Search Criteria : 29 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ITI40ITI40-009reviewedTestable 1 3 The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request150Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-011reviewedTestable 1 3 The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element.150Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-013reviewedTestable 1 3 In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion150Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-014reviewedTestable 1 3 The SAML Assertion Conditions element, shall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider.150Section 3.40.4.1.28/23/21 7:20:55 PM by matt
ITI40ITI40-017reviewedTestable 1 3 An X-Service User may ignore a OneTimeUsecondition.150Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-019reviewedTestable 1 3 The SAML assertion sent by the X-Service User shall contain an AuthnStatement to specify the AuthnContextClassRef or AuthnContextDeclRef 151Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-022reviewedTestable 1 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization.151Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-023reviewedTestable 1 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”.151Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-025reviewedTestable 1 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID).152Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-026reviewedTestable 1 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”.152Section 3.40.4.1.22/15/17 6:00:10 PM by ceoche
ITI40ITI40-029reviewedTestable 1 3 The SAML assertion sent by the X-Service User may contain other statements.152Section 3.40.4.1.32/15/17 6:00:10 PM by ceoche
ITI40ITI40-031reviewedTestable 1 3 X-Service User shall encode subject role <Attribute> element to have the the Name attribute set to “urn:oasis:names:tc:xacml:2.0:subject:role”. The value of the <AttributeValue> element is a child element, “Role”, in the namespace “urn:hl7-org:v3”, whose content is defined by the “CE” (coded element) data type from the HL7 version 3 specification. 152Section 3.40.4.1.2.12/15/17 6:00:11 PM by ceoche
ITI40ITI40-032reviewedTestable 1 3 Note: this document unique id value will need to be provided as part of the testing environment for XUA, or you will provide the OID of a Patient Privacy Policy Identifier (next row)When a policy identifier identifies the patient's Privacy Policy Acknowledgement document, X-Service User shall encode the document Unique ID of the Patient Privacy Policy Acknowledgement Document as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:bppc:2007:docid”, with name format “urn:oasis:names:tc:SAML:2.0:attrname-format:uri”.153Section 3.40.4.1.2.22/15/17 6:00:11 PM by ceoche
ITI40ITI40-033reviewedTestable 1 3 When a policy identifier is a Patient Privacy Policy identifier, the X-Service User shall encode the identifier as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:xua:2012:acp”, with name format ``urn:oasis:names:tc:SAML:2.0:attrname-format:uri’’. 153Section 3.40.4.1.2.22/15/17 6:00:11 PM by ceoche
ITI40ITI40-035reviewedTestable 1 3 Note: A purpose-of-use-code set will need to be defined as part of the testing environment for XUAThe X-ServiceUser shall encode the PurposeOfUse <Attribute> element with the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:purposeofuse”. The value of the <AttributeValue> element is a child element, “PurposeOfUse”, in the namespace “urn:hl7-org:v3”, whose content is defined by the “CE” (coded element) data type from the HL7 version 3 specification. The PurposeOfUse element shall contain the coded representation of the Purpose for Use that is in effect for the request.154Section 3.40.4.1.2.32/15/17 6:00:11 PM by ceoche
ITI40ITI40-038reviewedTestable 1 3 The X-Service Provider shall validate the X-User Assertion by processing the Web-Services Security header in accordance with the Web-Services Security Standard, and SAML 2.0 Standard processing rules155Section 3.40.4.1.32/15/17 6:00:11 PM by ceoche
ITI40ITI40-039reviewedTestable 1 3 If the validation of the X-User assertion performed by the X-Service Provider fails, the actor grouped with the X-Service Provider (ie the one performing the underlying web services transaction), shall return with an error code as described in WS-Security core specification Section 12 (Error Handling, using the SOAP Fault mechanism),155Section 3.40.4.1.32/15/17 6:00:11 PM by ceoche
ITI40ITI40-040reviewedTestable 1 3 If the validation of the X-User assertion performed by the X-Service Provider fails, the X-Service Provder shall send an ATNA Audit Message for Authentication Failure.155Section 3.40.4.1.32/15/17 6:00:11 PM by ceoche
ITI40ITI40-049reviewedTestable 3 3 When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where: • alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute • user is the required content of the SAML Assertion's Subject element156Section 3.40.4.22/15/17 6:00:11 PM by ceoche
ITI40ITI40-050reviewedTestable 3 3 When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where: • alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute • user is the required content of the SAML Assertion's Subject element • issuer is the X-Assertion Provider entity ID contained with the content of SAML Assertion's Issuer element156Section 3.40.4.22/15/17 6:00:11 PM by ceoche