ITI40 | ITI40-004 | reviewed | Testable |
8
|
3
| | The X-Service Provider is configurable as to when [ITI-40] Provide X-User Assertion is necessary | 144 | Section 3.40.4.1.1 | 9/10/19 11:55:50 AM by aeschlimann |
|
ITI40 | ITI40-009 | reviewed | Testable |
7
|
3
| | The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request | 145 | Section 3.40.4.1.2 | 9/17/19 4:38:14 PM by mtoudic |
|
ITI40 | ITI40-010 | reviewed | Testable |
0
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
ITI40 | ITI40-011 | reviewed | Testable |
7
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element. | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:17 PM by mtoudic |
|
ITI40 | ITI40-012 | reviewed | Testable |
0
|
3
| | The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
ITI40 | ITI40-013 | | Testable |
7
|
3
| | In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:20 PM by mtoudic |
|
ITI40 | ITI40-014 | | Testable |
7
|
3
| | The SAML Assertion Conditions element, sall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider. | 144 | Section 3.40.4.1.2 | 9/17/19 4:38:22 PM by mtoudic |
|
ITI40 | ITI40-021 | | Testable |
7
|
3
| | If the Subject ID is present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:subject-id”. The name of the user shall be placed in the value of the <AttributeValue> element. | 144 | Section 3.40.4.1.2 | 9/17/19 4:39:20 PM by mtoudic |
|
ITI40 | ITI40-022 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:34 PM by mtoudic |
|
ITI40 | ITI40-023 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:39 PM by mtoudic |
|
ITI40 | ITI40-024 | validated | Testable |
0
|
3
| | A unique identifier for the organization that the user is representing in performing this transaction shall be placed in the value of the <AttributeValue> element of the organization ID Attribute Statement element. This organization ID shall be consistent with the plain-text name of the organization provided in the User Organization Attribute. The organization ID may be an Object Identifier (OID), using the urn format (that is, “urn:oid:” appended with the OID); or it may be a URL assigned to that organization. | 146 | Section 3.40.4.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
ITI40 | ITI40-025 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID). | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:03 PM by mtoudic |
|
ITI40 | ITI40-026 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:16 PM by mtoudic |
|
ITI40 | ITI40-027 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain other Attributes than those listed above. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:35 PM by mtoudic |
|
ITI40 | ITI40-028 | validated | Testable |
0
|
3
| | The SAML assertion sent by the X-Service User shall be signed by the X-Assertion Provider as devined in SAML Core. | 147 | Section 3.40.4.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
ITI40 | ITI40-050 | reviewed | Testable |
19
|
3
| | When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where:
• alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute
• user is the required content of the SAML Assertion's Subject element
• issuer is the X-Assertion Provider entity ID contained with the content of SAML Assertion's Issuer element | 151 | Section 3.40.4.2 | 9/11/19 3:59:16 PM by r.hilary |
|
XUA | XUA-005 | reviewed | Testable |
12
|
2
| | X-Service Provider shall support [ITI-40] | 129 | Section 13.4-1 | 9/30/22 2:34:11 PM by vhofman |
|
XUA | XUA-013 | reviewed | Testable |
1
|
2
| | The X-Service Provider shall protect the X-User Assertion. If the system supports ATNA, then TLS meets this requirement. If the system does not support ATNA, then it shall provide another mechanism to protect the X-User Assertion. | 131 | Section 13.6.1 | 9/10/19 10:20:07 AM by NicolasBailliet |
|
XUA | XUA-015 | reviewed | Testable |
7
|
2
| | The X-Service Provider shall represent the X-User Assertion in ATNA Audit Messages according the the encoding rules in ITI TF-2b: 3.40.4.2 | 131 | Section 13.6.1 | 9/10/19 11:57:29 AM by aeschlimann |
|
XUA | XUA-017 | reviewed | Testable |
8
|
2
| | When an X-Service Provider also supports an actor that performs an IHE Transaction that uses web services according to ITI TF-2x: Appendix V, then that Responding Actor shall conform to all of the requirements in [ITI-40]. | 132 | Section 13.6.4 | 9/10/19 11:57:21 AM by aeschlimann |
|