...
Authorization, SAML requirements and OIO BPP
Accessing data (one's authorization) in the eHealth Infrastructure is split into to sections; one for citizens and one for non-citizens:
- Citizens are able to see all data to whom they are referenced (see ABAC rules). Citizens are able to create and edit data in the eHealth Infrastructure according the RBAC rules.
- Clinical users are able to access
two paths where one path is . is is primarily based upon the affiliation to a given careteam and the role in that given careteam. This
Citizen SAML attributes
Citizen access to the eHealth Infrastructure goes through NemLogin. NemLogin provides a set of SAML attributes in a SAML assertion which is used to identify the citizen. Other attributes are also part of the SAML attribute; they are however not currently used. The table below lists the current attributes that are delivered by NemLogin:
| Attribute | Description |
|---|---|
| dk:gov:saml:attribute:CprNumberIdentifier | Civil registration number (CPR) |
| dk:gov:saml:attribute:PidNumberIdentifier | PID number from certificate |
| dk:gov:saml:attribute:AssuranceLevel | AssuranceLevel (must be 4) |
| urn:oid:2.5.4.3 | Common name (full name) |
| urn:liberty:disco:2006-08:DiscoveryEPR | Bootstrap token that can be used on the NSP STS to exchange to an IDWS token. |
| dk:gov:saml:attribute:Privileges_intermediate | Optional. Can be used to express delegations (“digital fuldmagt”). |
Based on the Citizens accessing the eHealth Infrastructure is handled a bit differently from other users accessing the platform. As citizens do not carry a context of roles and relations
The above mentioned SAML attributes the citizen is able to read data maps to an internal
Clinical SAML attributes
| Attribute | |
|---|---|
...