ehealth SSO MyCareNet Tarificatin This dcument is prvided t yu free f charge by the ehealth platfrm Willebrekkaai 38 Quai de Willebreck 38 1000 BRUSSELS All are free t circulate this dcument with reference t the URL surce. ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 1/7
Table f cntents Table f cntents... 2 1 Dcument management... 3 1.1 Dcument histry... 3 2 Use f the ehealth SSO slutin... 4 2.1 Healthcare prfessinal... 4 2.1.1 Dctr as individual... 5 2.1.2 Dentist as individual... 5 2.2 Dctr within a hspital... 5 2.3 Healthcare institutin... 5 2.3.1 Guard pst... 6 2.4 Mandate hlder... 6 2.4.1 Mandated rganizatin... 6 2.4.2 Mandated persn... 7 T the attentin f: IT expert willing t integrate this web service. ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 2/7
1 Dcument management 1.1 Dcument histry Versin Date Authr Descriptin f changes / remarks 1 11/04/2014 ehealth First versin 2 07/09/2016 ehealth Update with new target grups ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 3/7
2 Use f the ehealth SSO slutin This sectin specifies hw the call t STS must be dne in rder t access the web service. Yu must precise several attributes in the request. T access the MyCareNet tarificatin web service (WS), the respnse tken must cntain: - true fr all f the blean certificatin attributes. - a value fr all the nihii11 certificatin attributes If yu: - btain false fr ne blean certificatin attributes - d nt btain any value fr ne f the nihii11 certificatin attributes then yu shuld cntact ehealth t verify whether the requested test cases were cnfigured in the right way. The dcuments Tarificatin_STS_samlRequest.xml and Tarificatin_STS_samlRespnse.xml prvide STS request/respnse examples. Currently, nly general practitiners (r their mandate-hlder) can access the tarificatin service. In rder t facilitate the Single-Sign-On (SSO) the SAML tkens as described in this sectin (dctr as individual) are the same as fr sme ther services which are used by the general practitiners (e.g. MyCareNet GMF Ntificatin service, MyCareNet Registratin service). 2.1 Healthcare prfessinal The request fr the SAML tken is secured with the prfessinal s eid 1. The certificate used by the Hlder-Of-Key (HOK) verificatin mechanism is an ehealth certificate. The required attributes are the fllwing (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): The scial security identificatin number f the prfessinal: urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin urn:be:fgv:persn:ssin Fr each prfessinal, the fllwing infrmatin must be asserted by ehealth: The scial security identificatin number f the prfessinal : (AttributeNamespace: "urn:be:fgv:identificatin-namespace") urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin urn:be:fgv:persn:ssin The user uses his/her persnal certificate (AttributeNamespace: "urn:be:fgv:certifiednamespace:ehealth"): urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin:usersessin:blean Depending n the prfessinal categry, ther attributes may be asserted by ehealth. These attributes are listed in the belw sectins. 1 As fallback, in absence f the eid, the persnal ehealth certificate can be used fr authenticatin instead. ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 4/7
2.1.1 Dctr as individual Dctr as individual must als request this attribute in the AttributeQuery: The NIHII number f the dctr (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth"): urn:be:fgv:persn:ssin:ehealth:1.0:dctr:nihii11 2.1.2 Dentist as individual Dentist must als request this attribute in the AttributeQuery: The NIHII number f the dentist (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth"): urn:be:fgv:persn:ssin:ehealth:1.0:nihii:dentist:nihii11 2.2 Dctr within a hspital The SAML tken request is secured with the ehealth certificate f the hspital. The certificate used by the HOK verificatin mechanism is the same ehealth certificate. The required attributes are the fllwing (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): The scial security identificatin number f the dctr: urn:be:fgv:persn:ssin The NIHII number f the hspital: urn:be:fgv:ehealth:1.0:certificatehlder:hspital:nihii-number urn:be:fgv:ehealth:1.0:hspital:nihii-number Dctr must als specify which infrmatin must be asserted by ehealth: The scial security identificatin number f the dctr (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): urn:be:fgv:persn:ssin The NIHII number f the hspital: urn:be:fgv:ehealth:1.0:certificatehlder:hspital:nihii-number urn:be:fgv:ehealth:1.0:hspital:nihii-number The NIHII number f the dctr (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth"): urn:be:fgv:persn:ssin:ehealth:1.0:dctr:nihii11 The hspital must be a recgnized hspital (AttributeNamespace: "urn:be:fgv:certifiednamespace:ehealth"): urn:be:fgv:ehealth:1.0:certificatehlder:hspital:nihii-number:recgnisedhspital:blean 2.3 Healthcare institutin The SAML tken request is secured with the ehealth certificate f the institutin. The certificate used by the HOK verificatin mechanism is the same ehealth certificate. The institutin type defines the required attributes. ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 5/7
2.3.1 Guard pst The required attributes are the fllwing (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): The NIHII number f the guard pst: urn:be:fgv:ehealth:1.0:guardpst:nihii-number urn:be:fgv:ehealth:1.0:certificatehlder:guardpst:nihii-number The healthcare institutin must als specify which infrmatin must be asserted by ehealth: The NIHII number f the healthcare institutin (AttributeNamespace: urn:be:fgv:identificatin-namespace ): urn:be:fgv:ehealth:1.0:guardpst:nihii-number urn:be:fgv:ehealth:1.0:certificatehlder:guardpst:nihii-number The healthcare institutin must be recgnized (AttributeNamespace: urn:be:fgv:certifiednamespace:ehealth): urn:be:fgv:ehealth:1.0:certificatehlder:guardpst:nihii-number:recgnisedguardpst:blean 2.4 Mandate hlder 2.4.1 Mandated rganizatin The SAML tken request is secured with the ehealth certificate f the mandated rganizatin. The certificate used by the HOK verificatin mechanism is the same ehealth certificate. The required attributes are the fllwing (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): The CBE number f the mandated rganizatin: urn:be:fgv:ehealth:1.0:certificatehlder:enterprise:cbe-number urn:be:fgv:kb-bce:rganizatin:cbe-number Mandated rganizatin must als specify which infrmatin must be asserted by ehealth: The CBE number f the mandated rganizatin (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): urn:be:fgv:ehealth:1.0:certificatehlder:enterprise:cbe-number urn:be:fgv:kb-bce:rganizatin:cbe-number The mandated rganizatin must be a recgnized mandated rganizatin (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth"): The service name : urn:be:fgv:kb-bce:rganizatin:cbe-number:ehealth:1.0:recgnisedmandatary:blean urn:be:fgv:ehealth:1.0.servicename:external with the value insurability ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 6/7
2.4.2 Mandated persn The request fr the SAML tken is secured with the eid 2 f the mandated persn. The certificate used by the HOK verificatin mechanism is an ehealth certificate. The required attributes are the fllwing (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): The scial security identificatin number f the mandated persn: urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin urn:be:fgv:persn:ssin Mandated persns have als t specify which infrmatin must be asserted by ehealth: The scial security identificatin number f the mandated persn: (AttributeNamespace: "urn:be:fgv:identificatin-namespace") urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin urn:be:fgv:persn:ssin The user uses his/her persnal certificate (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth"): urn:be:fgv:ehealth:1.0:certificatehlder:persn:ssin:usersessin:blean The persn must be a recgnized mandated persn: (AttributeNamespace: "urn:be:fgv:certified-namespace:ehealth") urn:be:fgv:persn:ssin:ehealth:1.0:recgnisedmandatary:blean The service name (AttributeNamespace: "urn:be:fgv:identificatin-namespace"): urn:be:fgv:ehealth:1.0.servicename:external with the value insurability 2 As fallback, in absence f the eid, the persnal ehealth certificate can be used fr authenticatin instead. ehealth SSO-MyCareNet Tarificatin v.2 dd 12.09.2016 7/7