/
National Roles

National Roles

National Roles in FUT

Starting in 2025.4 with CCR0293, the infrastructure supports National Roles. These are roles defined by NSP and can be assigned to a Practitioner. For a list of National Roles see https://www.nspop.dk/spaces/Web3/pages/264403510/Beskrivelse+af+de+nationale+roller+i+produktion.

National roles of a Practitioner user can be found by calling the userinfo endpoint from Keycloak with the Practitioner’s JWT. The response should include a national_role if the user has one and has chosen it for this session.

Receiving National Roles from SEB

When using OIOSAML-H v3.1 (see attachment for spec), we can get National Roles from the SEB response. They reside in a PrivilegeGroup. An example PrivilegeList that contains such a PrivilegeGroup could be:

<?xml version="1.0" encoding="UTF-8"?> <bpp:PrivilegeList xmlns:bpp="http://digst.dk/oiosaml/basic_privilege_profile" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:12345678"> <Privilege>urn:dk:sundhed:ehealth:clinical_viewer</Privilege> <Constraint Name="urn:dk:sundhed:ehealth:careteam">31e08ced-37a5-43c3-8e58-8b9ec5222b1c</Constraint> </PrivilegeGroup> <PrivilegeGroup Scope="urn:dk:gov:saml:cvrNumberIdentifier:12345678"> <Privilege>urn:dk:healthcare:national-federation-role:SundAssistR2</Privilege> </PrivilegeGroup> </bpp:PrivilegeList>

In this example, organization with CVR number 12345678 assigns National Role SundAssistR2 to the user, along with the FUT role clinical_viewer.

National Roles naming

We receive national roles in the SEB response in the form urn:dk:healthcare:national-federation-role:{national_role_name}, where {national_role_name} can be any of the role names from https://www.nspop.dk/spaces/Web3/pages/264403510/Beskrivelse+af+de+nationale+roller+i+produktion without the prefix “nsp”. For example nspPlejeAssR3 becomes urn:dk:healthcare:national-federation-role:PlejeAssR3.

When sending the national role in a BST2SOSI exchange to NSP, we use the “full” form, which also includes the code (see https://www.nspop.dk/spaces/Web3/pages/223415021/Nationale+roller+produktion for codes). The template for it looks like urn:dk:healthcare:national-federation-role:code:{national_role_code}:value:{national_role_name} So for example nspPlejeAssR3 becomes urn:dk:healthcare:national-federation-role:code:41003:value:PlejeAssR3.

This is not a requirement, as roles can be sent using either of the two forms ( see Diagram 2.2 in https://www.nspop.dk/display/public/web/STS+-+Guide+til+anvendere%3A+Medarbejderomvekslinger )

 

Attachments