SMART Permission Tickets, published by . This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-permission-tickets-wip/ and changes regularly. See the Directory of published versions
Logical Model: Permission Ticket (JWT Payload)
| Official URL: http://smarthealthit.org/ig/permission-tickets/StructureDefinition/PermissionTicket | Version: 0.1.0 | |||
| Draft as of 2025-11-20 | Computable Name: PermissionTicket | |||
The full payload of a Permission Ticket, including standard JWT claims and the custom permission object.
Usages:
- This Logical Model is not used by any profiles in this Implementation Guide
You can also check for usages in the FHIR IG Statistics
Formal Views of Profile Content
Description of Profiles, Differentials, Snapshots and how the different presentations work.
| Name | Flags | Card. | Type | Description & Constraints Filter:   |
|---|---|---|---|---|
  PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
  iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
  ticket_context |
1..1 | BackboneElement | Permission Details | |
 @id |
0..1 | string | Unique id for inter-element referencing | |
 extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
 modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
 subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
 @id |
0..1 | string | Resource ID | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
 traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
 identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
Constraints
| Id | Grade | Path(s) | Description | Expression |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
This structure is derived from Base
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
| iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
| ticket_context |
1..1 | BackboneElement | Permission Details | |
| subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
| traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
| @id |
0..1 | string | Resource ID | |
| identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
| iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
| ticket_context |
1..1 | BackboneElement | Permission Details | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
| @id |
0..1 | string | Resource ID | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
| traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
| identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
Constraints
| Id | Grade | Path(s) | Description | Expression |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
This structure is derived from Base
Key Elements View
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
| iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
| ticket_context |
1..1 | BackboneElement | Permission Details | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
| @id |
0..1 | string | Resource ID | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
| traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
| identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
Constraints
| Id | Grade | Path(s) | Description | Expression |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
Differential View
This structure is derived from Base
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
| iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
| ticket_context |
1..1 | BackboneElement | Permission Details | |
| subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
| traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
| @id |
0..1 | string | Resource ID | |
| identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
Snapshot View
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| PermissionTicket |
0..* | Base | Permission Ticket (JWT Payload) | |
| iss |
1..1 | string | Issuer (Trust Broker URL) | |
| sub |
1..1 | string | Subject (Client ID) | |
| aud |
1..1 | string | Audience (Network/Data Holder) | |
| exp |
0..1 | integer | Expiration Timestamp | |
| jti |
0..1 | string | Unique Ticket ID | |
| ticket_context |
1..1 | BackboneElement | Permission Details | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| subject |
1..1 | BackboneElement | The Patient or Subject of the data | |
| @id |
0..1 | string | Resource ID | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
0..1 | code | Type of subject match (e.g., 'match' or 'reference') | |
| traits |
0..1 | Patient | Demographic traits for matching | |
| resourceType |
0..1 | string | Resource Type (e.g. Patient) | |
| identifier |
0..* | Identifier | Business Identifier | |
| actor |
0..1 | BackboneElement | The Requesting Agent | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| resourceType |
1..1 | string | Type of actor (PractitionerRole, RelatedPerson, Organization) | |
| name |
0..* | HumanName | Name of the actor | |
| telecom |
0..* | ContactPoint | Contact details | |
| identifier |
0..* | Identifier | Actor identifiers (NPI, etc) | |
| relationship |
0..* | CodeableConcept | Relationship to subject | |
| type |
0..* | CodeableConcept | Organization type | |
| contained |
0..* | Resource | Embedded resources | |
| context |
0..1 | BackboneElement | The Trigger Event | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
1..1 | Coding | Type of context (e.g. ActReason) | |
| focus |
0..1 | Coding | Clinical Focus (e.g. Condition) | |
| identifier |
0..* | Identifier | Issuer-specific identifiers (Case ID, etc) | |
| capability |
1..1 | BackboneElement | Access Capabilities | |
| @id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| scopes |
0..* | string | SMART Scopes (e.g. patient/Immunization.read) | |
| periods |
0..* | Period | Time restrictions (Service Date) | |
| locations |
0..* | Address | Allowed Locations (Jurisdictions) | |
| organizations |
0..* | Organization | Allowed Organizations | |
| Documentation for this format | ||||
Constraints
| Id | Grade | Path(s) | Description | Expression |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
This structure is derived from Base