1 / 19

WS eHealth MediPrima Service presentation

WS eHealth MediPrima Service presentation. Access to the WS. Access to the webservice “ eCarmed ” Certificate required Cfr : Schema eCarmed_WSDL_v1_0_4.zip eHealth certificates https://www.ehealth.fgov.be/fr/support/services-de-base/certificats-ehealth STS call ( SSO).

maddox
Télécharger la présentation

WS eHealth MediPrima Service presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WS eHealth MediPrimaService presentation

  2. Access to the WS • Access to the webservice “eCarmed” • Certificate required • Cfr : Schema eCarmed_WSDL_v1_0_4.zip • eHealth certificates • https://www.ehealth.fgov.be/fr/support/services-de-base/certificats-ehealth • STS call ( SSO)

  3. Operation available • ConsultCarmedIntervention : obtain information about the intervention accorded (an electronic decision support) and, if applicable, an approval number to guarantee payment • Inputs : • Cover identifier (eCarmed number) • OR Patient identifier + Period/Reference date • Outputs (if results exist): • Medical card identifier • Medical card content • Approval number

  4. Request specification

  5. Request example <soapenv:Envelopexmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:n1="http://kszbcss.fgov.be/intf/ECarmedService/v1"> <soapenv:Header/> <soapenv:Body> <n1:ConsultCarmedInterventionRequest> <InformationCustomer> <Ticket>test BCSS</Ticket> <CustomerIdentification> <CbeNumber>0212344876</CbeNumber> </CustomerIdentification> </InformationCustomer> <LegalContext>rights eCarmed</LegalContext> <SelectionCriteria> <BySsin> <Ssin>87121528116</Ssin> <Period> <StartDate>2012-01-29</StartDate> <EndDate>2012-06-02</EndDate> </Period> </BySsin> </SelectionCriteria> </n1:ConsultCarmedInterventionRequest > </soapenv:Body> </soapenv:Envelope>

  6. Response specification

  7. eHealth-Certificates: specifications • x509v3 certificate • Issued by GovernmentCA (fedict) • Current Subject specifications • CN = Logical name of the certificate • O = Official name of the organization • OU = Type of identification no. e.g. CBE / NIHII / … • SerialNumber = Identification no. of the organization

  8. SSO @ web services

  9. SSO general principles (1/2) • Purpose • Completes the "Integrated user and access management" • Access to various services within a single session • Main features • Supports ABAC and ZBAC principles • Based on SAML protocol • Terminology • WSC : web service consumer • WSP : web service provider • STS : Secure Token Service

  10. SSO general principles (2/2)

  11. STS Request/Response (1/5) • Description of the flows (1) and (2) • Illustration with the set of attributes • Recognized pharmacy • Recognized pharmacist • Other rules will be supported in the same way • Attribute or access oriented

  12. STS Request/Response (2/5)Request general structure • Header deals with 'security of the call to the STS service' • x509 Identification certificate • eID • eHealth certificate • Federal Government • Example:x509:identification of the hospital

  13. STS Request/Response (3/5)Request : SAML elements • Confirmation method: • Holder-of-Key • Sender-Vouches • Subject • SAML assertion • Identification Attr. • Policy Attr • Attribute to confirm • Attributetype • Example • claim: recognized general practitioner • claim: recognized hospital

  14. STS Request/Response(4/5)Response general structure • General characteristic • global Status • assertion signed by eH • Response to requested claims • Example • claim: recognized general practitioner • TRUE • claim: recognized hospital • TRUE

  15. STS Request/Response (5/5)Remarks • Attributes not certified • Example • claim: recognized pharmacy TRUE • claim: recognized pharmacist FALSE • Technical errors • when error occurred while processing request • abort request • error message send to WSC • Example • REQ-01: Checks on ConfirmationMethod failed • Time validity • each attribute is certified for a certain period

  16. WSC/WSP communication (1/3) • Description of the flow (3) • Illustration • with the set of attributes • Recognized hospital • Recognized general practitioner

  17. WSC/WSP communication (2/3)Request general structure • Header deals with 'security of the call to the WSP service' • Identification based on SAML assertion • Example:SAML assertion delivered by eHealth

  18. WSC/WSP communication (3/3)Remark • Verifications to perform by the WSP • Validity of x509 certificate • Certificate Revocation List (CRL) • Trusted Certificate Authority • Check SAML assertion • Signed by eHealth • Assertion still valid (cfr. Time Validity) • Check Holder-Of-Key profile • SAML assertion & x509 • and, obviously, its further access rules

  19. SSO specification • The SAML token request is secured with the eHealth certificate of the nihii organization. The certificate used by the Holder-Of-Key verification mechanism is the same eHealth certificate. • Needed attributes : (AttributeNamespace: "urn:be:fgov:identification-namespace"): urn:be:fgov:person:ssin (social security identification number of the person) urn:be:fgov:ehealth:1.0:certificateholder:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number • Information which must be asserted by eHealth (AttributeNamespace: urn:be:fgov:certifiednamespace:ehealth): urn:be:fgov:person:ssin (social security identification number of the person) urn:be:fgov:ehealth:1.0:certificateholder:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number urn:be:fgov:ehealth:1.0:hospital:nihii-number:recognisedhopsital: nihii11 (NIHII number of the organization)

More Related