Use Case Activation / Discoverability

After configuring the Nuts node with the required artifacts, the use case can be activated for a subject. This means activating the related Discovery Service for the subject, making them discoverable.

Pre-requisites:

• You have created a subject for the organization, for which you want to activate the use case.
• You have configured the Nuts node for the use case (Discovery Service definition and Policy definition).
• You know which endpoints are required to be registered during activation.

Acquiring credentials

The definition specifies which Verifiable Credentials the subject needs to register on the Discovery Service. These are often a combination of, but not limited to, the following credentials: NutsOrganizationCredential, NutsUraCredential, and/or DiscoveryRegistrationCredential.

These need to be issued by a trusted party, which depends on the use case. In development or test environments, parties are typically allowed to issue the credentials to themselves. In acceptance or production environments, they're normally issued by a trusted third party.

Self-issuance

In case, the use case allows self-issuance of credentials (e.g., because there's no trusted third party), you can issue the credential yourself.

To issue or load a credential, you need to choose one of the subject's DIDs. Use the following API call to list the DIDs of a subject (replace <subjectID> with the ID of the subject):

GET http://<internal Nuts API>/internal/vdr/v2/subject/<subjectID>

Then, you can issue the credential:

POST http://<internal Nuts API>/internal/vcr/v2/issuer/vc
Content-Type: application/json

{
  "issuer": "did:web:example.com",
  "type": "NutsOrganizationCredential",
  "expirationDate": "2020-12-09T16:09:53+00:00",
  "credentialSubject": {
    "id": "did:web:example.com",
    "organization": {
      "name": "Because we care B.V.",
      "city": "Arnhem"
    }
  }
}

Make sure you provide the proper values for the credential fields:

• Replace issuer and id with a DID of the subject
• Replace type and credentialSubject with the applicable values for the credential
• Replace the expirationDate with an appropriate expiration date (in RFC3339 format)

Note: alternatively, you can issue credentials through the Nuts Admin application.

After issuing, you need to load the credential into the subject's wallet. See the next section, "Trusted third party", for how to do this.

Trusted third party

A third party issues a Verifiable Credential to one of the subject's DIDs using an out-of-band mechanism.

The issuer can share the Verifiable Credential in any applicable way to the receiving party, including chat or e-mail. They can then be loaded into the subject's wallet using the following API call:

POST http://<internal Nuts API>/internal/vcr/v2/holder/<did>/vc
Content-Type: application/json

<Verifiable Credential>

• Replace <did> with the DID to which the credential was issued.
• Replace <VerifiableCredential> with the VC as it was received from the issuer.

Discovery Service Activation

To make a subject discoverable, activate the particular Discovery Service. The following example activates a service, supplying an additional FHIR endpoint to be used for the use case.

POST http://<internal Nuts API>/internal/discovery/v1/<serviceID>/<subjectID>
Content-Type: application/json

{
  "registrationParameters": {
    "fhir": "https://example.com/fhir"
  }
}

• Replace <serviceID> with the ID of the Discovery Service, which can be found in the definition in the id field.
• Replace <subjectID> with the ID of the subject

Note that if the subject doesn't have the required credentials in its wallet, the call might succeed, but actual registration won't happen until the required credentials are present. In this case, the call returns status 202 (Created), with a message detailing what failed. This is also the case if the Discovery Service is unreachable.