Introduction
The GP Connect 0.7.2 release contains SDS changes that affects all consumers. The information on the JWT page has been rewritten to be more informative, and to address the JWT timing validation issue.
Please see below for further details.
0.7.2 changes
Migrate core changes from 1.2.3 into 0.5.2 and 0.7.2
Affects: Core
Description:
- Grouping of git issues raised to contain all the necessary changes required in 0.7.2 to align with changes made in 1.2.3, listed below:
Minimise likelihood of rejected tokens due to clock skew
Tickets: #640
Affects: Core
Description:
-
When determining validity of the JWT token, clock skew between consumer and provider may cause a token to be rejected.
-
The following addition has been made:
- Providers and consumers must synchronise their system clocks with NTP time servers
-
The following related clause has been added as was not previously explicitly stated:
- Providers must reject tokens that have expired (validate the
exp
element)
- Providers must reject tokens that have expired (validate the
-
Please note:
iat
should not be validated by providers
Pages changed:
Clarify ASID requirements and topologies for “aggregators”
Tickets: #616
Affects: Core
Description:
- Clarify that GP Connect consumer systems must have a unique ASID per organisation using the consumer system
- Where GP Connect consumer applications are hosted or provisioned by another organisation, the ASID sent in the
Ssp-From
header, and therequesting_organization
resource sent in the JWT must reflect the organisation from where the request originated, rather than the hosting organisation
Pages changed:
SDS query changes to support multiple consumers at a site
Tickets: #638
Affects: Core
Description:
-
Update SDS queries used by a consumer to locate a provider’s FHIR service root URL
-
Instead of querying the AS record first, query the MHS record first
-
Only provider systems hold GP Connect interaction IDs on their MHS record, this enables the new queries to return the providers endpoint deterministically
-
-
Adding information where a consumer system wants to lookup it’s own ASID
-
Please see the new queries on Overview and querying SDS for more information
Pages changed:
- Overview and querying SDS
- Rewrite and change of queries
- Spine integration illustrated
- Change order of SDS queries
- Registering systems in SDS
- Expand information to include requirement for consumer system registration
Consumer shall not amend the Provider service root URL as retrieved from SDS
Tickets: #652
Affects: Core
Description:
-
When a consumer systems construct a full URL to be sent to the SSP, they must not amend any part of the provider service root URL, except for prefixing with the SSP URL, and suffixing with the FHIR request path
-
The following examples will cause the SSP to reject the request:
- Changing the provider’s hostname to an IP address
- Adding an explicit
:443
port declaration where none exists in SDS
Pages changed:
Improve clarity of JWT population page for new consumers (cosmetic)
Tickets: #634
Affects: Core
Description:
- Clarifications to JWT population guidance for consumers
- Improved formatting and layout
Pages changed:
Change spec name of “GP Connect” to “GP Connect API” (cosmetic)
Tickets: #616
Affects: Core
Description:
- Specification name has changed from GP Connect to GP Connect API to maintain consistency with release of GP Connect Messaging specification
Pages changed:
Foundations
Update Conformance Profile version
Tickets: #653
Affects: Foundations, Access Record HTML
Description:
- Update version number in Conformance Statement to 0.7.2
Pages changed:
Access Record HTML
HTML Implementation Guidance Layout - Change Multi-table example
Tickets: #649
Affects: Access Record HTML
Description:
The multiple table example in the layout section of the HTML Implementation Guide uses the Problems and Issues view and shows 2 subsections.
The Problems and Issues view was changed from 2 subsections in v0.7.0 to having 3 sections in v0.7.1.
The example has been update to reflect this.
Pages changed:
Change warning message for patient transfers
Tickets: #650
Affects: Access Record HTML
Description:
Patient transfer banner message changed from:
Patient record transfer from previous GP practice not yet complete; any information recorded before dd-Mmm-yyyy has been excluded
to:
Patient record transfer from previous GP practice not yet complete; information recorded before dd-Mmm-yyyy may be missing
Pages changed:
Observations view does not include requirement for units of measure
Tickets: #651
Affects: Access Record HTML
Description:
More information provided to support the requirement for units of measure in Observations.
Requirement added to Implementation standards page to support displaying units where available.
Pages changed:
Updated Applied date ranges date banner text to remove word all
Tickets: N/A
Affects: Access Record HTML
Description:
Feedback from providers resulted in the removal of the word all from:
All data items from [Start Date]
All data items until [End Date]
to:
Data items from [Start Date]
Data items until [End Date]
Pages changed: