S.R. CWA 15974:May 2009

Foreword
0 Introduction
   0.1 Background
   0.2 Purpose of the specification
   0.3 The four different eEHIC card types
   0.4 Mandatory and optional data fields
   0.5 Actors and expected benefits
   0.6 Levels of deployment
   0.7 Relationship with existing standards
   0.8 Privacy and data transparency
   0.9 Guidance for the reader
1 Scope
2 Normative References
3 Definitions, abbreviations, and notations
   3.1 Definitions
   3.2 Abbreviations
   3.3 Notations
4 eEHIC data
   4.1 Overview
   4.2 Data content
        4.2.1 EHIC application data
        4.2.2 Extended EHIC application data
        4.2.3 Other data
   4.3 General data representation
        4.3.1 Multilingual character string
        4.3.2 Monolingual character string
        4.3.3 Date
        4.3.4 Gender
        4.3.5 Number
   4.4 Specific data representation
        4.4.1 Name of the card holder
        4.4.2 Personal identification number
        4.4.3 Date of birth of the card holder
        4.4.4 Expiry date of the card
        4.4.5 Member State issuing the card
        4.4.6 Identity of Competent Institution
        4.4.7 Logical identification number of the card
        4.4.8 Form identifier
        4.4.9 Address
        4.4.10 Telephone number
        4.4.11 External data pointer
        4.4.12 eEHIC data layout
   4.5 ASN.1 encoding
        4.5.1 Introduction
        4.5.2 Type 1 card
        4.5.3 Type 2 and 4 Cards
        4.5.4 Type 3 card
5 Metadata
   5.1 eEHIC metadata rationale
   5.2 eEHIC High Level Architecture
   5.3 eEHIC Low Level Architecture
   5.4 Middleware
        5.4.1 eEHIC fitting in ISO/IEC 24727 model
        5.4.2 Entity relationships on the application interface
               for the eEHIC 'entitlement' service
   5.5 Interoperability
   5.6 Connection service
        5.6.1 General
        5.6.2 eEHIC entitlement service implementation
   5.7 eEHIC Access Control Lists
        5.7.1 General
        5.7.2 eEHIC Connection Service-ACL
        5.7.3 eEHIC Card-ApplicationService-ACL
        5.7.4 eEHIC NamedDataService-ACL
        5.7.5 eEHIC CryptographicService-ACL
        5.7.6 eEHIC Differential-IdentityService-ACL
   5.8 Type 4 cards: ISO/IEC 24727 and CEN/TS 15480-2 non
        compliance
        5.8.1 Legacy cards without additional personalisation
        5.8.2 Legacy cards that are further personalised
   5.9 Alternative non-ISO24727 discovery mechanism: Type 1.alt
        card
   5.10 HCP application general decision tree
6 eEHIC messages
   6.1 Use cases
   6.2 Monitoring transactions and graceful termination of
        incomplete workflows
        6.2.1 Rationale
        6.2.2 SOAP Transactions
   6.3 Generic message format
   6.4 Flow type 1: registering of a person and verifying
        entitlement/Status
        6.4.1 Preconditions
        6.4.2 Sequence diagram
        6.4.3 Specific data exchanged in flow type 1 messages
   6.5 Flow type 2: declaring an event
        6.5.1 Preconditions
        6.5.2 Sequence diagram
        6.5.3 Specific data exchanged in flow type 2 messages
   6.6 Flow type 3: requesting a decision
        6.6.1 Preconditions
        6.6.2 Sequence diagram
        6.6.3 Specific data exchanged in flow type 3 messages
   6.7 Flow type 4: requesting information
        6.7.1 Preconditions
        6.7.2 Sequence diagram
        6.7.3 Specific data exchanged in flow type 4 messages
   6.8 Complete eEHIC service definition
        6.8.1 eEHIC Data Set XSD
        6.8.2 eEHIC Service WSDL
7 Authentication mechanism for secure home Member State DB access
   7.1 Overview of security implementation
   7.2 High-level architecture
        7.2.1 The discovery mechanism
        7.2.2 The entitlement
   7.3 Security services
        7.3.1 Knowledge-based user verification
        7.3.2 Client/Server authentication
        7.3.3 SSL generation with smart card
        7.3.4 Encryption Key Decipherment
        7.3.5 Symmetric Authentication scheme
        7.3.6 Device Authentication with privacy protection
   7.4 eEHIC computational model
        7.4.1 Implementation of ISO/IEC 24727 services
        7.4.2 eEHIC named services relationships
        7.4.3 eEHIC_ADMIN mapping
        7.4.4 eEHIC_HCP mapping
        7.4.5 Provision for the Web Service Binding
        7.4.6 Coding of eEHIC service attributes (informative)
        7.4.7 UML-like Computational Model
8 Annex A: Matrix of mandatory components of an eEHIC system,
   depending from the scenario be deployed
9 Annex B: XML Message Description
   9.1 Flow type 1: registering of a person and verifying
        entitlement/Status
        9.1.1 WSDL operation definition
        9.1.2 SOAP Request/Response containers
   9.2 Flow type 2: declaring an event
        9.2.1 WSDL operation definition
        9.2.2 SOAP Request/Response containers
   9.3 Flow type 3: requesting a decision
        9.3.1 WSDL operation definition
        9.3.2 SOAP Request/Response containers
   9.4 Flow type 4: requesting information
        9.4.1 Specific data exchanged in flow type 4 messages
        9.4.2 SOAP Request/Response containers
   9.5 Complete eEHIC service definition
10 Annex C - White Paper

Gives the definition of the dataset known as the Mandatory EHIC dataset, and of the rules for saving the dataset on the smart card and explains the basic principles that govern and support the implementation of the eEHIC as extended to multi-application smart cards.