Versions Compared

Old Version 6

changes.mady.by.user Nicolai Gjøderum

Saved on

compared with

New Version 7

changes.mady.by.user Nicolai Gjøderum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Setting the available context

...

Code Block
languagexml
<?xml version="1.0"?>
<PrivilegeList xmlns="http://itst.dk/oiosaml/basic_privilege_profile">
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    <Constraint Name="urn:dk:gov:saml:sorIdentifier">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Constraint Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
    <Privilege>urn:dk:healthcare:futTreatmentResponsible_0_3</Privilege>
    <Privilege>urn:dk:healthcare:futMonitoringResponsible_0_3</Privilege>
  </PrivilegeGroup>
  <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:20921897">
    ...
  </PrivilegeGroup>
</PrivilegeList>


Contents of a PrivilegeList

A PrivilegeList must contain at least one PrivilegeGroup with Scope = "urn:dk:gov:saml:cvrNumberIdentifier:<some number>".Each PrivilegeGroup must contain either a constraint with Name

A PrivilegeGroup has the following elements:

  • Exactly one Constraint specifying an organization identifier (see Organization Constraints)
  • At most one Constraint specifying a care team identifier (see Care Team Constraints)
  • At least one Privilege element

Organization Constraints

An organization constraint identifies an Organization resource by an external identifier and type.

There are three types of organizations:

  1. SOR organizations: 
    • Identified by Constraints with Name attribute = "urn:dk:gov:saml:sorIdentifier"

...

    • and value = {sor-id}
    • Refers to Fhir Organization with Identifier.system = "urn:

...

    • oid:1.2.208.176.1.1" and Identifier.value = {sor-id}
    • Example:
      • Constraint: <Constraint Name="urn:dk:gov:saml:sorIdentifier"

...

      • >950531000016003</Constraint>
      • Refers to Organization with:  "Identifier": [{"system": "urn:oid:1.2.208.176.1.1"

...

      • , "value

...

      • ": "

...

      • 950531000016003"}]
  2. STS organizations
    • Identified by Constraints with Name attribute = "urn:dk:kombit:orgUnit"

...

    •  and value =

...

    •  {sts-id}
    • Refers to Fhir Organization

...

    • with

...

    • Identifier.system = "https://www.kombit.dk/sts/organisation" and Identifier.value = {sts-id}
    • Example:
      • Contraint: <Constraint Name=

...

      • "urn:dk:kombit:orgUnit">eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
      • Refers to Organization with:  "Identifier": [{"system": "https://www.kombit.dk/sts/organisation", "value": "eeeeeeee-b760-11e9-a2a3-2a2ae2dbcce4"}]
  2. SSL organizations
    • Identified by Constraints with Name attribute =  "urn:dk:sundhed:ehealth:sslOrg"
    • Refers to Fhir Organization with Identifier.system = "http://ehealth.sundhed.dk/organization/ssl" and Identifier.value = {ssl-id}
    • Example:
      • Constraint: <Constraint Name="urn:dk:sundhed:ehealth

...

      • :sslOrg">aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
      • Refers to Organization with:  "Identifier": [{"system": "http://ehealth.sundhed.dk/organization/ssl", "value": "aaaaaaaa-b760-11e9-a2a3-2a2ae2dbcce4"}]

Care Team Constraints

A care team constraint identifies a CareTeam resource by an external identifier.

Care team constraints always have Name attribute = "urn:dk:sundhed:ehealth:careteam" and value = "C" refers to a Fhir CareTeam resource with an identifer with system = .

A care team constraint with value = {careteam-id} refers to Fhir CareTeam with Identifier.system =  "urn:ietf:rfc:3986" and Identifier.value = "C".Each PrivilegeGroup must contain at least one Privilege.= {careteam-id}

Example:

  • Constraint: <Constraint Name="urn:dk:sundhed:ehealth:careteam">cccccccc-b760-11e9-a2a3-2a2ae2dbcce4</Constraint>
  • Refers to CareTeam with: "Identifier": [{"system": "urn:ietf:rfc:3986", "value": "cccccccc-b760-11e9-a2a3-2a2ae2dbcce4"}]

Privileges:

Allowed privileges:

  • urn:dk:sundhed:ehealth:role:tele_medicine_actor
  • urn:dk:sundhed:ehealth:role:administrative_personnel
  • urn:dk:sundhed:ehealth:role:healthcare:futTreatmentResponsible_0_3_professional
  • urn:dk:sundhed:ehealth:role:report_generator
  • urn:dk:sundhed:ehealth:role:questionnaire_editor
  • urn:dk:sundhed:ehealth:role:administrator
  • urn:dk:sundhed:ehealth:role:clinical_administrator
  • urn:dk:sundhed:ehealth:role:team_administrator
  • urn:dk:sundhed:ehealth:role:order_placer
  • urn:dk:sundhed:ehealth:role:service_and_logistics
  • urn:dk:sundhed:ehealth:role:incident_reporter
  • urn:dk:sundhed:ehealth:role:supporter
  • urn:dk:healthcare:futMonitoringResponsible_0_3sundhed:ehealth:role:ssl_catalogue_annotator
  • urn:dk:sundhed:ehealth:healthcarerole:futMonitoringDelegatessl_0catalogue_3responsible
  • urn:dk:healthcare:futClinicalContentDefiner_0_3sundhed:ehealth:role:ssl_contract_responsible
  • urn:dk:sundhed:ehealth:healthcarerole:futRequestEffectuator_0_3treatment_responsible
  • urn:dk:sundhed:ehealth:role:monitoring_responsible