From Manual to Marvelous: Improving Security Through Conformance Testing
02-28, 09:30–10:00 (UTC), Kaldalón

HelseID enables secure health data sharing in Norway but poses integration challenges due to our strict security profile. We address this by developing an automated conformance testing system, combining practical development and academic research.


The Norwegian Health Network (NHN) has an authentication server, HelseID, that provides access control for all health personnel in Norway. The service is a highly secure OAuth and OpenID Connect provider which ensures that health information can be shared safely and easily.

At last year's OSW, we held a presentation on the challenges of using HelseID due to our strict security profile. This year we would like to go a step further and present a possible solution to help with these challenges. We have started to develop a system for automated conformance testing against our security profile. The goal is to make the process of integrating with HelseID easier, while making sure the integrations fulfill every security requirement.

We currently run two parallel approaches on this subject. The first is a practical approach. We are building upon our experience from code reviews and the security profile to develop an application used by software vendors to automate conformance testing. The second approach is an academic research project where two master students are researching the current process and how to optimize it.