Search Criteria : 7 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
CH-ADRCH-ADR-071reviewedTestable 3 2 The Authorization Decision Consumer SHALL enforce that the patient referenced in the XDS transaction is the same as the patient referenced in the resource-id of the SAML Assertion before issuing a XACMLAuthzDecisionQuery Request (see Section 3.1.4 XACMLAuthzDecisionQuery Request)9Section 3.1.43/8/24 10:07:10 AM by vhofman
CH-ADRCH-ADR-072reviewedTestable 4 2 The Authorization Decision ConsumerMUST create one request to query for an access decision for each subset (rather than the actual document metadata objects), before providing the corresponding document metadata to a consumer (see Section 3.1.6.1 CH:ADRdue to XDS Registry Stored Query [ITI-18])14Section 3.1.6.13/8/24 10:54:03 AM by vhofman
CH-ADRCH-ADR-073reviewedTestable 4 3 The PEP authorizing ITI-18 transactions by implementing an Authorization Decision Consumer MUST, in addition to the result from the Authorization Decision Query, validate that the resource-id from the SAML Assertion identifies the same patient as the MPI-PID supplied in the Registry Stored Query transaction. If not true, the transaction MUST be denied (see Section 3.1.6.1 CH:ADRdue to XDS Registry Stored Query [ITI-18])14Section 3.1.6.13/8/24 10:54:03 AM by vhofman
CH-ADRCH-ADR-074reviewedTestable 4 2 The Authorization Decisions Consumer (Document Registry) MUST create one request to query for an access decision for each Confidentiality Code, before allowing the Register transaction to a Document Repository (see Section 3.1.6.2 CH:ADRdue to XDS Register Document Set-b [ITI-42])14Section 3.1.6.23/8/24 10:07:28 AM by vhofman
CH-ADRCH-ADR-075reviewedTestable 4 3 The PEP authorizing ITI-42 transactions by implementing an Authorization Decision Consumer MUST, in addition to the result from the Authorization Decision Query, validate that the resource-id from the SAML Assertion identifies the same patient as the MPI-PID supplied in the Register Document Set-b transaction. If not true, the transaction MUST be denied (see Section 3.1.6.2 CH:ADRdue to XDS Register Document Set-b [ITI-42])14Section 3.1.6.23/8/24 10:54:03 AM by vhofman
CH-ADRCH-ADR-077reviewedTestable 8 5 PEP authorizing PPQ-1 and PPQ-2 transactions by implementing an Authorization Decision Consumer MUST, in addition to the result from the Authorization Decision Query, validate that the resource-id of the SAML Assertion identifies the same patient (EPR-sPID) as the resource-id* supplied in the policies to be added, updated deleted or queried for. If not true, the transaction MUST be denied (see Section 3.1.6.3 CH:ADR due to CH:PPQ)15Section 3.1.6.33/8/24 10:54:03 AM by vhofman
CH-ATCCH-ATC-016to be reviewedTestable 1 3 The Patient Audit Reciord Repository MUST be grouped with actor : CH:ADR - Authorization Decision Consumer (see Table 3 Actor Grouping)33Section 2.43/15/24 2:33:35 PM by aeschlimann