| ITI40 | ITI40-009 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request | 150 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-011 | reviewed | Testable |
1
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element. | 150 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-013 | reviewed | Testable |
1
|
3
| | In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion | 150 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-014 | reviewed | Testable |
1
|
3
| | The SAML Assertion Conditions element, shall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider. | 150 | Section 3.40.4.1.2 | 8/23/21 7:20:55 PM by matt |
|
| ITI40 | ITI40-017 | reviewed | Testable |
1
|
3
| | An X-Service User may ignore a OneTimeUsecondition. | 150 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-019 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User shall contain an AuthnStatement to specify the AuthnContextClassRef or AuthnContextDeclRef | 151 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-022 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization. | 151 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-023 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”. | 151 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-025 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID). | 152 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-026 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”. | 152 | Section 3.40.4.1.2 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-029 | reviewed | Testable |
1
|
3
| | The SAML assertion sent by the X-Service User may contain other statements. | 152 | Section 3.40.4.1.3 | 2/15/17 6:00:10 PM by ceoche |
|
| ITI40 | ITI40-031 | reviewed | Testable |
1
|
3
| | X-Service User shall encode subject role <Attribute> element to have the the Name attribute set to “urn:oasis:names:tc:xacml:2.0:subject:role”. The value of the <AttributeValue> element is a child element, “Role”, in the namespace “urn:hl7-org:v3”, whose content is defined by the “CE” (coded element) data type from the HL7 version 3 specification. | 152 | Section 3.40.4.1.2.1 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-032 | reviewed | Testable |
1
|
3
| Note: this document unique id value will need to be provided as part of the testing environment for XUA, or you will provide the OID of a Patient Privacy Policy Identifier (next row) | When a policy identifier identifies the patient's Privacy Policy Acknowledgement document, X-Service User shall encode the document Unique ID of the Patient Privacy Policy Acknowledgement Document as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:bppc:2007:docid”, with name format “urn:oasis:names:tc:SAML:2.0:attrname-format:uri”. | 153 | Section 3.40.4.1.2.2 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-033 | reviewed | Testable |
1
|
3
| | When a policy identifier is a Patient Privacy Policy identifier, the X-Service User shall encode the identifier as a SAML attribute in the IHE ITI
namespace, “urn:ihe:iti:xua:2012:acp”, with name format
``urn:oasis:names:tc:SAML:2.0:attrname-format:uri’’. | 153 | Section 3.40.4.1.2.2 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-035 | reviewed | Testable |
1
|
3
| Note: A purpose-of-use-code set will need to be defined as part of the testing environment for XUA | The X-ServiceUser shall encode the PurposeOfUse <Attribute> element with the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:purposeofuse”. The value of the <AttributeValue> element is a child element, “PurposeOfUse”, in the namespace “urn:hl7-org:v3”, whose content is
defined by the “CE” (coded element) data type from the HL7 version 3 specification. The PurposeOfUse element shall contain the coded representation of the Purpose for Use that is in effect for the request. | 154 | Section 3.40.4.1.2.3 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-051 | reviewed | Testable |
1
|
2
| | For Role, the AttributeValue element shall be coded as follows: The codeSystem shall identify the Value-Set. The codeSystemName shall identify the name of the Value-Set. The Code Element shall contain the role value from the identified Value-Set that represents the role that the S-Service User is playing when making the request. No other parts of the CE data type shall be used. | 149 | Section 3.40.4.1.2 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-052 | reviewed | Testable |
1
|
2
| | The policy identifier shall be expressed using the xs:anyURI data type. The referenced policy identifier is the OID of a published policy. | 150 | Section 3.40.4.1.2.2 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-053 | reviewed | Testable |
1
|
2
| | The Patient Identifier shall consist of two parts; the OID for the assigning authority and the identifier of the patient within that assigning authority. The value shall be formatted using the CX syntax. | 151 | Section 3.40.4.1.2.2.1 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-054 | reviewed | Testable |
1
|
3
| | The codeSystem attribute of the Purpose of Use element must be present, and must specify the OID of the "Purpose of Use" code system. | 152 | Section 3.40.4.1.2.2.3 | 2/15/17 6:00:11 PM by ceoche |
|
| ITI40 | ITI40-055 | reviewed | Testable |
1
|
3
| | When the Authz-Consent Option is supported and a policy identifier needs to be sent, the X-Service User shall include the document unique ID or the Patient Privacy Identifier | 150 | Section 3.40.4.1.2.2 | 2/15/17 6:00:11 PM by ceoche |
|