommunication, or authorInstitution sub-attribute must be present
// Either authorPerson, authorInstitution or authorTelecom shall be specified in the SubmissionSet [IHE ITI Technical Framework Volume 3 (4.2.3.1.4)].
person.setName(transform(new HumanName().setFamily("---")));

I would rather let the request fail rather than feed bogus data forward. If XDS on FHIR is used, then XDS cardinalities have to be respected.

Large dependency upgrade

We will be soon ready to upgrade to the new major versions of: IPF, HAPI FHIR, Husky, CXF, Camel, Spring, Spring Boot, Tomcat,
We'll migrate from javax to jakarta.
The minimum Java version will be bumped to 17.

See related issues:
oehf/ipf#414
project-husky/husky#60

support for ITI-57

feature request to support for ITI-57 for deletion of documents in the MTP

Quentin: As discussed earlier, here’s how you can delete a document in the PMP.

The document must be Approved (not Deprecated).
The document must be at the end of its document chain (i.e. if an MTP has been prescribed, you have to delete first the PRE, then the MTP).

It’s done by sending an ITI-57 query with the ‘ur
example-iti57.txt
n:e-health-suisse:2019:deletionStatus’ extra metadata set to ‘urn:e-health-suisse:2019:deletionStatus:deletionRequested’. Unfortunately, you have to send all required attributes but they’ll be ignored, the request just has to be structurally valid (it’ll be checked by IPF).

I join an example of such a request.

Support for multiple IDPs

  • Allow selection of IDP via /alias/ addition to authorization and/or metadata URL.
  • Allow selection of IDP provider in frontend.
  • Enumeration of available IDPs by backend through /camel/idps URL.
  • Frontend shows only available IDPs for selected backend.
  • Frontend shows "Default" as IDP if backend does not support multiple IDPs.

PIXm Feed: translation of telecom attribute use is not correct (HOME instead of H)

When adding a new Patient Identifier the telecom attribute gets translated wrong:

from

"telecom": [
        {
            "value": "[email protected]",
            "use": "home"
        }
    ],

to

<telecom use="HOME" value="[email protected]"/>

however this should be (response MPI)

<ns1:telecom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:TEL" value="[email protected]" use="HP"/>

I would have assumed that value should be even prefixed with ... value="mailto:[email protected]"

see https://test.ahdis.ch/eprik-cara-pmp/#/transaction/6649ab01-4b98-49f6-922c-0be90fa3e35b

{
    "resourceType": "Patient",
    "id": "2.16.756.5.30.1.191.1.0.12.3.101-18fa4746-73c6-48bc-ab7c-1ae832f9b16b",
    "identifier": [
        {
            "system": "urn:oid:2.16.756.5.30.1.191.1.0.12.3.101",
            "value": "18fa4746-73c6-48bc-ab7c-1ae832f9b16b"
        },
        {
            "system": "urn:oid:2.16.756.5.30.1.127.3.10.3",
            "value": "761337613917063504"
        },
        {
            "system": "urn:oid:2.16.756.5.30.1.191.1.0.2.1",
            "value": "64370848-bed5-46c4-972f-05b410b59235"
        },
        {
            "system": "urn:oid:2.16.756.5.32",
            "value": "7560646693941"
        }
    ],
    "active": true,
    "name": [
        {
            "family": "Aegerter-Bischoff",
            "given": [
                "BRUNO KAKOB"
            ]
        }
    ],
    "telecom": [
        {
            "value": "[email protected]",
            "use": "home"
        }
    ],
    "gender": "male",
    "birthDate": "1983-11-23",
    "managingOrganization": {
        "identifier": {
            "system": "urn:oid:1.3.6.1.4.1.21367.2017.2.7.109",
            "value": "TESTORG"
        }
    }
}

CodeSystems not translated to oid's in ProvideAndRegister

http://localhost:9770/xdstools/Xdstools2.html#SimMsgViewer:default__asbtsrr/rep/prb/2023_09_14_09_54_10_324

-MIMEBoundary112233445566778899
Content-Type: application/xop+xml; charset=UTF-8; type="application/soap+xml"
Content-Transfer-Encoding: binary
Content-ID: [email protected]

<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><wsa:Action xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope" s:mustUnderstand="1">urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-bResponse</wsa:Action><wsa:RelatesTo xmlns:wsa="http://www.w3.org/2005/08/addressing">urn:uuid:2de3474d-70a7-4287-a0e0-82843cb7795d</wsa:RelatesTo></S:Header><S:Body><rs:RegistryResponse xmlns:rs="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" status="urn:oasis:names:tc:ebxml-regrep:ResponseStatusType:Failure">rs:RegistryErrorList<rs:RegistryError codeContext="DocumentEntry(urn:uuid:1e404af3-077f-4bee-b7a6-a9be97e1ce01): the code http://ihe.net/fhir/ihe.formatcode.fhir/CodeSystem/formatcode(urn:ihe:pcc:cm:2008) is not found in the Affinity Domain configuration" errorCode="XDSRegistryMetadataError" location="CodeValidation" severity="urn:oasis:names:tc:ebxml-regrep:ErrorSeverityType:Error" /><rs:RegistryError codeContext="DocumentEntry(urn:uuid:1e404af3-077f-4bee-b7a6-a9be97e1ce01): the code http://loinc.org(34895-3) is not found in the Affinity Domain configuration" errorCode="XDSRegistryMetadataError" location="CodeValidation" severity="urn:oasis:names:tc:ebxml-regrep:ErrorSeverityType:Error" /><rs:RegistryError codeContext="DocumentEntry(urn:uuid:1e404af3-077f-4bee-b7a6-a9be97e1ce01): the code http://terminology.hl7.org/CodeSystem/v3-Confidentiality(N) is not found in the Affinity Domain configuration" errorCode="XDSRegistryMetadataError" location="CodeValidation" severity="urn:oasis:names:tc:ebxml-regrep:ErrorSeverityType:Error" /></rs:RegistryErrorList></rs:RegistryResponse></S:Body></S:Envelope>

pixm: http error code 404 instead of 400 for sourceIdentifier Assigning Authority not found

GET https://test.ahdis.ch/mag-pmp/fhir/Patient/$ihe-pix?sourceIdentifier=urn%3Aoid%3A2.16.756.5.30.1.196.3.2.1%7CBADPATIENT001&targetSystem=urn%3Aoid%3A2.16.756.5.30.1.127.3.10.3 HTTP/1.1

return HTTP error 400

For this specific request, the 404 is correct, the detailed message is sourceIdentifier Assigning Authority not found
and according to https://profiles.ihe.net/ITI/PIXm/ITI-83.html#23834223-source-domain-not-recognized this should
be returned with an OperationOutcome and 404 (there are others with 400 and 403).

Publish a 1.0.0 version

we should start documenting the changes in

  • do semantic versioning (start with 1.0.0)
  • track github issue changes ind docs/changelog.md
  • tag the version as release in github

PIXm results, prefix, targetId and filtering

  1. When testing against the PatientManager from Gazelle the result is not filtered by targetSystem:

GET {{host}}/fhir/Patient/$ihe-pix?sourceIdentifier=urn:oid:1.3.6.1.4.1.21367.2017.2.5.83|MAGMED001&targetSystem=urn:oid:2.999.756.42.21&targetSystem=urn:oid:2.16.756.5.30.1.127.3.10.3 HTTP/1.1
Accept: application/fhir+json
Content-Type: application/fhir+json

HTTP/1.1 200 OK
Connection: close
Date: Mon, 30 Nov 2020 19:23:04 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Powered-By: HAPI FHIR 5.2.0 REST Server (FHIR Server; FHIR 4.0.1/R4)
X-Request-ID: DnZcCQj8C3HvmERr
Content-Type: application/fhir+json;charset=utf-8
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Server: Jetty(9.4.34.v20201102)

{
"resourceType": "Parameters",
"parameter": [
{
"name": "targetIdentifier",
"valueIdentifier": {
"system": "2.16.756.5.30.1.127.3.10.3",
"value": "761337610435209810"
}
},
{
"name": "targetId",
"valueReference": {
"reference": "http://test.ahdis.ch/mag-pmp/fhir/Patient/2.16.756.5.30.1.127.3.10.3-761337610435209810"
}
},
{
"name": "targetIdentifier",
"valueIdentifier": {
"system": "1.3.6.1.4.1.12559.11.25.1.19",
"value": "CHFACILITY9810"
}
},
{
"name": "targetIdentifier",
"valueIdentifier": {
"system": "1.3.6.1.4.1.12559.11.20.1",
"value": "CHPAM9810"
}
},
{
"name": "targetIdentifier",
"valueIdentifier": {
"system": "2.999.756.42.2",
"value": "CARAMED001"
}
}
]
}

  1. system muss bei oid's noch mit urn:oid: prefixed sein

  2. targetId solle auf Patienten ID Community aufgelöst sein nicht EPR-SPID:

{
"name": "targetId",
"valueReference": {
"reference": "http://test.ahdis.ch/mag-pmp/fhir/Patient/2.16.756.5.30.1.127.3.10.3-761337610435209810"
}

MAG: Does an ITI-67 make one ITI-18 and multiple PDQ queries

It looks like that for an ITI-67 query we make one iti-18 and follow up queries with PDQ V3 for the results. This could be the case, but should be maybe documented somewhere.

If the PDQ query are necessaire, it should also be optimized that is its performed only once but not for each same patient it.

https://test.ahdis.ch/mag-pmp-dev/fhir/DocumentReference?_count=500&patient.identifier=urn%253Aoid%253A2.16.756.5.30.1.191.1.0.2.1%257C84acd42c-e94f-4749-94c0-61b7b6586140&status=current

https://test.ahdis.ch/eprik-cara/#/transaction/22a15127-bc98-46f1-bb70-bef66cf5ce75

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.