How HelseID Makes the Vendors Implement the World’s Strictest OAuth Security Profile—and Be Happy About It.

No ratings

Presented at PasswordsCon 2025 by

Ragnhild Varmedal

The healthcare sector is undergoing rapid digitalisation, with sensitive data being handled and exchanged. HelseID serves as a central authentication and authorisation platform for the healthcare sector in Norway. To meet high security requirements, HelseID demand vendors to follow a strict security profile—perhaps the world’s strictest OAuth security profile. But how is that possible in an ecosystem where many vendors are neither willing nor able to make changes?