The Demo site for our new HL7 Version 2+ (plus) Standard
visit the hl7 website

Draft Website - For Review Purposes Only

UAC - User Authentication Credential Segment

Definition: This optional segment provides user authentication credentials, a Kerberos Service Ticket or SAML assertion, to be used by the receiving system to obtain user identification data. Refer to HL7 Table 0615 - User Authentication Credential Type Code in Chapter 2C, Code Tables. It is to be used in when the receiving application system requires the sending system to provide end-user identification for accountability or access control in interactive applications. Since user authentication implementations often limit the time period for validity of the session authentication credentials, this segment is not intended for use in non-interactive applications.

It is possible that various user authentication credential standards' data mightbe communicated. Kerberos and SAML are two such standards. A user authentication credential is an encapsulated data (ED type) element, as defined by standards, with no HL7-relevant structure.

Note: The UAC segment is defined for use within simple protocols, such as MLLP, that do not have user authentication semantics. Implementations that use WSDL/SOAP, or similar protocols, to envelope HL7 SHOULD employ the user authentication semantics and data structures available within the scope of those protocols rather than the UAC segment.


If the receiving system accepts the user credentials in the UAC segment, no specific acknowledgment is required. However, if the receiving system detects an error while processing the UAC segment, its acknowledgment message SHALL report it to the sender via an MSA and ERR segment pair:

When an MSA and ERR segment pair is reported to the sender, an application data response SHALL NOT occur. In such cases it is correct to assume that the sending application's user is not authorized to get the data.

The processing rules for the ERR segment are outside of HL7's scope.

HL7 Attribute Table - UAC - user authentication credential segment
Seq# DataElement Description Must Implement Flags Cardinality Length C.LEN Vocabulary DataType
UAC
1 02267 User Authentication Credential Type Code SHALL [1..1] CWE
2 02268 User Authentication Credential SHALL [1..1] ED

UAC-1: User Authentication Credential Type Code (CWE) 02267

Definition: This an identifier code for the type of user authentication credential. Refer to HL7 Table 0615 – User Authentication Credential Type Code in Chapter 2C, Code Tables, for valid values.

UAC-2: User Authentication Credential (ED) 02268

Definition: This is user credential data as supplied by the sender's operating platform. The content and structure of this is defined by other standards and contain no HL7-relevant data.