Seeking Guidance for Authentication Methods For OpenHIE Testing Tool Development

Dear OpenHIE Community,

I hope this message finds you well. We are in the process of developing a tool designed to assess whether a specific system, utilizing FHIR protocols, complies with OpenHIE specifications. However, we encounter a challenge as FHIR does not offer dedicated APIs for the login process. This raises the question of how to effectively implement authentication and authorization for such systems.

The realm of logins presents a variety of methods, including Provider OAuth2 Login (such as Google or Facebook), username/password login, and the use of certificates for authentication. Additionally, the login URL may vary depending on the specific system in question.

Similarly, the landscape of authorization mechanisms is extensive, encompassing API Key, Bearer Token, Basic Token, Digest Token, OAuth 1.0, OAuth 2.0, Hawk Authentication, AWS Signature, NTML Authentication, and Akamai EdgeGrid.

If you could share insights or examples of authentication methods commonly found in OpenHIE based applications, it would greatly assist us in addressing this challenge and ensuring the effectiveness of our testing tool.

Thank you for your time and support.

Can you please clarify if you are asking:

  1. How will people log into the testing tool ( I would assume that you manage this)
  2. How will tool owners demonstrate that they are following good practices for supporting authentication for
  • Users to log in
  • Authentication of system to system for data exchange

@smgani @bellch - I wanted to tag you both in case you could help on this request as well. Thank you!

  1. How will people log into the testing tool ( I would assume that you manage this)
    → yes @jennifer.e.shivers , We will manage the authentication of testing tool from our end.

Also, we will use a good practices to login from system to system Authentication.

But to apply that logic, We are seeking insights and examples of the authentication ways(For example, Token Based, Basic Token, OAuth 2.0, etc.) you commonly encounter in OpenHIE compliant applications. Your input would be incredibly valuable as we work on our testing tool to address challenges and ensure its effectiveness. Can you please share any information on this?


This sounds like a great conversation to have at devOps or architecture.