Versions Compared

Old Version 6

changes.mady.by.user Jens Kristian Villadsen

Saved on

compared with

New Version Current

changes.mady.by.user John Schneider

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor changes to links
Note

The KOMBIT Context handler implementation currently only support privileges and constraints addressed in the form http: and not also in the urn: form as stated in the OIO-BPP documentation (section “Representation and processing of Privileges (normative)“).

Because of this and the fact that all privileges roles in the eHealth Infrastructure has been stated in the urn: form the following precautions must be taken in the OIO-BPP block when constructed by the local IdP in the municipalities situated behind the KOMBIT Context handler:.

Note

OIO BPP block below illustrates an example of what is expected by the eHealth Infrastructure:

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="urn:dk:kombit:orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="urn:dk:sundhed:ehealth:careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>urn:dk:sundhed:ehealth:role:monitoring_
responsible<
assistor</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>
Note

The following is how local IdP administrators should express it:

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="http://ehealth.sundhed.dk/contraints/orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="http://ehealth.sundhed.dk/contraints/careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>http://sundhed.dk/ehealth/role/monitoring_responsible<assistor</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>
Note

Notice how the value of Constraint Name and the value of Privilege differ as they are expressed in the form http:

A component outside the eHealth Infrastructure (FUT proxyThe eHealth service SAML proxy (SAML Proxy ) is responsible for the conversion to the form expected by the eHealth Infrastructure.

See also general rules for BPP here: Basic Privilege Profile - eHealth Infrastructure Wiki - Confluence (atlassian.net)