Search Criteria : 80 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ITI40ITI40-007reviewedTestable 0 3 Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding).145Section 3.40.4.1.29/17/19 11:07:26 AM by ceoche
ITI40ITI40-010reviewedTestable 0 3 The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion.144Section 3.40.4.1.25/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-012reviewedTestable 0 3 The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3.144Section 3.40.4.1.25/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-015reviewedNot testable 0 3 An X-Service User may ignore a ProxyRestriction condition.144Section 3.40.4.1.29/17/19 4:56:07 PM by mtoudic
ITI40ITI40-016reviewedNot testable 0 3 An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)144Section 3.40.4.1.29/17/19 4:56:13 PM by mtoudic
ITI40ITI40-017reviewedNot testable 0 3 An X-Service User may ignore a OneTimeUsecondition.144Section 3.40.4.1.29/17/19 4:56:18 PM by mtoudic
ITI40ITI40-018reviewedNot testable 0 3 An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)144Section 3.40.4.1.29/17/19 4:56:24 PM by mtoudic
ITI40ITI40-024validatedTestable 0 3 A unique identifier for the organization that the user is representing in performing this transaction shall be placed in the value of the <AttributeValue> element of the organization ID Attribute Statement element. This organization ID shall be consistent with the plain-text name of the organization provided in the User Organization Attribute. The organization ID may be an Object Identifier (OID), using the urn format (that is, “urn:oid:” appended with the OID); or it may be a URL assigned to that organization.146Section 3.40.4.1.26/27/22 3:54:39 PM by vhofman
ITI40ITI40-025reviewedNot testable 0 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID).144Section 3.40.4.1.29/17/19 4:54:03 PM by mtoudic
ITI40ITI40-026reviewedNot testable 0 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”.144Section 3.40.4.1.29/17/19 4:54:16 PM by mtoudic
ITI40ITI40-027reviewedNot testable 0 3 The SAML assertion sent by the X-Service User may contain other Attributes than those listed above.144Section 3.40.4.1.29/17/19 4:54:35 PM by mtoudic
ITI40ITI40-028validatedTestable 0 3 The SAML assertion sent by the X-Service User shall be signed by the X-Assertion Provider as devined in SAML Core.147Section 3.40.4.1.26/27/22 3:54:39 PM by vhofman
ITI40ITI40-030Testable 0 3 Note: A subject-role code set will need to be defined as part of the testing environment for XUAX-Service User shall encode the relevant user subject roles from a locally defined Code-Set into a subject role element(s).148Section 3.40.4.1.2.18/27/19 10:00:02 AM by aeschlimann
ITI40ITI40-032Testable 0 3 Note: this document unique id value will need to be provided as part of the testing environment for XUA, or you will provide the OID of a Patient Privacy Policy Identifier (next row)When a policy identifier identifies the patient's Privacy Policy Acknowledgement document, X-Service User shall encode the document Unique ID of the Patient Privacy Policy Acknowledgement Document as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:bppc:2007:docid”, with name format “urn:oasis:names:tc:SAML:2.0:attrname-format:uri”.148Section 3.40.4.1.2.28/27/19 10:00:02 AM by aeschlimann
ITI40ITI40-033reviewedTestable 0 3 When a policy identifier is a Patient Privacy Policy identifier, the X-Service User shall encode the identifier as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:xua:2012:acp”, with name format ``urn:oasis:names:tc:SAML:2.0:attrname-format:uri’’. 148Section 3.40.4.1.2.25/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-036reviewedTestable 0 3 The X-Service User shall place the PurposeOfUse value into the ATNA Audit Message associated with the transaction according to the ATNA Audit Message transaction ITI-20 (see ITI-TF-2a: 3.20.7.3).150Section 3.40.4.1.2.3.15/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-037reviewedTestable 0 3 The X-Service Provider shall place the PurposeOfUse value into the ATNA Audit Message associated with the transaction according to the ATNA Audit Message transaction ITI-20 (see ITI-TF-2a: 3.20.7.3).150Section 3.40.4.1.2.3.15/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-041reviewedNot testable 0 3 Note: All assertions for this AIPO are stated as "may" in the TF documentation. The CASC XUA tests will need to document a policy regarding the purpose-of-use codes and write a test to have the Provider enforce the policy.The X-Service Provider may utilize the Subject-Role values in local policy for access control decision making151Section 3.40.4.1.3.19/17/19 4:54:55 PM by mtoudic
ITI40ITI40-042reviewedNot testable 0 3 The X-Service Provider may need to bridge the Subject-Role values into local role vocabulary.151Section 3.40.4.1.3.19/17/19 4:54:59 PM by mtoudic
ITI40ITI40-043reviewedNot testable 0 3 The Subject-Role may be used to populate the ATNA Audit Message.151Section 3.40.4.1.3.19/17/19 4:55:03 PM by mtoudic