Scalable Consent Management Testing Guide
1.0.0-ballot - ci-build
Scalable Consent Management Testing Guide
1.0.0-ballot - ci-build
Scalable Consent Management Testing Guide - Local Development build (v1.0.0-ballot) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 1 |
<TestScript xmlns="http://hl7.org/fhir">
<id value="02-Operation-Revoke-a-Consent"/>
<meta>
<profile
value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="extensions"/>
<div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: TestScript 02-Operation-Revoke-a-Consent</b></p><a name="02-Operation-Revoke-a-Consent"> </a><a name="hc02-Operation-Revoke-a-Consent"> </a><div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%"><p style="margin-bottom: 0px"/><p style="margin-bottom: 0px">Profile: <a href="file://D:\GitHub\Touchstone\testing-ig\output/StructureDefinition-testscript.html">AEGIS Touchstone Testing TestScript Profile</a></p></div><blockquote><p><b>AEGIS Touchstone Testing TestScript Rule Extension</b></p><ul><li>ruleId: GetVariable-JsonPath</li><li>path: /FHIRCommon/_reference/rule/GetVariable-JsonPath.groovy</li></ul></blockquote><blockquote><p><b>AEGIS Touchstone Testing TestScript Rule Extension</b></p><ul><li>ruleId: AssertBodyExists</li><li>path: /FHIRCommon/_reference/rule/AssertBodyExists.groovy</li></ul></blockquote><p><b>StructureDefinition Work Group</b>: cbcc</p><p><b>url</b>: <a href="TestScript-02-Operation-Revoke-a-Consent.html">TestScript 03 Operations - All SUT | 02 Operation: Revoke a Consent</a></p><p><b>version</b>: 1.0.0-ballot</p><p><b>name</b>: Test_02_Operation_Revoke_a_Consent</p><p><b>title</b>: 03 Operations - All SUT | 02 Operation: Revoke a Consent</p><p><b>status</b>: Active</p><p><b>date</b>: 2026-03-30</p><p><b>publisher</b>: HL7 International / Community Based Collaborative Care</p><p><b>contact</b>: HL7 International / Community Based Collaborative Care: <a href="http://www.hl7.org/Special/committees/cbcc">http://www.hl7.org/Special/committees/cbcc</a></p><p><b>description</b>: </p><div><p>Happy Path: Perform a successful Consent/$revokeConsent operation.
Test a client and server to verify support for the Consent $revokeConsent operation,
supporting the FAST Consent Management IG Version: CI.
This scenario is generic and can be used with any FHIR format and query parameters.
See https://wildfhir4.wildfhir.org/ig/fhir-consent-management-tg/rtm_test_cases.html#testcase-70
Test System Details (in order of appearance):
[Origin 1: Consent Client's RESTful client. System Under Test: this must be an external test system (not Touchstone).]
[Destination 1: Consent Admin Service's RESTful FHIR Server. System Under Test: this must be an external test system (not a mock).]
[Origin 2: Touchstone's RESTful client. Simulated: this requires Touchstone to be chosen as the test system.]</p>
</div><p><b>jurisdiction</b>: <span title="Codes:{urn:iso:std:iso:3166 US}">United States of America</span></p><p><b>copyright</b>: </p><div><p>(c) AEGIS.net, Inc. 2026</p>
</div><blockquote><p><b>origin</b></p><p><b>index</b>: 1</p><p><b>profile</b>: <a href="http://terminology.hl7.org/7.1.0/CodeSystem-testscript-profile-origin-types.html#testscript-profile-origin-types-FHIR-Client">Test script profile origin type: FHIR-Client</a> (FHIR Client)</p></blockquote><blockquote><p><b>origin</b></p><p><b>index</b>: 2</p><p><b>profile</b>: <a href="http://terminology.hl7.org/7.1.0/CodeSystem-testscript-profile-origin-types.html#testscript-profile-origin-types-FHIR-Client">Test script profile origin type: FHIR-Client</a> (FHIR Client)</p></blockquote><h3>Destinations</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Index</b></td><td><b>Profile</b></td></tr><tr><td style="display: none">*</td><td>1</td><td><a href="http://terminology.hl7.org/7.1.0/CodeSystem-testscript-profile-destination-types.html#testscript-profile-destination-types-FHIR-Server">Test script profile destination type: FHIR-Server</a> (FHIR Server)</td></tr></table><p><b>profile</b>: </p><ul><li><a href="http://hl7.org/fhir/us/consent-management/2026Jan/StructureDefinition-RevokeConsentParameters.html">http://hl7.org/fhir/us/consent-management/StructureDefinition/RevokeConsentParameters</a></li><li><a href="http://hl7.org/fhir/R4/consent.html">http://hl7.org/fhir/StructureDefinition/Consent</a></li></ul><blockquote><p><b>test</b></p><p><b>name</b>: Step_001_Consent_slash_dollar_revokeConsent_operation</p><p><b>description</b>: Consent Client invokes the Consent/$revokeConsent operation at Consent Admin Service.</p><blockquote><p><b>action</b></p><h3>Operations</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Type</b></td><td><b>Resource</b></td><td><b>Description</b></td><td><b>Destination</b></td><td><b>EncodeRequestUrl</b></td><td><b>Method</b></td><td><b>Origin</b></td><td><b>Params</b></td><td><b>RequestId</b></td><td><b>ResponseId</b></td></tr><tr><td style="display: none">*</td><td>testscript-operation-codes-extended: post (post)</td><td>Consent</td><td>Consent/$revokeConsent operation.</td><td>1</td><td>true</td><td>POST</td><td>1</td><td>/$revokeConsent</td><td>dest-1-FHIRExtendedOperation-1-request</td><td>dest-1-FHIRExtendedOperation-1-response</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>Expression</b></td><td><b>ValidateProfileId</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm that the resource(s) in the request body at FHIRPath 'Parameters' conform to profile 'RevokeConsentParameters'.</td><td>request</td><td>Parameters</td><td>RevokeConsentParameters</td><td>false</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>SourceId</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td>, </td><td>Save the reference from the request so we can read it in the next step and check its status.</td><td>request</td><td>dest-1-FHIRExtendedOperation-1-request</td><td>true</td></tr></table></blockquote></blockquote><blockquote><p><b>test</b></p><p><b>name</b>: Step_002_Consent_read</p><p><b>description</b>: Touchstone reads a Consent resource at Consent Admin Service. Read the revoked Consent using the reference we saved from
the $revokeConsent request, confirm it still exists, and is inactive.</p><blockquote><p><b>action</b></p><h3>Operations</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Type</b></td><td><b>Resource</b></td><td><b>Description</b></td><td><b>Accept</b></td><td><b>Destination</b></td><td><b>EncodeRequestUrl</b></td><td><b>Method</b></td><td><b>Origin</b></td><td><b>RequestId</b></td><td><b>ResponseId</b></td><td><b>Url</b></td></tr><tr><td style="display: none">*</td><td><a href="http://terminology.hl7.org/7.1.0/CodeSystem-testscript-operation-codes.html#testscript-operation-codes-read">Test script operation code: read</a> (Read)</td><td>Consent</td><td>Read a Consent resource.</td><td>json</td><td>1</td><td>true</td><td>GET</td><td>2</td><td>dest-1-FHIRRead-1-request</td><td>dest-1-FHIRRead-1-response</td><td>${dest1SystemConfig.baseUrl}/${ConsentReference}</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>Operator</b></td><td><b>ResponseCode</b></td><td><b>SourceId</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm that the returned HTTP status is 200 OK.</td><td>response</td><td>in</td><td>200</td><td>dest-1-FHIRRead-1-response</td><td>false</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm that the response body exists.</td><td>response</td><td>false</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>Resource</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm that the response body is a Consent resource.</td><td>response</td><td>Consent</td><td>false</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>ValidateProfileId</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm that the response body conforms to the base FHIR Consent profile. This also checks any declared profiles within.</td><td>response</td><td>Consent-profile</td><td>false</td></tr></table></blockquote><blockquote><p><b>action</b></p><h3>Asserts</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Extension</b></td><td><b>Description</b></td><td><b>Direction</b></td><td><b>Expression</b></td><td><b>Operator</b></td><td><b>SourceId</b></td><td><b>Value</b></td><td><b>WarningOnly</b></td></tr><tr><td style="display: none">*</td><td/><td>Confirm the status of the Consent just revoked is inactive.</td><td>response</td><td>Consent.status = 'inactive'</td><td>equals</td><td>dest-1-FHIRRead-1-response</td><td>true</td><td>false</td></tr></table></blockquote></blockquote></div>
</text>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="GetVariable-JsonPath"/>
</extension>
<extension url="path">
<valueString
value="/FHIRCommon/_reference/rule/GetVariable-JsonPath.groovy"/>
</extension>
</extension>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="path">
<valueString
value="/FHIRCommon/_reference/rule/AssertBodyExists.groovy"/>
</extension>
</extension>
<extension
url="http://hl7.org/fhir/StructureDefinition/structuredefinition-wg">
<valueCode value="cbcc"/>
</extension>
<url
value="http://hl7.org/fhir/us/consent-management-tg/TestScript/02-Operation-Revoke-a-Consent"/>
<version value="1.0.0-ballot"/>
<name value="Test_02_Operation_Revoke_a_Consent"/>
<title value="03 Operations - All SUT | 02 Operation: Revoke a Consent"/>
<status value="active"/>
<date value="2026-03-30"/>
<publisher value="HL7 International / Community Based Collaborative Care"/>
<contact>
<name value="HL7 International / Community Based Collaborative Care"/>
<telecom>
<system value="url"/>
<value value="http://www.hl7.org/Special/committees/cbcc"/>
</telecom>
</contact>
<description
value="Happy Path: Perform a successful Consent/$revokeConsent operation.
Test a client and server to verify support for the Consent $revokeConsent operation,
supporting the FAST Consent Management IG Version: CI.
This scenario is generic and can be used with any FHIR format and query parameters.
See https://wildfhir4.wildfhir.org/ig/fhir-consent-management-tg/rtm_test_cases.html#testcase-70
Test System Details (in order of appearance):
[Origin 1: Consent Client's RESTful client. System Under Test: this must be an external test system (not Touchstone).]
[Destination 1: Consent Admin Service's RESTful FHIR Server. System Under Test: this must be an external test system (not a mock).]
[Origin 2: Touchstone's RESTful client. Simulated: this requires Touchstone to be chosen as the test system.]"/>
<jurisdiction>
<coding>
<system value="urn:iso:std:iso:3166"/>
<code value="US"/>
<display value="United States of America"/>
</coding>
</jurisdiction>
<copyright value="(c) AEGIS.net, Inc. 2026"/>
<origin>
<index value="1"/>
<profile>
<system
value="http://terminology.hl7.org/CodeSystem/testscript-profile-origin-types"/>
<code value="FHIR-Client"/>
</profile>
</origin>
<origin>
<index value="2"/>
<profile>
<system
value="http://terminology.hl7.org/CodeSystem/testscript-profile-origin-types"/>
<code value="FHIR-Client"/>
</profile>
</origin>
<destination>
<index value="1"/>
<profile>
<system
value="http://terminology.hl7.org/CodeSystem/testscript-profile-destination-types"/>
<code value="FHIR-Server"/>
</profile>
</destination>
<profile id="RevokeConsentParameters">🔗
<reference
value="http://hl7.org/fhir/us/consent-management/StructureDefinition/RevokeConsentParameters"/>
</profile>
<profile id="Consent-profile">🔗
<reference value="http://hl7.org/fhir/StructureDefinition/Consent"/>
</profile>
<test>
<name value="Step_001_Consent_slash_dollar_revokeConsent_operation"/>
<description
value="Consent Client invokes the Consent/$revokeConsent operation at Consent Admin Service."/>
<action>
<operation>
<type>
<system
value="http://touchstone.com/fhir/testscript-operation-codes-extended"/>
<code value="post"/>
</type>
<resource value="Consent"/>
<description value="Consent/$revokeConsent operation."/>
<destination value="1"/>
<encodeRequestUrl value="true"/>
<method value="post"/>
<origin value="1"/>
<params value="/$revokeConsent"/>
<requestId value="dest-1-FHIRExtendedOperation-1-request"/>
<responseId value="dest-1-FHIRExtendedOperation-1-response"/>
</operation>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description
value="Confirm that the resource(s) in the request body at FHIRPath 'Parameters' conform to profile 'RevokeConsentParameters'."/>
<direction value="request"/>
<expression value="Parameters"/>
<validateProfileId value="RevokeConsentParameters"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="GetVariable-JsonPath"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="jsonPath"/>
</extension>
<extension url="value">
<valueString
value="$.parameter[?(@.name == 'consent')].valueReference.reference"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="outputName"/>
</extension>
<extension url="value">
<valueString value="ConsentReference"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="ConsentReference"/>
</extension>
</extension>
</extension>
<description
value="Save the reference from the request so we can read it in the next step and check its status."/>
<direction value="request"/>
<sourceId value="dest-1-FHIRExtendedOperation-1-request"/>
<warningOnly value="true"/>
</assert>
</action>
</test>
<test>
<name value="Step_002_Consent_read"/>
<description
value="Touchstone reads a Consent resource at Consent Admin Service. Read the revoked Consent using the reference we saved from
the $revokeConsent request, confirm it still exists, and is inactive."/>
<action>
<operation>
<type>
<system
value="http://terminology.hl7.org/CodeSystem/testscript-operation-codes"/>
<code value="read"/>
</type>
<resource value="Consent"/>
<description value="Read a Consent resource."/>
<accept value="json"/>
<destination value="1"/>
<encodeRequestUrl value="true"/>
<method value="get"/>
<origin value="2"/>
<requestId value="dest-1-FHIRRead-1-request"/>
<responseId value="dest-1-FHIRRead-1-response"/>
<url value="${dest1SystemConfig.baseUrl}/${ConsentReference}"/>
</operation>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description
value="Confirm that the returned HTTP status is 200 OK."/>
<direction value="response"/>
<operator value="in"/>
<responseCode value="200"/>
<sourceId value="dest-1-FHIRRead-1-response"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="errorMessage"/>
</extension>
<extension url="value">
<valueString value="the response body does not exist."/>
</extension>
</extension>
</extension>
<description value="Confirm that the response body exists."/>
<direction value="response"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description
value="Confirm that the response body is a Consent resource."/>
<direction value="response"/>
<resource value="Consent"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description
value="Confirm that the response body conforms to the base FHIR Consent profile. This also checks any declared profiles within."/>
<direction value="response"/>
<validateProfileId value="Consent-profile"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension
url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description
value="Confirm the status of the Consent just revoked is inactive."/>
<direction value="response"/>
<expression value="Consent.status = 'inactive'"/>
<operator value="equals"/>
<sourceId value="dest-1-FHIRRead-1-response"/>
<value value="true"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
</TestScript>
IG © 2025+ HL7 International / Community Based Collaborative Care. Package hl7.fhir.us.consent-management-tg#1.0.0-ballot based on FHIR 4.0.1. Generated 2026-03-31
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change