Search Criteria : 1335 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ATNAATNA-1Testable 1 4 I think this is redundant to ATNA-11. This is just a generic statement about the ITI-19 transaction. > No, the use of bi-directionnal certificate authentication is implicit in ITI19-1, this assertion makes it explicit.The Audit Trail and Node Authentication Integration Profile requires the use of bi-directional certificate-based node authentication for connections to and from each node.72Section 9.48/26/19 5:25:26 PM by ceoche
ATNAATNA-11Testable 2 2 Are we going to duplicate the assertions for SN or SA, or just link these assertions to both actors. I think we should link to both.Secure Node actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile shall support the Authentication Node [ITI-19] transaction69Table 9.1-17/11/19 7:28:57 PM by ceoche
ATNAATNA-14Testable 2 2 I disagree with this assertion. Section 9.7 reads "If the product claims only to include the Secure Application Actor, that indicates that only those security features that apply to the application features are provided by the product." I expect SAs to support ITI-19 for its IHE transactions that carry PHI. > Yes, this is the philosophy of the SA actor in the TF : "required only for transactions containing PHI". According to 2nd Review group, the TF is the reference, so we won't delete this assertion.Secure Application actor which claims support for the Audit Trail and Node Authentication (ATNA) integration profile may perform the Authentication Node [ITI-19] transaction69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-17Testable 1 2 The Secure Node Actor shall include the Authenticate Node [ITI-19] transaction for all network connections that may expose private information. 69Table 9.1-18/26/19 5:25:26 PM by ceoche
ATNAATNA-18Testable 3 2 The Secure Node Actor shall ensure all local user activity (login, logout, etc.) protected to ensure only authorized users. 69Section 9.1.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-19Testable 1 2 I think this is redundant with assertion ATNA-12The Secure Node Actor shall include the record Audit Event as specified in ITI TF-2a: 3.2069Section 9.1.1.17/11/19 7:02:45 PM by ceoche
ATNAATNA-2Testable 1 3 probably not a testable assertionSecure Nodes shall either prohibit, or be designed and verified to prevent access to PHI, whenever connections are not bi-directionally node-authenticated .69Section 9.1.18/26/19 5:25:26 PM by ceoche
ATNAATNA-28reviewedTestable 1 1 The Secure Application shall use the Authenticate Node transaction for all network connections to or from the application that may expose private information as specified in ITI TF-2a: 3.1970Section 9.1.1.27/11/19 7:31:05 PM by ceoche
ATNAATNA-29reviewedTestable 1 1 The Secure Application shall provide sufficient authentication methods to ensure that only authorized users access the Secure Application70Section 9.1.1.27/11/19 7:26:24 PM by ceoche
ATNAATNA-9Testable 2 2 When an implementation chooses to support this Integration Profile for an actor, non-IHE applications that process PHI shall detect and report auditable events, and protect access.72Section 9.47/11/19 7:25:04 PM by ceoche
CH-ADRCH-ADR-001reviewedTestable 13 2 See also: Section 3.1.6.3 Page 17This transaction is based on SOAP v1.2 exchange protocol and Synchronous Web services (see Section 3.1.1 Scope)11Section 3.1.16/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-002reviewedTestable 13 3 -The Authorization Decision Consumercan ask for authorization regarding a number of Resources in one query as the request message complies with the Multiple Resource Profile of XACML v2.0 (see Section 3.1.4 XACMLAuthzDecisionQuery Request)12Section 3.1.46/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-003reviewedTestable 13 2 Checking only the BODY part of the messageThe WS-Addressing Action header SHALL have this value:urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest (see Section 3.1.6.5 Semantics)14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-004reviewedTestable 13 2 Checking only the BODY part of the messageThe recipient of the Authorization Decision Query SHALL be identified by the WS-Addressing <wsa:To>element in the header (URL of the endpoint) (see Section 3.1.6.5 Semantics)14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-005reviewedTestable 13 2 Checking only the BODY part of the messageThe value of the WS-Addressing To header (see Req. 4) SHALL be a URL, specifically the recipient's endpoint (see Section 3.1.6.5 Semantics) 14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-006reviewedTestable 13 3 Checking only the BODY part of the messageA SAML 2.0 Identity Assertion SHALL be conveyed within the WS-Security Security header (see Section 3.1.6.5 Semantics)14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-007reviewedTestable 13 2 FAIL_adr_request_sample_1_XACMLAuthzDecisionQuery_Structure.xmlThe body of the message SHALL use an <XACMLAuthzDecisionQuery>element (defined in the SAML 2.0 Profile for XACML v2.0) to convey a <Request> with the Authorization Query parameters (Subject, Resource, Action, Environment). (see Section 3.1.6.5 Semantics) 14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-008reviewedTestable 13 2 FAIL_adr_request_sample_2_XACMLAuthzDecisionQuery_Opening_Tags_Attributes.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @ReturnContext attribute that SHOULD be set to "false" (see Section 3.1.6.5 Semantics) 14Section 3.1.6.56/22/21 4:31:10 PM by aeschlimann
CH-ADRCH-ADR-009reviewedTestable 13 2 FAIL_adr_request_sample_2_XACMLAuthzDecisionQuery_Opening_Tags_Attributes.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @InputContextOnly attribute that SHALL be set to "false" (see Section 3.1.6.5 Semantics)14Section 3.1.6.56/22/21 4:31:11 PM by aeschlimann
CH-ADRCH-ADR-010reviewedTestable 13 2 FAIL_adr_request_sample_1_XACMLAuthzDecisionQuery_Structure.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL have only one child element <Request> (see Section 3.1.6.5 Semantics) 14Section 3.1.6.56/22/21 4:31:11 PM by aeschlimann