| ITI40 | ITI40-007 | reviewed | Testable |
0
|
3
| | Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding). | 145 | Section 3.40.4.1.2 | 9/17/19 11:07:26 AM by ceoche |
|
| ITI40 | ITI40-010 | reviewed | Testable |
0
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-012 | reviewed | Testable |
0
|
3
| | The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-015 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a ProxyRestriction condition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:07 PM by mtoudic |
|
| ITI40 | ITI40-016 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:13 PM by mtoudic |
|
| ITI40 | ITI40-017 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a OneTimeUsecondition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:18 PM by mtoudic |
|
| ITI40 | ITI40-018 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:24 PM by mtoudic |
|
| ITI40 | ITI40-024 | validated | Testable |
0
|
3
| | A unique identifier for the organization that the user is representing in performing this transaction shall be placed in the value of the <AttributeValue> element of the organization ID Attribute Statement element. This organization ID shall be consistent with the plain-text name of the organization provided in the User Organization Attribute. The organization ID may be an Object Identifier (OID), using the urn format (that is, “urn:oid:” appended with the OID); or it may be a URL assigned to that organization. | 146 | Section 3.40.4.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
| ITI40 | ITI40-025 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID). | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:03 PM by mtoudic |
|
| ITI40 | ITI40-026 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:16 PM by mtoudic |
|
| ITI40 | ITI40-027 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain other Attributes than those listed above. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:35 PM by mtoudic |
|
| ITI40 | ITI40-028 | validated | Testable |
0
|
3
| | The SAML assertion sent by the X-Service User shall be signed by the X-Assertion Provider as devined in SAML Core. | 147 | Section 3.40.4.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
| ITI40 | ITI40-030 | | Testable |
0
|
3
| Note: A subject-role code set will need to be defined as part of the testing environment for XUA | X-Service User shall encode the relevant user subject roles from a locally defined Code-Set into a subject role element(s). | 148 | Section 3.40.4.1.2.1 | 8/27/19 10:00:02 AM by aeschlimann |
|
| ITI40 | ITI40-032 | | Testable |
0
|
3
| Note: this document unique id value will need to be provided as part of the testing environment for XUA, or you will provide the OID of a Patient Privacy Policy Identifier (next row) | When a policy identifier identifies the patient's Privacy Policy Acknowledgement document, X-Service User shall encode the document Unique ID of the Patient Privacy Policy Acknowledgement Document as a SAML attribute in the IHE ITI namespace, “urn:ihe:iti:bppc:2007:docid”, with name format “urn:oasis:names:tc:SAML:2.0:attrname-format:uri”. | 148 | Section 3.40.4.1.2.2 | 8/27/19 10:00:02 AM by aeschlimann |
|
| ITI40 | ITI40-033 | reviewed | Testable |
0
|
3
| | When a policy identifier is a Patient Privacy Policy identifier, the X-Service User shall encode the identifier as a SAML attribute in the IHE ITI
namespace, “urn:ihe:iti:xua:2012:acp”, with name format
``urn:oasis:names:tc:SAML:2.0:attrname-format:uri’’. | 148 | Section 3.40.4.1.2.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-036 | reviewed | Testable |
0
|
3
| | The X-Service User shall place the PurposeOfUse value into the ATNA Audit Message associated with the transaction according to the ATNA Audit Message transaction ITI-20 (see ITI-TF-2a: 3.20.7.3). | 150 | Section 3.40.4.1.2.3.1 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-037 | reviewed | Testable |
0
|
3
| | The X-Service Provider shall place the PurposeOfUse value into the ATNA Audit Message associated with the transaction according to the ATNA Audit Message transaction ITI-20 (see ITI-TF-2a: 3.20.7.3). | 150 | Section 3.40.4.1.2.3.1 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-041 | reviewed | Not testable |
0
|
3
| Note: All assertions for this AIPO are stated as "may" in the TF documentation. The CASC XUA tests will need to document a policy regarding the purpose-of-use codes and write a test to have the Provider enforce the policy. | The X-Service Provider may utilize the Subject-Role values in local policy for access control decision making | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:54:55 PM by mtoudic |
|
| ITI40 | ITI40-042 | reviewed | Not testable |
0
|
3
| | The X-Service Provider may need to bridge the Subject-Role values into local role vocabulary. | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:54:59 PM by mtoudic |
|
| ITI40 | ITI40-043 | reviewed | Not testable |
0
|
3
| | The Subject-Role may be used to populate the ATNA Audit Message. | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:55:03 PM by mtoudic |
|