Search Criteria : 71 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
CH-XUACH-XUA-002Testable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xspa:1.0:subject:subject-id". The <AttributeValue> child element MUST convey the subjects real world name as plain text as defined by IHE XUA in all extensions (see Section 1.6.4.3.4.2 Message Semantics)23Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-003to be reviewedTestable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xspa:1.0:subject:organization-id". The <AttributeValue> child element MUST convey the ID of the subjects organization or group registered in the HPD or empty, if not known (see Section 1.6.4.3.4.2 Message Semantics)24Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-004to be reviewedTestable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute: "urn:oasis:names:tc:xspa:1.0:subject:organization". The <AttributeValue> child element MUST convey a plain text the subjects organization name as registered in the HPD or empty, if not known (see Section 1.6.4.3.4.2 Message Semantics)24Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-005Testable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xacml:2.0:subject:role". The <AttributeValue> child element MUST convey a coded value of the subjects role (see Section 1.6.4.3.4.2 Message Semantics)23Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-006Testable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute:"urn:oasis:names:tc:xacml:2.0:resource:resource-id". The <AttributeValue> MUST convey the EPR-SPID identifier of the patients record and the patient assigning authority formatted in CXsyntax as specified in the XUA profile (see Section 1.6.4.3.4.2 Message Semantics)23Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-007Testable 7 1 [SAML Assertion] There MUST be one <Attribute> element with the name attribute: "urn:oasis:names:tc:xspa:1.0:subject:purposeofuse". The <AttributeValue> child element MUST convey a coded value of the current transactions purpose of use (see Section 1.6.4.3.4.2 Message Semantics)23Section 1.6.4.3.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-008Testable 7 1 The Get X-User Assertion response message extends the <wst:RequestSecurityTokenResponse> message defined in WS-Trust 1.3 (see Section 1.6.4.2.4.2 Message Semantics)17Section 1.6.4.2.4.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-012Testable 1 2 See ITI TF-2b, chapter 3.40 Provide X-User Assertion [ITI-40]. The SAML User Assertion MUST be taken from the Get X-User Assertion transaction (see Section 1.6.4.2.1 Scope)15Section 1.6.4.2.11/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-018Testable 8 3 X-Assertion Provider verifies authorization information, creates a SAML Authorization Assertion and sends it to the X-Service User (see Section 1.6.4.2.2 Use Case Roles)15Section 1.6.4.2.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-020Testable 1 3 X-Service User actor MUST implement the SAML User Authentication Request of the «Authenticate User» transaction (see Section 1.6.4.1.1 Scope)14Section 1.6.4.1.11/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-021Testable 7 3 X-Service User actor MUST implement the SAML User Assertion Request (see Section 1.6.4.2.2 Use Case Roles)15Section 1.6.4.2.21/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-024Testable 1 1 The X-Assertion Provider actor MUST authenticate the technical user by validating the signature of the Assertion with the certificate registered with the technical user (see Section 1.6.4.2.4.4.3 Technical User Extension) 21Section 1.6.4.2.4.4.31/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-029Testable 7 4 X-Service Provider actor MUST be grouped with the actor «Authorization Decision Provider» as defined in the CH:ADR integration profile (see Table 4: Required groupings of actors defined in this national extension)13Section 1.6.31/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-032Testable 3 1 [SAML Assertion - HCP - ASS - TCU] The organization attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization") of the <AttributeStatement> MUST convey the name of the organizations or groups the subject is a member of (see Section 1.6.4.3.4.2.1 Heathcare Professional Extension)24Section 1.6.4.3.4.2.11/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-033Testable 3 1 [SAML Assertion - HCP - ASS - TCU] The organization ID attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization-id") MUST convey the identifiers of the organizations or groups the subject is assigned to. The identifiers MUST be OID in the format of URN as registered in the healthcare provider directory (see Section 1.6.4.3.4.2.1 Heathcare Professional Extension)24Section 1.6.4.3.4.2.11/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-035reviewedTestable 1 1 [SAML Assertion - ASS] The <Conditions> element MUST contain a <AudienceRestriction> element coveying a single <Audience> child element with the value set to "urn:e-health-suisse:token-audience:all-communities" (see Section 1.6.4.3.4.2.3 Technical User Extension)26Section 1.6.4.3.4.2.31/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-036reviewedTestable 1 1 [SAML Assertion - PADM] The <NameID> child element of the <Subject> element MUST contain the unique ID the administrator is registered with in the community and the name qualifier attribute set to "urn:e-health-suisse:policy-administrator-id" (see Section 1.6.4.3.4.2.4 Policy Administrator Extension)26Section 1.6.4.3.4.2.41/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-037reviewedTestable 1 1 [SAML Assertion - DADM] The <NameID> child element of the <Subject> element MUST contain the unique ID the administrator is registered with in the community and the name qualifier attribute set to "urn:e-health-suisse:document-administrator-id" (see Section 1.6.4.3.4.2.7 Representative Extension)28Section 1.6.4.3.4.2.71/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-038reviewedTestable 4 1 [SAML Assertion - DADM - PADM - PAT - REP] The organization ID attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization-id") element MUST be empty (see Section 1.6.4.3.4.2.4 Policy Administrator Extension)26Section 1.6.4.3.4.2.41/22/24 2:03:10 PM by vhofman
CH-XUACH-XUA-039reviewedTestable 4 1 [SAML Assertion - DADM - PADM - PAT - REP] The organization attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization") element MUST be empty (see Section 1.6.4.3.4.2.4 Policy Administrator Extension - 1.6.4.3.4.2.5 Document Administrator Extension)26Section 1.6.4.3.4.2.41/22/24 2:03:10 PM by vhofman