Da Vinci Clinical Data Exchange (CDex)
2.1.0 - STU 2.1
Da Vinci Clinical Data Exchange (CDex)
2.1.0 - STU 2.1
Da Vinci Clinical Data Exchange (CDex), published by HL7 International / Payer/Provider Information Exchange Work Group. This guide is not an authorized publication; it is the continuous build for version 2.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/davinci-ecdx/ and changes regularly. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 2 |
{
"resourceType" : "Requirements",
"id" : "cdex-signer",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: Requirements cdex-signer</b></p><a name=\"cdex-signer\"> </a><a name=\"hccdex-signer\"> </a><table class=\"grid\"><tr><td><b><a name=\"CONF-026\"> </a></b>CONF-026</td><td>SHALL</td><td><div><p>* When using a FHIR Questionnaire to request data, the [DTR Standard Questionnaire] Profile is used to profile the Questionnaire. Both [CDex Task Attachment Request Profile] and the [DTR Standard Questionnaire] profile have the overlapping capability to indicate that a signature is required. Signers <strong>SHALL</strong> meet both the Task <em>and</em> Questionnaire signature expectations. The Task's signature input parameter represents the need for a verification signature for the QuestionnaireResponse. The [DTR Standard Questionnaire] profile supports many reasons for signatures, including verification signatures.</p>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#cdex-signatures\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-027\"> </a></b>CONF-027</td><td>SHALL</td><td><div><ol>\n<li><strong>SHALL</strong> use the [CDex Digital Signature Profile] with the [CDex Signature Bundle Profile] for digitally signed Bundles and with the [CDex SDC QuestionnaireResponse Profile] for digitally signed QuestionnaireResponse. This Signature DataType profile enforces the various elements of digital signatures documented in this section.</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-028\"> </a></b>CONF-028</td><td>SHALL</td><td><div><ol>\n<li>Implementers <strong>SHALL</strong> follow the following FHIR R6 <a href=\"https://hl7.org/fhir/6.0.0-ballot3/datatypes.html#JSON\">JSON Signature rules</a></li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-029\"> </a></b>CONF-029</td><td>SHALL</td><td><div><ul>\n<li>The JWS mime type <code>application/jose</code> <strong>SHALL</strong> be indicated in the <code>Signature.sigFormat</code> element.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-030\"> </a></b>CONF-030</td><td>SHALL</td><td><div><ul>\n<li>CDEX is pre-adopting the changes to FHIR R6 json canonicalization guidance and <strong>SHALL</strong> use the IETF JSON Canonicalization Scheme (JCS) (see [RFC 8785]) to generate the canonical form of the resource. JCS is a well-documented standardized canonicalization algorithm with multiple open-source implementations across several programming languages.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-031\"> </a></b>CONF-031</td><td>SHALL</td><td><div><ul>\n<li>This canonicalization method is identified by the URI <code>application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json#document</code> and <strong>SHALL</strong> be indicated in the <code>Signature.targetFormat</code> element.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-033\"> </a></b>CONF-033</td><td>SHALL</td><td><div><ul>\n<li>identifying This canonicalization method by the URI <code>application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json+xml#document</code> and <strong>SHALL</strong> indicate it in the <code>Signature.targetFormat</code> element.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-034\"> </a></b>CONF-034</td><td>SHALL</td><td><div><ul>\n<li><code>Bundle.id</code>, and <code>Bundle.meta</code> <strong>SHALL</strong> be removed before canonicalization. In other words, everything in a Bundle is signed <em>except</em> for these elements.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-035\"> </a></b>CONF-035</td><td>SHALL</td><td><div><ul>\n<li>For signatures representing the entire QuestionnaireResponse, <code>QuestionnaireResponse.id</code>, and <code>QuestionnaireResponse.meta</code> elements <strong>SHALL</strong> be removed before canonicalization. In other words, everything in a QuestionnaireResponse is signed <em>except</em> for these elements.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-036\"> </a></b>CONF-036</td><td>SHALL</td><td><div><ul>\n<li>For signatures representing an item in the QuestionnaireResponse, the <code>QuestionnaireResponse.item.id</code> <strong>SHALL</strong> be removed before canonicalization. In other words, everything in the <code>QuestionnaireResponse.item</code> is signed <em>except</em> for these elements.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-037\"> </a></b>CONF-037</td><td>SHALL</td><td><div><ul>\n<li>The signature <strong>SHALL</strong> include a <code>"srCms"</code> signer commitments" header element for the Purpose(s) of the Signature (see <a href=\"https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.01.01_60/ts_11918201v010101p.pdf\">JAdES-B-T</a>, page 17). The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013).</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-038\"> </a></b>CONF-038</td><td>SHALL</td><td><div><ul>\n<li>The <code>"srCms"</code> header <strong>SHALL</strong> contain an <code>"id": "urn:oid:1.2.840.10065.1.12.1.5"</code> (Verification Signature)</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-039\"> </a></b>CONF-039</td><td>SHALL</td><td><div><ul>\n<li>The <code>Signature.type.code</code> elements <strong>SHALL</strong> contain the same values as the <code>"srCms"</code> header ids.</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-040\"> </a></b>CONF-040</td><td>SHALL</td><td><div><ol>\n<li><strong>SHALL</strong> include an <code>"alg"</code> parameter for the JSON Web Algorithms (JWA) (see [RFC 7518]). <code>"alg": "RS256"</code> is preferred.</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-042\"> </a></b>CONF-042</td><td>SHALL</td><td><div><ol start=\"3\">\n<li><strong>SHALL</strong> have <code>"x5c"</code> (X.509 certificate chain) equal to an array of one or more base64-encoded (not base64url-encoded) DER representations of the public certificate or certificate chain (see [RFC 7517]).</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-043\"> </a></b>CONF-043</td><td>SHALL</td><td><div><ol>\n<li><strong>SHALL</strong> include a <code>"sigT"</code> header parameter with a timestamp of the signature.</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-044\"> </a></b>CONF-044</td><td>SHALL</td><td><div><ol start=\"2\">\n<li><strong>SHALL</strong> include a <code>"srCms"</code> signer commitments as defined above.</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-046\"> </a></b>CONF-046</td><td>SHALL</td><td><div><ol start=\"2\">\n<li><strong>SHALL</strong> support JWS compact serialization format for single signatures</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-048\"> </a></b>CONF-048</td><td>SHALL</td><td><div><ol start=\"4\">\n<li>The certificate <strong>SHALL</strong> include a Subject Alternative Name (SAN) which</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-049\"> </a></b>CONF-049</td><td>SHALL</td><td><div><p>include a Subject Alternative Name (SAN) which <strong>SHALL</strong> match the <code>Signature.who.identifier</code></p>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-045\"> </a></b>CONF-045</td><td>SHOULD</td><td><div><ol>\n<li><strong>SHOULD</strong> use the hashing algorithm SHA256. The signature validation policy will apply to the signature and determine the acceptability</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-047\"> </a></b>CONF-047</td><td>SHOULD</td><td><div><ol start=\"3\">\n<li><strong>SHOULD</strong> support [JWS JSON Serialization] format to represent multiple signatures with identical parameter values except <code>"x5c"</code>.</li>\n</ol>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-050\"> </a></b>CONF-050</td><td>SHOULD</td><td><div><ul>\n<li>The certificate Issuer <strong>SHOULD</strong> be a trusted CA for the Consumer</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-051\"> </a></b>CONF-051</td><td>SHOULD</td><td><div><ul>\n<li>The certificate KeyUsage <strong>SHOULD</strong> include 'DigitalSignature'</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-052\"> </a></b>CONF-052</td><td>SHOULD</td><td><div><ul>\n<li>The certificate Validity Dates <strong>SHOULD</strong> be appropriate/long enough as determined by the business partners</li>\n</ul>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr><tr><td><b><a name=\"CONF-032\"> </a></b>CONF-032</td><td>MAY</td><td><div><p>Implementers that support both XML and JSON wire formats <strong>MAY</strong> support cross format signatures by:</p>\n</div><p>Links: </p><ul><li>References: <a href=\"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse\">signatures.html</a></li></ul></td></tr></table></div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "claims"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm",
"valueInteger" : 2,
"_valueInteger" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-cdex/ImplementationGuide/hl7.fhir.us.davinci-cdex"
}
]
}
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status",
"valueCode" : "trial-use",
"_valueCode" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/davinci-cdex/ImplementationGuide/hl7.fhir.us.davinci-cdex"
}
]
}
}
],
"url" : "http://hl7.org/fhir/us/davinci-cdex/Requirements/cdex-signer",
"identifier" : [
{
"system" : "urn:ietf:rfc:3986",
"value" : "urn:oid:2.16.840.1.113883.4.642.40.21.36.4"
}
],
"version" : "2.1.0",
"name" : "CDexSignerRequirements",
"title" : "CDex Signer Requirements",
"status" : "draft",
"date" : "2026-06-10T20:32:01+00:00",
"publisher" : "HL7 International / Payer/Provider Information Exchange Work Group",
"contact" : [
{
"name" : "HL7 International / Payer/Provider Information Exchange Work Group",
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/claims"
},
{
"system" : "email",
"value" : "pie@lists.hl7.org"
}
]
}
],
"description" : "This [Requirements](https://hl7.org/fhir/R5/requirements.html) resource lists all the CDex Signer requirements defined in the narrative sections of this IG.",
"jurisdiction" : [
{
"coding" : [
{
"system" : "urn:iso:std:iso:3166",
"code" : "US"
}
]
}
],
"copyright" : "Used by permission of HL7 International all rights reserved Creative Commons License",
"statement" : [
{
"key" : "CONF-026",
"conformance" : [
"SHALL"
],
"conditionality" : true,
"requirement" : "\\* When using a FHIR Questionnaire to request data, the [DTR Standard Questionnaire] Profile is used to profile the Questionnaire. Both [CDex Task Attachment Request Profile] and the [DTR Standard Questionnaire] profile have the overlapping capability to indicate that a signature is required. Signers **SHALL** meet both the Task *and* Questionnaire signature expectations. The Task's signature input parameter represents the need for a verification signature for the QuestionnaireResponse. The [DTR Standard Questionnaire] profile supports many reasons for signatures, including verification signatures.",
"reference" : [
"signatures.html#cdex-signatures"
]
},
{
"key" : "CONF-027",
"conformance" : [
"SHALL"
],
"requirement" : "1. **SHALL** use the [CDex Digital Signature Profile] with the [CDex Signature Bundle Profile] for digitally signed Bundles and with the [CDex SDC QuestionnaireResponse Profile] for digitally signed QuestionnaireResponse. This Signature DataType profile enforces the various elements of digital signatures documented in this section.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-028",
"conformance" : [
"SHALL"
],
"requirement" : "1. Implementers **SHALL** follow the following FHIR R6 [JSON Signature rules](https://hl7.org/fhir/6.0.0-ballot3/datatypes.html#JSON)",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-029",
"conformance" : [
"SHALL"
],
"requirement" : "- The JWS mime type `application/jose` **SHALL** be indicated in the `Signature.sigFormat` element.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-030",
"conformance" : [
"SHALL"
],
"requirement" : "- CDEX is pre-adopting the changes to FHIR R6 json canonicalization guidance and **SHALL** use the IETF JSON Canonicalization Scheme (JCS) (see [RFC 8785]) to generate the canonical form of the resource. JCS is a well-documented standardized canonicalization algorithm with multiple open-source implementations across several programming languages.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-031",
"conformance" : [
"SHALL"
],
"requirement" : "- This canonicalization method is identified by the URI `application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json#document` and **SHALL** be indicated in the `Signature.targetFormat` element.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-033",
"conformance" : [
"SHALL"
],
"requirement" : "- identifying This canonicalization method by the URI `application/fhir+json;canonicalization=http://hl7.org/fhir/canonicalization/json+xml#document` and **SHALL** indicate it in the `Signature.targetFormat` element.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-034",
"conformance" : [
"SHALL"
],
"requirement" : "- `Bundle.id`, and `Bundle.meta` **SHALL** be removed before canonicalization. In other words, everything in a Bundle is signed *except* for these elements.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-035",
"conformance" : [
"SHALL"
],
"requirement" : "- For signatures representing the entire QuestionnaireResponse, `QuestionnaireResponse.id`, and `QuestionnaireResponse.meta` elements **SHALL** be removed before canonicalization. In other words, everything in a QuestionnaireResponse is signed *except* for these elements.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-036",
"conformance" : [
"SHALL"
],
"requirement" : "- For signatures representing an item in the QuestionnaireResponse, the `QuestionnaireResponse.item.id` **SHALL** be removed before canonicalization. In other words, everything in the `QuestionnaireResponse.item` is signed *except* for these elements.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-037",
"conformance" : [
"SHALL"
],
"requirement" : "- The signature **SHALL** include a `\"srCms\"` signer commitments\" header element for the Purpose(s) of the Signature (see [JAdES-B-T](https://www.etsi.org/deliver/etsi_ts/119100_119199/11918201/01.01.01_60/ts_11918201v010101p.pdf), page 17). The Purpose can be the action being attested to, or the role associated with the signature. The value shall come from ASTM E1762-95(2013).",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-038",
"conformance" : [
"SHALL"
],
"requirement" : "- The `\"srCms\"` header **SHALL** contain an `\"id\": \"urn:oid:1.2.840.10065.1.12.1.5\"` (Verification Signature)",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-039",
"conformance" : [
"SHALL"
],
"requirement" : "- The `Signature.type.code` elements **SHALL** contain the same values as the `\"srCms\"` header ids.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-040",
"conformance" : [
"SHALL"
],
"requirement" : "1. **SHALL** include an `\"alg\"` parameter for the JSON Web Algorithms (JWA) (see [RFC 7518]). `\"alg\": \"RS256\"` is preferred.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-042",
"conformance" : [
"SHALL"
],
"requirement" : "3. **SHALL** have `\"x5c\"` (X.509 certificate chain) equal to an array of one or more base64-encoded (not base64url-encoded) DER representations of the public certificate or certificate chain (see [RFC 7517]).",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-043",
"conformance" : [
"SHALL"
],
"requirement" : "1. **SHALL** include a `\"sigT\"` header parameter with a timestamp of the signature.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-044",
"conformance" : [
"SHALL"
],
"requirement" : "2. **SHALL** include a `\"srCms\"` signer commitments as defined above.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-046",
"conformance" : [
"SHALL"
],
"requirement" : "2. **SHALL** support JWS compact serialization format for single signatures",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-048",
"conformance" : [
"SHALL"
],
"requirement" : "4. The certificate **SHALL** include a Subject Alternative Name (SAN) which",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-049",
"conformance" : [
"SHALL"
],
"requirement" : "include a Subject Alternative Name (SAN) which **SHALL** match the `Signature.who.identifier`",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-045",
"conformance" : [
"SHOULD"
],
"requirement" : "1. **SHOULD** use the hashing algorithm SHA256. The signature validation policy will apply to the signature and determine the acceptability",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-047",
"conformance" : [
"SHOULD"
],
"requirement" : "3. **SHOULD** support [JWS JSON Serialization] format to represent multiple signatures with identical parameter values except `\"x5c\"`.",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-050",
"conformance" : [
"SHOULD"
],
"requirement" : "- The certificate Issuer **SHOULD** be a trusted CA for the Consumer",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-051",
"conformance" : [
"SHOULD"
],
"requirement" : "- The certificate KeyUsage **SHOULD** include 'DigitalSignature'",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-052",
"conformance" : [
"SHOULD"
],
"requirement" : "- The certificate Validity Dates **SHOULD** be appropriate/long enough as determined by the business partners",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
},
{
"key" : "CONF-032",
"conformance" : [
"MAY"
],
"requirement" : "Implementers that support both XML and JSON wire formats **MAY** support cross format signatures by:",
"reference" : [
"signatures.html#digital-signature-rules-and-guidance-for-cdex-bundle-and-questionnaireresponse"
]
}
]
}
IG © 2024+ HL7 International / Payer/Provider Information Exchange Work Group.
Package hl7.fhir.us.davinci-cdex#2.1.0 based on FHIR 4.0.1.
Generated
2026-06-10
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change