Presentation is loading. Please wait.

Presentation is loading. Please wait.

WS eHealth MediPrima Service presentation. 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip.

Similar presentations


Presentation on theme: "WS eHealth MediPrima Service presentation. 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip."— Presentation transcript:

1 WS eHealth MediPrima Service presentation

2 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip  eHealth certificates https://www.ehealth.fgov.be/fr/support/services-de-base/certificats-ehealth  STS call ( SSO)

3 3 21/08/2012 Operation available  ConsultCarmedIntervention : obtain information about the intervention accorded (an electronic decision support) and, if applicable, an approval number to guarantee payment Inputs : -Cover identifier (eCarmed number) -OR Patient identifier + Period/Reference date Outputs (if results exist): -Medical card identifier -Medical card content -Approval number

4 4 21/08/2012 Request specification

5 5 21/08/2012 Request example test BCSS rights eCarmed

6 6 21/08/2012 Response specification

7 7 21/08/2012 eHealth-Certificates: specifications  x509v3 certificate  Issued by GovernmentCA (fedict)  Current Subject specifications CN = Logical name of the certificate O = Official name of the organization OU = Type of identification no. e.g. CBE / NIHII / … SerialNumber = Identification no. of the organization

8 8 21/08/2012 web services

9 9 21/08/2012 SSO general principles (1/2)  Purpose Completes the "Integrated user and access management" Access to various services within a single session  Main features Supports ABAC and ZBAC principles Based on SAML protocol  Terminology WSC : web service consumer WSP : web service provider STS : Secure Token Service

10 10 21/08/2012 SSO general principles (2/2)

11 11 21/08/2012 STS Request/Response (1/5)  Description of the flows (1) and (2)  Illustration with the set of attributes Recognized pharmacy Recognized pharmacist  Other rules will be supported in the same way Attribute or access oriented

12 12 21/08/2012 STS Request/Response (2/5) Request general structure  Header deals with 'security of the call to the STS service'  x509 Identification certificate eID eHealth certificate Federal Government  Example: x509:identification of the hospital

13 13 21/08/2012 STS Request/Response (3/5) Request : SAML elements  Confirmation method: Holder-of-Key Sender-Vouches  Subject SAML assertion Identification Attr. Policy Attr  Attribute to confirm Attributetype  Example claim: recognized general practitioner claim: recognized hospital

14 14 21/08/2012 STS Request/Response(4/5) Response general structure  General characteristic global Status assertion signed by eH Response to requested claims  Example claim: recognized general practitioner -TRUE claim: recognized hospital -TRUE

15 15 21/08/2012 STS Request/Response (5/5) Remarks  Attributes not certified Example -claim: recognized pharmacyTRUE -claim: recognized pharmacistFALSE  Technical errors when error occurred while processing request -abort request -error message send to WSC Example -REQ-01: Checks on ConfirmationMethod failed  Time validity each attribute is certified for a certain period

16 16 21/08/2012 WSC/WSP communication (1/3)  Description of the flow (3)  Illustration with the set of attributes -Recognized hospital -Recognized general practitioner

17 17 21/08/2012 WSC/WSP communication (2/3) Request general structure  Header deals with 'security of the call to the WSP service'  Identification based on SAML assertion  Example: SAML assertion delivered by eHealth

18 18 21/08/2012 WSC/WSP communication (3/3) Remark  Verifications to perform by the WSP Validity of x509 certificate -Certificate Revocation List (CRL) -Trusted Certificate Authority Check SAML assertion -Signed by eHealth -Assertion still valid (cfr. Time Validity) Check Holder-Of-Key profile -SAML assertion & x509 and, obviously, its further access rules

19 19 21/08/2012 SSO specification  The SAML token request is secured with the eHealth certificate of the nihii organization. The certificate used by the Holder-Of-Key verification mechanism is the same eHealth certificate.  Needed attributes : (AttributeNamespace: "urn:be:fgov:identification- namespace"): urn:be:fgov:person:ssin (social security identification number of the person) urn:be:fgov:ehealth:1.0:certificateholder:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number  Information which must be asserted by eHealth (AttributeNamespace: urn:be:fgov:certifiednamespace:ehealth): urn:be:fgov:person:ssin (social security identification number of the person) urn:be:fgov:ehealth:1.0:certificateholder:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number:recognisedhopsital: nihii11 (NIHII number of the organization)


Download ppt "WS eHealth MediPrima Service presentation. 2 21/08/2012 Access to the WS  Access to the webservice “eCarmed” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip."

Similar presentations


Ads by Google