Authenticating health organizations

Introduction

This technical agreement descibes how health organizations should be authenticated in the context of data exchanges.

Agreements

Decision

Health organizations are authenticated using a X509credential based on a UZI-servercertificate.

Rationale

1. UZI-servercertificate is issued by a public organization (CIBG)
2. URA-number is contained as attribute in the UZI-servercertificaat, CPS: https://www.uziregister.nl/over-het-register/certificeringsbeleid/archief-certification-practice-statement
3. The URA-number can securely be contained in a X509credential using the open source software did:x509 and X509Credential Toolkit