| CH-XUA | CH-XUA-002 | | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xspa:1.0:subject:subject-id". The <AttributeValue> child element MUST convey the subjects real world name as plain text as defined by IHE XUA in all extensions (see Section 1.6.4.3.4.2 Message Semantics) | 23 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-003 | to be reviewed | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xspa:1.0:subject:organization-id". The <AttributeValue> child element MUST convey the ID of the subjects organization or group registered in the HPD or empty, if not known (see Section 1.6.4.3.4.2 Message Semantics) | 24 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-004 | to be reviewed | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute: "urn:oasis:names:tc:xspa:1.0:subject:organization". The <AttributeValue> child element MUST convey a plain text the subjects organization name as registered in the HPD or empty, if not known (see Section 1.6.4.3.4.2 Message Semantics) | 24 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-005 | | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute "urn:oasis:names:tc:xacml:2.0:subject:role". The <AttributeValue> child element MUST convey a coded value of the subjects role (see Section 1.6.4.3.4.2 Message Semantics) | 23 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-006 | | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute:"urn:oasis:names:tc:xacml:2.0:resource:resource-id". The <AttributeValue> MUST convey the EPR-SPID identifier of the patients record and the patient assigning authority formatted in CXsyntax as specified in the XUA profile (see Section 1.6.4.3.4.2 Message Semantics) | 23 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-007 | | Testable |
7
|
1
| | [SAML Assertion] There MUST be one <Attribute> element with the name attribute: "urn:oasis:names:tc:xspa:1.0:subject:purposeofuse". The <AttributeValue> child element MUST convey a coded value of the current transactions purpose of use (see Section 1.6.4.3.4.2 Message Semantics) | 23 | Section 1.6.4.3.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-008 | | Testable |
7
|
1
| | The Get X-User Assertion response message extends the <wst:RequestSecurityTokenResponse> message defined in WS-Trust 1.3 (see Section 1.6.4.2.4.2 Message Semantics) | 17 | Section 1.6.4.2.4.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-012 | | Testable |
1
|
2
| | See ITI TF-2b, chapter 3.40 Provide X-User Assertion [ITI-40]. The SAML User Assertion MUST be taken from the Get X-User Assertion transaction (see Section 1.6.4.2.1 Scope) | 15 | Section 1.6.4.2.1 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-018 | | Testable |
8
|
3
| | X-Assertion Provider verifies authorization information, creates a SAML Authorization Assertion and sends it to the X-Service User (see Section 1.6.4.2.2 Use Case Roles) | 15 | Section 1.6.4.2.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-020 | | Testable |
1
|
3
| | X-Service User actor MUST implement the SAML User Authentication Request of the «Authenticate User» transaction (see Section 1.6.4.1.1 Scope) | 14 | Section 1.6.4.1.1 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-021 | | Testable |
7
|
3
| | X-Service User actor MUST implement the SAML User Assertion Request (see Section 1.6.4.2.2 Use Case Roles) | 15 | Section 1.6.4.2.2 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-024 | | Testable |
1
|
1
| | The X-Assertion Provider actor MUST authenticate the technical user by validating the signature of the Assertion with the certificate registered with the technical user (see Section 1.6.4.2.4.4.3 Technical User Extension) | 21 | Section 1.6.4.2.4.4.3 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-029 | | Testable |
7
|
4
| | X-Service Provider actor MUST be grouped with the actor «Authorization Decision Provider» as defined in the CH:ADR integration profile (see Table 4: Required groupings of actors defined in this national extension) | 13 | Section 1.6.3 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-032 | | Testable |
3
|
1
| | [SAML Assertion - HCP - ASS - TCU] The organization attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization") of the <AttributeStatement> MUST convey the name of the organizations or groups the subject is a member of (see Section 1.6.4.3.4.2.1 Heathcare Professional Extension) | 24 | Section 1.6.4.3.4.2.1 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-033 | | Testable |
3
|
1
| | [SAML Assertion - HCP - ASS - TCU] The organization ID attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization-id") MUST convey the identifiers of the organizations or groups the subject is assigned to. The identifiers MUST be OID in the format of URN as registered in the healthcare provider directory (see Section 1.6.4.3.4.2.1 Heathcare Professional Extension) | 24 | Section 1.6.4.3.4.2.1 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-035 | reviewed | Testable |
1
|
1
| | [SAML Assertion - ASS] The <Conditions> element MUST contain a <AudienceRestriction> element coveying a single <Audience> child element with the value set to "urn:e-health-suisse:token-audience:all-communities" (see Section 1.6.4.3.4.2.3 Technical User Extension) | 26 | Section 1.6.4.3.4.2.3 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-036 | reviewed | Testable |
1
|
1
| | [SAML Assertion - PADM] The <NameID> child element of the <Subject> element MUST contain the unique ID the administrator is registered with in the community and the name qualifier attribute set to "urn:e-health-suisse:policy-administrator-id" (see Section 1.6.4.3.4.2.4 Policy Administrator Extension) | 26 | Section 1.6.4.3.4.2.4 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-037 | reviewed | Testable |
1
|
1
| | [SAML Assertion - DADM] The <NameID> child element of the <Subject> element MUST contain the unique ID the administrator is registered with in the community and the name qualifier attribute set to "urn:e-health-suisse:document-administrator-id" (see Section 1.6.4.3.4.2.7 Representative Extension) | 28 | Section 1.6.4.3.4.2.7 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-038 | reviewed | Testable |
4
|
1
| | [SAML Assertion - DADM - PADM - PAT - REP] The organization ID attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization-id") element MUST be empty (see Section 1.6.4.3.4.2.4 Policy Administrator Extension) | 26 | Section 1.6.4.3.4.2.4 | 1/22/24 2:03:10 PM by vhofman |
|
| CH-XUA | CH-XUA-039 | reviewed | Testable |
4
|
1
| | [SAML Assertion - DADM - PADM - PAT - REP] The organization attribute ("urn:oasis:names:tc:xspa:1.0:subject:organization") element MUST be empty (see Section 1.6.4.3.4.2.4 Policy Administrator Extension - 1.6.4.3.4.2.5 Document Administrator Extension) | 26 | Section 1.6.4.3.4.2.4 | 1/22/24 2:03:10 PM by vhofman |
|