Questions about the assertion process

I’m checking the assertion model and process, and some questions came up.

For instance:

Attestations can be added at any time after committal of the content being attested.

REF: Common Information Model

Then a couple of lines below:

Signing content at committal: for some reason, the information being committed needs to be digitally signed.

The first line says assertion should happen after the content is committed, then the second gives the possibility of attestation at commit time. Isn’t that a contradiction?

Another thing, in the REST API it doesn’t seem like we support attestations. For instance on create composition we need to use extra openEHR-AUDIT_DETAILS.xxx headers [REF2] because we don’t have that that in the payload to generate the audit info in the server for the CONTRIBUTION and ORIGINAL_VERSION that need to be generated when a COMPO is created. Though we don’t have openEHR-ATTESTATION.xxx headers described there, to be able to create the attestation at commit time (note we neither have those headers for the composition update where we could attest a COMPO after its initial commit).

REF2: APIs Overview openEHR specs

@thomas.beale @sebastian.iancu what do you think?

It doesn’t say an attestation should be added after commit of the original content - just that it can be. Both are valid.

@thomas.beale Though if you read the first phrase it doesn’t imply that the attestation can be added at the same time as the commit, it implies it can only add an attestation after the commit, though at any time, but after.