Download our factsheet "epSOS - Technical Aspects"! To access other epSOS documents and print materials, please visit the Download Area.

Core Concepts

epSOS LSP security is based upon the following core concepts:

  • Definition of dedicated security services as business-level independent profiles
  • Use of security contexts: prior to business transactions, security services provide the prerequisites for a secure session context, allowing the decoupling of security and business related issues.
  • Use of a security token for the transmission of security related information and for holding the secure session context.
  • Separation of policy concerns through division into specific policies for national legislation, patient consent, and patient privacy statements.
  • NCPs are the only entities known within both the epSOS LSP domain and the respective national domains. Trust brokerage  among the epSOS LSP and national domains is completely encapsulated within the NCPs.