{"type":"doc","content":[{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"KOMBIT Context handler","type":"text","marks":[{"type":"link","attrs":{"href":"https://digitaliseringskataloget.dk/l%C3%B8sninger/adgangsstyring-brugere"}}]},{"text":" implementation currently only supports privileges and constraints addressed in the ","type":"text"},{"text":"http:","type":"text","marks":[{"type":"code"}]},{"text":" form and not in the ","type":"text"},{"text":"urn:","type":"text","marks":[{"type":"code"}]},{"text":" form, as stated in the ","type":"text"},{"text":"OIO-BPP documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://digst.dk/media/tcdfnmmo/oiosaml-basic-privilege-profile-1_1.pdf"}}]},{"text":" (section “","type":"text"},{"text":"Representation and processing of Privileges (normative)","type":"text","marks":[{"type":"strong"}]},{"text":"“). ","type":"text"}]},{"type":"paragraph","content":[{"text":"Because of this and the fact that roles in the eHealth Infrastructure have been stated in the ","type":"text"},{"text":"urn","type":"text","marks":[{"type":"code"}]},{"text":", the following precautions must be taken in the OIO-BPP block when constructed by the local IdP in the municipalities behind the KOMBIT Context handler.","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"OIO BPP block below illustrates an example of what is expected by the eHealth Infrastructure:","type":"text"}]}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"6cc8e2a8-d3b7-4a82-b3ec-cdcabded6822"},"content":[{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[680.0]},"content":[{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n 12345678-37a5-43c3-8e58-8b9ec5222b1c\n 95c7aef7-ec7f-487b-9687-6e6624d25fdb\n urn:dk:sundhed:ehealth:role:monitoring_assistor\n \n","type":"text"}]}]}]}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"The following is how local IdP administrators should express it:","type":"text"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n 12345678-37a5-43c3-8e58-8b9ec5222b1c\n 95c7aef7-ec7f-487b-9687-6e6624d25fdb\n http://sundhed.dk/ehealth/role/monitoring_assistor\n \n","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Notice how the value of ","type":"text"},{"text":"Constraint Name","type":"text","marks":[{"type":"code"}]},{"text":" and the value of ","type":"text"},{"text":"Privilege","type":"text","marks":[{"type":"code"}]},{"text":" differ as they are expressed in the form ","type":"text"},{"text":"http:","type":"text","marks":[{"type":"code"}]},{"text":" ","type":"text"}]}]},{"type":"paragraph","content":[{"text":"The eHealth authentication service (KewyCloak) is responsible for the conversion to the form expected by the eHealth Infrastructure.","type":"text"}]},{"type":"paragraph","content":[{"text":"See also the general rules for BPP here: ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/561479720"}},{"text":" ","type":"text"}]},{"type":"paragraph"}],"version":1}

Browser not supported