Search Results

Scope design When designing a system that uses OAuth2, you have to decide how scopes map to resources that the client will attempt to access. "Resource access" is typically a specific REST-style HTTP operation on a specific URL, e.g. POST /products/staplers/1....

Nuts supports a custom OAuth2 flows for acquiring an access token: the service-to-service flow. Service-to-Service flow Credentials that are presented during this flow are subject to legal organizations (e.g. registered care organizations). This flow uses a cu...

To successfully negotiate an OAuth2 access token, the token issuer (OAuth2 Authorization Server) will ask the client to present Verifiable Credentials. Nuts uses DIF Presentation Exchange for requesting and presenting credentials during authentication. It's us...

Authentication on Nuts heavily depends on trusted credential issuers: any attribute, revelant to the security model of the use case should be verifiable. E.g., if a party claims to be a care organization, it should be able to present a Verifiable Credential to...

A party often exchanges data through its API endpoints. If a client only has the party's DID, services in the DID document can be used to register API endpoints. A service in a DID document describes its type and content (serviceEndpoint). A typical example is...

Many HTTP-based protocols (e.g. OpenID, OAuth2, SMART on FHIR) use well-known URIs to discover protocol metadata, which in turn contains API endpoints and other protocol-specific information. An alternative to DID document services could be using a well-known ...

Nuts node v6 brings a set of changes that provide improved functionality over already existing features. Note that existing functionality can still be used. The main goals of the v6 feature additions are: Aligning with industry standards (OpenID4VP, DID metho...

Anti-patterns Bad: "Clients can access /Observation, but the FHIR server has to limit it to /Observation?patient=XYZ" Requires transformation of the HTTP request at the Policy Enforcement Point. Better: TODO Bad: "Clients can update the FHIR resource at /Ta...

A use case writer supplements you with a number of artifacts, that need to be configured: Service Discovery definitions Policy definitions This page details how to configure each artifact. Warning: do not alter these artifacts after receiving them, as they s...

To access APIs secured through Nuts, callers need an access token issued by the OAuth2 Authorization Server of the API owner. This page describes how to acquire an access token. Requesting Service Access Token This section describes which value(s) need to be s...

After configuring the Nuts node with the required artifacts, the use case can be activated for a subject. This means activating the related Discovery Service for the subject, making them discoverable. Pre-requisites: You have created a subject for the organiz...