IP Review

Unattributed Code Systems

Copyright Fragment

This fragment is not visible to the reader

No use of external IP (other than from the FHIR specification)

Copyright and Registered Trademark Uses

IG © 2024+ . Package smart.permission-tickets#0.1.0 based on FHIR 4.0.1. Generated 2026-03-31 Links: Table of Contents | QA Report ( src )
hl7.fhir.us.hai: Healthcare Associated Infection Implementation Guide ®© HL7 | CC0 ( src )
SMART Permission Tickets, published by . This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-permission-tickets-wip/ and changes regularly. See the Directory of published versions ( src )

External References

Type Reference Content

web github.com SMART Permission Tickets, published by . This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-permission-tickets-wip/ and changes regularly. See the Directory of published versions

web www.rfc-editor.org A Permission Ticket is an issuer-signed, sender-constrained JWT presented to a Data Holder's token endpoint via OAuth 2.0 Token Exchange (RFC 8693) . It allows a client to redeem a portable authorization grant at any eligible Data Holder within the ticket's audience, without requiring the issuer to know where the subject has received care.

web www.rfc-editor.org A trusted issuer mints a Permission Ticket and delivers it to the client. The client presents the ticket as a subject_token in an RFC 8693 token exchange request, authenticating itself with a separate client_assertion . The Data Holder authenticates the client (standard SMART Backend Services), then validates the ticket: signature, issuer trust, audience, key binding, and access constraints. If valid, it issues an access token scoped to the intersection of requested and ticket-authorized access.

web www.rfc-editor.org Permission Tickets are presented via OAuth 2.0 Token Exchange (RFC 8693) . The client authenticates using SMART Backend Services conventions (JWT client_assertion per RFC 7523 ) and presents the Permission Ticket as a separate subject_token parameter. This cleanly separates client authentication from the authorization grant : the client_assertion proves client identity; the subject_token carries the Permission Ticket.

Type	Reference	Content
web	github.com	SMART Permission Tickets, published by . This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-permission-tickets-wip/ and changes regularly. See the Directory of published versions
web	www.rfc-editor.org	A Permission Ticket is an issuer-signed, sender-constrained JWT presented to a Data Holder's token endpoint via OAuth 2.0 Token Exchange (RFC 8693) . It allows a client to redeem a portable authorization grant at any eligible Data Holder within the ticket's audience, without requiring the issuer to know where the subject has received care.
web	www.rfc-editor.org	A trusted issuer mints a Permission Ticket and delivers it to the client. The client presents the ticket as a `subject_token` in an RFC 8693 token exchange request, authenticating itself with a separate `client_assertion` . The Data Holder authenticates the client (standard SMART Backend Services), then validates the ticket: signature, issuer trust, audience, key binding, and access constraints. If valid, it issues an access token scoped to the intersection of requested and ticket-authorized access.
web	www.rfc-editor.org	Permission Tickets are presented via OAuth 2.0 Token Exchange (RFC 8693) . The client authenticates using SMART Backend Services conventions (JWT `client_assertion` per RFC 7523 ) and presents the Permission Ticket as a separate `subject_token` parameter. This cleanly separates client authentication from the authorization grant : the `client_assertion` proves client identity; the `subject_token` carries the Permission Ticket.
web	openid.net	OpenID Federation 1.0
web	www.udap.org	UDAP
web	www.rfc-editor.org	A Permission Ticket MAY bind redemption to a specific client key using the `cnf` (Confirmation, RFC 7800 ) claim:
web	www.rfc-editor.org	`cnf.jkt` : JWK Thumbprint ( RFC 7638 ) of the authorized client's public key
web	www.rfc-editor.org	Binding: When present, `PermissionTicket.cnf.jkt` binds redemption to a specific client key via its JWK Thumbprint ( RFC 7638 ). Data Holders compute the thumbprint of the `client_assertion` signing key and verify it matches. When `cnf` is absent, `aud` + client authentication provide the trust boundary.

web

openid.net

OpenID Federation 1.0

web

www.udap.org

UDAP

web www.rfc-editor.org A Permission Ticket MAY bind redemption to a specific client key using the cnf (Confirmation, RFC 7800 ) claim:

web www.rfc-editor.org cnf.jkt : JWK Thumbprint ( RFC 7638 ) of the authorized client's public key

web www.rfc-editor.org Binding: When present, PermissionTicket.cnf.jkt binds redemption to a specific client key via its JWK Thumbprint ( RFC 7638 ). Data Holders compute the thumbprint of the client_assertion signing key and verify it matches. When cnf is absent, aud + client authentication provide the trust boundary.

Internal Images

tree-filter.png