Open woutslakhorst opened 3 years ago
I'd say we add a proof to the service from the organization stating something like "I agree that my vendor performs eOverdracht services for my care organization". The vendor must make sure to publish that proof with the service to 'activate' it. However I wouldn't allow 'unactivated' services, it's easier to require every service to have valid organization proof upfront.
However I wouldn't allow 'unactivated' services, it's easier to require every service to have valid organization proof upfront.
Yes, but from a migration and 'lets ship it' perspective it'll take longer to actually activate any service at all..
In that case I think they should be active by default until we add verifiable organization proof.
Currently only the vendor signs for a service activation. The vendor should remain responsible for setting the service up with the correct endpoints, but the care organization should endorse it with a signature.
This would be a feature for when care organizations have access to more easy to use cryptographic means.