...
The OIO BPP snippet above is listed for Practitioner 1 - Lasse Dam. This OIO BPP states that Lasse Dam has the role "urn:dk:sundhed:ehealth:role:monitoring_responsibleassistor" in the careteam identified by "95c7aef7-ec7f-487b-9687-6e6624d25fdb" in the organization "440711000016004". If this was the only content of the OIO BPP, Lasse Dam would have been handed a JWT by the infrastructure where the stated careteam and organization would be set in context. Had there been multiple PrivilegeGroups in the OIO BPP, nothing would have been set in context as the choice would not be straight forward for the AS to pick, instead the client would have to ask the user to pick among the available allowed contexts (see Switching Context).
...
Had the example instead looked like the example stated above, the user Lasse Dam would have been issued a more narrow JWT as nothing would have been set into context as the AS would be unable to choose between the whether the user should be in the context of the careteam with the role "monitoring responsibleassistor" and "treatment responsiblecitizen enroller" or in the context of the organization with the roles "clinical administrator" (capable of managing PlanDefinition and ActivityDefinitions) and "questionnaire editor".
...