You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hauke Hund edited this page Mar 22, 2022
·
8 revisions
Authentication
Authentication of organizations withing the HiGHmed DSF is handled by the use of X.509 client and server certificates. Currently the certificate authorities run by DFN-PKI Global G2, D-Trust via TMF e.V. and GÉANT TCS via DFN are supported. All participating organizations are entered in a distributed and synchronized allow-list of valid organizations and certificates.
A webserver certificate is needed to run the FHIR endpoint and a 802.1X client certificate is used to authenticate against other organizations endpoints and as a server certificate for the business process engine. For available certificate profiles see DFN-PKI-Zertifikatprofile_Global.pdf
Certificate Requests
FHIR Endpoint
Purpose: Server certificate to authenticate the FHIR endpoint on the local network and against other organizations
Certificate profile:
DFN-PKI Global G2 via DFN e.V.: Web Server
D-Trust via TMF e.V.: Advanced SSL ID
GÉANT TCS via DFN e.V.: Web Server
Common name: FQDN of the server used while accessing from other organizations (external FQDN)
Subject alternative DNS entries: Use additional alternative FQDNs if a different name is used while accessing the Server from the local Network (local FQDN)
Business Process Engine Server
Purpose: Client certificate to authenticate against remote FHIR endpoints (when either the BPE Server or the FHIR Endpoint Server is acting as a client), server certificate to authenticate the business process engine server on the local network
Certificate profile:
DFN-PKI Global G2 via DFN e.V.: 802.1X Client
D-Trust via TMF e.V.: Basic Team ID
GÉANT TCS via DFN e.V.: Web Server
Common name: FQDN of the server used while accessing from the local network (local FQDN)