Netherlands - Generic Functions for data exchange Implementation Guide - Local Development build (v0.3.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Credential Catalog

Page standards status: Draft

Credential Catalog

This section describes the various types of verifiable credentials used in the authentication framework. Each credential type represents a specific set of claims about an entity within the healthcare ecosystem.

Credentials defined here use identifiers that are specified by the Generic Function Identification.

Profile

Unless specified otherwise, every credential uses the following Verifiable Credential traits:

• Data model: W3C Verifiable Credentials Data Model 1.1
• Proof type: JWT
• Signature algorithm: ES256, RS256 or PS256
• Revocation method: Bitstring Status List v1.0
• Proof of Possession: presenter is holder: the identifier of the presenter must equal the credential subject identifier.

Credentials

This IG defined the following credential types.

Credential	Description	Status
HealthcareProviderRoleTypeCredential	Establishes the category or type of healthcare services a provider organization is authorized to offer.	draft
DeziUserCredential	Wraps a Dezi "verklaring" from the OIDC UserInfo object to assert the identity of a healthcare worker and their employment relationship.	draft
HealthcareProfessionalDelegationCredential	Asserts that a healthcare professional has delegated a defined set of authorized actions to a healthcare provider, as the VC counterpart of the AORTA SAML mandate token.	draft
HealthcareProviderCredential	Identifies a healthcare provider by its URA number, built from UZI server certificate material through the did:x509 DID method.	draft
ServiceProviderCredential	Asserts that a service provider is authorized within the agreement framework and competent to provide one or more services.	draft
ServiceProviderDelegationCredential	Asserts that a healthcare provider authorizes a service provider to act on its behalf within a defined authorization scope.	draft
PatientEnrollmentCredential	Asserts that a patient is enrolled with a healthcare provider organization, establishing a patient care-giving relationship as legal basis for data exchange.	draft
X509Credential	Represents attributes from an X.509 certificate, anchored in a trusted CA through the did:x509 DID method.	production use

Credential type status

• draft: the credential is being developed and meant to be prototyped in non-production environments.
• trial use: the credential can be used in small scale pilots and production environments. Future changes might not be backwards compatible.
• production use: the credential is standardized and can be used in production environments. Future changes will be backwards compatible.