The infrastructure also supports version 1.1, the only difference being the xml-XML namespace of the schema:

Examples of PrivilegeList:

<?xml version="1.0"?>
<PrivilegeList xmlns="http://itst.dk/oiosaml/basic_privilege_profile">
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    <Constraint Name="urn:dk:gov:saml:sorIdentifier">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Constraint Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Privilege>urn:dk:sundhed:ehealth:role:monitoring_assistor</Privilege>
    <Privilege>urn:dk:sundhed:ehealth:role:citizen_enroller</Privilege>
  </PrivilegeGroup>
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    ...
  </PrivilegeGroup>
</PrivilegeList>

Example of PrivilegeList without careteam

<?xml version="1.0"?>
<bpp:PrivilegeList 
  xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="urn:dk:kombit:orgUnit">48df8b3d-56be-4f3a-bd0f-d3ade05348dd</Constraint>
        <Privilege>urn:dk:sundhed:ehealth:role:clinical_administrator</Privilege>
        <Privilege>urn:dk:sundhed:ehealth:role:questionnaire_editor</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>

Contents of a PrivilegeList

...

• Exactly one Constraint specifying an organization identifier (see Organization Constraints)

• At most one Constraint specifying a care team identifier (see Care Team Constraints)

• At least one Privilege element

Organization Constraints

An organization constraint identifies an Organization resource by an external identifier and type.

There are three types of organizations:

1. SOR organizations: 

   • Identified by Constraints with Name attribute = "urn:dk:gov:saml:sorIdentifier" and value = {sor-id}

   • Refers to Fhir Organization with Identifier.system = "urn:oid:1.2.208.176.1.1" and Identifier.value = {sor-id}

   • Example:

     • Constraint:

       • Code Block
         <Constraint Name="urn:dk:gov:saml:sorIdentifier">950531000016003</Constraint>

     • Refers to Organization with: 

       • Code Block
         "Identifier": [{"system": "urn:oid:1.2.208.176.1.1", "value": "950531000016003"}]

2. STS organizations

   • Identified by Constraints with Name attribute = "urn:dk:kombit:orgUnit" and value = {sts-id}

   • Refers to Fhir Organization with Identifier.system = "https://www.kombit.dk/sts/organisation" and Identifier.value = {sts-id}

   • Example:

...

1. • • Constraint:

       • Code Block
         <Constraint Name="urn:dk:kombit:orgUnit">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

     • Refers to Organization with: 

       • Code Block
         "Identifier": [{"system": "https://www.kombit.dk/sts/organisation", "value": "eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4"}]

2. SSL organizations

   • Identified by Constraints with Name attribute =  "urn:dk:sundhed:ehealth:sslOrg"

   • Refers to Fhir Organization with Identifier.system = "http://ehealth.sundhed.dk/organization/ssl" and Identifier.value = {ssl-id}

   • Example:

     • Constraint:

       • Code Block
         <Constraint Name="urn:dk:sundhed:ehealth:sslOrg">aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

     • Refers to Organization with: 

       • Code Block
         "Identifier": [{"system": "http://ehealth.sundhed.dk/organization/ssl", "value": "aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4"}]

Care Team Constraints

A care team constraint identifies a CareTeam resource by an external identifier.

...

• Constraint: 

  • Code Block
    <Constraint Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>

• Refers to CareTeam with: 

  • Code Block
    "Identifier": [{"system": "urn:ietf:rfc:3986", "value": "urn:uuid:cccccccc-b760-11e9-a2a3-2a2ae2dbcce4"}]

Privileges:

Allowed privileges:

See https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/291176482/Tokens+Roles+and+RBAC+ABAC#Privilege-Roles

...