From 5b08d089c976c0760cfd61587ebc3f719f0db2c3 Mon Sep 17 00:00:00 2001 From: Quentin Ligier Date: Fri, 23 Feb 2024 11:00:05 +0100 Subject: [PATCH] Add support for Trace-Context Fixes #94 --- input/fsh/PatientCreate.fsh | 7 ++++--- input/fsh/PatientDelete.fsh | 7 ++++--- input/fsh/PatientQuery.fsh | 7 ++++--- input/fsh/PatientRead.fsh | 7 ++++--- input/fsh/PatientUpdate.fsh | 7 ++++--- input/fsh/ex-patientQuery.fsh | 10 +++++----- input/fsh/terms.fsh | 4 +++- .../AuditEvent-ex-auditBasicQueryGetClient-intro.md | 4 ++-- input/pagecontent/content.md | 8 ++++++-- 9 files changed, 36 insertions(+), 25 deletions(-) diff --git a/input/fsh/PatientCreate.fsh b/input/fsh/PatientCreate.fsh index 06074be..06dd6ed 100644 --- a/input/fsh/PatientCreate.fsh +++ b/input/fsh/PatientCreate.fsh @@ -52,16 +52,17 @@ A basic AuditEvent profile for when a RESTful Create action happens successfully * agent[user].network 0..0 // users are not network devices * agent[user].purposeOfUse MS // if the OAuth token includes a PurposeOfUse it is recorded here * source MS // what agent recorded the event. Likely the client or server but might be an intermediary -* entity ^slicing.discriminator.type = #pattern +* entity ^slicing.discriminator.type = #value * entity ^slicing.discriminator.path = "type" * entity ^slicing.rules = #open * entity 1.. * entity contains transaction 0..1 and data 1..1 -* entity[transaction].type = BasicAuditEntityType#XrequestId +* entity[transaction].type.system = "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType" +* entity[transaction].type from BasicAuditEntityTypesVS (required) * entity[transaction].what.identifier.value 1..1 -* entity[transaction].what.identifier.value ^short = "the value of X-Request-Id" +* entity[transaction].what.identifier.value ^short = "the value of the transaction identifier" * entity[data].type = http://terminology.hl7.org/CodeSystem/audit-entity-type#2 // "System Object" * entity[data].role from RestObjectRoles (required) * entity[data].role 1.. diff --git a/input/fsh/PatientDelete.fsh b/input/fsh/PatientDelete.fsh index bbb685a..44dbddd 100644 --- a/input/fsh/PatientDelete.fsh +++ b/input/fsh/PatientDelete.fsh @@ -52,16 +52,17 @@ A basic AuditEvent profile for when a RESTful Delete action happens successfully * agent[user].network 0..0 // users are not network devices * agent[user].purposeOfUse MS // if the OAuth token includes a PurposeOfUse it is recorded here * source MS // what agent recorded the event. Likely the client or server but might be an intermediary -* entity ^slicing.discriminator.type = #pattern +* entity ^slicing.discriminator.type = #value * entity ^slicing.discriminator.path = "type" * entity ^slicing.rules = #open * entity 1.. * entity contains transaction 0..1 and data 1..1 -* entity[transaction].type = BasicAuditEntityType#XrequestId +* entity[transaction].type.system = "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType" +* entity[transaction].type from BasicAuditEntityTypesVS (required) * entity[transaction].what.identifier.value 1..1 -* entity[transaction].what.identifier.value ^short = "the value of X-Request-Id" +* entity[transaction].what.identifier.value ^short = "the value of the transaction identifier" * entity[data].type = http://terminology.hl7.org/CodeSystem/audit-entity-type#2 // "System Object" * entity[data].role from RestObjectRoles (required) * entity[data].role 1.. diff --git a/input/fsh/PatientQuery.fsh b/input/fsh/PatientQuery.fsh index b8f14d2..f97a737 100644 --- a/input/fsh/PatientQuery.fsh +++ b/input/fsh/PatientQuery.fsh @@ -71,16 +71,17 @@ Note: the pattern defined in DICOM and IHE have the client is identified as the * agent[user].network 0..0 // users are not network devices * agent[user].purposeOfUse MS // if the OAuth token includes a PurposeOfUse it is recorded here * source MS // what agent recorded the event. Likely the client or server but might be an intermediary -* entity ^slicing.discriminator.type = #pattern +* entity ^slicing.discriminator.type = #value * entity ^slicing.discriminator.path = "type" * entity ^slicing.rules = #open * entity 1.. * entity contains transaction 0..1 and query 1..1 -* entity[transaction].type = BasicAuditEntityType#XrequestId +* entity[transaction].type.system = "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType" +* entity[transaction].type from BasicAuditEntityTypesVS (required) * entity[transaction].what.identifier.value 1..1 -* entity[transaction].what.identifier.value ^short = "the value of X-Request-Id" +* entity[transaction].what.identifier.value ^short = "the value of the transaction identifier" * entity[query].type = http://terminology.hl7.org/CodeSystem/audit-entity-type#2 // "System Object" * entity[query].role = http://terminology.hl7.org/CodeSystem/object-role#24 // "Query" * entity[query].role 1.. diff --git a/input/fsh/PatientRead.fsh b/input/fsh/PatientRead.fsh index c2710ba..d152a4d 100644 --- a/input/fsh/PatientRead.fsh +++ b/input/fsh/PatientRead.fsh @@ -58,16 +58,17 @@ A basic AuditEvent profile for when a RESTful Read action happens successfully. * agent[user].network 0..0 // users are not network devices * agent[user].purposeOfUse MS // if the OAuth token includes a PurposeOfUse it is recorded here * source MS // what agent recorded the event. Likely the client or server but might be an intermediary -* entity ^slicing.discriminator.type = #pattern +* entity ^slicing.discriminator.type = #value * entity ^slicing.discriminator.path = "type" * entity ^slicing.rules = #open * entity 1.. * entity contains transaction 0..1 and data 1..1 -* entity[transaction].type = BasicAuditEntityType#XrequestId +* entity[transaction].type.system = "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType" +* entity[transaction].type from BasicAuditEntityTypesVS (required) * entity[transaction].what.identifier.value 1..1 -* entity[transaction].what.identifier.value ^short = "the value of X-Request-Id" +* entity[transaction].what.identifier.value ^short = "the value of the transaction identifier" * entity[data].type = http://terminology.hl7.org/CodeSystem/audit-entity-type#2 // "System Object" * entity[data].role from RestObjectRoles (required) * entity[data].what 1..1 diff --git a/input/fsh/PatientUpdate.fsh b/input/fsh/PatientUpdate.fsh index 62f6801..db407f3 100644 --- a/input/fsh/PatientUpdate.fsh +++ b/input/fsh/PatientUpdate.fsh @@ -61,16 +61,17 @@ A basic AuditEvent profile for when a RESTful Update action happens successfully * agent[user].network 0..0 // users are not network devices * agent[user].purposeOfUse MS // if the OAuth token includes a PurposeOfUse it is recorded here * source MS // what agent recorded the event. Likely the client or server but might be an intermediary -* entity ^slicing.discriminator.type = #pattern +* entity ^slicing.discriminator.type = #value * entity ^slicing.discriminator.path = "type" * entity ^slicing.rules = #open * entity 1.. * entity contains transaction 0..1 and data 1..1 -* entity[transaction].type = BasicAuditEntityType#XrequestId +* entity[transaction].type.system = "https://profiles.ihe.net/ITI/BALP/CodeSystem/BasicAuditEntityType" +* entity[transaction].type from BasicAuditEntityTypesVS (required) * entity[transaction].what.identifier.value 1..1 -* entity[transaction].what.identifier.value ^short = "the value of X-Request-Id" +* entity[transaction].what.identifier.value ^short = "the value of the transaction identifier" * entity[data].type = http://terminology.hl7.org/CodeSystem/audit-entity-type#2 // "System Object" * entity[data].role from RestObjectRoles (required) * entity[data].role 1.. diff --git a/input/fsh/ex-patientQuery.fsh b/input/fsh/ex-patientQuery.fsh index c85d038..e9ba68a 100644 --- a/input/fsh/ex-patientQuery.fsh +++ b/input/fsh/ex-patientQuery.fsh @@ -116,7 +116,7 @@ Audit Example for a RESTful Query using GET with a patient subject, recorded by - user is John Smith - query is for an Observation for given patient - patient is specified -- X-Request-Id is specified +- traceparent is specified """ * meta.security = http://terminology.hl7.org/CodeSystem/v3-ActReason#HTEST * type = http://terminology.hl7.org/CodeSystem/audit-event-type#rest "Restful Operation" @@ -148,11 +148,11 @@ Audit Example for a RESTful Query using GET with a patient subject, recorded by * entity[query].description = """ GET test.fhir.org/r4/Observation?patient=ex-patient&_lastUpdated=gt2020-11-06T21:52:30.300Z&_sort=_lastUpdated&_count=10 Accept: application/fhir+json; fhirVersion=4.0 -X-Request-Id: cc6d168e-5871-11ec-bf63-0242ac130002 +traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01 """ -* entity[query].query = "R0VUIHRlc3QuZmhpci5vcmcvcjQvT2JzZXJ2YXRpb24/cGF0aWVudD1leC1wYXRpZW50Jl9sYXN0VXBkYXRlZD1ndDIwMjAtMTEtMDZUMjE6NTI6MzAuMzAwWiZfc29ydD1fbGFzdFVwZGF0ZWQmX2NvdW50PTEwCkFjY2VwdDogYXBwbGljYXRpb24vZmhpcitqc29uOyBmaGlyVmVyc2lvbj00LjAKWC1SZXF1ZXN0LUlkOiBjYzZkMTY4ZS01ODcxLTExZWMtYmY2My0wMjQyYWMxMzAwMDI=" -* entity[transaction].type = BasicAuditEntityType#XrequestId -* entity[transaction].what.identifier.value = "cc6d168e-5871-11ec-bf63-0242ac130002" +* entity[query].query = "R0VUIHRlc3QuZmhpci5vcmcvcjQvT2JzZXJ2YXRpb24/cGF0aWVudD1leC1wYXRpZW50Jl9sYXN0VXBkYXRlZD1ndDIwMjAtMTEtMDZUMjE6NTI6MzAuMzAwWiZfc29ydD1fbGFzdFVwZGF0ZWQmX2NvdW50PTEwCkFjY2VwdDogYXBwbGljYXRpb24vZmhpcitqc29uOyBmaGlyVmVyc2lvbj00LjAKdHJhY2VwYXJlbnQ6IDAwLTBhZjc2NTE5MTZjZDQzZGQ4NDQ4ZWIyMTFjODAzMTljLWI3YWQ2YjcxNjkyMDMzMzEtMDE=" +* entity[transaction].type = BasicAuditEntityType#Traceparent +* entity[transaction].what.identifier.value = "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01" diff --git a/input/fsh/terms.fsh b/input/fsh/terms.fsh index fa7cfc1..64c7171 100644 --- a/input/fsh/terms.fsh +++ b/input/fsh/terms.fsh @@ -1,5 +1,5 @@ // This FSH file contains vocabulary unique to BasicAudit, that is used by many profiles. -// Some vocabulary are specific to one profile, and is thus defiend with that profile. +// Some vocabulary are specific to one profile, and is thus defined with that profile. CodeSystem: BasicAuditEntityType Title: "Entity Types that are defined in IHE BasicAudit" @@ -9,6 +9,8 @@ These are new codes used in BasicAudit IG, where AuditEvent.entity is used to ho * ^caseSensitive = true * ^experimental = false * #XrequestId "transport specific unique identifier where http X-Request-Id is used" +* #Traceparent "transport specific unique identifier where http traceparent is used" +* #Tracestate "transport specific unique identifier where http tracestate is used" diff --git a/input/pagecontent/AuditEvent-ex-auditBasicQueryGetClient-intro.md b/input/pagecontent/AuditEvent-ex-auditBasicQueryGetClient-intro.md index f20b94b..71ef008 100644 --- a/input/pagecontent/AuditEvent-ex-auditBasicQueryGetClient-intro.md +++ b/input/pagecontent/AuditEvent-ex-auditBasicQueryGetClient-intro.md @@ -8,12 +8,12 @@ Audit Example for a RESTful Query using GET with a patient subject, recorded by - user is John Smith - query is for an Observation for given patient - patient is specified -- X-Request-Id is specified +- traceparent is specified The http GET requested ``` GET test.fhir.org/r4/Observation?patient=ex-patient&_lastUpdated=gt2020-11-06T21:52:30.300Z&_sort=_lastUpdated&_count=10 Accept: application/fhir+json; fhirVersion=4.0 -X-Request-Id: cc6d168e-5871-11ec-bf63-0242ac130002 +traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01 ``` diff --git a/input/pagecontent/content.md b/input/pagecontent/content.md index 31d1132..b92950a 100644 --- a/input/pagecontent/content.md +++ b/input/pagecontent/content.md @@ -30,9 +30,13 @@ Execute (search and query) | [Query](StructureDefinition-IHE.BasicAudit.Query.ht An example of an auditable event being recorded by the client and server is represented by the Create examples. -#### 3:5.7.3.1 X-Request-Id header +#### 3:5.7.3.1 Transaction identifiers -Where it is known that an http RESTful transaction included an X-Request-Id, that value should be recorded in an .entity dedicated to X-Request-Id. This ID can be used to correlated AuditEvents from client and server, and may aid with correlation on further activities recorded caused by the transaction. This means that the .entity holding the X-Request-Id may appear in AuditEvents beyond those defined here. +When a transaction contains an identifier (such as the `X-Request-Id` and `traceparent`/`tracestate` HTTP headers), that +value should be recorded in an .entity dedicated to transaction identifiers. This ID can be used to correlated +AuditEvents from client and server, and may aid with correlation on further activities recorded caused by the +transaction. This means that the .entity holding the transaction identifier may appear in AuditEvents beyond those +defined here. ### 3:5.7.4 SAML Security Token