Versions Compared

Old Version 21

changes.mady.by.user Jens Kristian Villadsen

Saved on

compared with

New Version 22

changes.mady.by.user Jens Kristian Villadsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The documentation on this page is currently in an unreviewed state.

...

The eHealth Infrastructure does not provide an IdP meaning that no users by design exist in the infrastructure. Instead, the AS is federated with two services that provide the identity of the users:

...

In order to provide a stateless and scalable setup while at the same time comply with the requirements of the eHealth Infrastructure the following security mechanisms come into play:

Token based security

Once the user is logged in, a set of tokens (see Authentication and authorization for details on the tokens) are handed out by the AS (based on the OIO SAML AuthResponse). These tokens servers as 'tickets' and are verified and asserted every time the user interacts with the eHealth Infrastructure. If deemed invalid or expired by the eHealth Infrastructure, no further interaction happens and the user is denied from accessing or manipulating data. As the tokens from the login initially are very broad spectred, little or no data is accessible. This entirely depends on the information given in the OIO SAML AuthResponse. If the user e.g. happens to be part of multiple careteams, the AS is unable to supply proper default values as the choice is not unambiguously. This is due to the fact that the access to data under each careteam may differ from careteam to  careteam. In order to actually gain access to eg. clinical or organizational data, the user needs to actively choose in which context the user wants to interact. Based on the choice of context, the eHealth Infrastructure can forge a new set of tokens (based on the initial handed out tokens + the chosen context - see Switching Context for details) which then provides access under the given chosen context. Possible contexts are

  • Episode of care
  • Patient
  • Organization
  • Careteam

Each time one or more of these context items are provided in the step where the user chooses a given context, a consistency check is made in the eHealth Infrastructure order to check that the chosen set of context items actually fit together. All in all, without going into details it can be stated that the security model does both RBAC and ABAC security checks.


Detailed parts of the security documentation can be found at the following pages:

...