Da Vinci Clinical Data Exchange (CDex)
2.1.0 - STU 2.1
Da Vinci Clinical Data Exchange (CDex)
2.1.0 - STU 2.1
Da Vinci Clinical Data Exchange (CDex), published by HL7 International / Payer/Provider Information Exchange Work Group. This guide is not an authorized publication; it is the continuous build for version 2.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/davinci-ecdx/ and changes regularly. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 2 |
<Requirements xmlns="http://hl7.org/fhir">
<id value="cdex-signer"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: Requirements cdex-signer</b></p><a name="cdex-signer"> </a><a name="hccdex-signer"> </a><table class="grid"><tr><td><b><a name="CONF-026"> </a></b>CONF-026</td><td>SHALL</td><td><div><p>* When using a FHIR Questionnaire to request data, the [DTR Standard Questionnaire] Profile is used to profile the Questionnaire. Both [CDex Task Attachment Request Profile] and the [DTR Standard Questionnaire] profile have the overlapping capability to indicate that a signature is required. Signers <strong>SHALL</strong> meet both the Task <em>and</em> Questionnaire signature expectations. The Task's signature input parameter represents the need for a verification signature for the QuestionnaireResponse. The [DTR Standard Questionnaire] profile supports many reasons for signatures, including verification signatures.</p>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#cdex-signatures">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-027"> </a></b>CONF-027</td><td>SHALL</td><td><div><ol>
<li><strong>SHALL</strong> use the [CDex Digital Signature Profile] with the [CDex Signature Bundle Profile] for digitally signed Bundles and with the [CDex SDC QuestionnaireResponse Profile] for digitally signed QuestionnaireResponse. This Signature DataType profile enforces the various elements of digital signatures documented in this section.</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-028"> </a></b>CONF-028</td><td>SHALL</td><td><div><ol>
<li>Implementers <strong>SHALL</strong> follow the following FHIR R6 <a href="https://hl7.org/fhir/6.0.0-ballot3/datatypes.html#JSON">JSON Signature rules</a></li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-029"> </a></b>CONF-029</td><td>SHALL</td><td><div><ul>
<li>The JWS mime type <code>application/jose</code> <strong>SHALL</strong> be indicated in the <code>Signature.sigFormat</code> element.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-030"> </a></b>CONF-030</td><td>SHALL</td><td><div><ul>
<li>CDEX is pre-adopting the changes to FHIR R6 json canonicalization guidance and <strong>SHALL</strong> use the IETF JSON Canonicalization Scheme (JCS) (see [RFC 8785]) to generate the canonical form of the resource. JCS is a well-documented standardized canonicalization algorithm with multiple open-source implementations across several programming languages.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-031"> </a></b>CONF-031</td><td>SHALL</td><td><div><ul>
<li>This canonicalization method is identified by the URI <code>application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json#document</code> and <strong>SHALL</strong> be indicated in the <code>Signature.targetFormat</code> element.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-033"> </a></b>CONF-033</td><td>SHALL</td><td><div><ul>
<li>identifying This canonicalization method by the URI <code>application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json+xml#document</code> and <strong>SHALL</strong> indicate it in the <code>Signature.targetFormat</code> element.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-034"> </a></b>CONF-034</td><td>SHALL</td><td><div><ul>
<li><code>Bundle.id</code>, and <code>Bundle.meta</code> <strong>SHALL</strong> be removed before canonicalization. In other words, everything in a Bundle is signed <em>except</em> for these elements.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-035"> </a></b>CONF-035</td><td>SHALL</td><td><div><ul>
<li>For signatures representing the entire QuestionnaireResponse, <code>QuestionnaireResponse.id</code>, and <code>QuestionnaireResponse.meta</code> elements <strong>SHALL</strong> be removed before canonicalization. In other words, everything in a QuestionnaireResponse is signed <em>except</em> for these elements.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-036"> </a></b>CONF-036</td><td>SHALL</td><td><div><ul>
<li>For signatures representing an item in the QuestionnaireResponse, the <code>QuestionnaireResponse.item.id</code> <strong>SHALL</strong> be removed before canonicalization. In other words, everything in the <code>QuestionnaireResponse.item</code> is signed <em>except</em> for these elements.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-037"> </a></b>CONF-037</td><td>SHALL</td><td><div><ul>
<li>The signature <strong>SHALL</strong> include a <code>"srCms"</code> signer commitments" header element for the Purpose(s) of the Signature (see <a href="https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.01.01_60/ts_11918201v010101p.pdf">JAdES-B-T</a>, page 17). The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013).</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-038"> </a></b>CONF-038</td><td>SHALL</td><td><div><ul>
<li>The <code>"srCms"</code> header <strong>SHALL</strong> contain an <code>"id": "urn:oid:1.2.840.10065.1.12.1.5"</code> (Verification Signature)</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-039"> </a></b>CONF-039</td><td>SHALL</td><td><div><ul>
<li>The <code>Signature.type.code</code> elements <strong>SHALL</strong> contain the same values as the <code>"srCms"</code> header ids.</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-040"> </a></b>CONF-040</td><td>SHALL</td><td><div><ol>
<li><strong>SHALL</strong> include an <code>"alg"</code> parameter for the JSON Web Algorithms (JWA) (see [RFC 7518]). <code>"alg": "RS256"</code> is preferred.</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-042"> </a></b>CONF-042</td><td>SHALL</td><td><div><ol start="3">
<li><strong>SHALL</strong> have <code>"x5c"</code> (X.509 certificate chain) equal to an array of one or more base64-encoded (not base64url-encoded) DER representations of the public certificate or certificate chain (see [RFC 7517]).</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-043"> </a></b>CONF-043</td><td>SHALL</td><td><div><ol>
<li><strong>SHALL</strong> include a <code>"sigT"</code> header parameter with a timestamp of the signature.</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-044"> </a></b>CONF-044</td><td>SHALL</td><td><div><ol start="2">
<li><strong>SHALL</strong> include a <code>"srCms"</code> signer commitments as defined above.</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-046"> </a></b>CONF-046</td><td>SHALL</td><td><div><ol start="2">
<li><strong>SHALL</strong> support JWS compact serialization format for single signatures</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-048"> </a></b>CONF-048</td><td>SHALL</td><td><div><ol start="4">
<li>The certificate <strong>SHALL</strong> include a Subject Alternative Name (SAN) which</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-049"> </a></b>CONF-049</td><td>SHALL</td><td><div><p>include a Subject Alternative Name (SAN) which <strong>SHALL</strong> match the <code>Signature.who.identifier</code></p>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-045"> </a></b>CONF-045</td><td>SHOULD</td><td><div><ol>
<li><strong>SHOULD</strong> use the hashing algorithm SHA256. The signature validation policy will apply to the signature and determine the acceptability</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-047"> </a></b>CONF-047</td><td>SHOULD</td><td><div><ol start="3">
<li><strong>SHOULD</strong> support [JWS JSON Serialization] format to represent multiple signatures with identical parameter values except <code>"x5c"</code>.</li>
</ol>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-050"> </a></b>CONF-050</td><td>SHOULD</td><td><div><ul>
<li>The certificate Issuer <strong>SHOULD</strong> be a trusted CA for the Consumer</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-051"> </a></b>CONF-051</td><td>SHOULD</td><td><div><ul>
<li>The certificate KeyUsage <strong>SHOULD</strong> include 'DigitalSignature'</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-052"> </a></b>CONF-052</td><td>SHOULD</td><td><div><ul>
<li>The certificate Validity Dates <strong>SHOULD</strong> be appropriate/long enough as determined by the business partners</li>
</ul>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr><tr><td><b><a name="CONF-032"> </a></b>CONF-032</td><td>MAY</td><td><div><p>Implementers that support both XML and JSON wire formats <strong>MAY</strong> support cross format signatures by:</p>
</div><p>Links: </p><ul><li>References: <a href="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse">signatures.html</a></li></ul></td></tr></table></div>
</text>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="claims"/>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm">
<valueInteger value="2">
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-cdex/ImplementationGuide/hl7.fhir.us.davinci-cdex"/>
</extension>
</valueInteger>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status">
<valueCode value="trial-use">
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom">
<valueCanonical
value="http://hl7.org/fhir/us/davinci-cdex/ImplementationGuide/hl7.fhir.us.davinci-cdex"/>
</extension>
</valueCode>
</extension>
<url value="http://hl7.org/fhir/us/davinci-cdex/Requirements/cdex-signer"/>
<identifier>
<system value="urn:ietf:rfc:3986"/>
<value value="urn:oid:2.16.840.1.113883.4.642.40.21.36.4"/>
</identifier>
<version value="2.1.0"/>
<name value="CDexSignerRequirements"/>
<title value="CDex Signer Requirements"/>
<status value="draft"/>
<date value="2026-06-10T20:32:01+00:00"/>
<publisher
value="HL7 International / Payer/Provider Information Exchange Work Group"/>
<contact>
<name
value="HL7 International / Payer/Provider Information Exchange Work Group"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/claims"/>
</telecom>
<telecom>
<system value="email"/>
<value value="pie@lists.hl7.org"/>
</telecom>
</contact>
<description
value="This [Requirements](https://hl7.org/fhir/R5/requirements.html) resource lists all the CDex Signer requirements defined in the narrative sections of this IG."/>
<jurisdiction>
<coding>
<system value="urn:iso:std:iso:3166"/>
<code value="US"/>
</coding>
</jurisdiction>
<copyright
value="Used by permission of HL7 International all rights reserved Creative Commons License"/>
<statement>
<key value="CONF-026"/>
<conformance value="SHALL"/>
<conditionality value="true"/>
<requirement
value="\* When using a FHIR Questionnaire to request data, the [DTR Standard Questionnaire] Profile is used to profile the Questionnaire. Both [CDex Task Attachment Request Profile] and the [DTR Standard Questionnaire] profile have the overlapping capability to indicate that a signature is required. Signers **SHALL** meet both the Task *and* Questionnaire signature expectations. The Task's signature input parameter represents the need for a verification signature for the QuestionnaireResponse. The [DTR Standard Questionnaire] profile supports many reasons for signatures, including verification signatures."/>
<reference value="signatures.html#cdex-signatures"/>
</statement>
<statement>
<key value="CONF-027"/>
<conformance value="SHALL"/>
<requirement
value="1. **SHALL** use the [CDex Digital Signature Profile] with the [CDex Signature Bundle Profile] for digitally signed Bundles and with the [CDex SDC QuestionnaireResponse Profile] for digitally signed QuestionnaireResponse. This Signature DataType profile enforces the various elements of digital signatures documented in this section."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-028"/>
<conformance value="SHALL"/>
<requirement
value="1. Implementers **SHALL** follow the following FHIR R6 [JSON Signature rules](https://hl7.org/fhir/6.0.0-ballot3/datatypes.html#JSON)"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-029"/>
<conformance value="SHALL"/>
<requirement
value="- The JWS mime type `application/jose` **SHALL** be indicated in the `Signature.sigFormat` element."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-030"/>
<conformance value="SHALL"/>
<requirement
value="- CDEX is pre-adopting the changes to FHIR R6 json canonicalization guidance and **SHALL** use the IETF JSON Canonicalization Scheme (JCS) (see [RFC 8785]) to generate the canonical form of the resource. JCS is a well-documented standardized canonicalization algorithm with multiple open-source implementations across several programming languages."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-031"/>
<conformance value="SHALL"/>
<requirement
value="- This canonicalization method is identified by the URI `application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json#document` and **SHALL** be indicated in the `Signature.targetFormat` element."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-033"/>
<conformance value="SHALL"/>
<requirement
value="- identifying This canonicalization method by the URI `application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json+xml#document` and **SHALL** indicate it in the `Signature.targetFormat` element."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-034"/>
<conformance value="SHALL"/>
<requirement
value="- `Bundle.id`, and `Bundle.meta` **SHALL** be removed before canonicalization. In other words, everything in a Bundle is signed *except* for these elements."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-035"/>
<conformance value="SHALL"/>
<requirement
value="- For signatures representing the entire QuestionnaireResponse, `QuestionnaireResponse.id`, and `QuestionnaireResponse.meta` elements **SHALL** be removed before canonicalization. In other words, everything in a QuestionnaireResponse is signed *except* for these elements."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-036"/>
<conformance value="SHALL"/>
<requirement
value="- For signatures representing an item in the QuestionnaireResponse, the `QuestionnaireResponse.item.id` **SHALL** be removed before canonicalization. In other words, everything in the `QuestionnaireResponse.item` is signed *except* for these elements."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-037"/>
<conformance value="SHALL"/>
<requirement
value="- The signature **SHALL** include a `"srCms"` signer commitments" header element for the Purpose(s) of the Signature (see [JAdES-B-T](https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.01.01_60/ts_11918201v010101p.pdf), page 17). The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013)."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-038"/>
<conformance value="SHALL"/>
<requirement
value="- The `"srCms"` header **SHALL** contain an `"id": "urn:oid:1.2.840.10065.1.12.1.5"` (Verification Signature)"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-039"/>
<conformance value="SHALL"/>
<requirement
value="- The `Signature.type.code` elements **SHALL** contain the same values as the `"srCms"` header ids."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-040"/>
<conformance value="SHALL"/>
<requirement
value="1. **SHALL** include an `"alg"` parameter for the JSON Web Algorithms (JWA) (see [RFC 7518]). `"alg": "RS256"` is preferred."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-042"/>
<conformance value="SHALL"/>
<requirement
value="3. **SHALL** have `"x5c"` (X.509 certificate chain) equal to an array of one or more base64-encoded (not base64url-encoded) DER representations of the public certificate or certificate chain (see [RFC 7517])."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-043"/>
<conformance value="SHALL"/>
<requirement
value="1. **SHALL** include a `"sigT"` header parameter with a timestamp of the signature."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-044"/>
<conformance value="SHALL"/>
<requirement
value="2. **SHALL** include a `"srCms"` signer commitments as defined above."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-046"/>
<conformance value="SHALL"/>
<requirement
value="2. **SHALL** support JWS compact serialization format for single signatures"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-048"/>
<conformance value="SHALL"/>
<requirement
value="4. The certificate **SHALL** include a Subject Alternative Name (SAN) which"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-049"/>
<conformance value="SHALL"/>
<requirement
value="include a Subject Alternative Name (SAN) which **SHALL** match the `Signature.who.identifier`"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-045"/>
<conformance value="SHOULD"/>
<requirement
value="1. **SHOULD** use the hashing algorithm SHA256. The signature validation policy will apply to the signature and determine the acceptability"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-047"/>
<conformance value="SHOULD"/>
<requirement
value="3. **SHOULD** support [JWS JSON Serialization] format to represent multiple signatures with identical parameter values except `"x5c"`."/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-050"/>
<conformance value="SHOULD"/>
<requirement
value="- The certificate Issuer **SHOULD** be a trusted CA for the Consumer"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-051"/>
<conformance value="SHOULD"/>
<requirement
value="- The certificate KeyUsage **SHOULD** include 'DigitalSignature'"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-052"/>
<conformance value="SHOULD"/>
<requirement
value="- The certificate Validity Dates **SHOULD** be appropriate/long enough as determined by the business partners"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
<statement>
<key value="CONF-032"/>
<conformance value="MAY"/>
<requirement
value="Implementers that support both XML and JSON wire formats **MAY** support cross format signatures by:"/>
<reference
value="signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"/>
</statement>
</Requirements>
IG © 2024+ HL7 International / Payer/Provider Information Exchange Work Group.
Package hl7.fhir.us.davinci-cdex#2.1.0 based on FHIR 4.0.1.
Generated
2026-06-10
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change