| ATNA | ATNA-1 | reviewed | Testable |
1
|
4
| I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit. | The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node. | 76 | Section 9.1.2 | 3/16/17 4:42:08 PM by aberge |
|
| ATNA | ATNA-12 | validated | Testable |
1
|
2
| | Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Record Audit Event [ITI-20] transaction | 80 | Table 9.4-4 | 10/20/22 2:34:14 PM by testAuto |
|
| ATNA | ATNA-14 | reviewed | Testable |
1
|
2
| I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion. | Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction | 80 | Table 9.4-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-17 | validated | Testable |
1
|
2
| | The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-18 | validated | Testable |
1
|
2
| | The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. | 80 | Section 9.4 | 2/5/16 12:27:23 PM by aboufahj |
|
| ATNA | ATNA-2 | validated | Testable |
1
|
3
| probably not a testable assertion | Secure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated . | 76 | Section 9.1.2 | 2/5/16 12:27:23 PM by aboufahj |
|
| CT | CT-4 | reviewed | Testable |
1
|
2
| | Time Client actor which claims support for the Consistent Time (CT) integration profile shall perform the Maintain Time [ITI-1] transaction | 64 | Table 7.1-1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI1 | ITI1-11 | reviewed | Testable |
1
|
0
| | Implementations must support a time synchronization accuracy with a median error of less than one second. | 132 | Section 3.1.4.1.2 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI1 | ITI1-4 | reviewed | Testable |
1
|
0
| | The Time Client shall support at least SNTP (RFC4330) or NTP v3 (RFC1305). | 132 | Section 3.1.4.1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-1 | reviewed | Testable |
2
|
1
| | The ebXML Registry stored query facility (Invoke Stored Query transaction) accepts the following parameters for returnType : 'LeafClass' or 'ObjectRef' | 98 | Section 3.18.4.1.2.3 | 3/21/16 12:11:35 PM by aboufahj |
|
| ITI18 | ITI18-10 | reviewed | Testable |
1
|
1
| | Document Consumer actors implementing this transaction (ITI-18) shall implement one or more of these queries as needed to support the use cases it implements | 103 | Section 3.18.4.1.2.3.7 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-16 | reviewed | Testable |
2
|
1
| | The query request and response will be transmitted using Web Services, according to the requirements specified in ITI TF-2x: Appendix V | 119 | Section 3.18.4.1.2.7 | 3/21/16 12:11:30 PM by aboufahj |
|
| ITI18 | ITI18-17 | reviewed | Testable |
1
|
1
| | The Document Registry Actor shall accept a Registry Stored Query Request formatted as a SIMPLE SOAP message and respond with a Registry Stored Query Response formatted as a SIMPLE SOAP message | 119 | Section 3.18.4.1.2.7 | 3/21/16 12:11:29 PM by aboufahj |
|
| ITI18 | ITI18-18 | reviewed | Testable |
1
|
1
| | The Document Consumer Actor shall generate the Registry Stored Query Request formatted as a SIMPLE SOAP message and accept a Registry Stored Query Response formatted as a SIMPLE SOAP message | 119 | Section 3.18.4.1.2.7 | 3/21/16 12:11:20 PM by aboufahj |
|
| ITI18 | ITI18-19 | reviewed | Testable |
1
|
1
| | The Document Registry Actor shall Accept a parameterized query in an AdhocQueryRequest message | 124 | Section 3.18.4.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-2 | reviewed | Testable |
1
|
1
| | When returnType=ObjectRef, a list of object UUIDs (references) SHALL be returned | 98 | Section 3.18.4.1.2.3.1 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-20 | reviewed | Testable |
1
|
1
| | The Document Registry Actor shall verify the required parameters are included in the request. Additionally, special rules documented in the above section Parameters for Required Queries shall be verified | 124 | Section 3.18.4.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-23 | reviewed | Testable |
1
|
1
| | The Document Registry shall accept the homeCommunityId value if it is specified in a Registry Stored Query request | 124 | Section 3.18.4.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-25 | reviewed | Testable |
1
|
1
| | The Document Registry may specify the homeCommunityID attribute on any appropriate elements | 124 | Section 3.18.4.1.3 | 2/5/16 12:27:23 PM by aboufahj |
|
| ITI18 | ITI18-26 | reviewed | Testable |
1
|
1
| | The Registry Stored Query Transaction is a Query Information event as defined in Table 3.20.6-1 | 134 | Section 3.18.5.1 | 2/5/16 12:27:23 PM by aboufahj |
|