Skip to content
This repository has been archived by the owner on Nov 17, 2023. It is now read-only.

Authentication

Alexander Kiel edited this page Jan 16, 2021 · 8 revisions

Authentication

Authentication of organizations withing the HiGHmed DSF is handled by the use of X.509 client and server certificates. Currently only the certificate authority run by DFN (Deutsches Forschungsnetz) is supported. All participating organizations are entered in a distributed and synchronized allow-list of valid organizations and certificates.

A webserver certificate is needed to run the FHIR endpoint and a 802.1X client certificate is used to authenticate against other organizations endpoints and as a server certificate for the business process engine. For available certificate profiles see DFN-PKI-Zertifikatprofile_Global.pdf

Certificate Requests

FHIR Endpoint

  • Purpose: Server certificate to authenticate the FHIR endpoint on the local network and against other organizations
  • DFN certificate profile: Web Server
  • Common name: FQDN of the server used while accessing from other organizations (external FQDN)
  • Subject alternative DNS entries: Use additional alternative FQDNs if a different name is used while accessing the Server from the local Network (local FQDN)

Business Process Engine Server

  • Purpose: Client certificate to authenticate against remote FHIR endpoints (when either the BPE Server or the FHIR Endpoint Server is acting as a client), server certificate to authenticate the business process engine server on the local network
  • DFN certificate profile: 802.1X Client
  • Common name: FQDN of the server used while accessing from the local network (local FQDN)
Clone this wiki locally