• documentatie
  • push autorisation: url usage and schema

    • Push autorisation: URL usage and schema

    This document describes the URL schema and corresponding usage properties of references— the core of the push authorization system.

    The mantra for this standard is: don’t copy data, copy references. Rather than pushing or retrieving data, push authorization (PA-URLs) or references are sent and used by the recipient to retrieve data directly from the source. Security is provided by binding the recipient to the PA-URL and by applying a policy to this recipient – based on e.g., its role – that determines what it may do with the PA-URL, for example: obtain data (and if so, what data), copy the PA-URL to send it onward (and if so, to what types of healthcare professional may it be sent onward), etc.

    The system is very flexible in the way it is used, giving plenty of options to apply the system to various (health) workflows. The specification describes a number of currently available options.

    The definitive/authoritive description of what is allowed using the push authorization system is maintained by the standard’s IP holder: Stichting Decozo / Decozo foundation. Please check https://docs.decozo.org/ to ensure you have the latest version and to obtain licensing terms for using the standard. (TODO).

    Here is the rc0 definition of the standard: https://drafts.docs.decozo.org.dev.albatros.mcsr.nl/docs (hidden, TODO update once the rc0 is published).