Canonical Resource Management Infrastructure Implementation Guide
2.0.0-ballot - STU 2 - Ballot
Canonical Resource Management Infrastructure Implementation Guide
2.0.0-ballot - STU 2 - Ballot
Canonical Resource Management Infrastructure Implementation Guide, published by HL7 International / Clinical Decision Support. This guide is not an authorized publication; it is the continuous build for version 2.0.0-ballot built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/crmi-ig/ and changes regularly. See the Directory of published versions
| Official URL: http://hl7.org/fhir/uv/crmi/Library/ExampleSignatureLibrary | Version: 2.0.0-ballot | |||
| Standards status: Informative | Computable Name: | |||
| Other Identifiers: OID:2.16.840.1.113883.4.642.40.38.28.13 | ||||
This example now demonstrates how to properly attach an artifact signature to a FHIR Library resource using the CRMI signature extension.
The generated SHA256 checksum of the current resource (which excludes id,
text, and meta), in minified JSON form is:
892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca
The signature data value after base64 decoding is a JWT:
eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q
The decoded JWT payload contains the following fields:
iss: The issuer of the signature, which is the CRMI server URL.hash: The SHA256 checksum of the resource in minified JSON form.
{
"iss": "https://localhost:3000/oidc",
"hash": "892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca"
}
The signature is created using the private key of the CRMI server, ensuring the integrity and authenticity of the resource. Clients can verify JWT signature using the public key provided by the CRMI server, and then verify the SHA256 checksum against the resource's content to ensure it has not been altered.
| Id: | ExampleSignatureLibrary |
|---|---|
| Version: | 2.0.0-ballot |
| Url: | ExampleSignatureLibrary |
|
urn:oid:2.16.840.1.113883.4.642.40.38.28.13 |
|
| Type: |
system: http://terminology.hl7.org/CodeSystem/library-type code: logic-library |
| Date: | 2025-08-01 16:38:28+0000 |
| Publisher: | HL7 International / Clinical Decision Support |
| Description: | This example now demonstrates how to properly attach an artifact signature to a FHIR Library resource using the CRMI signature extension. The generated SHA256 checksum of the current resource (which excludes The signature The decoded JWT payload contains the following fields:
The signature is created using the private key of the CRMI server, ensuring the integrity and authenticity of the resource. Clients can verify JWT signature using the public key provided by the CRMI server, and then verify the SHA256 checksum against the resource's content to ensure it has not been altered. |
| Jurisdiction: | 001 |
IG © 2022+ HL7 International / Clinical Decision Support. Package hl7.fhir.uv.crmi#2.0.0-ballot based on FHIR 4.0.1. Generated 2025-08-01
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change