| CH-PPQ | CH-PPQ-001 | reviewed | Testable |
3
|
2
| Checking only the BODY part of the message | Privacy Policy Feed request messages SHALL use SOAP v1.2 message encoding (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0010 | reviewed | Testable |
5
|
2
| Checking only the BODY part of the message | Privacy Policy Feed response messages SHALL use SOAP v1.2 message encoding (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0012 | reviewed | Testable |
5
|
2
| Checking only the BODY part of the message | Privacy Policy Feed response messages MAY be used to respond to, (1) add (AddPolicyRequest) (2) edit (UpdatePolicyRequest) or (3) delete (DeletePolicyRequest) authorization policies requests (see Section 3.3.5 Message Semantics) | 40 | Section 3.3.5 | 8/27/19 2:54:23 PM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0013 | reviewed | Testable |
1
|
1
| Checking only the BODY part of the message | The Addressing Action header of an AddPolicyRequest Response SHALL be urn:e-health-suisse:2015:policy-administration:AddPolicyResponse (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0014 | reviewed | Testable |
2
|
1
| Checking only the BODY part of the message | WS-Addressing Action headers of the request and response SOAP messages SHALL be urn:e-health-suisse:2015:policy-administration:PolicyQueryResponse (see Section 3.4.3 Referenced Standards) | 44 | Section 3.4.3 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0015 | reviewed | Testable |
2
|
1
| Checking only the BODY part of the message | The Addressing Action header of an UpdatePolicyRequest Response SHALL be urn:e-health-suisse:2015:policy-administration:UpdatePolicyResponse (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0016 | reviewed | Testable |
2
|
1
| Checking only the BODY part of the message | The Addressing Action header of an DeletePolicyRequest Response SHALL be urn:e-health-suisse:2015:policy-administration:DeletePolicyResponse (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0017 | reviewed | Testable |
4
|
1
| Checking only the BODY part of the message | The recipient of the PPQ Response SHALL be identified by the WS-Addressing <To> header (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0018 | reviewed | Testable |
4
|
1
| Checking only the BODY part of the message | The value of the WS-Addressing <To> header (see Req. 8) SHALL be a URL, specifically the recipient's endpoint (see Section 3.3.5 Message Semantics) | 35 | Section 3.3.5 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0019 | reviewed | Testable |
1
|
2
| - | The Policy Consumer sends this message when it needs to retrieve existing XACML policies or policy sets stored in a Policy Repository (of the patients reference community) (see Section 3.4.5.1 Trigger Events) | 44 | Section 3.4.5.1 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-002 | reviewed | Testable |
3
|
1
| Checking only the BODY part of the message & See also: Page 39 & 41 | Privacy Policy Feed messages are used by the Policy Source to (1) add (EPR AddPolicyRequest), (2) update (EPR UpdatePolicyRequest), or (3) delete (EPR DeletePolicyRequest) authorization policies and policy sets stored in a PolicyRepository (see Section 3.3.1 Scope) | 33 | Section 3.3.1 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0020 | reviewed | Testable |
1
|
1
| - | The body of XACMLPolicyQuery SHALL use an <xacml-samlp:XACMLPolicyQuery>. According to the schema, there are two variants of querying for policies or policy sets:- Retrieve all policies and policy sets related to a particular patient (XACMLPolicyQuery : shall have a child element named Request).- Retrieve policies and policy sets directly referenced by their IDs (also useful for not patient-related policies) (see Section 3.4.5.2 Message Semantics) | 45 | Section 3.4.5.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0021 | reviewed | Testable |
1
|
1
| PPQ_sample_req_XACMLPolicy_step1.xml&PPQ_sample_req_XACMLPolicy_step2.xml | A Request MAY contain more than one Resource but there SHALL be "one request per patient", meaning the InstanceIdentifier for a patients record must occure with one and the same value throughout a XACMLPolicyQuery. <Subject>, <Action> and <Environment> have no CH:PPQusecase yet (see Section 3.4.5.2 Message Semantics) | 45 | Section 3.4.5.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0022 | reviewed | Testable |
1
|
1
| PPQ_sample_req_XACMLPolicy_step3_missingAttributes.xml | The <Resource> element shall convey a <xacml-context:Attribute> child element with AttributeId equal to "urn:e-health-suisse:2015:epr-spid" and DataType equal to "urn:hl7-org:v3#II" (see Section 3.4.5.2 Message Semantics) | 45 | Section 3.4.5.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0023 | reviewed | Testable |
1
|
1
| PPQ_sample_req_XACMLPolicy_step4_missingHL7element.xml | The <Attribute> element shall convey a <hl7:InstanceIdentifier> child element that includes exactly three (3) attributes, namely(1) xsi:type (equal to hl7:II)(2) root (for patient identification)(3) extension (for patient identification) (see Section 3.4.5.2 Message Semantics) | 45 | Section 3.4.5.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0024 | reviewed | Testable |
1
|
1
| - | After the evaluation of a XACMLPolicyQuery Request, the Policy Repository SHALL produce a SAML Assertion response message that conveys the resulting Policies and Policy Sets within a Policy Statement (se Section 3.4.6 XACMLPolicyQuery Response) | 46 | Section 3.4.6 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0025 | reviewed | Testable |
1
|
1
| - | The XACMLPolicy <Assertion>as specified in OASIS SAML 2.0 Profile of XACML v2.0 (Chapter 5.6), is conveyed within a XACMLPolicy <Response> (see Section 3.4.6.2 Message Semantics) | 46 | Section 3.4.6.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0026 | reviewed | Testable |
1
|
1
| - | The XACMLPolicy <Assertion> MAY NOT be signed (see Section 3.4.6.2 Message Semantics) | 46 | Section 3.4.6.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0027 | reviewed | Testable |
1
|
1
| - | The XACMLPolicy <Assertion> SHALL convey an <Issuer> element (see Section 3.4.6.2 Message Semantics) | 46 | Section 3.4.6.2 | 7/2/21 10:51:20 AM by aeschlimann |
|
| CH-PPQ | CH-PPQ-0028 | reviewed | Testable |
1
|
1
| PPQ_sample_resp_XACMLPolicy_step5_wrong_issuer_urn.xml | The <Issuer> of the Assertion SHALL identify the Policy Repository (see Section 3.4.6.2 Message Semantics) | 46 | Section 3.4.6.2 | 7/2/21 10:51:20 AM by aeschlimann |
|