IMViewer Specification: Difference between revisions
ErgoSoftUK (talk | contribs) (Created page with "# IMViewer specification") |
ErgoSoftUK (talk | contribs) (Initial draft) |
||
| Line 1: | Line 1: | ||
== Overview == | |||
The Information Model Viewer is an openly public-accessible application which allows its users to view the Discovery Information Model in its entirety. Due to the Information Models size and complexity, the viewer is broken down into a number of individual contextualised sub-modules, all accessed from a top level main page. Each sub-module will open in its own individual browser tab to allow the user to be able to quickly switch between contexts without losing their previous position. | |||
== Authentication & security == | |||
Whilst the application is openly public-accessible, a simple single-factor authentication mechanism is provided to help prevent abuse of the application. Registration is fully automated, requiring only a username, password and email address, via which an email validation code will be provided. Authentication is provided via the [https://aws.amazon.com/cognito/ AWS Cognito] authentication service. | |||
=== Login === | |||
The Login form is a standard username, password text entry fields plus a login button. On successful login, an authentication token is received from AWS Cognito and passed to all subsequent API calls (Authorization: Bearer). An additional Create Account button allows a new user to self-register. | |||
=== Registration === | |||
The registration form also contains username and password, plus an additional E-mail field that is used to send the user a code to verify their email address. On registration, AWS Cognito is called to start the registration process by creating a unconfirmed user and generating and sending a confirmation code to the email address supplied. | |||
=== Confirmation === | |||
The confirmation form is presented immediately after the registration form is completed, and also presented if a user attempts to logon using an unconfied user account. On entering a valid confirmation code, the user account is fully created/enabled and the user is returned to the login form. | |||
=== Front end security === | |||
If the authentication token is found to be invalid, or if the API returns a 401 Unauthorised response, then the user should be immediately logged out and returned to the login screen. | |||
=== API === | |||
All application API calls should be suitably secured by first validating, then verifying the access token with AWS Cognito. If the token fails then a 401 Unauthorised response should be returned and no further processing of the call attempted. | |||
== Application modules == | |||
=== Main page === | |||
The main page should provide introductory text describing, in brief, the Information Model and its contents. Further sections should be displayed, one per sub-module, with a brief description of its content/function and an option to launch that module. NOTE: each sub-module should open in a new browser tab/window and not require the user to login again. | |||
=== Ontology module === | |||
The ontology module allows the search and display of all concepts within the Information Model from the perspective of their semantic meaning. | |||
=== Data model module === | |||
The data model module allows the search and display of the subset of concepts in the Information Model that relate to the model of health care data, its structure, and its linked content. | |||
=== Value set module === | |||
The value set module allows the search and display of the subset of concepts in the Information Model that relate to value sets, ranging from defining a data set according to a set of recorded concepts, indicating the expected range of a property in a health record, or testing the presence of a feature in a patient record. | |||
=== Data set module === | |||
The data set module allows the search and display of the subset of concepts in the Information Model that relate to the rules and filters that can be applied to a data model. | |||
<br /> | |||
Revision as of 12:42, 18 May 2020
Overview
The Information Model Viewer is an openly public-accessible application which allows its users to view the Discovery Information Model in its entirety. Due to the Information Models size and complexity, the viewer is broken down into a number of individual contextualised sub-modules, all accessed from a top level main page. Each sub-module will open in its own individual browser tab to allow the user to be able to quickly switch between contexts without losing their previous position.
Authentication & security
Whilst the application is openly public-accessible, a simple single-factor authentication mechanism is provided to help prevent abuse of the application. Registration is fully automated, requiring only a username, password and email address, via which an email validation code will be provided. Authentication is provided via the AWS Cognito authentication service.
Login
The Login form is a standard username, password text entry fields plus a login button. On successful login, an authentication token is received from AWS Cognito and passed to all subsequent API calls (Authorization: Bearer). An additional Create Account button allows a new user to self-register.
Registration
The registration form also contains username and password, plus an additional E-mail field that is used to send the user a code to verify their email address. On registration, AWS Cognito is called to start the registration process by creating a unconfirmed user and generating and sending a confirmation code to the email address supplied.
Confirmation
The confirmation form is presented immediately after the registration form is completed, and also presented if a user attempts to logon using an unconfied user account. On entering a valid confirmation code, the user account is fully created/enabled and the user is returned to the login form.
Front end security
If the authentication token is found to be invalid, or if the API returns a 401 Unauthorised response, then the user should be immediately logged out and returned to the login screen.
API
All application API calls should be suitably secured by first validating, then verifying the access token with AWS Cognito. If the token fails then a 401 Unauthorised response should be returned and no further processing of the call attempted.
Application modules
Main page
The main page should provide introductory text describing, in brief, the Information Model and its contents. Further sections should be displayed, one per sub-module, with a brief description of its content/function and an option to launch that module. NOTE: each sub-module should open in a new browser tab/window and not require the user to login again.
Ontology module
The ontology module allows the search and display of all concepts within the Information Model from the perspective of their semantic meaning.
Data model module
The data model module allows the search and display of the subset of concepts in the Information Model that relate to the model of health care data, its structure, and its linked content.
Value set module
The value set module allows the search and display of the subset of concepts in the Information Model that relate to value sets, ranging from defining a data set according to a set of recorded concepts, indicating the expected range of a property in a health record, or testing the presence of a feature in a patient record.
Data set module
The data set module allows the search and display of the subset of concepts in the Information Model that relate to the rules and filters that can be applied to a data model.