ITI40 | ITI40-003 | reviewed | Testable |
10
|
3
| | The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary | 144 | Section 3.40.4.1.1 | 9/10/19 11:55:46 AM by aeschlimann |
|
ITI40 | ITI40-004 | reviewed | Testable |
8
|
3
| | The X-Service Provider is configurable as to when [ITI-40] Provide X-User Assertion is necessary | 144 | Section 3.40.4.1.1 | 9/10/19 11:55:50 AM by aeschlimann |
|
ITI40 | ITI40-005 | reviewed | Testable |
2
|
3
| | The X-Service User shall include the OASIS Web Services Security (WSS) Header | 144 | Section 3.40.4.1.2 | 3/8/24 11:02:45 AM by vhofman |
|
ITI40 | ITI40-006 | reviewed | Testable |
2
|
3
| | The X-Service User shall include a SAML 2.0 Assertion as the security token | 144 | Section 3.40.4.1.2 | 3/8/24 11:02:47 AM by vhofman |
|
ITI40 | ITI40-009 | reviewed | Testable |
7
|
3
| | The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request | 145 | Section 3.40.4.1.2 | 9/17/19 4:38:14 PM by mtoudic |
|
ITI40 | ITI40-011 | reviewed | Testable |
7
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element. | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:17 PM by mtoudic |
|
ITI40 | ITI40-013 | | Testable |
7
|
3
| | In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:20 PM by mtoudic |
|
ITI40 | ITI40-014 | | Testable |
7
|
3
| | The SAML Assertion Conditions element, sall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider. | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:22 PM by mtoudic |
|
ITI40 | ITI40-019 | | Testable |
7
|
3
| | The SAML assertion sent by the X-Service User shall contain an AuthnStatement to specify the AuthnContextClassRef or AuthnContextDeclRef | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:27 PM by mtoudic |
|
ITI40 | ITI40-020 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:30 PM by mtoudic |
|
ITI40 | ITI40-021 | | Testable |
7
|
3
| | If the Subject ID is present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:subject-id”. The name of the user shall be placed in the value of the <AttributeValue> element. | 144 | Section 3.40.4.1.2 | 9/17/19 4:39:20 PM by mtoudic |
|
ITI40 | ITI40-022 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:34 PM by mtoudic |
|
ITI40 | ITI40-023 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:39 PM by mtoudic |
|
ITI40 | ITI40-029 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain other statements. | 150 | Section 3.40.4.1.3 | 9/17/19 4:54:41 PM by mtoudic |
|
ITI40 | ITI40-031 | | Testable |
7
|
3
| | X-Service User shall encode subject role <Attribute> element to have the the Name attribute set to “urn:oasis:names:tc:xacml:2.0:subject:role”. The value of the <AttributeValue> element is a child element, “Role”, in the namespace “urn:hl7-org:v3”, whose content is defined by the “CE” (coded element) data type from the HL7 version 3 specification. | 148 | Section 3.40.4.1.2.1 | 9/17/19 4:37:58 PM by mtoudic |
|
ITI40 | ITI40-035 | reviewed | Testable |
7
|
3
| Note: A purpose-of-use-code set will need to be defined as part of the testing environment for XUA | The X-ServiceUser shall encode the PurposeOfUse <Attribute> element with the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:purposeofuse”. The value of the <AttributeValue> element is a child element, “PurposeOfUse”, in the namespace “urn:hl7-org:v3”, whose content is
defined by the “CE” (coded element) data type from the HL7 version 3 specification. The PurposeOfUse element shall contain the coded representation of the Purpose for Use that is in effect for the request. | 149 | Section 3.40.4.1.2.3 | 9/17/19 4:38:01 PM by mtoudic |
|
ITI40 | ITI40-049 | reviewed | Testable |
19
|
3
| | When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where:
• alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute
• user is the required content of the SAML Assertion's Subject element | 151 | Section 3.40.4.2 | 9/11/19 3:59:14 PM by r.hilary |
|
ITI40 | ITI40-050 | reviewed | Testable |
19
|
3
| | When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where:
• alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute
• user is the required content of the SAML Assertion's Subject element
• issuer is the X-Assertion Provider entity ID contained with the content of SAML Assertion's Issuer element | 151 | Section 3.40.4.2 | 9/11/19 3:59:16 PM by r.hilary |
|
ITI40 | ITI40-053 | reviewed | Testable |
7
|
2
| | The Patient Identifier shall consist of two parts; the OID for the assigning authority and the identifier of the patient within that assigning authority. The value shall be formatted using the CX syntax. | 149 | Section 3.40.4.1.2.2.1 | 9/17/19 4:45:39 PM by mtoudic |
|
RAD68 | RAD68-001 | to delete | Testable |
1
|
1
| | The Imaging Document Source is instructed to submit a set of one or more new imaging documents for sharing. | 472 | Section 4.68.4.1.1 | 3/15/24 2:33:35 PM by vhofman |
|