...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
<Constraint Name="urn:dk:gov:saml:sorIdentifier">440711000016004</Constraint>
<Constraint Name="urn:dk:sundhed:ehealth:careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
<Privilege>urn:dk:sundhed:ehealth:role:monitoring_responsible</Privilege>
<Privilege>urn:dk:sundhed:ehealth:role:treatment_resposible</Privilege>
</PrivilegeGroup>
<PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
<Constraint Name="urn:dk:kombit:orgUnit">48df8b3d-56be-4f3a-bd0f-d3ade05348dd</Constraint>
<Privilege>urn:dk:sundhed:ehealth:role:clinical_content_definer<administrator</Privilege>
<Privilege>urn:dk:sundhed:ehealth:role:questionnaire_editor</Privilege>
</PrivilegeGroup>
</bpp:PrivilegeList> |
Had the example instead looked like the example stated above, the user Lasse Dam would have been issued a more narrow JWT as nothing would have been set into context as the AS would be unable to choose between the whether the user should be in the context of the careteam with the role "monitoring responsible" and "treatment responsible" or in the context of the organization with the role roles "clinical content defineradministrator" (capable of managing PlanDefinition and ActivityDefinitions) and "questionnaire editor".
The PriviledgeGroups provided in the OIO BPP must be unique in accordance with the following scheme:
...