Download our factsheet "epSOS - Technical Aspects"! To access other epSOS documents and print materials, please visit the Download Area.

Identification Services

In the following subsections you will find information regarding the identification services used in the epSOS project.

Service Entry Point Discovery

The service endpoint of the requested application is determined through the so-called Service Entry Point Discovery The result of this step is the provision of authentic information on the web service endpoint, which will be used for further requests. By introducing this discovery point the architecture and its services do not have to deal with the number and deployment of NCPs of a country, because the discovery service only returns one single entry point (therefore, the NCP-question can be answered on a political level without influencing the architecture).

Patient Identification (and Authentication)

The patient is identified (and authenticated) by her/his home country based on the identification means provided. The results of this step are authenticated subject identifiers, which are to be employed for further epSOS transactions.

The Patient Identification is realized through the IHE XCPD Integration Profile. The Cross-Community Patient Discovery (XCPD) profile supports these measures, which are employed to locate communities that hold patient relevant health data as well as the translation of patient identifiers across communities holding the same patient data.

health professional Authentication and Authorisation

The attending health professional is authenticated in the health professional’s home country. Subject attributes – e.g. describing the profession and the roles of the health professional – are connected with the authentication process. This step results in authenticated subject information and  this information as well as its provider can be verified as authentic in every country that takes part in the epSOS project.

The Authentication and Authorisation is realized through OASIS XACML (eXtensible Access Control Markup Language), which is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies.