Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The KOMBIT Context handler implementation currently only support privileges and constraints addressed in the form http: and not also in the urn: form as stated in the OIO-BPP documentation (section “Representation and processing of Privileges (normative)“). Because of this and the fact that all privileges in the eHealth Infrastructure has been stated in the urn: form the following precautions must be taken in the OIO-BPP block when constructed by the local IdP in the municipalities situated behind the KOMBIT Context handler:

OIO BPP block below illustrates an example of what is expected by the eHealth Infrastructure:

<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="urn:dk:kombit:orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="urn:dk:sundhed:ehealth:careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>urn:dk:sundhed:ehealth:role:monitoring_responsible</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>

The following is how local IdP administrators should express it:

<?xml version="1.0" encoding="UTF-8"?>
<bpp:PrivilegeList
    xmlns:bpp="http://itst.dk/oiosaml/basic_privilege_profile"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
    <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:29190925">
        <Constraint Name="http://ehealth.sundhed.dk/contraints/orgUnit">12345678-37a5-43c3-8e58-8b9ec5222b1c</Constraint>
        <Constraint Name="http://ehealth.sundhed.dk/contraints/careteam">95c7aef7-ec7f-487b-9687-6e6624d25fdb</Constraint>
        <Privilege>http://sundhed.dk/ehealth/role/monitoring_responsible</Privilege>
    </PrivilegeGroup>
</bpp:PrivilegeList>

Notice how the value of Constraint Name and the value of Privilege differ as they are expressed in the form http:

A component outside the eHealth Infrastructure (FUT proxy) is responsible for the conversion to the form expected by the eHealth Infrastructure.

  • No labels