search

SanteonNL / shared-care-planning

https://santeonnl.github.io/shared-care-planning/
GNU General Public License v3.0
4 stars 3 forks source link

Could the NUTS-URA-CREDENTIAL be more generic? (e.g. NUTS-CAREPROVIDER-CREDENTIAL) #53

Open bramwesselo opened 1 month ago

bramwesselo commented 1 month ago

Why? To make the use of multiple identifiers possible (within or outside NL) and translation/mapping to FHIR Organization is easier:

Current content NutsUraCredential:

"credentialSubject": { "id": "did:web:hospital.example.com:holder#1", "organization": { "ura": "3732", "name": "Example Hospital", "city": "Amsterdam" } }

Proposal for new NutsCareProviderCredential:

"credentialSubject": { "id": "did:web:hospital.example.com:holder#1", "organization": { "identifier": { "system": "http://fhir.nl/fhir/NamingSystem/ura", "value": "3732" }, "name": "Example Hospital", "address": { "city": "Amsterdam" } }

woutslakhorst commented 1 month ago

From an issuer and verifier perspective such a credential is more complex and thus sensitive for errors. Instead of requiring that a NutsUraCredential is issued by X you have to check if a NutsCareProviderCredential is issued by X and has system http://fhir.nl/fhir/NamingSystem/ura. This is required because you have to limit which identifier can be issued by which authentic registry.

So you have to make a decision on complexity on the trust/security layer vs a (convenience) feature on the functional layer.