| Excerpt |
|---|
Overall description of the eHealth security mechanism for authentication and authorization |
Access to eHealth Infrastructure data and services are governed by the eHealth Infrastructure Authorization Server (AS). The AS is responsible for handing out tokens that are properly signed with the correct level of detail embedded. Without a token, no access is provided. The eHealth Infrastructure is by intent and design not part of any other existing infrastructure such as the NSP. Instead, it integrates to a range of services (among these are services on the NSP).
The eHealth Infrastructure provides an IdP for SSL (Service & Support Logistics - not depicted below) users that are not part of the clinical domain nor the citizen domain. For the clinical and citizen domain, the AS is federated with two services that provide the identity of the users:-
...
NemLogin
NemLogin uses NemID in order to provide the services needed as an IdP endpoint. The NemLogin service is intended to be used by citizens in order to gain access to data in the eHealth Infrastructure. NemLogin uses NemID in order to provide the services needed as an IdP endpoint.
SEB (danish: Sundhedsvæsenets Elektroniske Brugerstyring)
SEB is a common platform for user administration of the solutions provided by the National Health Data Authority on both the Internet and the secure Sundhedsdatanettet. SEB is based on a platform that takes into account OIO standards in this area. SEB provides a federation with the regional instances and municipal instances. How this federation is constructed is beyond the scope of the eHealth Infrastructure.
In the relation to the eHealth Infrastructure, SEB primarily serves two purposes:-
Provide a homogenous interface from its federated IdP's towards the eHealth Infrastructure
...
Doing the actual federation between the regional instances and the municipal instances
...
eHealth Infrastructure federation (simplified)
...