# Authenticating health organizations

|||
|-----|-----|
|Version|2025-07-04|
|Status|draft|

## Introduction
This technical agreement descibes how health organizations should be authenticated in the context of data exchanges.

## Agreements

### Decision
Health organizations are authenticated using a X509credential based on a UZI-servercertificate.

### Rationale
1. UZI-servercertificate is issued by a public organization (CIBG)
2. URA-number is contained as attribute in the UZI-servercertificaat, CPS: https://www.uziregister.nl/over-het-register/certificeringsbeleid/archief-certification-practice-statement
3. The URA-number can securely be contained in a X509credential using the open source software [did:x509 and X509Credential Toolkit](https://wiki.nuts.nl/books/x509credential)