Deployment of consent-to-share API on OpenHMIS test server.
32 views
Skip to first unread message
Karl Fogel
Nov 16, 2016, 5:24:51 PM11/16/16
to HMIS API
Hey, everyone, and especially Eric and Dave. This is just to let you know that we've deployed the Consent-to-Share implementation to our test server -- the Consent-to-Share specification as documented in https://github.com/hmis-tools/hmis-api-server/blob/master/docs/API.md, that is. See http://hmis.opentechstrategies.com/.
So, the following things are now true:
* Users who are authenticated but non-authorized (e.g., someone who logs in with Google but who doesn't have an HMIS account on the server) will no longer be able to view Clients by default. They'll get a specific access denied error.
* Because Consent-to-Share is now in effect, *by default* searches will turn up no results -- no Clients will be displayed. However, if the user doing the search has proper authorization ("consent") on the relevant fields (e.g., FirstName, LastName), then matching Clients will be returned, and the only information displayed about those Clients will be information that the Client consented to be shared with the org or CoC of the user who ran the search.
* Right now, you have to manually grant authorization to your user's org or CoC, in the database. See the section "Manually grant consent" in the above API documentation web page. This authorization-granting functionality is not yet part of either the prototype client software UI nor the server-side administrative control panel UI, but the manual process should give a pretty clear idea of it works. (Yes, we agree it should at least be in the admin control panel UI too, but one thing at a time.)
* Consent-to-share only applies to requests for Client records -- other API endpoints are not affected.
Note that we made a backup of the database, before we migrated the DB to support consent-to-share and reloaded the sample data. This is because it appears that some people had been testing and making data changes. We don't know if those changes were important, but we can share that backup file if anyone needs it.
Best regards,
-Karl, with thanks to Cecilia Donnelly for actually doing all the above
So, the following things are now true:
* Users who are authenticated but non-authorized (e.g., someone who logs in with Google but who doesn't have an HMIS account on the server) will no longer be able to view Clients by default. They'll get a specific access denied error.
* Because Consent-to-Share is now in effect, *by default* searches will turn up no results -- no Clients will be displayed. However, if the user doing the search has proper authorization ("consent") on the relevant fields (e.g., FirstName, LastName), then matching Clients will be returned, and the only information displayed about those Clients will be information that the Client consented to be shared with the org or CoC of the user who ran the search.
* Right now, you have to manually grant authorization to your user's org or CoC, in the database. See the section "Manually grant consent" in the above API documentation web page. This authorization-granting functionality is not yet part of either the prototype client software UI nor the server-side administrative control panel UI, but the manual process should give a pretty clear idea of it works. (Yes, we agree it should at least be in the admin control panel UI too, but one thing at a time.)
* Consent-to-share only applies to requests for Client records -- other API endpoints are not affected.
Note that we made a backup of the database, before we migrated the DB to support consent-to-share and reloaded the sample data. This is because it appears that some people had been testing and making data changes. We don't know if those changes were important, but we can share that backup file if anyone needs it.
Best regards,
-Karl, with thanks to Cecilia Donnelly for actually doing all the above
Eric Jahn
Apr 27, 2017, 6:04:29 PM4/27/17
to hmis-api, kfo...@opentechstrategies.com
Karl, recently we deployed our consent API, based on yours. It's here: https://anypoint.mulesoft.com/apiplatform/apis/#/portals/organizations/1d2d1eb1-46af-4ee8-aa04-bd79ed2764a3/apis/11319036/versions/141408
We are adding consent document upload to the API soon, but it shouldn't change it much. -Eric
Karl Fogel
Apr 28, 2017, 6:56:57 PM4/28/17
to Eric Jahn, hmis-api, Dan Schultz
Eric Jahn <er...@ejahn.net> writes:
>Karl, recently we deployed our consent API, based on yours. It's
>here:
>https://anypoint.mulesoft.com/apiplatform/apis/#/portals/organizations/1d2d1eb1-46af-4ee8-aa04-bd79ed2764a3/apis/11319036/versions/141408
>
>We are adding consent document upload to the API soon, but it shouldn't change it much. -Eric
Eric, congratulations, and thanks for letting us know! Dan Schultz (CC'd here, though I think he's on this list too) should get the credit for that original API.
>Karl, recently we deployed our consent API, based on yours. It's
>here:
>https://anypoint.mulesoft.com/apiplatform/apis/#/portals/organizations/1d2d1eb1-46af-4ee8-aa04-bd79ed2764a3/apis/11319036/versions/141408
>
>We are adding consent document upload to the API soon, but it shouldn't change it much. -Eric
Best regards,
-Karl
Reply all
Reply to author
Forward
0 new messages