| CH-XUA | CH-XUA-013 | | Testable |
0
|
3
| Agreed to do not cover this assertion | The User Authentication Provider authenticates the user and returns a SAML 2 Authentication Assertion (see Section 1.6.4.1.1 Scope) | 14 | Section 1.6.4.1.1 | 1/4/22 1:56:08 PM by vhofman |
|
| CH-XUA | CH-XUA-026 | | Testable |
0
|
1
| Agreed to do not cover this assertion | X-Service User actor MUST be able to send SAML attribute queries to the Identity Provider to query specific attributes according to the Identity Provider (see Section 1.6.4.2.2 Use Case Roles) | 15 | Section 1.6.4.2.2 | 1/4/22 1:56:09 PM by vhofman |
|
| CH-XUA | CH-XUA-031 | | Testable |
0
|
0
| | [SAML Assertion - HCP - ASS - TCU] The <NameID> child element of the <Subject> MUST contain the GLN of the subject with name qualifier attribute set to urn:gs1:gln. | 24 | Section 1.6.4.3.4.2.1 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-092 | reviewed | Testable |
0
|
0
| | [SAML Assertion - ASS] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") of the <AttributeStatement> MUST be either code NORM or EMER from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 25 | Section 1.6.4.3.4.2.2 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-093 | reviewed | Testable |
0
|
0
| | [SAML Assertion - TCU] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") MUST be code AUTO from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 26 | Section 1.6.4.3.4.2.3 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-094 | reviewed | Testable |
0
|
0
| | [SAML Assertion - PADM] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") attribute MUST be code NORM from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 27 | Section 1.6.4.3.4.2.5 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-095 | reviewed | Testable |
0
|
0
| | [SAML Assertion - DADM] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") attribute MUST be code NORM from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 27 | Section 1.6.4.3.4.2.5 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-096 | reviewed | Testable |
0
|
0
| | [SAML Assertion - PAT] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") attribute MUST be code NORM from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 27 | Section 1.6.4.3.4.2.6 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-097 | reviewed | Testable |
0
|
0
| | [SAML Assertion - REP] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") attribute MUST be code NORM from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 28 | Section 1.6.4.3.4.2.7 | 6/27/22 3:54:39 PM by vhofman |
|
| CH-XUA | CH-XUA-098 | to be reviewed | Testable |
0
|
0
| | [SAML Assertion - HCP] The purpose of use attribute ("urn:oasis:names:tc:xspa:1.0:subject:purposeofuse") of the <AttributeStatement> MUST be either code NORM or EMER from code system 2.16.756.5.30.1.127.3.10.5 of the CH:EPR value set. | 24 | Section 1.6.4.3.4.2.1 | 6/27/22 3:54:39 PM by vhofman |
|
| ITI40 | ITI40-007 | reviewed | Testable |
0
|
3
| | Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding). | 145 | Section 3.40.4.1.2 | 9/17/19 11:07:26 AM by ceoche |
|
| ITI40 | ITI40-010 | reviewed | Testable |
0
|
3
| | The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-012 | reviewed | Testable |
0
|
3
| | The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3. | 144 | Section 3.40.4.1.2 | 5/2/19 11:31:13 AM by NicolasBailliet |
|
| ITI40 | ITI40-015 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a ProxyRestriction condition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:07 PM by mtoudic |
|
| ITI40 | ITI40-016 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:13 PM by mtoudic |
|
| ITI40 | ITI40-017 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a OneTimeUsecondition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:18 PM by mtoudic |
|
| ITI40 | ITI40-018 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:24 PM by mtoudic |
|
| ITI40 | ITI40-024 | validated | Testable |
0
|
3
| | A unique identifier for the organization that the user is representing in performing this transaction shall be placed in the value of the <AttributeValue> element of the organization ID Attribute Statement element. This organization ID shall be consistent with the plain-text name of the organization provided in the User Organization Attribute. The organization ID may be an Object Identifier (OID), using the urn format (that is, “urn:oid:” appended with the OID); or it may be a URL assigned to that organization. | 146 | Section 3.40.4.1.2 | 6/27/22 3:54:39 PM by vhofman |
|
| ITI40 | ITI40-025 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID). | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:03 PM by mtoudic |
|
| ITI40 | ITI40-026 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:16 PM by mtoudic |
|