Home > Security Model

Security Model

Secure access to IAR assessment data is using system to system communication, based on the SMART Cross-Organization Data Access Profile (CODAP) security specification. CODAP leverages the OAuth 2.0 profile to support the EHR-to-EHR use case defined by The Argonaut Project.

This security model supports access to IAR assessment data using different access channels (both UI Integration and Data Integration are supported). It allows for secure, federated access between the Client Applicaition and the IAR Data API.

NOTE: In the initial pilot phase, access to IAR assessment data will only be avaiable through the IAR Visual App. The Data API layer will be available in a future phase. However, both access channels with use the same security model.

Actors and Transactions

At a high level, the following sequence of events takes place during the launch of the IAR Visual App. For a more detailed flow, refer to the section Launching IAR Visual App.

codap_flow

Client Application / IAR Visual App

The combination of Client Application and IAR Visual App will play the role of EHR A. The client application is responsible for creating the authentication and authorization request tokens which are required to invoke the IAR Visual App.

The IAR Visual App accepts the authentication and authorization tokens from the Client Application and presents it to the IAR Data API (authorization server) for validation. If successful, an OAuth access token is returned to the IAR Visual App. The access token is used for subsequent FHIR requests to the IAR Data API. The access token is completely managed by the IAR Visual App (including appropriate renewals) and is transparent to the Client Application.

The two JWT tokens are signed using RFC7515, JSON Web Signature (JWS). The connection between the Client Application and IAR Visual App is secured using Transport Level Security (TLS). The combination TLS and JWS allows for secure authentication and authorization between the two systems (integrity, authenticity, non-repudiation, confidentiality).

IAR Data API (Authorization + FHIR Server)

The IAR Data API consists of both an Authorization and FHIR Server (EHR B). The authorization server is responsible for mediating requests from the IAR Visual App. It ensures that the FHIR resources requested are within the bounds of access authorized. Once authentication and authorization is successful, the FHIR server will process the request and return FHIR resources requested.

Powered by SIMPLIFIER.NET

HL7® and FHIR® are the registered trademarks of Health Level Seven International