search

nuts-foundation / nuts-node

The reference implementation of the Nuts specification. A decentralized identity network based on the w3c ssi concepts with practical functionality for the healthcare domain.
https://nuts-foundation.gitbook.io
GNU General Public License v3.0
23 stars 15 forks source link

Subject should be provided to Resource Server by PEP #3258

Closed reinkrul closed 5 days ago

reinkrul commented 1 month ago

There should be a way to derive the subject ID from a DID: when a remote party accesses data using a service-to-service access token, the PEP extracts the DID of the local party, which is then passed to the upstream resource server.

But the vendor applications now interact with the Nuts node using the subject ID instead of DID, so applications administer subject ID of DID (e.g. in mapping to a tenant/customer-specific FHIR store). Thus; it needs to know which subject the token is about, instead of just the DID. Options:

2nd is probably the most correct.

woutslakhorst commented 1 month ago

might become client_id (from authorization server metadata) and thus will be available?

woutslakhorst commented 6 days ago

~~fixed ~~