Skip to main content

Models

All authentication is stored in three key FHIR resources.

Authorization

The following resources are used to authorize users in the system:

AccessPolicy

We use AccessPolicy resources to define the authorization rules for the system. This is how we determine if a user has access to a resource.

Authentication

The following resources are used to authenticate users in the system:

Membership

Membership is used to represent a physical person in the system. Membership resources can be linked to clinical resources like Patient and/or Practitioner which will then be used during SMART on FHIR authentication.

ClientApplication

ClientApplications with client_credentials grant type can be used to authenticate with the system. The user is represented in this case as the ClientApplication itself.

OperationDefinition

OperationDefinition resources can be used to define custom operations that can be invoked by the system. This is how custom logic can be performed on the server. Each OperationDefinition that performs alterations on the server is represented as a user.