CH-ADR | CH-ADR-077 | reviewed | Testable |
8
|
5
| | PEP authorizing PPQ-1 and PPQ-2 transactions by implementing an Authorization Decision Consumer MUST, in addition to the result from the Authorization Decision Query, validate that the resource-id of the SAML Assertion identifies the same patient (EPR-sPID) as the resource-id* supplied in the policies to be added, updated deleted or queried for. If not true, the transaction MUST be denied (see Section 3.1.6.3 CH:ADR due to CH:PPQ) | 15 | Section 3.1.6.3 | 3/8/24 10:54:03 AM by vhofman |
|
CH-PPQ | CH-PPQ-001 | reviewed | Testable |
3
|
2
| Checking only the BODY part of the message | Privacy Policy Feed request messages SHALL use SOAP v1.2 message encoding (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0010 | reviewed | Testable |
5
|
2
| Checking only the BODY part of the message | Privacy Policy Feed response messages SHALL use SOAP v1.2 message encoding (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0012 | reviewed | Testable |
5
|
2
| Checking only the BODY part of the message | Privacy Policy Feed response messages MAY be used to respond to, (1) add (AddPolicyRequest) (2) edit (UpdatePolicyRequest) or (3) delete (DeletePolicyRequest) authorization policies requests (see Section 3.3.5 Message Semantics) | 40 | Section 3.3.5 | 8/27/19 2:54:23 PM by aeschlimann |
|
CH-PPQ | CH-PPQ-003 | reviewed | Testable |
2
|
3
| Checking only the BODY part of the message & See also: Page 34 | EPR AddPolicyRequest and EPR UpdatePolicyRequest SHALL rely on SAML 2.0 profile of XACML v2.0 (see Section 3.3.6 EPR AddPolicyRequest and EPR UpdatePolicyRequest) | 36 | Section 3.3.6 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0035 | reviewed | Testable |
2
|
3
| - | The Policy Source SHALL sends AddPolicyRequest / EPR UpdatePolicyRequestmessages when it needs to add new or update existing policies and/or policy sets stored within the Policy Repository (of a patients referencecommunity) (see Section 3.3.6.1 Trigger Events) | 36 | Section 3.3.6.1 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0036 | reviewed | Testable |
1
|
2
| - | AddPolicyRequest message relies on an EPR specific transaction schema, i.e. epr-policy-administration-combined-schema-1.3-local.xsd (see Section 3.3.6.2 Message Semantics) | 36 | Section 3.3.6.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0037 | reviewed | Testable |
1
|
2
| - | The body of EPR AddPolicyRequest SHALL use an <epr:AddPolicyRequest> element to identify the transaction and convey the request (see Section 3.3.6.2 Message Semantics) | 36 | Section 3.3.6.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0038 | reviewed | Testable |
1
|
2
| - | AddPolicyRequest SHALL convey a XACML Policy SAML <Assertion> as specified in OASIS SAML 2.0 profile of XACML v2.0 (see Section 3.3.6.2 Message Semantics) | 36 | Section 3.3.6.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0045 | reviewed | Testable |
1
|
2
| - | The body of EPR AddPolicyRequest Response message SHALL use an <epr:EprPolicyRepositoryResponse> element to report success or failure (see Section 3.3.7.2 Message Semantics) | 38 | Section 3.3.7.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0048 | reviewed | Testable |
1
|
3
| - | The Policy Source SHALL use this message for updating XACML policies, respectively existing XACML Policy Sets of a patient stored (see Section 3.3.6 EPR AddPolicyRequest and EPR UpdatePolicyRequest) | 36 | Section 3.3.6 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0049 | to delete | Testable |
1
|
2
| - | EPR UpdatePolicyRequest message relies on an EPR specific transaction schema, i.e. epr-policy-administration-combined-schema-1.3-local.xsd | 36 | Section 3.3.6.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0051 | to delete | Testable |
1
|
2
| - | The EPR UpdatePolicyRequest SHALL convey a XACML Policy SAML <Assertion> as specified in OASIS SAML 2.0 profile of XACML v2.0 | 36 | Section 3.3.6.2 | 7/2/21 10:51:21 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0057 | to delete | Testable |
2
|
3
| - | An EPR UpdatePolicyRequest Response message SHALL be created by the Policy Repository in response to the EPR UpdatePolicyRequest message to report a general success or failure code. | 37 | Section 3.3.7 | 7/2/21 10:51:22 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0058 | reviewed | Testable |
2
|
2
| - | A SOAP fault SHALL be reported back to the Policy Manager in case an EPR UpdatePolicyRequest cannot be executed due to unknown Policy or Policy Set IDs (see Section 3.3.7 EPR AddPolicyRequest Response and EPR UpdatePolicyRequest Response) | 37 | Section 3.3.7 | 12/10/19 10:44:32 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0059 | reviewed | Testable |
2
|
2
| - | The body of EPR UpdatePolicyRequest Response message SHALL use an <epr:EprPolicyRepositoryResponse> element to report success or failure (see Section 3.3.7.2 Message Semantics) | 38 | Section 3.3.7.2 | 7/2/21 10:51:22 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0062 | to delete | Testable |
2
|
2
| - | The body of EPR UpdatePolicyRequest Response message SHALL use a <soap:Fault> element to report an update failure due to unknown Policy Set IDs | 38 | Section 3.3.7.2 | 12/10/19 10:44:50 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0067 | reviewed | Testable |
1
|
2
| - | EPR DeletePolicyRequest SHALL rely on the epr-policy-administration-combined-schema-1.3-local.xsd transaction schema (see Section 3.3.8.2 Message Semantics) | 38 | Section 3.3.8.2 | 7/2/21 10:51:22 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0068 | reviewed | Testable |
1
|
2
| - | The body of EPR DeletePolicyRequest SHALL use an <epr:DeletePolicyRequest> element to identify the transaction and convey the request (see Section 3.3.8.2 Message Semantics) | 38 | Section 3.3.8.2 | 7/2/21 10:51:22 AM by aeschlimann |
|
CH-PPQ | CH-PPQ-0069 | reviewed | Testable |
1
|
2
| - | The <epr:DeletePolicyRequest> element SHALL convey a XACML Policy SAML <Assertion> as specified in OASIS SAML 2.0 profile of XACML (see Section 3.3.8.2 Message Semantics) | 38 | Section 3.3.8.2 | 7/2/21 10:51:22 AM by aeschlimann |
|