From 324b8fb3a99feabed225c7968f195506a1463d76 Mon Sep 17 00:00:00 2001
From: VHofman <vincent.hofman@kereval.com>
Date: Wed, 15 Jan 2025 17:57:12 +0100
Subject: [PATCH] Adding the validation profiles for PPQm + updating the
documentation
---
...lePrivacyPolicyFeed-ValidationProfile.json | 180 +++++++++++++++
...acyPolicyBundleFeed-ValidationProfile.json | 148 ++++++++++++
...ivacyPolicyRetrieve-ValidationProfile.json | 217 ++++++++++++++++++
EHS/PPQm/README.md | 8 +-
4 files changed, 549 insertions(+), 4 deletions(-)
create mode 100644 EHS/PPQm/CH-PPQ-3-MobilePrivacyPolicyFeed-ValidationProfile.json
create mode 100644 EHS/PPQm/CH-PPQ-4-MobilePrivacyPolicyBundleFeed-ValidationProfile.json
create mode 100644 EHS/PPQm/CH-PPQ-5-MobilePrivacyPolicyRetrieve-ValidationProfile.json
diff --git a/EHS/PPQm/CH-PPQ-3-MobilePrivacyPolicyFeed-ValidationProfile.json b/EHS/PPQm/CH-PPQ-3-MobilePrivacyPolicyFeed-ValidationProfile.json
new file mode 100644
index 0000000..e0cd48d
--- /dev/null
+++ b/EHS/PPQm/CH-PPQ-3-MobilePrivacyPolicyFeed-ValidationProfile.json
@@ -0,0 +1,180 @@
+{
+ "profileType": "HTTPREQUEST",
+ "id": "CH-PPQ-3-MobilePrivacyPolicyFeed",
+ "name": "PPQ-3_HTTP_POST_PUT_DELETE_Consent Request",
+ "description": "Validation Profile for validating a PPQ-3 Feed",
+ "context": "EPR",
+ "assertions": [
+ {
+ "selector": "request.method",
+ "id": "MethodChecking",
+ "description": "HTTP method shall be either POST, PUT or DELETE",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "CLOSEDLIST",
+ "values": [
+ "POST",
+ "PUT",
+ "DELETE"
+ ]
+ }
+ ]
+ },
+ {
+ "selector": "request.version",
+ "id": "HTTP1VersionChecking",
+ "description": "The HTTP version shall be HTTP/1.1 ",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "FIXEDVALUE",
+ "fixedValue": "HTTP/1.1"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.path",
+ "id": "URIRegexChecking",
+ "description": "The PPQ-3 request SHALL be sent to [baseUrl]/Consent",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(\\S)+\\/Consent$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Host').values",
+ "id": "HostChecking",
+ "description": "Host Shall be a server name; Regex: ^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_presence",
+ "description": "The Authorization parameter is mandatory.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 1,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_value",
+ "description": "Authorization parameter's value SHALL be Bearer, followed by the token.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('Authorization').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^Bearer\\ [-a-zA-Z0-9._~+\\/]+=*$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_presence",
+ "description": "The traceparent parameter is mandatory in the HTTP header.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_value",
+ "description": "traceparent parameter's value SHALL be as defined in fhir.ch, section tracecontext.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('traceparent').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(?!f{2})([\\da-f]{2})-(?!0{32})([\\da-f]{32})-(?!0{16})([\\da-f]{16})-([\\da-f]{2})$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('identifier').values",
+ "id": "identifier_parameter_presence",
+ "description": "identifier parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('identifier').values",
+ "id": "identifier_parameter_value",
+ "description": "identifier parameter is a UUID as defined in FHIR Datatypes. Regex: ^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('identifier').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_presence",
+ "description": "_format parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_value",
+ "description": "_format parameter's value shall be either json or xml.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.uri.queryParams('_format').values.size() > 0",
+ "checks": [
+ {
+ "type": "CLOSEDLIST",
+ "values": [
+ "json",
+ "xml"
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/EHS/PPQm/CH-PPQ-4-MobilePrivacyPolicyBundleFeed-ValidationProfile.json b/EHS/PPQm/CH-PPQ-4-MobilePrivacyPolicyBundleFeed-ValidationProfile.json
new file mode 100644
index 0000000..032d039
--- /dev/null
+++ b/EHS/PPQm/CH-PPQ-4-MobilePrivacyPolicyBundleFeed-ValidationProfile.json
@@ -0,0 +1,148 @@
+{
+ "profileType": "HTTPREQUEST",
+ "id": "CH-PPQ-4-MobilePrivacyPolicyBundleFeed",
+ "name": "PPQ-4_HTTP_POST_BaseURL Request",
+ "description": "Validation Profile for validating a PPQ-4 Bundle Feed",
+ "context": "EPR",
+ "assertions": [
+ {
+ "selector": "request.method",
+ "id": "MethodChecking",
+ "description": "The only HTTP method which SHALL be supported is POST.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "FIXEDVALUE",
+ "fixedValue": "POST"
+ }
+ ]
+ },
+ {
+ "selector": "request.version",
+ "id": "HTTP1VersionChecking",
+ "description": "The HTTP version shall be HTTP/1.1 ",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "FIXEDVALUE",
+ "fixedValue": "HTTP/1.1"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.path",
+ "id": "URIRegexChecking",
+ "description": "The PPQ-4 request SHALL be sent to [baseUrl].",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(\\S)$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Host').values",
+ "id": "HostChecking",
+ "description": "Host Shall be a server name; Regex: ^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_presence",
+ "description": "The Authorization parameter is mandatory.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 1,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_value",
+ "description": "Authorization parameter's value SHALL be Bearer, followed by the token.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('Authorization').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^Bearer\\ [-a-zA-Z0-9._~+\\/]+=*$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_presence",
+ "description": "The traceparent parameter is mandatory in the HTTP header.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_value",
+ "description": "traceparent parameter's value SHALL be as defined in fhir.ch, section tracecontext.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('traceparent').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(?!f{2})([\\da-f]{2})-(?!0{32})([\\da-f]{32})-(?!0{16})([\\da-f]{16})-([\\da-f]{2})$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_presence",
+ "description": "_format parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_value",
+ "description": "_format parameter's value shall be either json or xml.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.uri.queryParams('_format').values.size() > 0",
+ "checks": [
+ {
+ "type": "CLOSEDLIST",
+ "values": [
+ "json",
+ "xml"
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/EHS/PPQm/CH-PPQ-5-MobilePrivacyPolicyRetrieve-ValidationProfile.json b/EHS/PPQm/CH-PPQ-5-MobilePrivacyPolicyRetrieve-ValidationProfile.json
new file mode 100644
index 0000000..103bb21
--- /dev/null
+++ b/EHS/PPQm/CH-PPQ-5-MobilePrivacyPolicyRetrieve-ValidationProfile.json
@@ -0,0 +1,217 @@
+{
+ "profileType": "HTTPREQUEST",
+ "id": "CH-PPQ-5-MobilePrivacyPolicyRetrieve",
+ "name": "PPQ-5_HTTP_GET_Consent Request",
+ "description": "Validation Profile for validating a PPQ-5 Retrieve",
+ "context": "EPR",
+ "assertions": [
+ {
+ "selector": "request.method",
+ "id": "MethodChecking",
+ "description": "The only HTTP method which SHALL be supported is GET.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "FIXEDVALUE",
+ "fixedValue": "GET"
+ }
+ ]
+ },
+ {
+ "selector": "request.version",
+ "id": "HTTP1VersionChecking",
+ "description": "The HTTP version shall be HTTP/1.1 ",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "FIXEDVALUE",
+ "fixedValue": "HTTP/1.1"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.path",
+ "id": "URIRegexChecking",
+ "description": "The PPQ-5 request SHALL be sent to [baseUrl]/Consent.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(\\S)+\\/Consent$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Host').values",
+ "id": "HostChecking",
+ "description": "Host Shall be a server name; Regex: ^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(http[s]?:\\/\\/)?[a-zA-Z0-9.\\-\\/]+(:(\\d)+)?$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_presence",
+ "description": "The Authorization parameter is mandatory.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 1,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('Authorization').values",
+ "id": "Authorization_parameter_value",
+ "description": "Authorization parameter's value SHALL be Bearer, followed by the token.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('Authorization').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^Bearer\\ [-a-zA-Z0-9._~+\\/]+=*$"
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_presence",
+ "description": "The traceparent parameter is mandatory in the HTTP header.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.headers('traceparent').values",
+ "id": "traceparent_parameter_value",
+ "description": "traceparent parameter's value SHALL be as defined in fhir.ch, section tracecontext.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.headers('traceparent').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(?!f{2})([\\da-f]{2})-(?!0{32})([\\da-f]{32})-(?!0{16})([\\da-f]{16})-([\\da-f]{2})$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri",
+ "id": "identifier_parameter_presence",
+ "description": "(patient:)identifier parameter is mandatory.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^(\\S)*(patient:)?identifier(\\S)$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('patient:identifier').values",
+ "id": "patient:identifier_parameter_presence",
+ "description": "patient:identifier parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('patient:identifier').values",
+ "id": "patient:identifier_parameter_value",
+ "description": "Patient identifier parameter is a EPR-SPID. Regex: ^urn:oid:2\\.16\\.756\\.5\\.30\\.1\\.127\\.3\\.10\\.3|\\d{18}$.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.uri.queryParams('patient:identifier').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^urn:oid:2\\.16\\.756\\.5\\.30\\.1\\.127\\.3\\.10\\.3|\\d{18}$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('identifier').values",
+ "id": "identifier_parameter_presence",
+ "description": "identifier parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('identifier').values",
+ "id": "identifier_parameter_value",
+ "description": "identifier parameter is a UUID as defined in FHIR Datatypes. Regex: ^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.uri.queryParams('identifier').values.size() > 0",
+ "checks": [
+ {
+ "type": "REGEX",
+ "regex": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_presence",
+ "description": "_format parameter can be used only once.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "checks": [
+ {
+ "type": "OCCURRENCE",
+ "minOccurrence": 0,
+ "maxOccurrence": 1
+ }
+ ]
+ },
+ {
+ "selector": "request.uri.queryParams('_format').values",
+ "id": "_format_parameter_value",
+ "description": "_format parameter's value shall be either json or xml.",
+ "requirementPriority": "MANDATORY",
+ "checksComposition": "oneOf",
+ "applyIf": "request.uri.queryParams('_format').values.size() > 0",
+ "checks": [
+ {
+ "type": "CLOSEDLIST",
+ "values": [
+ "json",
+ "xml"
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/EHS/PPQm/README.md b/EHS/PPQm/README.md
index 1c089b2..1a71126 100644
--- a/EHS/PPQm/README.md
+++ b/EHS/PPQm/README.md
@@ -35,7 +35,7 @@ This validation profile's documentation references:
| _format_parameter_value | CLOSEDLIST | [json,xml] | _format parameter's value shall be either json or xml. |
-## PPQ-4 Mobile Privacy Policy Feed assertions
+## PPQ-4 Mobile Privacy Policy Bundle Feed assertions
| id | Check's type | Value | Description |
|--- |--- |--- |--- |
@@ -51,19 +51,19 @@ This validation profile's documentation references:
| _format_parameter_value | CLOSEDLIST | [json,xml] | _format parameter's value shall be either json or xml. |
-## PPQ-5 Mobile Privacy Policy Feed assertions
+## PPQ-5 Mobile Privacy Policy Retrieve assertions
| id | Check's type | Value | Description |
|--- |--- |--- |--- |
| MethodChecking | FIXEDVALUE | GET | The only HTTP method which SHALL be supported is GET. |
| HTTP1VersionChecking | FIXEDVALUE | HTTP/1.1 | The HTTP version shall be HTTP/1.1 |
-| URIRegexChecking | REGEX | `^(\S)+\/Consent$` | The PPQ-3 request SHALL be sent to [baseUrl]/Consent |
+| URIRegexChecking | REGEX | `^(\S)+\/Consent$` | The PPQ-5 request SHALL be sent to [baseUrl]/Consent |
| HostChecking | REGEX | `^(http[s]?:\/\/)?[a-zA-Z0-9.\-\/]+(\:(\d)+)?$` | Host Shall be a server name |
| Authorization_parameter_presence | OCCURRENCE | 1..1 | The Authorization parameter is mandatory |
| Authorization_parameter_value | REGEX | `^Bearer\\ [-a-zA-Z0-9._~+\\/]+=*$` | Authorization parameter's value SHALL be Bearer, followed by the token. |
| traceparent_parameter_presence | OCCURRENCE | 0..1 | The traceparent parameter is recommended in the HTTP header|
| traceparent_parameter_value | REGEX | `^(?!f{2})([\da-f]{2})-(?!0{32})([\da-f]{32})-(?!0{16})([\da-f]{16})-([\da-f]{2})$` | traceparent parameter's value SHALL be as defined in fhir.ch, section [tracecontext](https://fhir.ch/ig/ch-epr-mhealth/tracecontext.html). |
-| identifier_parameter_presence | CLOSEDLIST | [identifier,patient:identifier] | identifier parameter is mandatory. |
+| identifier_parameter_presence | REGEX | `^(\S)*(patient:)?identifier(\S)*$` | identifier parameter is mandatory. |
| patientId_parameter_presence | OCCURRENCE | 0..1 | patient:identifier parameter can be used only once. |
| patientId_parameter_value | REGEX | `^urn:oid:2\.16\.756\.5\.30\.1\.127\.3\.10\.3\|\d{18}$` | Patient identifier parameter is a EPR-SPID. Regex: `^urn:oid:2\.16\.756\.5\.30\.1\.127\.3\.10\.3\|\d{18}$`. |
| policySetId_parameter_presence | OCCURRENCE | 0..1 | PolycySet identifier parameter can be used only once. |
--
GitLab