| IUA | IUA-001 | to be reviewed | Testable |
0
|
0
| | When Incorporate Access Token [ITI-72] is used with a FHIR server, an Authorization Client should query the capabilities endpoint on the Resource Server to determine if the Resource Server supports IUA. | 4 | Section 34.1.1.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-002 | to be reviewed | Testable |
0
|
0
| | The Authorization Client may choose to publish a CapabilityStatement, if a CapabilityStatement is provided then the IUA code should also be indicated to show the capability of the Authorization Client. | 4 | Section 34.1.1.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-003 | to be reviewed | Testable |
0
|
0
| | [ITI-71] The Authorization Client shall support at least one Authorization Code or Client Credential. | 4 | Section 34.1.1.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-004 | to be reviewed | Testable |
0
|
0
| | The Authorization Client may support other grant types (see ITI TF-1: 34.4.1.1 Authorization Grant Types). | 5 | Section 34.1.1.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-005 | to be reviewed | Testable |
0
|
0
| | [ITI-71] The Authorization Server shall support at least one Authorization Code or Client Credential. | 5 | Section 34.1.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-006 | to be reviewed | Testable |
0
|
0
| | The Authorization Server may support other grant types (see ITI TF-1: 34.4.1.1 Authorization Grant Types). | 5 | Section 34.1.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-007 | to be reviewed | Testable |
0
|
0
| | The Resource Server shall enforce Autorization Server's authorization. | 5 | Section 34.1.1.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-008 | to be reviewed | Testable |
0
|
0
| | The Resource Server may perform additional authorization decisions that are specific to the requested service. | 5 | Section 34.1.1.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-009 | to be reviewed | Testable |
0
|
0
| | The Resource Servers may restrict responses even for transactions authorized by the Authorization Server. | 5 | Section 34.1.1.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-010 | to be reviewed | Testable |
0
|
0
| | When the Incorporate Access Token [ITI-72] transaction is used with a FHIR server, the Resource Server shall declare support for IUA in the capabilities endpoint. | 5 | Section 34.1.1.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-011 | to be reviewed | Testable |
0
|
0
| | The Resource Servers and Authorization Servers may be grouped into an integrated product together with user authentication, access control, and other services. | 5 | Section 34.1.1.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-012 | to be reviewed | Testable |
0
|
0
| | Authorization Server or Resource Server Actors shall support at least one of the following options: JWT Token, SAML, or Token Introspection. | 5 | Table 34.2-1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-013 | to be reviewed | Testable |
0
|
0
| | An Authorization Client that supports Authorization Server Metadata Option shall have the means to be configured to interact with an Authorization Server metadata endpoint to retrieve configuration information (see ITI TF-2: 3.103.4.2.3). | 5 | Section 34.2.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-014 | to be reviewed | Testable |
0
|
0
| | Authorization Servers supporting the Authorization Server Metadata Option shall provide a metadata endpoint that provides configuration information to Authorization Client and Resource Servers. | 5 | Section 34.2.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-015 | to be reviewed | Testable |
0
|
0
| | Resource Servers supporting the Authorization Server Metadata Option shall have the means to be configured to interact with an Authorization Server metadata endpoint to retrieve configuration information (see ITI TF-2: 3.103.4.2.3). | 5 | Section 34.2.1 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-016 | to be reviewed | Testable |
0
|
0
| | An Authorization Server that supports JWT Token Option shall provide an endpoint to retrieve JWT access tokens to be incorporated in RESTful requests to Resource Servers (see ITI-TF 2: 3.71.4.1.3). | 5 | Section 34.2.2 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-017 | to be reviewed | Testable |
0
|
0
| | A Resource Server that supports JWT Token Option shall be able to accept JWT access tokens in RESTful requests, to extract and validate the information provided in the JWT access token, and to enforce access policies based on it (see ITI TF-2: 3.72.4.3). | 5 | Section 34.2.2 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-018 | to be reviewed | Testable |
0
|
0
| | An Authorization Server that supports SAML Token Option shall provide an endpoint to retrieve XUA-compliant SAML 2.0 access tokens to be incorporated in RESTful requests to Resource Servers (see ITI TF-2: 3.71.4.1.3). | 5 | Section 34.2.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-019 | to be reviewed | Testable |
0
|
0
| | A Resource Server that supports SAML Token Option shall be able to accept XUA-compliant access tokens in RESTful requests, to extract and validate the information provided in the token, and to enforce access policies based on it (see ITI TF-2: 3.72.4.3). | 5 | Section 34.2.3 | 6/27/22 3:54:39 PM by vhofman |
|
| IUA | IUA-020 | to be reviewed | Testable |
0
|
0
| | An Authorization Server that supports the Token Introspection option shall provide an endpoint that Resource Servers will use to validate and evaluate the access token. | 6 | Section 34.2.4 | 6/27/22 3:54:39 PM by vhofman |
|