Split of eOverdracht NutsAuthorizationCredentials for Task and other resources

[woutslakhorst]

Currently, the authorization of the Task resource and other resources may be placed in a single NutsAuthorizationCredential. This can cause problems when the flow is completed or cancelled. When the status changes to completed or cancelled the access to the medical/personal resources needs to be revoked. If the same credential also contains the Task resource, it can no longer be fetched. This is annoying since the result of the updated Task is a notification for which the receiving party is required to retrieve the Task.

Proposal: Create two NutsAuthorizationCredentials, 1 for the task with a validity of a year and 1 for the other FHIR resources which may be closed when the flow is completed.

Impact: The sending party will have to create 2 NutsAuthorizationCredentials instead of 1 and will have to make sure the correct one is closed. The receiving party will not be impacted if the NutsAuthorizationCredential in retrieving the Task is found based on the identifier and a separate search for a valid credential is done based on the composition identifier.

[jorritspee]

+1

[MichielBruins-gerimedica]

I understand that in the 'Bolt eOverdracht voortgang' meeting of 16 Nov 2022 it was decided to use these 2 authorization tokens. Thijs will process it in the Bolt documentation.

May I propose to close this ticket 12 now?

Details from the meeting:

• The token for the Task resource will have an expiry date of 1 year.
• The token for the compositions will be ended by the sender once the Task is completed. And it might contain a expiry date determined by the sender (minimum duration unclear at this time).