Versions Compared

Old Version 3

changes.mady.by.user Jens Kristian Villadsen

Saved on

compared with

New Version 4

changes.mady.by.user Jens Kristian Villadsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

The KOMBIT Context handler implementation currently only support privileges and constraints addressed in the form http: and not also in the urn: form as stated in the OIO-BPP documentation

...

(section “Representation and processing of Privileges (normative)“). Because of this and the fact that all privileges in the eHealth Infrastructure has been stated in the

...

urn: form the following precautions must be taken in the OIO-BPP block when constructed by the local IdP in

...

the municipalities situated behind the KOMBIT Context handler:

OIO BPP block below illustrates an example of what is expected by the eHealth Infrastructure:

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="urn:dk:kombit:orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="urn:dk:sundhed:ehealth:careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>urn:dk:sundhed:ehealth:role:monitoring_responsible</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>
Note

The following is how local IdP administrators should express it:

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="http://ehealth.sundhed.dk/contraints/orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="http://ehealth.sundhed.dk/contraints/careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>http://sundhed.dk/ehealth/role/monitoring_responsible</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>
Note

Notice how the value of Constraint Name and the value of Privilege differ as they are expressed in the form http: