Please use a compatible browser :Google Chrome or Mozilla Firefox
Page expired. Any change will be lost. Try to refresh the page.
Gazelle update scheduled, unsaved changes will be lost :
Your session will timeout :
Redeployed...
Logged out...
The server is restarting. Any change will be lost.
 

Integration Profile: Cross Enterprise User Assertion

Integration Profile Information

Id: 50

Keyword: XUA

Name: Cross Enterprise User Assertion

Description: provides user identity in transactions that cross enterprise boundaries, specifically the XDS profile that creates an Affinity Domain. When transactions cross enterprise boundaries the mechanisms found in the EUA and PWP profile are insufficient and often nonfunctional. Enterprises may choose to have their own user directory and their own unique method of authenticating. To provide accountability in these cross enterprise transactions there is a need to identify the requesting user in a way that the receiver can make access decisions and proper audit entries.

Status: Final Text

Id
Keyword
Name
Description
Action
87 X-SERVICE-USER X-Service User X-Service User
88 X-SERVICE-PROVIDER X-Service Provider X-Service Provider
Id
Actor
Transaction
Optionality
692 X-SERVICE-USER - X-Service UserITI-40 - Provide X-User Assertion Required
693 X-SERVICE-PROVIDER - X-Service ProviderITI-40 - Provide X-User Assertion Required
Assertion Id
Description
ITI40-001 The X-Service User uses the X-Assertion Provider as the third party issuer of the X-User assertion
ITI40-002 The X-Service Provider uses the X-Assertion Provider as the third party issuer of the X-User assertion
ITI40-003 The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary
ITI40-004 The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary
ITI40-005 The X-Service User shall include the OASIS Web Services Security (WSS) Header
ITI40-006 The X-Service User shall include a SAML 2.0 Assertion as the security token
ITI40-007 Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding).
ITI40-008 Any ATNA Audit Messages recorded by Actor grouped with the X-Service User Actor, shall have the user identity recorded according to the XUA specific ATNA encoding rules (See 3.40.4.2 ATNA Audit encoding).
ITI40-009 The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request
ITI40-010 The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion.
ITI40-011 The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element.
ITI40-012 The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3.
ITI40-013 In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion
ITI40-014 The SAML Assertion Conditions element, shall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider.
ITI40-015 An X-Service User may ignore a ProxyRestriction condition.
ITI40-016 An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)
ITI40-017 An X-Service User may ignore a OneTimeUsecondition.
ITI40-018 An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)
ITI40-019 The SAML assertion sent by the X-Service User shall contain an AuthnStatement to specify the AuthnContextClassRef or AuthnContextDeclRef
ITI40-020 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute.

Domains

Id
Keyword
Name
Description
2 ITI IT-Infrastructure The IT Infrastructure Domain supplies infrastructure for sharing healthcare information. An infrastructure interoperability component represents a common IT function that is used as a building block for a variety of use cases... a necessary ingredient, but rarely visible to the end user!! These components may be embedded in an application, but are often deployed as a shared resource within a RHIO or Health Information Exchange.