Closed stevenvegt closed 1 year ago
stevenvegt
commented
1 year ago RFC002 is part of spec v1.0. I think you need to create a new RFC that amends rfc002.
Not sure how a new RFC will solve that problem? I don't like that option since it make thinks harder to find. Also, we explicitly state in section 7.1:
Future means will be added when available.
Which is what we do now.
woutslakhorst
commented
1 year ago RFC002 is part of spec v1.0. I think you need to create a new RFC that amends rfc002.
Not sure how a new RFC will solve that problem? I don't like that option since it make thinks harder to find. Also, we explicitly state in section 7.1:
Future means will be added when available.
Which is what we do now.
Well, then we would have to have a conversation about how we create specifications somewhere in the future. RFCs are not meant to change. So we either use RFCs or have versioned specs. But not a mix.
woutslakhorst
commented
1 year ago A simplification for the credential could be:
credentialSubject which contains the following information:
@type which contains the EmployeeRole type to indicate the contents describes a EmployeeRole as defined by schema.orgidentifier which contains the employee number, username or email. This identifier MUST uniquely identify one natural person within the care organisation.roleName (optional) which contains the name of the role of the person during this user session.member which contains the following information:
@type which contains the Person type.initials which contains the initials of the person.familyName which contains the last name of the person.This would remove some if-this-then-that logic. email is really only needed as unique identifier.
This PR is a RFC for the
NutsEmployeeIdentitywhich allows a care organisation to construct a claim about a current logged-in user. Since the user identity is issued by the care origanisation instead of a trusted third party (such as the government), it has a low trust level, but also comes with a simpler UX. It can be used in situations where a lower level of trust is appropriate and and then removes an extra burden from the care givers of using a personal authentication device.