Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

12 total results found

Overview (WIP)

Authorizing Resource Access

When a (care) organization (client) wishes to exchange data with another (care) organization (resource owner) through Nuts, they agree on common technology: OAuth2, DIDs, Verifiable Credentials and Presentations and use case-specific (e.g. eOverdracht) API sta...

Use Case Design Guidelines (WIP)

Authorizing Resource Access

The way authorization is designed in a use case influences the effort it will take to implement it. A use case can restrict access (less restrictive) Few requirements for acquiring an access token, no requirements for authorizing resource access (somewhat res...

Implementation: APISIX and Open Policy Agent (WIP)

Authorizing Resource Access

This implementation shows authorization can be implemented with freely available open source products: APISIX acting as API Gateway Open Policy Agent ascting as Policy Decision Point You can find an example of this deployment at https://github.com/nuts-found...

OAuth2 Scopes and Presentation Definition Mapping

Designing a Nuts Use Case Authorization

Scope design When designing a system that uses OAuth2, you have to decide how scopes map to resources that the client will attempt to access. "Resource access" is typically a specific REST-style HTTP operation on a specific URL, e.g. POST /products/staplers/1....

OAuth2 Flows and Wallets

Designing a Nuts Use Case Authorization

Nuts supports 2 OAuth2 flows for acquiring an access token. The service-to-service flow and the user flow. Service-to-Service flow The service-to-service flows is for data exchanges that don't require the presence of a (human) user. Credentials that are presen...

AuthN using Verifiable Credentials

Designing a Nuts Use Case Authorization

To successfully negotiate an OAuth2 access token, the token issuer (OAuth2 Authorization Server) will ask the client to present Verifiable Credentials. Nuts uses DIF Presentation Exchange for requesting and presenting credentials during authentication. It used...

Credential Trust

Designing a Nuts Use Case Authorization

Authentication on Nuts heavily depends on trusted credential issuers: any attribute, revelant to the security model of the use case should be verifiable. E.g., if a party claims to be a care organization, it should be able to present a Verifiable Credential to...

Using DID document services

Designing a Nuts Use Case Endpoint Discovery

A party often exchanges data through its API endpoints. If a client only has the party's DID, services in the DID document can be used to register API endpoints. A service in a DID document describes its type and content (serviceEndpoint). A typical example is...

Using well-known URIs

Designing a Nuts Use Case Endpoint Discovery

Many HTTP-based protocols (e.g. OpenID, OAuth2, SMART on FHIR) use well-known URIs to discover protocol metadata, which in turn contains API endpoints and other protocol-specific information. An alternative to DID document services could be using a well-known ...

Discovery Service Configuration

Implementing a Nuts Use Case Discovery Services

Discovery Service Registration

Implementing a Nuts Use Case Discovery Services

Searching the Discovery Service

Implementing a Nuts Use Case Discovery Services