Guia de Implementação da SES GO - Segurança
0.0.2 - draft
Guia de Implementação da SES GO - Segurança
0.0.2 - draft
Guia de Implementação da SES GO - Segurança - Local Development build (v0.0.2) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
| URL oficial: https://fhir.saude.go.gov.br/r4/seguranca/StructureDefinition/assinatura-avancada | Versão: 0.0.2 | |||
| Draft as of 2025-08-20 | Nome para computador: Assinatura | |||
Assinatura digital avançada usando JWS/JAdES. Informações de timestamp são extraídas diretamente do JAdES (iat claim ou sigTst no unprotected header). Detalhes aqui.
Este é o tipo de dados empregado para o depósito da assinatura digital propriamente dita, em particular, no elemento data.
A definição da assinatura e o processo de construção está cuidadosamente detalhado aqui.
Usage:
Descrição de perfis, diferenças, instantâneo, e como apresentações diferentes funcionam.
Essa estrutura é derivada de Signature
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
  Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. | |
 type |
||||
  system |
0..1 | uri | Identity of the terminology system Required Pattern: urn:iso-astm:E1762-95:2013 | |
 code |
0..1 | code | Symbol in syntax defined by the system Required Pattern: 1.2.840.10065.1.12.1.5 | |
| when |
1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at | |
| who |
1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) | |
 Slices for extension |
Content/Rules for all slices | |||
  extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional | |
| reference |
0..0 | |||
| type |
0..0 | |||
| identifier |
0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. | |
| use |
0..0 | |||
| type |
0..0 | |||
| system |
C | 1..1 | uri | The namespace for the identifier value idt-1: All FHIR elements must have a @value or children |
| value |
1..1 | string | The value that is unique | |
| period |
0..0 | |||
| assigner |
0..0 | |||
| display |
0..0 | |||
| onBehalfOf |
0..0 | |||
| targetFormat |
0..1 | code | The technical format of the signed resources Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. | |
| Documentation for this format | ||||
| Id | Grade | Path(s) | Details | Requirements |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. ele-1: All FHIR elements must have a @value or children | |
 type |
Σ | 1..* | Coding | Indication of the reason the entity signed the object(s) Binding: SignatureTypeCodes (preferred): An indication of the reason that an entity signed the object. ele-1: All FHIR elements must have a @value or children |
 system |
Σ | 0..1 | uri | Identity of the terminology system ele-1: All FHIR elements must have a @value or children Required Pattern: urn:iso-astm:E1762-95:2013 |
| code |
Σ | 0..1 | code | Symbol in syntax defined by the system ele-1: All FHIR elements must have a @value or children Required Pattern: 1.2.840.10065.1.12.1.5 |
| when |
Σ | 1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at ele-1: All FHIR elements must have a @value or children |
 who |
Σ | 1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) ele-1: All FHIR elements must have a @value or children |
| Slices for extension |
Content/Rules for all slices | |||
| extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional ele-1: All FHIR elements must have a @value or children ext-1: Must have either extensions or value[x], not both | |
 identifier |
Σ | 0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. ele-1: All FHIR elements must have a @value or children |
 system |
ΣC | 1..1 | uri | The namespace for the identifier value ele-1: All FHIR elements must have a @value or children idt-1: All FHIR elements must have a @value or children Example General: http://www.acme.com/identifiers/patient |
| value |
Σ | 1..1 | string | The value that is unique ele-1: All FHIR elements must have a @value or children Example General: 123456 |
| targetFormat |
0..1 | code | The technical format of the signed resources Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. ele-1: All FHIR elements must have a @value or children Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. ele-1: All FHIR elements must have a @value or children Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. ele-1: All FHIR elements must have a @value or children | |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Signature.type | preferred | SignatureTypeCodeshttp://hl7.org/fhir/ValueSet/signature-typefrom the FHIR Standard | |
| Signature.targetFormat | required | Pattern: application/octet-streamhttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard | |
| Signature.sigFormat | required | Pattern: application/josehttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. | |
| id |
0..1 | string | Unique id for inter-element referencing | |
 extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| type |
Σ | 1..* | Coding | Indication of the reason the entity signed the object(s) Binding: SignatureTypeCodes (preferred): An indication of the reason that an entity signed the object. |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| system |
Σ | 0..1 | uri | Identity of the terminology system Required Pattern: urn:iso-astm:E1762-95:2013 |
| version |
Σ | 0..1 | string | Version of the system - if relevant |
| code |
Σ | 0..1 | code | Symbol in syntax defined by the system Required Pattern: 1.2.840.10065.1.12.1.5 |
| display |
Σ | 0..1 | string | Representation defined by the system |
| userSelected |
Σ | 0..1 | boolean | If this coding was chosen directly by the user |
| when |
Σ | 1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at |
| who |
Σ | 1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) |
| id |
0..1 | string | Unique id for inter-element referencing | |
| Slices for extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional | |
| identifier |
Σ | 0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| system |
ΣC | 1..1 | uri | The namespace for the identifier value idt-1: All FHIR elements must have a @value or children Example General: http://www.acme.com/identifiers/patient |
| value |
Σ | 1..1 | string | The value that is unique Example General: 123456 |
| targetFormat |
0..1 | code | The technical format of the signed resources Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. | |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Signature.type | preferred | SignatureTypeCodeshttp://hl7.org/fhir/ValueSet/signature-typefrom the FHIR Standard | |
| Signature.targetFormat | required | Pattern: application/octet-streamhttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard | |
| Signature.sigFormat | required | Pattern: application/josehttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
Essa estrutura é derivada de Signature
Visão de diferenças
Essa estrutura é derivada de Signature
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. | |
| type |
||||
| system |
0..1 | uri | Identity of the terminology system Required Pattern: urn:iso-astm:E1762-95:2013 | |
| code |
0..1 | code | Symbol in syntax defined by the system Required Pattern: 1.2.840.10065.1.12.1.5 | |
| when |
1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at | |
| who |
1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) | |
| Slices for extension |
Content/Rules for all slices | |||
| extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional | |
| reference |
0..0 | |||
| type |
0..0 | |||
| identifier |
0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. | |
| use |
0..0 | |||
| type |
0..0 | |||
| system |
C | 1..1 | uri | The namespace for the identifier value idt-1: All FHIR elements must have a @value or children |
| value |
1..1 | string | The value that is unique | |
| period |
0..0 | |||
| assigner |
0..0 | |||
| display |
0..0 | |||
| onBehalfOf |
0..0 | |||
| targetFormat |
0..1 | code | The technical format of the signed resources Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. | |
| Documentation for this format | ||||
| Id | Grade | Path(s) | Details | Requirements |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
Visão de elementos chave
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. ele-1: All FHIR elements must have a @value or children | |
| type |
Σ | 1..* | Coding | Indication of the reason the entity signed the object(s) Binding: SignatureTypeCodes (preferred): An indication of the reason that an entity signed the object. ele-1: All FHIR elements must have a @value or children |
| system |
Σ | 0..1 | uri | Identity of the terminology system ele-1: All FHIR elements must have a @value or children Required Pattern: urn:iso-astm:E1762-95:2013 |
| code |
Σ | 0..1 | code | Symbol in syntax defined by the system ele-1: All FHIR elements must have a @value or children Required Pattern: 1.2.840.10065.1.12.1.5 |
| when |
Σ | 1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at ele-1: All FHIR elements must have a @value or children |
| who |
Σ | 1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) ele-1: All FHIR elements must have a @value or children |
| Slices for extension |
Content/Rules for all slices | |||
| extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional ele-1: All FHIR elements must have a @value or children ext-1: Must have either extensions or value[x], not both | |
| identifier |
Σ | 0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. ele-1: All FHIR elements must have a @value or children |
| system |
ΣC | 1..1 | uri | The namespace for the identifier value ele-1: All FHIR elements must have a @value or children idt-1: All FHIR elements must have a @value or children Example General: http://www.acme.com/identifiers/patient |
| value |
Σ | 1..1 | string | The value that is unique ele-1: All FHIR elements must have a @value or children Example General: 123456 |
| targetFormat |
0..1 | code | The technical format of the signed resources Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. ele-1: All FHIR elements must have a @value or children Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. ele-1: All FHIR elements must have a @value or children Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. ele-1: All FHIR elements must have a @value or children | |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Signature.type | preferred | SignatureTypeCodeshttp://hl7.org/fhir/ValueSet/signature-typefrom the FHIR Standard | |
| Signature.targetFormat | required | Pattern: application/octet-streamhttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard | |
| Signature.sigFormat | required | Pattern: application/josehttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
Visão instantâneo
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Signature |
0..* | Signature | Assinatura usando o padrão JWS (JSON Web Signature) com algoritmo RS256 e chave privada RSA de 2048 bits. A assinatura JWS inclui o hash do conteúdo assinado e também o certificado digital correspondente do assinante. | |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| type |
Σ | 1..* | Coding | Indication of the reason the entity signed the object(s) Binding: SignatureTypeCodes (preferred): An indication of the reason that an entity signed the object. |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| system |
Σ | 0..1 | uri | Identity of the terminology system Required Pattern: urn:iso-astm:E1762-95:2013 |
| version |
Σ | 0..1 | string | Version of the system - if relevant |
| code |
Σ | 0..1 | code | Symbol in syntax defined by the system Required Pattern: 1.2.840.10065.1.12.1.5 |
| display |
Σ | 0..1 | string | Representation defined by the system |
| userSelected |
Σ | 0..1 | boolean | If this coding was chosen directly by the user |
| when |
Σ | 1..1 | instant | Quando a assinatura foi produzida. Deve coincidir com o valor at |
| who |
Σ | 1..1 | Reference(Practitioner | PractitionerRole | RelatedPerson | Patient | Device | Organization) | O signatário (pessoa física ou jurídica) |
| id |
0..1 | string | Unique id for inter-element referencing | |
| Slices for extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| extension:responsavelTecnico |
0..1 | (Complex) | Conselho profissional do signatário, quando aplicável (para profissionais de saúde). URL: https://fhir.saude.go.gov.br/r4/core/StructureDefinition/conselho-profissional | |
| identifier |
Σ | 0..1 | Identifier | CNPJ ou CPF do signatário, conforme certificado digital. |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |
| system |
ΣC | 1..1 | uri | The namespace for the identifier value idt-1: All FHIR elements must have a @value or children Example General: http://www.acme.com/identifiers/patient |
| value |
Σ | 1..1 | string | The value that is unique Example General: 123456 |
| targetFormat |
0..1 | code | The technical format of the signed resources Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. Required Pattern: application/octet-stream | |
| sigFormat |
0..1 | code | The technical format of the signature Binding: Mime Types (required): The mime type of an attachment. Any valid mime type is allowed. Required Pattern: application/jose | |
| data |
0..1 | base64Binary | A assinatura digital avançada SES-GO propriamente dita. | |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Signature.type | preferred | SignatureTypeCodeshttp://hl7.org/fhir/ValueSet/signature-typefrom the FHIR Standard | |
| Signature.targetFormat | required | Pattern: application/octet-streamhttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard | |
| Signature.sigFormat | required | Pattern: application/josehttp://hl7.org/fhir/ValueSet/mimetypes|4.0.1from the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| idt-1 | warning | Signature.who.identifier.system | All FHIR elements must have a @value or children : $this = 'urn:brasil:cnpj' or $this = 'urn:brasil:cpf' | Identificador deve ser CNPJ ou CPF conforme certificado digital. |
Essa estrutura é derivada de Signature
Outras representações do perfil: CSV, Excel, Schematron