AssertionManagerGui

Id scheme	Assertion id	Status	Testable?	#Coverage	#Applies to	Predicate	Page	Tags	Last changed
1 2
MESSPF	MESSPF-001	to be reviewed	Testable	0	0	The Messaging Platform will be based on SOAP 1.2 messages over HTTP.	9	Section 2.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-002	to be reviewed	Testable	0	0	Messages between NHIOs must be secure. This will necessitate the use of encryption as part of the message transport layer.	9	Section 2.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-003	to be reviewed	Testable	0	0	The common message envelope must support assertions about security and trust between NHIOs.	9	Section 2.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-004	to be reviewed	Testable	0	0	The basis for authentication for NHIO participants shall be X.509 certificates.	9	Section 2.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-005	to be reviewed	Testable	0	0	All NHIO to NHIO messages must be digitally signed for purposes of authentication and non-repudiation.	9	Section 2.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-006	to be reviewed	Testable	0	0	Each initiating and responding NHIO gateway MUST implement either OCSP or CRL-based x.509 certificate revocation checking against the Nationwide Health Information Network-managed CA, at the gateway level, to determine the revocation status of each certificate as per Nationwide Health Information Network policy, or in the absence of such a policy, for each transaction.	13	Section 3.3.2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-007	to be reviewed	Testable	0	0	SignedInfo element is required in <ds:Signature> and contains the definition of the Canonicalization method, the Signature method, and the reference to the object being signed	16	Table 3.4.2-1	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-008	to be reviewed	Testable	0	0	SignatureValue element is required in <ds:Signature> and contains the actual value of the digital signature	16	Table 3.4.2-1	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-009	to be reviewed	Testable	0	0	CanonicalizationMethod element of ds:SignedInfo is required in <ds:Signature>.	16	Table 3.4.2-2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-010	to be reviewed	Testable	0	0	SignatureMethod element of <ds:SignedInfo> is required in <ds:Signature>	16	Table 3.4.2-2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-011	to be reviewed	Testable	0	0	Reference element of <ds:SignedInfo> in the <ds:Signature> is required and must contain the URI of that which is being signed.	16	Table 3.4.2-2	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-012	to be reviewed	Testable	0	0	<ds:Reference> element of the Digital Signature shall include the @URI attribute which must identify the object being signed using that elements Id.	17	Table 3.4.2-3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-013	to be reviewed	Testable	0	0	<ds:Reference> element of the Digital Signature shall include the DigestMethod element which defines the digest algorithm that is applied.	17	Table 3.4.2-3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-014	to be reviewed	Testable	0	0	<ds:Reference> element of the Digital Signature shall include the DigestValue element which is the encoded value of the digest.	17	Section 3.4.2-3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-015	to be reviewed	Testable	0	0	The <ds:RSAKeyValue> is required to have the Modulus element which is a prime modulus used in the DSA.	17	Table 3.2.4-4	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-016	to be reviewed	Testable	0	0	The <ds:RSAKeyValue> is required to have the Exponent element which is the exponent term.	17	Table 3.4.2-4	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-017	to be reviewed	Testable	0	0	As part of the validation and processing of the assertion, the receiver must establish the relationship between the subject and claims of the SAML statements and the entity providing the evidence to satisfy the confirmation method defined for the statement.	18	Section 3.4.3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-018	to be reviewed	Testable	0	0	Statements attested for by the holder-of-key method must be associated with one or more holder-of-key SubjectConfirmation elements.	18	Section 3.4.3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-019	to be reviewed	Testable	0	0	The SubjectConfirmation elements must include a <ds:KeyInfo> element that identifies a public key that can be used to confirm the identity of the subject.	18	Section 3.4.3	9/13/17 1:29:56 PM by aberge
MESSPF	MESSPF-020	to be reviewed	Testable	0	0	The SubjectConfirmation element shall have a @Method attribute which is a URI reference that identifies a protocol or mechanism to be used to confirm the subject. For Holder-of-Key this is: urn:oasis:names:tc:SAML:2.0:cm:holder-of-key	18	Table 3.4.3-1	9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-001

to be reviewed

Testable

0

The Messaging Platform will be based on SOAP 1.2 messages over HTTP.

9

Section 2.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-002

to be reviewed

Testable

0

Messages between NHIOs must be secure. This will necessitate the use of encryption as part of the message transport layer.

9

Section 2.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-003

to be reviewed

Testable

0

The common message envelope must support assertions about security and trust between NHIOs.

9

Section 2.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-004

to be reviewed

Testable

0

The basis for authentication for NHIO participants shall be X.509 certificates.

9

Section 2.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-005

to be reviewed

Testable

0

All NHIO to NHIO messages must be digitally signed for purposes of authentication and non-repudiation.

9

Section 2.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-006

to be reviewed

Testable

0

Each initiating and responding NHIO gateway MUST implement either OCSP or CRL-based x.509 certificate revocation checking against the Nationwide Health Information Network-managed CA, at the gateway level, to determine the revocation status of each certificate as per Nationwide Health Information Network policy, or in the absence of such a policy, for each transaction.

13

Section 3.3.2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-007

to be reviewed

Testable

0

SignedInfo element is required in <ds:Signature> and contains the definition of the Canonicalization method, the Signature method, and the reference to the object being signed

16

Table 3.4.2-1

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-008

to be reviewed

Testable

0

SignatureValue element is required in <ds:Signature> and contains the actual value of the digital signature

16

Table 3.4.2-1

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-009

to be reviewed

Testable

0

CanonicalizationMethod element of ds:SignedInfo is required in <ds:Signature>.

16

Table 3.4.2-2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-010

to be reviewed

Testable

0

SignatureMethod element of <ds:SignedInfo> is required in <ds:Signature>

16

Table 3.4.2-2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-011

to be reviewed

Testable

0

Reference element of <ds:SignedInfo> in the <ds:Signature> is required and must contain the URI of that which is being signed.

16

Table 3.4.2-2

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-012

to be reviewed

Testable

0

<ds:Reference> element of the Digital Signature shall include the @URI attribute which must identify the object being signed using that elements Id.

17

Table 3.4.2-3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-013

to be reviewed

Testable

0

<ds:Reference> element of the Digital Signature shall include the DigestMethod element which defines the digest algorithm that is applied.

17

Table 3.4.2-3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-014

to be reviewed

Testable

0

<ds:Reference> element of the Digital Signature shall include the DigestValue element which is the encoded value of the digest.

17

Section 3.4.2-3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-015

to be reviewed

Testable

0

The <ds:RSAKeyValue> is required to have the Modulus element which is a prime modulus used in the DSA.

17

Table 3.2.4-4

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-016

to be reviewed

Testable

0

The <ds:RSAKeyValue> is required to have the Exponent element which is the exponent term.

17

Table 3.4.2-4

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-017

to be reviewed

Testable

0

As part of the validation and processing of the assertion, the receiver must establish the relationship between the subject and claims of the SAML statements and the entity providing the evidence to satisfy the confirmation method defined for the statement.

18

Section 3.4.3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-018

to be reviewed

Testable

0

Statements attested for by the holder-of-key method must be associated with one or more holder-of-key SubjectConfirmation elements.

18

Section 3.4.3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-019

to be reviewed

Testable

0

The SubjectConfirmation elements must include a <ds:KeyInfo> element that identifies a public key that can be used to confirm the identity of the subject.

18

Section 3.4.3

9/13/17 1:29:56 PM by aberge

MESSPF

MESSPF-020

to be reviewed

Testable

0

The SubjectConfirmation element shall have a @Method attribute which is a URI reference that identifies a protocol or mechanism to be used to confirm the subject. For Holder-of-Key this is: urn:oasis:names:tc:SAML:2.0:cm:holder-of-key

18

Table 3.4.3-1

9/13/17 1:29:56 PM by aberge

Search Criteria : 25 assertions found for this search Review filtered assertions

Assertion

Applies to

Coverage