PJD - XUA - SAML specification
Content:
- PJD - XUA - SAML specification
- 0. Specification changelog
- 0.5 Mapping between old and new fields
- 1. Identity and Context Claims
- 2. Assertion for Norwegian Identity Trust Framework for Health Care Services
- 2.1 Generic Structure of the Identity Assertion
- 2.2 Assertion Signature
- 2.3 Attributes for Norwegian Trust Framework for Health Care Services
- Home Community Id
- Healthcare professional (HCP)
- Healthcare Profesional Structional Role (HCP)
- Healthcare Professional ID (HCP)
- Healthcare Professional ID-provider (HCP)
- Healthcare Professional Organization (HCPO)
- Healthcare Professional Organization ID (HCPO)
- Point of care (HCPO)
- Point of care ID (HCPO)
- Department (HCPO)
- HCPO Department ID (HCPO)
- Patient identifier (Patient)
- Point-of-care (Patient)
- Point-of-care ID (Patient)
- Treatment facility (Patient)
- Treatment facility ID (Patient)
- Healthcare service (relationship)
- Purpose of use (relationship)
- Purpose-of-use-details (relationship)
- Decision reference (relationship)
- BPPC DOCID
- XUA ACP
- 2.4 Audit Trail Considerations
- 3. Examples
0. Specification changelog
This table specifies from what time a given SAML specification will be active
| Valid From | SAML-endpoint version | Specification version | Environment | Comment |
|---|---|---|---|---|
| 2020 | V1.0 | V1.1 | Production | Version used in production by most users (may 2024) |
| 13.03.24 | V2.0 | Hybrid (V1.1 + V2.0) | Production | Hybrid between old and new specification |
| xx.05.24(Medio May) | V1.0 | V1.2 | Production | Include trust-framework:1.0:ext:care-relationship:healthcare-service |
| 01.11.24 | V2.0 | V2.1 | Production | Remove fields from old SAML-specification 1.x |
0.5 Mapping between old and new fields
| Old SAML-specification | New SAML-spesifikasjon (From 13.03.2024) |
|---|---|
| subject/NameID | subject/NameID |
| urn:oasis:names:tc:xspa:1.0:subject:subject-id (deprecated XSPAv2) | urn:oasis:names:tc:xacml:1.0:subject:subject-id |
| urn:oasis:names:tc:xspa:2.0:subject:npi (does not exist in XSPAv2) | urn:oasis:names:tc:xspa:1.0:subject:npi |
| urn:ihe:iti:xua:2017:subject:provider-identifier | urn:ihe:iti:xua:2017:subject:provider-identifier |
| urn:oasis:names:tc:xspa:1.0:subject:role (does not exist in XSPAv2) | urn:oasis:names:tc:xacml:2.0:subject:role |
| urn:oasis:names:tc:xspa:1.0:subject:organization-id | urn:oasis:names:tc:xspa:1.0:subject:organization-id |
| urn:oasis:names:tc:xspa:1.0:subject:organization | urn:oasis:names:tc:xspa:1.0:subject:organization |
| - | urn:oasis:names:tc:xspa:1.0:subject:child-organization |
| - | urn:nhn:trust-framework:1.0:ext:subject:child-organization-name |
| - | urn:oasis:names:tc:xspa:1.0:subject:facility |
| - | urn:nhn:trust-framework:1.0:ext:subject:facility-name |
| - | urn:nhn:trust-framework:1.0:ext:care-relationship:healthcare-service |
| urn:oasis:names:tc:xspa:1.0:subject:purposeOfUse (deprecated XSPAv2) | urn:oasis:names:tc:xacml:2.0:action:purpose |
| - | urn:nhn:trust-framework:1.0:ext:care-relationship:purpose-of-use-details |
| - | urn:nhn:trust-framework:1.0:ext:care-relationship:decision-ref |
| urn:oasis:names:tc:xacml:2.0:resource:resource-id (does not exist in XSPAv2) | urn:oasis:names:tc:xacml:1.0:resource:resource-id |
| - | urn:nhn:trust-framework:1.0:ext:resource:child-organization |
| - | urn:nhn:trust-framework:1.0:ext:resource:child-organization-name |
| - | urn:nhn:trust-framework:1.0:ext:resource:facility |
| - | urn:nhn:trust-framework:1.0:ext:resource:facility-name |
| urn:no:ehelse:saml:1.0:subject:homeCommunityId (deprecated NHN) | urn:ihe:iti:xca:2010:homeCommunityId |
| urn:ihe:iti:bppc:2007:docid | urn:ihe:iti:bppc:2007:docid |
| urn:ihe:iti:xua:2012:acp | urn:ihe:iti:xua:2012:acp |
| urn:no:ehelse:saml:1.0:subject:SecurityLevel | - |
| urn:no:ehelse:saml:1.0:subject:Scope | - |
| urn:no:ehelse:saml:1.0:subject:client_id | - |
| urn:no:ehelse:saml:1.0:subject:Authentication_method | - |
1. Identity and Context Claims
The OASIS Security Assertion Markup Language (OASIS SAML 2.0) is an XML framework for sharing identity, authenticity and authorization claims within a distributed environment.
The standard defines:
- Assertions for encoding identity, authenticity, and authorization claims
- Protocols for interacting with services which manage the lifecycle of SAML assertions
- Bindings for implementing the protocols on different platforms.
- Profiles for adapting assertions and protocols to specific scenarios.
1.1 SAML-assertions
SAML Assertions encapsulate statements about a subject. Such statements may cover the context of subject authentication, describing attributes about the subject and/or the subject's permissions. Each SAML assertion additionally contains information about the issuer of the assertion and the lifecycle of the assertion (e.g. validity conditions). SAML assertions are usually digitally signed by their issuer.
1.2 Relationship to IHE XUA Integration Profile
The IHE Cross-Enterprise User Assertion (XUA) integration profile defines conventions for using SAML identity assertions within healthcare scenarios.
For verifying the authenticity and legitimacy of the presenter of an assertion the XUA profile considers both the bearer method and the holder-of-key method.
These methods do not match the needs of a trust-brokered environment were the presenter of the assertion is not the subject but vouches for the subject.
2. Assertion for Norwegian Identity Trust Framework for Health Care Services
2.1 Generic Structure of the Identity Assertion
The following table specified how the elements and attributes of a SAML v2.0 assertion are to be used with regard to the context of the eHealth DSI Identity Assertion.
Elements and attributes which are not explicitly profiled within this table MUST be ignored by the assertion consumer.
Attributes, presented in this norwegian specification, are build upon OASIS-specification Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of SAML v2.0 for Healthcare version 2.0.
Additional attributes for norwegian trust framework are specified as extension in their own namespace.
The following table defines which categories MUST be filled (R), which MAY be filled (O) and which categories MUST NOT be used (X).
| Assertion Element | Optionality | Usage convention |
|---|---|---|
| @Version | R | MUST be "2.0" |
| @ID | R | URN encoded unique identifier (UUID) of the assertion |
| @IssueInstant | R | time instant of issuance in UTC |
| Issuer | R | address URI that identifies the endpoint of issuing service e.g. "helseid-saml.nhn.no" |
| Subject | R | |
| └─ NameId | R | Identifier of the HCP encoded as a string value (unspecified format) |
| └─ @Format | R | MUST be "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" |
| └─ SubjectConfirmation | R | |
| └─ @Method | R | MUST be "urn:oasis:names:tc:SAML:2.0:cm:bearer" |
| └─ SubjectConfirmationData | X | |
| Conditions | R | |
| └─ @NotBefore | R | Time instant from which the assertion is usable. MUST be assessed by the consumer to prove validity. |
| └─ AudienceRestriction | R | |
| └─ Audience | R | Should contain a value identifying the X-Service Provider e.g. "kjernejournal-portal" |
| └─ @NotOnOrAfter | R | Time instant at which the assertion expires. MUST be assessed by the consumer to prove validity. |
| AuthnStatement | R | |
| └─ @AuthnInstant | R | Time instant of HCP authentication in UTC |
| └─ @SessionNotOnOrAfter | O | Time instant of the expiration of the session |
| └─ AuthnContext | R | |
| └─ AuthnContextClassRef | R | Reference to the HCP's authentication method. Two-Factor Authentication method MUST be used: Valid values: - urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered - urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract - urn:oasis:names:tc:SAML:2.0:ac:classes:X509 - urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI - urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI - urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI - urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient |
2.2 Assertion Signature
Every HCS Identity MUST be signed by its issuer.
2.3 Attributes for Norwegian Trust Framework for Health Care Services
An identity assertion can carry an arbitrary number of attributes on the authenticated entity. Each attribute MUST be encoded using a SAML attribute element.
Home Community Id
| Property | Value |
|---|---|
| Friendly Name | homecommunity-id |
| Name | urn:ihe:iti:xca:2010:homeCommunityId |
| Datatype | xs:anyURI |
| Description | OID-identifier to homeCommunity according IHE XDS/XCA-profiles where request is originating from. Can be also identifier to middleware product as KJ-portal where Norsk helsenett is homeCommunity object in such case, otherwise it should be identifer representing home community as defined in IHE XDS |
| Optionality | Mandatory |
Valid Values
Valid OID to Home Community MUST be presented.
| OID | Name of homeCommunity |
|---|---|
urn:oid:2.16.578.1.12.4.1.7.1.1 |
Norsk helsenett |
Sample fragment
<saml2:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.1.1</saml2:AttributeValue>
</saml2:Attribute>
Healthcare professional (HCP)
| Property | Value |
|---|---|
| Friendly Name | hcp-name |
| Name | urn:oasis:names:tc:xacml:1.0:subject:subject-id |
| Datatype | xs:string |
| Description | This attribute MUST contain the full name of the HCP in human readable form |
| Optionality | Mandatory |
Valid Values
Human readable name of HCP, supporting norwegian alphabet
Example values:
Ola Nordmann
Kari Nordmann
Kåre Skøyen Nordmann
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>OLA NORDMANN</saml2:AttributeValue>
</saml2:Attribute>
Healthcare Profesional Structional Role (HCP)
| Property | Value |
|---|---|
| Friendly Name | hcp-role |
| Name | urn:oasis:names:tc:xacml:2.0:subject:role |
| Datatype | urn:hl7-org#CE |
| Description | HCP's approved health education level/approval in Norway. One HCP can have multiple different approvals in different healthcare categories. |
| Optionality | Optional |
Valid Values
Value for structural role should represented as one of possible healthcare categories as defined in norwegian valueset
Example value:
<Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Lege" />
<Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="PS" codeSystem="2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Psykolog" />
<Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="SP" codeSystem="2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Sykepleier" />
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue><Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Lege" />
</saml2:AttributeValue>
</saml2:Attribute>
Healthcare Professional ID (HCP)
| Property | Value |
|---|---|
| Friendly Name | hcp-professional-id |
| Name | urn:oasis:names:tc:xspa:1.0:subject:npi |
| Datatype | xs:string |
| Description | Identifier refering to HCP's approved health education level/approval in Norway |
| Optionality | Optional |
Valid Values
Value represented in this attribute should refer to HCP's HPR-identifier if there is one existing (acknowleged authorized healthcare personell).
HPR-identifier is up to 9-digit string.
Example values:
123456789
12345678
1234567
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:npi"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>12345678</saml2:AttributeValue>
</saml2:Attribute>
Healthcare Professional ID-provider (HCP)
| Property | Value |
|---|---|
| Friendly Name | hcp-professional-id-provider |
| Name | urn:ihe:iti:xua:2017:subject:provider-identifier |
| Datatype | urn:hl7-org:v3#II |
| Description | Identifier refering to HCP's approved health education level/approval in Norway |
| Optionality | Optional |
Valid Values
Value represented in this attribute should refer to HCP's HPR-identifier if there is one existing (acknowleged authorized healthcare personell), together with reference to assigning authority. HPR-identifier is up to 9-digit string.
OID to assigning authority for norwegian healthcare personnel's identifier is always 2.16.578.1.12.4.1.4.4
Example values:
Sample fragment
<saml2:Attribute Name="urn:ihe:iti:xua:2017:subject:provider-identifier"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<id xmlns="urn:hl7-org:v3" type="II" extension="9999971" root="2.16.578.1.12.4.1.4.4" displayable="false" />
</saml2:AttributeValue>
</saml2:Attribute>
Healthcare Professional Organization (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-organization-name |
| Name | urn:oasis:names:tc:xspa:1.0:subject:organization |
| Datatype | xs:string |
| Description | The name of the requesting organization, expecting the legal level of organization of the requesting HCP-user belongs to. In plain text, the organization that the user belongs to shall be placed in the value of the element |
| Optionality | Mandatory |
Valid Values
Human readable name of healthcare professional organization
Example values:
Legekontor i Mordor
Hobbiton kommune
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Legekontor i Mordor</saml2:AttributeValue>
</saml2:Attribute>
Healthcare Professional Organization ID (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-organization-id |
| Name | urn:oasis:names:tc:xspa:1.0:subject:organization-id |
| Datatype | urn:hl7-org:v3#II |
| Description | Unique identifier of legal level of consuming organization (Healthcare Professional Organization), according to registration in Brønnøysundsregistrene. A unique identifier for the organization that the user is representing in performing this transaction shall be placed in the value of the element. The organization ID may be an Object Identifier (OID), using the urn format (that is, “urn:oid:” appended with the OID); or it may be a URL assigned to that organization. |
| Optionality | Mandatory |
Valid Values
Organization identifier from Brønnøysundsregistrene should be presented
Example values:
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="987654321" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
</saml2:AttributeValue>
</saml2:Attribute>
Point of care (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-point-of-care |
| Name | urn:nhn:trust-framework:1.0:ext:subject:child-organization-name |
| Datatype | xs:string |
| Description | Name of the hospital or medical facility which HCP is currently assosiated with. Can be the same as HCPO, but can differ in large medical organizations |
| Optionality | Optional |
Valid Values
Human readable name of healthcare professional organization
Example values:
Legekontor i Mordor
Kommunal legekontor i Hobbiton
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:subject:child-organization-name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Legekontor i Mordor</saml2:AttributeValue>
</saml2:Attribute>
Point of care ID (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-child-organization-id |
| Name | urn:oasis:names:tc:xspa:1.0:subject:child-organization |
| Datatype | urn:hl7-org:v3#II |
| Description | Identifier to the hospital or medical facility (HCPO point-of-care). |
| Optionality | Optional |
Valid Values
Organization's identifier from Brønnøysundsregistrene should be presented
Example values:
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="987654321" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true">
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:child-organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
</saml2:AttributeValue>
</saml2:Attribute>
Department (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-department |
| Name | urn:nhn:trust-framework:1.0:ext:subject:facility-name |
| Datatype | xs:string |
| Description | Name of sub-unit in medical treatment facility which HCP is currently assosiated with, in current patient context. |
| Optionality | Optional |
Valid Values
Human-readable name of department or facility which HCP is currently assosiated with in current patient context
Example values:
Gastrokirurgisk avdeling
Barnenevrologisk avdeling
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:subject:facility-name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Gastrokirurgisk avdeling</saml2:AttributeValue>
</saml2:Attribute>
HCPO Department ID (HCPO)
| Property | Value |
|---|---|
| Friendly Name | hcpo-department-id |
| Name | urn:oasis:names:tc:xspa:1.0:subject:facility |
| Datatype | urn:hl7-org:v3#II |
| Description | Idenfifier of sub-unit/department in medical treatment facility which HCP is currently assosiated with. |
| Optionality | Optional |
Valid Values
Department-ID should be referred as ID from respective register in Norway, e.g. RESH
Example values:
<Facility xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456" root="2.16.578.1.12.4.1.4.102" assigningAuthorityName="Register over enheter i spesialisthelsetjenesten" displayable="true" />
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:facility" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<Facility xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456" root="2.16.578.1.12.4.1.4.102" assigningAuthorityName="Register over enheter i spesialisthelsetjenesten" displayable="true" />
</saml2:AttributeValue>
</saml2:Attribute>
Patient identifier (Patient)
| Property | Value |
|---|---|
| Friendly Name | patient-id |
| Name | urn:oasis:names:tc:xacml:1.0:resource:resource-id |
| Datatype | HL7 V2.5 CX |
| Description | One of patient's norwegian identifier which is approved for use in norwegian health sector. Identifier of the data object(s) being requested, e.g. the patient unique identifier, or the query string defining the requested data in case of bulk requests. |
| Optionality | Mandatory |
Valid Values
Patient's identifier is presented in HL7 v2.5 CX-format
Use OID for respective format of patients identifier:
| OID | Description |
|---|---|
| 2.16.578.1.12.4.1.4.1 | F-number OID (fødselsnummer) - registered citizen/permanent approval for residency in Norway |
| 2.16.578.1.12.4.1.4.2 | D-number OID (d-nummer) - temporary approval for residency in Norway |
| 2.16.578.1.12.4.1.4.3 | H-number OID (felles-hjelpenummer) - temporary identifer for health sector for unknown people |
| 2.16.578.1.12.4.1.4.5 | D-number OID (duf-nummer) - temporary identifier for registered refugee in Norway |
Example values:
<saml2:AttributeValue>13116900216^^^&2.16.578.1.12.4.1.4.1&ISO</saml2:AttributeValue>
<saml2:AttributeValue>41018500216^^^&2.16.578.1.12.4.1.4.2&ISO</saml2:AttributeValue>
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xacml:1.0:resource:resource-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<saml2:AttributeValue>13116900216^^^&2.16.578.1.12.4.1.4.1&ISO</saml2:AttributeValue>
</saml2:AttributeValue>
</saml2:Attribute>
Point-of-care (Patient)
| Property | Value |
|---|---|
| Friendly Name | patient-point-of-care |
| Name | urn:nhn:trust-framework:1.0:ext:resource:child-organization-name |
| Datatype | xs:string |
| Description | Name of the hospital or medical facility where patient belongs to |
| Optionality | Optional |
Valid Values
Human-readable name of institution where patient potentialy belongs to.
Example values:
Galtvort sykehjem
Mordor helsestasjon
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:child-organization-name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Galtvort sykehjem</saml2:AttributeValue>
</saml2:Attribute>
Point-of-care ID (Patient)
| Property | Value |
|---|---|
| Friendly Name | patient-point-of-care-id |
| Name | urn:nhn:trust-framework:1.0:ext:resource:child-organization |
| Datatype | urn:hl7-org:v3#II |
| Description | Identifier of the hospital or medical facility where patient belongs to |
| Optionality | Conditional, mandatory if "Patient point-of-care"-attribute is present |
Valid Values
Organization's identifier from Brønnøysundsregistrene should be presented
Example values:
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="987654321" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:child-organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
</saml2:AttributeValue>
</saml2:Attribute>
Treatment facility (Patient)
| Property | Value |
|---|---|
| Friendly Name | patient-department |
| Name | urn:nhn:trust-framework:1.0:ext:resource:facility-name |
| Datatype | xs:string |
| Description | |
| Optionality |
Valid Values
Human-readable name of department/sub-unit in patients point-of-care organization where patient is treated.
Valid examples:
Palliativ avdeling
Barne- og ungdomspsykiatrisk avdeling (BUPA)
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:facility-name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Palliativ avdeling</saml2:AttributeValue>
</saml2:Attribute>
Treatment facility ID (Patient)
| Property | Value |
|---|---|
| Friendly Name | patient-department-id |
| Name | urn:nhn:trust-framework:1.0:ext:resource:facility |
| Datatype | urn:hl7-org:v3#II |
| Description | Identifier of sub-unit in medical treatment facility where patient is treated |
| Optionality | Conditional, mandatory if "Patient department"-attribute is present |
Valid Values
Organization's identifier from Brønnøysundsregistrene should be presented
Example values:
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
<id xmlns="urn:hl7-org:v3" xsi:type="II" extension="987654321" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true"/>
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:facility" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="123456789" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Enhetsregisteret" displayable="true">
</saml2:AttributeValue>
</saml2:Attribute>
Healthcare service (relationship)
| Property | Value |
|---|---|
| Friendly Name | healthcare-service |
| Name | urn:nhn:trust-framework:1.0:ext:care-relationship:healthcare-service |
| Datatype | urn:hl7-org:v3#CE |
| Description | Reference to healthcare service which is provided according to the treatment of patient. Just one, the most relevant, service MUST be presented. |
| Optionality | Mandatory |
Valid Values
Value from one of respective valuesets MUST be present. Valuesets er norwegian code valuesets from Volven (helsedirektoratet.no)
| OID | EN | NO |
|---|---|---|
| 2.16.578.1.12.4.1.1.8451 | Area of profession | Fagområde |
| 2.16.578.1.12.4.1.1.8627 | Healthcare services within healthcare specialist domain | Tjenestetyper innen spesialisthelsetjenesten |
| 2.16.578.1.12.4.1.1.8668 | Healthcare services for healthcare specialist domain | Tjenestetyper for spesialisthelsetjenesten |
| 2.16.578.1.12.4.1.1.8663 | Healthcare services for primary healthcare domain | Tjenestetyper for kommunal helse- og omsorgstjeneste mv |
| 2.16.578.1.12.4.1.1.8662 | Healthcare services for county domain | Fylkeskommunale tjenestetyper |
| 2.16.578.1.12.4.1.1.8664 | Healthcare services for pharmacies and bandaging suppliers | Tjenestetyper for apotek og bandasjister |
| 2.16.578.1.12.4.1.1.8666 | Common healthcare services | Felles tjenestetyper |
Example values:
<HealthcareService xmlns="urn:hl7-org:v3" xsi:type="CE" code="KX17" codeSystem="2.16.578.1.12.4.1.1.8663" displayName="Fastlege, liste uten fast lege" assigningAuthorityName="Helsedirektoratet" />
<HealthcareService xmlns="urn:hl7-org:v3" xsi:type="CE" code="KP02" codeSystem="2.16.578.1.12.4.1.1.8663" displayName="Sykepleietjeneste" assigningAuthorityName="Helsedirektoratet" />
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:healthcare-service" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue><HealthcareService xmlns="urn:hl7-org:v3" xsi:type="CE" code="KP02" codeSystem="2.16.578.1.12.4.1.1.8663" displayName="Sykepleietjeneste" assigningAuthorityName="Helsedirektoratet"/></saml2:AttributeValue>
</saml2:Attribute>
Purpose of use (relationship)
| Property | Value |
|---|---|
| Friendly Name | purpose |
| Name | urn:oasis:names:tc:xacml:2.0:action:purpose |
| Datatype | urn:hl7-org:v3#CE |
| Description | This attribute refers to the usual working environment of the user Note: Usage of "urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" is deprecated by XSPA-profile for healthcare v2.0 |
| Optionality | Mandatory |
Valid Values
Values for "purpose of use" is based on usage HL7 Valueset PurposeOfUse urn:oid:2.16.840.1.113883.1.11.20448
One of following values MUST be used in norwegian perspective:
| Code: | EN: | NO: |
|---|---|---|
| TREAT | treatment | behandling |
| ETREAT | emergency treatment | akkuttbehandling |
| COC | coordination of care | administrativ behandling |
| BTG | break the glass-emergency | krisebehandling |
Example values:
<Purpose xmlns="urn:hl7-org:v3" xsi:type="CE" code="TREAT" codeSystem="2.16.840.1.113883.1.11.20448" displayName="treatment" />
<Purpose xmlns="urn:hl7-org:v3" xsi:type="CE" code="ETREAT" codeSystem="2.16.840.1.113883.1.11.20448" displayName="emergency treatment" />
<Purpose xmlns="urn:hl7-org:v3" xsi:type="CE" code="COC" codeSystem="2.16.840.1.113883.1.11.20448" displayName="coordination of care" />
Sample fragment
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:action:purpose" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<Purpose xmlns="urn:hl7-org:v3" xsi:type="CE" code="TREAT" codeSystem="2.16.840.1.113883.1.11.20448" displayName="treatment" />
</saml2:AttributeValue>
</saml2:Attribute>
Purpose-of-use-details (relationship)
| Property | Value |
|---|---|
| Friendly Name | purpose-of-use-details |
| Name | urn:nhn:trust-framework:1.0:ext:care-relationship:purpose-of-use-details |
| Datatype | urn:hl7-org:v3#CE |
| Description | Reference to healthcare service which is provided according to the treatment of patient. |
| Optionality | Optional |
Valid Values
Refers to summary for purpose of use and providing healthcare services to refered patient.
Example values:
<purpose-of-use-details xmlns="urn:hl7-org:v3" xsi:type="CE" code="15" codeSystem="urn:oid:2.16.578.1.12.4.1.1.9151" displayName="Helsetjenester i hjemmet" assigningAuthorityName="Helsedirektoratet" />
Sample fragment
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:purpose-of-use-details" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<purpose-of-use-details xmlns="urn:hl7-org:v3" xsi:type="CE" code="15" codeSystem="urn:oid:2.16.578.1.12.4.1.1.9151" displayName="Helsetjenester i hjemmet" assigningAuthorityName="Helsedirektoratet" />
</saml2:AttributeValue>
</saml2:Attribute>
Decision reference (relationship)
| Property | Value |
|---|---|
| Friendly Name | decision-ref |
| Name | urn:nhn:trust-framework:1.0:ext:care-relationship:decision-ref |
| Datatype | urn:nhn:trust-framework:1.0#CD |
| Description | Reference to EHR's PDP identifier, identifier representing decision point in EHR allowing HCP to access patient record. |
| Optionality | Optional |
Valid Values
"Id"-identifier should be presented as UUID
"User-selected" MUST be boolean value
Example values (formatted):
<decision-ref>
<id tf:value="urn:uuid:b0b87276-79aa-4643-9bb3-7760b1f43a4d" />
<user-selected tf:value="false" />
</decision-ref>
<decision-ref>
<id tf:value="urn:uuid:c1b87276-27bb-9873-4hh7-1278b1c53a8e" />
<user-selected tf:value="true" />
</decision-ref>
Sample fragment (Formatted)
<saml2:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:decision-ref"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<decision-ref>
<id tf:value="urn:uuid:b0b87276-79aa-4643-9bb3-7760b1f43a4d" />
<user-selected tf:value="false" />
</decision-ref>
</saml2:AttributeValue>
</saml2:Attribute>
BPPC DOCID
| Property | Value |
|---|---|
| Friendly Name | bppc-docid |
| Name | urn:ihe:iti:bppc:2007:docid |
| Datatype | urn:oid |
| Description | Reference to an OID identifier, identifier represents form of applied consent |
| Optionality | Conditional, if XUA ACP-attribute present |
Valid Values
An "OID"-identifier should be present There are to following values: OID|Description --|-- 2.16.578.1.12.4.1.7.2.2.1|Digital channel 2.16.578.1.12.4.1.7.2.2.2|Analog channel
Example values:
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
<saml2:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.2.1.6</saml2:AttributeValue>
Sample fragment
<saml2:Attribute Name="urn:ihe:iti:bppc:2007:docid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.2.2.1</saml2:AttributeValue>
</saml2:Attribute>
XUA ACP
| Property | Value |
|---|---|
| Friendly Name | xua-acp |
| Name | urn:ihe:iti:xua:2012:acp |
| Datatype | urn:oid |
| Description | Reference to OID identifier, reffering to an existing access consent policy |
| Optionality | Optional |
Valid Values
An "OID"-identifier should be present There are to following values:
| OID | Description |
|---|---|
| nil/null - no value | Healthcare professional [subject] has not neccessary acknowledge to open and see patient's healthcare data [resource] and there is no need for any overrides |
2.16.578.1.12.4.1.7.2.1.4 |
Healthcare professional [subject] is not obliged to retrieve patient's consent to [resource] open and see patient's healthcare data, e.g. "patient's regular physician" (fastlege) |
2.16.578.1.12.4.1.7.2.1.5 |
Healthcare professional [subject] has been given explicit consent from patient [resource] to open and see patient's healthcare data, including locked data |
2.16.578.1.12.4.1.7.2.1.6 |
Healthcare professional [subject] is not able to retrieve consent from current patient [resource] (e.g. patient is unconscious) |
2.16.578.1.12.4.1.7.2.1.7 |
Healthcare professional [subject] has documented reasons to unlock all available healthcare data for current patient [resource] in an emergency/catastrophic situation |
2.16.578.1.12.4.1.7.2.1.8 |
Healthcare professional [subject] has retrieved consent from patient [resource] to open and see patient's healthcare data |
Example values:
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
<saml2:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.2.1.6</saml2:AttributeValue>
Sample fragment
<saml2:Attribute Name="urn:ihe:iti:xua:2012:acp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.2.1.6</saml2:AttributeValue>
</saml2:Attribute>
2.4 Audit Trail Considerations
The audit message MUST be assembled according to the HCP Assurance audit schema as defined in [Audit Trail Profile]. The following table defines which categories MUST be filled (R), which MAY be filled (O) and which categories MUST NOT be used (X).
| Instance | Optionality | Description |
|---|---|---|
| Event | R | Audited event |
| Requesting point of care | R | HCPO which is in treatment relationship with the patient |
| Human requestor | R | HCP who requested patient information |
| Source gateway | R | Outbound gateway that attested authenticity of trust framework information |
| Target Gateway | X | |
| Audit Source | R | Legal entity that ensures the uniqueness of the identifiers used to identify active participants |
| Event target | X |
3. Examples
Examples are taken from TEST-environment and does not contain sensitive information.
Helsenorge.no
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_06028bde-a47d-4749-a813-f562a121dd1c" IssueInstant="2023-07-05T11:24:24.851Z" Version="2.0">
<saml:Issuer>sikkerhet.helsenorge.no</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_06028bde-a47d-4749-a813-f562a121dd1c">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>WUqGWVVMqHcr0/Dc8+xs1B5F4ItR/WoiWP1bteP+TcI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>X9roHMusZ4bdUSN3qtlDCFRXdt3vE39gQc40izRVxsh3PSiBxS9CRBq1gg8XazdVBR3dX7ZGK8N42gyWKaAP5YNTteGpqMjIF01fba4B+BsIvEvBizXYFN5FNHXEN9pKL85hgYoCMKBkywkyPhI2lyfrMqfN9x+7dkhy+bBdEL31jiQhhtAxpOudW64mEC21melQeIqJiESA96XFuXTwqXfpJ8BCzezNKJ3fh3UYjSP61sb+O14QM1K3zkr7rzyneaphk8c6Wt8g2p0zumcULJMyW66ySV+gMy6+84oKVo7uH3H0356cOFTapK0CE6QUkeV8OUyjL8avDYN3KefW6zXUUkcM5iNMDHHUu/Z7F7l7rEEopbyulDe8orz4NVpTqrZ22RWFPSQkxLfJlnmG3vhKt+077hnKEhZ5krgjOw6qlkp3YwH6Wwe05AMcIbGGsY72Y5ToSvVhyESq2OFzcYekPbSOpA6AkJxjK+ZQT3xaiFiXIh88wGtH0OhrobWy</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIGZTCCBE2gAwIBAgILAZinXzFtXpPFiyUwDQYJKoZIhvcNAQELBQAwbjELMAkGA1UEBhMCTk8xGDAWBgNVBGEMD05UUk5PLTk4MzE2MzMyNzETMBEGA1UECgwKQnV5cGFzcyBBUzEwMC4GA1UEAwwnQnV5cGFzcyBDbGFzcyAzIFRlc3Q0IENBIEcyIFNUIEJ1c2luZXNzMB4XDTIzMDMxNDA5MDcyN1oXDTI2MDMxNDIyNTkwMFowgYgxCzAJBgNVBAYTAk5PMRswGQYDVQQKDBJOT1JTSyBIRUxTRU5FVFQgU0YxGzAZBgNVBAsMEmhlbHNlbm9yZ2Uubm8gVEVTVDElMCMGA1UEAwwcaGVsc2Vub3JnZS5ubyBTaWtrZXJoZXQgVEVTVDEYMBYGA1UEYQwPTlRSTk8tOTk0NTk4NzU5MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAqw63tbqEimHA8ElHLDqYPU6lI2gP7TLQMcReyRpJWQoWFGft1P2iN+RuFf6RnjTdedxoC01yGZ4bYGlHj+yzjlQ/tyDJHPURgFBPl6SehldO/GgLlhi74wt5RxcR3FSbHIgq+6qqHontOO/1HtuIhYihUTR5f+lXE/JeRgYa+MSI+dH3JljLyPwKUCRVuQ72DbJuhAf/kyRZ4wjSt009JsRfnK2RahO2nAUp4oqF87tZ2TKYnx/4ZcUU0Hyyw+BlV7GSN4uimyXxXkhtbDkaQhVU7wekYmkHGnpXIhCy8IofBH/THY3w5InSqwZDtyDYA2VQkXiwzGL+gz18GgDgD7OMBYxBdru9WPGzOiG0JNQ4S0qKb4/oAwVpJ29Al7bcXijklLrD3foWOOaWGmmmOV7dquv7jqqARtONyy6RJ2CWwkeOzlUf2uZP+RjSKzk+J4OjW2ImTk5UCC5EiCcoMrMw46YbOJ/wnC6xAbDfGzREIe7igl+Va5qm0LVs/gD/AgMBAAGjggFnMIIBYzAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFKf+u2xZiK10LkZeemj50bu/z7aLMB0GA1UdDgQWBBRX40rqdsTE9bm++X2NSKiMgAyirzAOBgNVHQ8BAf8EBAMCBkAwHwYDVR0gBBgwFjAKBghghEIBGgEDAjAIBgYEAI96AQEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC50ZXN0NC5idXlwYXNzY2EuY29tL0JQQ2wzQ2FHMlNUQlMuY3JsMHsGCCsGAQUFBwEBBG8wbTAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Bicy50ZXN0NC5idXlwYXNzY2EuY29tMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0LnRlc3Q0LmJ1eXBhc3NjYS5jb20vQlBDbDNDYUcyU1RCUy5jZXIwJQYIKwYBBQUHAQMEGTAXMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIwDQYJKoZIhvcNAQELBQADggIBADcI3bi1iEC9F924TsMxFSXQiahVxP904AUqPD/fNiGDhDMHTbcr6OfYHnExbeD+hTrF56vEdk1YIQOpTbabHaN9mJQINJqOfBFWtnRXy+sPQl/aGfoRCLDEzJsRVLvGtaw71DOe2FxBjKaslCcesTYYVJR6+LQiOW8jB7ttJo1OBeLwdI7RIdhndNkNOE98Om7ppMpJIV82r7zl76oOEheSGW+nFdTRqt3exqHHqsivf/fVPj1PqgUCIHckJb+okuYxaXD4bfGHAlfmQbAoQ0RdYEofb6obXiJPvjrdbTQSsLGksQaxHTOmnGkh5i+ZpOHNRik/ztlxNYDC4hWwnwZ0fK2vTDdnjXf229rPULwl31lobD3bgzvlKQ1SlUL2FzN2p0cOrdXXR8uwHsxFEjjD3rEKcVVvmCfgsZ+3MXtnf8fBHuP5+lTYsJIF7BMLYqtCO094LJlQnjsOqTeu5IS4H+2S9JveoJc09iCkbIE2w6uBNdEZyoTuVrX+zsfZElN2bU5TMylePjphkOPZ1ZTJ4nwyv7zI2Oo02daHTPaVosoyeGRdRtF/5Yliy6tpdbVutNiEDSZzcZk5rnBGQsO2Z7V5pHfW9VcLCToxoiqKYpiXBdBs+pjXonTpUU532pJbyMQK2s+KAjVcFkUPsjfQ9cdsOJ9zGX9Jd7IpEG6w</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID>31019493000</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml:Subject>
<saml:Conditions NotBefore="2023-07-05T11:24:24.851Z" NotOnOrAfter="2023-07-05T11:44:24.851Z">
<saml:AudienceRestriction>
<saml:Audience>https://xds-web.test.nhn.no/</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml:AttributeValue>Aslaug Simonsen</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml:AttributeValue>Norsk Helsenett</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml:AttributeValue>994598759</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId">
<saml:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.1.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml:AttributeValue>31019493000</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2017:subject:provider-identifier">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" type="II" extension="31019493000" root="2.16.578.1.12.4.1.4.1" displayable="false" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml:AttributeValue><PurposeOfUse xmlns="urn:hl7-org:v3" type="CE" code="13" codeSystem="1.0.14265.1" codeSystemName="ISO 14265 Classification of Purposes for processing personal health information" displayName="Subject of care uses"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml:AttributeValue>31019493000^^^&2.16.578.1.12.4.1.4.1&ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="SecurityLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Scope">
<saml:AttributeValue>innsynregisterbruk,innsynregisterinnhold,innsynpasientjournal,prover</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="client_id">
<saml:AttributeValue>urn:oid:2.16.578.1.12.4.1.7.1.1.1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthnStatement AuthnInstant="2023-07-05T11:24:24.858Z" SessionNotOnOrAfter="2023-07-05T11:44:24.858Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
<u:Timestamp xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" u:Id="_0">
<u:Created>2019-05-10T07:22:56.765Z</u:Created>
<u:Expires>2019-05-10T07:27:56.765Z</u:Expires>
</u:Timestamp>
</wsse:Security>
Kjernejournal
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_f824fb41-b8d4-4b88-9e80-34fe3d639f19" IssueInstant="2023-10-09T09:01:27.474Z" Version="2.0">
<saml:Issuer>https://helseid-xdssaml.test.nhn.no</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_f824fb41-b8d4-4b88-9e80-34fe3d639f19">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>YR/Edi/rdS1W/FtuTAkz+Fugw1dB3o26pWH9c8itivY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>aK8fXB1I19QQBvNRu3QhzmhdOOPd9dmRwtvC+PZ2hqPLWO6fUoi3qPUd+KKpCh02pRjWGB0SaehSbh7sOMBpRuA50eGXgHpqU1dJ7AqZmGvzfwYYfiBJEbsPeRrPOlDv95DI18yRvEfe1TirzEwMr8aBmjIq5REtVwKXGz3a718KzqLPy/jEVKUJqqPF7LQI97TxcQrr1NuJ7k77MnLs0Mkg5iV4xMXGMaibBKlhm9azY9mUUzqzE8hpqvxdkBIAsgSUmp7vvEvDp6iwMwDYrYtXryQN4s9dpKzBYiA/oNnfgyT5VYqoa6pJBhl+MidMXDTsAmZFRekZ6qTBwP2BQxNG4siHenxKD5h6igy6c9Dehl2xNuGLjARr+52WVbSZ2asy8gGSNScSi6il7SCfC8uJKFbsYYEiaDRVJiQ7NYGK+UB7f+tY+nh2Zzjq1EMF4wnZHzp4a13O4zaiV180YvF+3N16yDKx0rLnycp5a2EHEcGfTfqRz1FXPgT/SlYR</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIGTzCCBDegAwIBAgILAZrJWW+fA1PUzAAwDQYJKoZIhvcNAQELBQAwbjELMAkGA1UEBhMCTk8xGDAWBgNVBGEMD05UUk5PLTk4MzE2MzMyNzETMBEGA1UECgwKQnV5cGFzcyBBUzEwMC4GA1UEAwwnQnV5cGFzcyBDbGFzcyAzIFRlc3Q0IENBIEcyIFNUIEJ1c2luZXNzMB4XDTIzMDgwMTA4MDg1M1oXDTI2MDgwMTIxNTkwMFowczELMAkGA1UEBhMCTk8xGzAZBgNVBAoMEk5PUlNLIEhFTFNFTkVUVCBTRjEQMA4GA1UECwwHSGVsc2VJRDEbMBkGA1UEAwwSTk9SU0sgSEVMU0VORVRUIFNGMRgwFgYDVQRhDA9OVFJOTy05OTQ1OTg3NTkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC03te0E4QLDjqGCXqrvoRbXbZcbLw6Oyhs0LGmd2zprB8zC3fKgEBJDzPuVzBbmtdBReV+DdvoraMFlzff4qbCtPsUEmtw4ohFlaX8SEebgkZ0pdsy9rtSbIGyvcsEUCP1xC8q6RsXpvkBMiSfP00VOUOfsK/RMXPGlu2iUi80fqDLRiTlTWGw3FDV5L3rDjQrSC8pLD8WjD+uCSF81w7NioL1MhsqKG8v1hrRmGJVoRW+rnxm1cZeB25BkZwyvy+TVfBMqZDgBe2shqOc7+J3rttXrRyEN3FIbJznIoESM8Uig9el5tG2CXYgvvPU7zQDjy+1d4fYHj3bCBDIUgOA3vRRnA1i+V+eIPxmOfrqRY8+fRbd6t2IehhCgyW5qoiyhjYravt03RbGL05hxO9R8fXbyU5VUuTDTMA0KHnvKLrt82MH9poTFBni1ZjbUcB0iBBFI6A/Bu3K/hND79FTT8W1lbJzpifaaKP+1XcPukacR5IHZ68tZ47YzygTd7UCAwEAAaOCAWcwggFjMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUp/67bFmIrXQuRl56aPnRu7/PtoswHQYDVR0OBBYEFGl1wjQjGFeojCQ6MM1li7CQwhvNMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSAEGDAWMAoGCGCEQgEaAQMCMAgGBgQAj3oBATBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnRlc3Q0LmJ1eXBhc3NjYS5jb20vQlBDbDNDYUcyU1RCUy5jcmwwewYIKwYBBQUHAQEEbzBtMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcGJzLnRlc3Q0LmJ1eXBhc3NjYS5jb20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudGVzdDQuYnV5cGFzc2NhLmNvbS9CUENsM0NhRzJTVEJTLmNlcjAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBAjANBgkqhkiG9w0BAQsFAAOCAgEAPdxOpsX7betsTS7197VcsjyRjnDnUTe/TUdKbgrdWxIwZTo7aNwqhliSu5XIWR019QLLPntYJ/+G4clRkNdkmgKy+6INDtLnbOhN/jl7pJXTTgn2qvalEBE2IR9Gt0cTU88HTutz2cbAKoZBMSdw/thsXVoPzQ0OTRhq2S3Y7a9YUfgSaEf4/OfDg4ZU17JOxvbn7kJ3m0BHRykwLD+1tLC8FsCV6UtvsyDzxj5bXIGpKLjoKFuETiUJd7UEjbRl75bOEnEojyLQx4XNTkw9Li3Z+PFo71Z+nENSpTNjyntUgZp/62spoA5vhvQi8pfsxKTFaUH9dakkPDJM1QZ1c8kSjW3nwhLgcZk5q64hfTsrJT7ZOckbaq53/1nE46B4tcMMJAnXjxG70WzvWfADOORwE/sGDmlCd1/nq+d/0V+r8VzZdSVEn9eVBddrIAerW95Jevc12f4N86ez6f6lrXhPzBPUFhg8bqiIX2vj7umiQURipJWvNp7+3r/otBeQ8PO5bbIZtmf2tCnJEHs8kpCyX62JIwjQGSJnfRXa6hjq+Et9M5d+zco1ArNPAJ73jnHTObKeSgu3TuAmiFadhmVKG+sLsPOQk6D0guYVULIKS5d/pDTjffaIo+aWz62q5LDrC8m4F6qHgRiI7BEcaZCrVyRllLXr4bCsuFk6oDk=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID>24048600332</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml:Subject>
<saml:Conditions NotBefore="2023-10-09T09:01:27.474Z" NotOnOrAfter="2023-10-09T10:01:27.474Z">
<saml:AudienceRestriction>
<saml:Audience>nhn:dokumentdeling-saml</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml:AttributeValue>KAI BROVOLD</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml:AttributeValue>Sykehuset i Vestfold HF</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="983975259" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Brønnøysundregistrene" displayable="true"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:role">
<saml:AttributeValue><Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="2.16.578.1.12.4.1.1.9060&amp;ISO" codeSystemName="Kategori helsepersonell" displayName="Lege"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:homeCommunityId">
<saml:AttributeValue>2.16.578.1.12.4.1.7.1.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml:AttributeValue>9999971</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2017:subject:provider-identifier">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" type="II" extension="9999971" root="2.16.578.1.12.4.1.4.4" displayable="false" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeOfUse">
<saml:AttributeValue><PurposeOfUse xmlns="urn:hl7-org:v3" xsi:type="CE" code="1" codeSystem="1.0.14265.1" codeSystemName="ISO 14265 Classification of Purposes for processing personal health information" displayName="Oppslag via kjernejournal, helsehjelp"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml:AttributeValue>13116900216^^^&amp;2.16.578.1.12.4.1.4.1&amp;ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:SecurityLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Scope">
<saml:AttributeValue>journaldokumenter_helsepersonell</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:bppc:2007:docid">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2012:acp">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:client_id">
<saml:AttributeValue>46f2998a-3fab-43a2-bd96-bbd4785dc0ee</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Authentication_method">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
<wsu:Created>2023-10-09T09:16:48.250Z</wsu:Created>
<wsu:Expires>2023-10-09T09:31:48.250Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
Kjernejournal - General Practitioner relation (Fastlegesjekken)
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d07f9353-1ba7-40d0-b33b-8b88d28f081e" IssueInstant="2023-10-09T09:16:23.542Z" Version="2.0">
<saml:Issuer>https://helseid-xdssaml.test.nhn.no</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_d07f9353-1ba7-40d0-b33b-8b88d28f081e">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>YyWBVTtkd7saqWqyBzg5NR75wKBs9iz04/5i6eqaT5I=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>pTREHmr89KyeVWq3pmSrS/47LNQd3XYqxXIDPeAJjdgh+800B7cfrCUI6LQUBgmycMEkzaaKND92+lPWADjCK76/LX9bwZib1PT12zOlXUJE1CLSIg4rgCzis+70rP4Gx7y9KVre7pcpPrZkN9YieRege9Mr+S32AMFhXInRT1tEPRu0DuaZaxAsMgLJk3VUlZUgfoukMbXMSDN7NwYcovrrtC4NQ4oIvkct38/uBg+pzMODNvvKTfFu2XN8MiXrx5g+n8GcgkT3dAHN6JK+LqR5jpPNl+2URbxURwAS+zbdJ9hHkfWggTOaAg4lYYVV+56ZYxTnwhKr+1VlLJR+9E3NffayEFFKJdZOtpL3zf60sghF5DaMpBLcPM69Cpk/XfqjCpwKzqy1CjPftrji3m+TTY1kp5mMx5+/zZ2eqPlZx5MyBZg5+ZGFJnYWGaHP9h24CUTRQjyyJgepot01W28ox/0rOdv+ZZ7ioALKlu9/JPM3/W4N9EXKWJR0m+Qv</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIGTzCCBDegAwIBAgILAZrJWW+fA1PUzAAwDQYJKoZIhvcNAQELBQAwbjELMAkGA1UEBhMCTk8xGDAWBgNVBGEMD05UUk5PLTk4MzE2MzMyNzETMBEGA1UECgwKQnV5cGFzcyBBUzEwMC4GA1UEAwwnQnV5cGFzcyBDbGFzcyAzIFRlc3Q0IENBIEcyIFNUIEJ1c2luZXNzMB4XDTIzMDgwMTA4MDg1M1oXDTI2MDgwMTIxNTkwMFowczELMAkGA1UEBhMCTk8xGzAZBgNVBAoMEk5PUlNLIEhFTFNFTkVUVCBTRjEQMA4GA1UECwwHSGVsc2VJRDEbMBkGA1UEAwwSTk9SU0sgSEVMU0VORVRUIFNGMRgwFgYDVQRhDA9OVFJOTy05OTQ1OTg3NTkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC03te0E4QLDjqGCXqrvoRbXbZcbLw6Oyhs0LGmd2zprB8zC3fKgEBJDzPuVzBbmtdBReV+DdvoraMFlzff4qbCtPsUEmtw4ohFlaX8SEebgkZ0pdsy9rtSbIGyvcsEUCP1xC8q6RsXpvkBMiSfP00VOUOfsK/RMXPGlu2iUi80fqDLRiTlTWGw3FDV5L3rDjQrSC8pLD8WjD+uCSF81w7NioL1MhsqKG8v1hrRmGJVoRW+rnxm1cZeB25BkZwyvy+TVfBMqZDgBe2shqOc7+J3rttXrRyEN3FIbJznIoESM8Uig9el5tG2CXYgvvPU7zQDjy+1d4fYHj3bCBDIUgOA3vRRnA1i+V+eIPxmOfrqRY8+fRbd6t2IehhCgyW5qoiyhjYravt03RbGL05hxO9R8fXbyU5VUuTDTMA0KHnvKLrt82MH9poTFBni1ZjbUcB0iBBFI6A/Bu3K/hND79FTT8W1lbJzpifaaKP+1XcPukacR5IHZ68tZ47YzygTd7UCAwEAAaOCAWcwggFjMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUp/67bFmIrXQuRl56aPnRu7/PtoswHQYDVR0OBBYEFGl1wjQjGFeojCQ6MM1li7CQwhvNMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSAEGDAWMAoGCGCEQgEaAQMCMAgGBgQAj3oBATBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnRlc3Q0LmJ1eXBhc3NjYS5jb20vQlBDbDNDYUcyU1RCUy5jcmwwewYIKwYBBQUHAQEEbzBtMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcGJzLnRlc3Q0LmJ1eXBhc3NjYS5jb20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudGVzdDQuYnV5cGFzc2NhLmNvbS9CUENsM0NhRzJTVEJTLmNlcjAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBAjANBgkqhkiG9w0BAQsFAAOCAgEAPdxOpsX7betsTS7197VcsjyRjnDnUTe/TUdKbgrdWxIwZTo7aNwqhliSu5XIWR019QLLPntYJ/+G4clRkNdkmgKy+6INDtLnbOhN/jl7pJXTTgn2qvalEBE2IR9Gt0cTU88HTutz2cbAKoZBMSdw/thsXVoPzQ0OTRhq2S3Y7a9YUfgSaEf4/OfDg4ZU17JOxvbn7kJ3m0BHRykwLD+1tLC8FsCV6UtvsyDzxj5bXIGpKLjoKFuETiUJd7UEjbRl75bOEnEojyLQx4XNTkw9Li3Z+PFo71Z+nENSpTNjyntUgZp/62spoA5vhvQi8pfsxKTFaUH9dakkPDJM1QZ1c8kSjW3nwhLgcZk5q64hfTsrJT7ZOckbaq53/1nE46B4tcMMJAnXjxG70WzvWfADOORwE/sGDmlCd1/nq+d/0V+r8VzZdSVEn9eVBddrIAerW95Jevc12f4N86ez6f6lrXhPzBPUFhg8bqiIX2vj7umiQURipJWvNp7+3r/otBeQ8PO5bbIZtmf2tCnJEHs8kpCyX62JIwjQGSJnfRXa6hjq+Et9M5d+zco1ArNPAJ73jnHTObKeSgu3TuAmiFadhmVKG+sLsPOQk6D0guYVULIKS5d/pDTjffaIo+aWz62q5LDrC8m4F6qHgRiI7BEcaZCrVyRllLXr4bCsuFk6oDk=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID>12098303195</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml:Subject>
<saml:Conditions NotBefore="2023-10-09T09:16:23.542Z" NotOnOrAfter="2023-10-09T10:16:23.542Z">
<saml:AudienceRestriction>
<saml:Audience>nhn:dokumentdeling-saml</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml:AttributeValue>PER ARNT ARNTSEN</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml:AttributeValue>HELSEPLATTFORMEN AS</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="922307814" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Brønnøysundregistrene" displayable="true"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:role">
<saml:AttributeValue><Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="2.16.578.1.12.4.1.1.9060&amp;ISO" codeSystemName="Kategori helsepersonell" displayName="Lege"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:homeCommunityId">
<saml:AttributeValue>2.16.578.1.12.4.1.7.1.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml:AttributeValue>7308973</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2017:subject:provider-identifier">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" type="II" extension="7308973" root="2.16.578.1.12.4.1.4.4" displayable="false" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeOfUse">
<saml:AttributeValue><PurposeOfUse xmlns="urn:hl7-org:v3" xsi:type="CE" code="1" codeSystem="1.0.14265.1" codeSystemName="ISO 14265 Classification of Purposes for processing personal health information" displayName="Oppslag via kjernejournal, helsehjelp"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml:AttributeValue>08077000292^^^&amp;2.16.578.1.12.4.1.4.1&amp;ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:SecurityLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Scope">
<saml:AttributeValue>journaldokumenter_helsepersonell</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:bppc:2007:docid">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2012:acp">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:client_id">
<saml:AttributeValue>46f2998a-3fab-43a2-bd96-bbd4785dc0ee</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Authentication_method">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.1:subject:healthcareservice">
<saml:AttributeValue><Healthcareservice xmlns="urn:hl7-org:v3" xsi:type="CE" code="KX17" codeSystem="urn:oid:2.16.578.1.12.4.1.1.8666" displayName="Fastlege, liste uten fast lege"/></saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
<wsu:Created>2023-10-09T09:16:23.611Z</wsu:Created>
<wsu:Expires>2023-10-09T09:31:23.611Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
Kjernejournal - Trust framework
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_a41a75a9-2395-4e16-8eb2-312ab1576310" IssueInstant="2024-02-16T09:59:00.174Z" Version="2.0">
<saml:Issuer>https://helseid-xdssaml.test.nhn.no</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_a41a75a9-2395-4e16-8eb2-312ab1576310">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>rUsDyt3DY38D7Q+Ubz1EXNyJGifLLmS+vSDqV1D3Fuo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ZsIFUMWF7qZw19opguoNoANG82h6vTrqYL2z66DsAVqL9YMoPVJ03aggPOi5T+Ff1iQ/2EEGhp9UpiIFA1TI5zotBFloDlmMkTKd1NfoP6+2mtE1VlnB5Wa7pEo7CYijuDrDzSlUlc2KWFX/WTSviC44NhCzflock3duUH4tHZrbfB/a4INY0U2wJHz8xONuMeQzmdoQGoCOmDrLttvtu9sl9ml3TjDqe1txH/Flwj3nedwKU8OBd+bxssAiNQ/hbQl1vzeY4dqcMcRENp3OE06dRFQVCZmY4UqzIG4vJS2FN3Gh7SEsFw55MWeP8g026VRRo0ly1pIvCJ40bOpS1bDyiJWQ2GPzqhe+an0eyovqKwWNniCKIKIMDZDRhW/8QwS7cYlJCTJo/VKTP9gQhDGmc6eMyLdd10wTerb4zASO3Ofjn9KvnS5Rk3WSF1eSXPEThe2uI6SzHw6Tuxu/ucUInh/L3FXEXCtwTEXoIcslOuDb564lnU9VrfsjB9UU</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIGTzCCBDegAwIBAgILAZrJWW+fA1PUzAAwDQYJKoZIhvcNAQELBQAwbjELMAkGA1UEBhMCTk8xGDAWBgNVBGEMD05UUk5PLTk4MzE2MzMyNzETMBEGA1UECgwKQnV5cGFzcyBBUzEwMC4GA1UEAwwnQnV5cGFzcyBDbGFzcyAzIFRlc3Q0IENBIEcyIFNUIEJ1c2luZXNzMB4XDTIzMDgwMTA4MDg1M1oXDTI2MDgwMTIxNTkwMFowczELMAkGA1UEBhMCTk8xGzAZBgNVBAoMEk5PUlNLIEhFTFNFTkVUVCBTRjEQMA4GA1UECwwHSGVsc2VJRDEbMBkGA1UEAwwSTk9SU0sgSEVMU0VORVRUIFNGMRgwFgYDVQRhDA9OVFJOTy05OTQ1OTg3NTkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC03te0E4QLDjqGCXqrvoRbXbZcbLw6Oyhs0LGmd2zprB8zC3fKgEBJDzPuVzBbmtdBReV+DdvoraMFlzff4qbCtPsUEmtw4ohFlaX8SEebgkZ0pdsy9rtSbIGyvcsEUCP1xC8q6RsXpvkBMiSfP00VOUOfsK/RMXPGlu2iUi80fqDLRiTlTWGw3FDV5L3rDjQrSC8pLD8WjD+uCSF81w7NioL1MhsqKG8v1hrRmGJVoRW+rnxm1cZeB25BkZwyvy+TVfBMqZDgBe2shqOc7+J3rttXrRyEN3FIbJznIoESM8Uig9el5tG2CXYgvvPU7zQDjy+1d4fYHj3bCBDIUgOA3vRRnA1i+V+eIPxmOfrqRY8+fRbd6t2IehhCgyW5qoiyhjYravt03RbGL05hxO9R8fXbyU5VUuTDTMA0KHnvKLrt82MH9poTFBni1ZjbUcB0iBBFI6A/Bu3K/hND79FTT8W1lbJzpifaaKP+1XcPukacR5IHZ68tZ47YzygTd7UCAwEAAaOCAWcwggFjMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUp/67bFmIrXQuRl56aPnRu7/PtoswHQYDVR0OBBYEFGl1wjQjGFeojCQ6MM1li7CQwhvNMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSAEGDAWMAoGCGCEQgEaAQMCMAgGBgQAj3oBATBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnRlc3Q0LmJ1eXBhc3NjYS5jb20vQlBDbDNDYUcyU1RCUy5jcmwwewYIKwYBBQUHAQEEbzBtMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcGJzLnRlc3Q0LmJ1eXBhc3NjYS5jb20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudGVzdDQuYnV5cGFzc2NhLmNvbS9CUENsM0NhRzJTVEJTLmNlcjAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBAjANBgkqhkiG9w0BAQsFAAOCAgEAPdxOpsX7betsTS7197VcsjyRjnDnUTe/TUdKbgrdWxIwZTo7aNwqhliSu5XIWR019QLLPntYJ/+G4clRkNdkmgKy+6INDtLnbOhN/jl7pJXTTgn2qvalEBE2IR9Gt0cTU88HTutz2cbAKoZBMSdw/thsXVoPzQ0OTRhq2S3Y7a9YUfgSaEf4/OfDg4ZU17JOxvbn7kJ3m0BHRykwLD+1tLC8FsCV6UtvsyDzxj5bXIGpKLjoKFuETiUJd7UEjbRl75bOEnEojyLQx4XNTkw9Li3Z+PFo71Z+nENSpTNjyntUgZp/62spoA5vhvQi8pfsxKTFaUH9dakkPDJM1QZ1c8kSjW3nwhLgcZk5q64hfTsrJT7ZOckbaq53/1nE46B4tcMMJAnXjxG70WzvWfADOORwE/sGDmlCd1/nq+d/0V+r8VzZdSVEn9eVBddrIAerW95Jevc12f4N86ez6f6lrXhPzBPUFhg8bqiIX2vj7umiQURipJWvNp7+3r/otBeQ8PO5bbIZtmf2tCnJEHs8kpCyX62JIwjQGSJnfRXa6hjq+Et9M5d+zco1ArNPAJ73jnHTObKeSgu3TuAmiFadhmVKG+sLsPOQk6D0guYVULIKS5d/pDTjffaIo+aWz62q5LDrC8m4F6qHgRiI7BEcaZCrVyRllLXr4bCsuFk6oDk=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID>05085600143</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml:Subject>
<saml:Conditions NotBefore="2024-02-16T09:59:00.174Z" NotOnOrAfter="2024-02-16T10:59:00.174Z">
<saml:AudienceRestriction>
<saml:Audience>nhn:dokumentdeling-saml</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml:AttributeValue/>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:role">
<saml:AttributeValue><Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="urn:oid:2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Lege"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:homeCommunityId">
<saml:AttributeValue>2.16.578.1.12.4.1.7.1.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml:AttributeValue>222200063</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeOfUse">
<saml:AttributeValue><PurposeOfUse xmlns="urn:hl7-org:v3" xsi:type="CE" code="TREAT" codeSystem="urn:oid:2.16.840.1.113883.1.11.20448" codeSystemName="PurposeOfUse (HL7)" displayName="Treatment"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml:AttributeValue>13116900216^^^&amp;2.16.578.1.12.4.1.4.1&amp;ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:SecurityLevel">
<saml:AttributeValue>4</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Scope">
<saml:AttributeValue>journaldokumenter_helsepersonell</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:Authentication_method">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id">
<saml:AttributeValue/>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml:AttributeValue>MIDTBYEN LEGESENTER KONGSVINGER DA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="994919806" root="2.16.578.1.12.4.1.4.101" assigningAuthorityName="Brønnøysundregistrene" displayable="true"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:child-organization">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="994945688" root="urn:oid:2.16.578.1.12.4.1.4.101" assigningAuthorityName="https://www.brreg.no/" displayable="true"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml:AttributeValue><Role xmlns="urn:hl7-org:v3" xsi:type="CE" code="LE" codeSystem="urn:oid:2.16.578.1.12.4.1.1.9060" codeSystemName="Kategori helsepersonell" displayName="Lege"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId">
<saml:AttributeValue>2.16.578.1.12.4.1.7.1.1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:npi">
<saml:AttributeValue>222200063</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2017:subject:provider-identifier">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" type="II" extension="222200063" root="2.16.578.1.12.4.1.4.4" displayable="false" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
<saml:AttributeValue>13116900216^^^&amp;2.16.578.1.12.4.1.4.1&amp;ISO</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:bppc:2007:docid">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:ihe:iti:xua:2012:acp">
<saml:AttributeValue xmlns:a="http://www.w3.org/2001/XMLSchema-instance" a:nil="true"/>
</saml:Attribute>
<saml:Attribute Name="urn:no:ehelse:saml:1.0:subject:client_id">
<saml:AttributeValue>b91a22f0-c42e-4e56-9b2e-32d7b7a4adb5</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:subject:child-organization-name">
<saml:AttributeValue>MIDTBYEN LEGESENTER KONGSVINGER DA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:child-organization">
<saml:AttributeValue>MIDTBYEN LEGESENTER KONGSVINGER DA</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:resource:child-organization-id">
<saml:AttributeValue><id xmlns="urn:hl7-org:v3" xsi:type="II" extension="994945688" root="urn:oid:2.16.578.1.12.4.1.4.101" assigningAuthorityName="https://www.brreg.no/" displayable="true"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:action:purpose">
<saml:AttributeValue><Purpose xmlns="urn:hl7-org:v3" xsi:type="CE" code="TREAT" codeSystem="urn:oid:2.16.840.1.113883.1.11.20448" displayName="Treatment"/></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:healthcare-service">
<saml:AttributeValue><HealthcareService xmlns="urn:hl7-org:v3" xsi:type="CE" code="01" codeSystem="urn:oid:2.16.578.1.12.4.1.1.8666" displayName="Bedriftshelsetjeneste" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:purpose-of-use-details">
<saml:AttributeValue><purpose-of-use-details xmlns="urn:volven" xsi:type="CE" code="BEHANDLER" codeSystem="urn:AuditEventHL7Norway/CodeSystem/carerelation" displayName="Bruker har behandlingsansvar for pasienten" /></saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:nhn:trust-framework:1.0:ext:care-relationship:decision-ref">
<saml:AttributeValue><tf:decision-ref><tf:id tf:value="746a0f42-de4b-41f0-a8a1-9aa9f4d29c64" /><tf:user-selected tf:value="True" /></tf:decision-ref></saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthnStatement AuthnInstant="2024-02-16T06:58:56.000Z" SessionNotOnOrAfter="2024-02-16T10:59:00.000Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="TS">
<wsu:Created>2024-02-16T09:59:00.211Z</wsu:Created>
<wsu:Expires>2024-02-16T10:14:00.211Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>