I’m not sure. NHS tends to focus on clinical record view on API’s so we get exchanges of compositions. Developers are more resource focused and want tools like
- RESTful query API’s
- Event (streams or notifications)
Until we get those views aligned and recognise they are different requirements we will plod along slowly.
Missing from the diagram is authorisation and authentication. Probably fair to say it’s looking like authorisation is going down a federated OAuth2 route using openId authentication providers (also OAuth2 with services like NHS Logon and NHS Identity)