Search Criteria : 81 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
CH-ADRCH-ADR-001reviewedTestable 14 2 See also: Section 3.1.6.3 Page 17This transaction is based on SOAP v1.2 exchange protocol and Synchronous Web services (see Section 3.1.1 Scope)8Section 3.1.13/8/24 10:58:39 AM by vhofman
CH-ADRCH-ADR-002reviewedTestable 15 3 -The Authorization Decision Consumercan ask for authorization regarding a number of Resources in one query as the request message complies with the Multiple Resource Profile of XACML v2.0 (see Section 3.1.4 XACMLAuthzDecisionQuery Request)9Section 3.1.43/8/24 10:58:41 AM by vhofman
CH-ADRCH-ADR-003reviewedTestable 15 2 Checking only the BODY part of the messageThe WS-Addressing Action header SHALL have this value:urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:58:42 AM by vhofman
CH-ADRCH-ADR-004reviewedTestable 15 2 Checking only the BODY part of the messageThe recipient of the Authorization Decision Query SHALL be identified by the WS-Addressing <wsa:To>element in the header (URL of the endpoint) (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:58:45 AM by vhofman
CH-ADRCH-ADR-005reviewedTestable 15 2 Checking only the BODY part of the messageThe value of the WS-Addressing To header (see Req. 4) SHALL be a URL, specifically the recipient's endpoint (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:58:47 AM by vhofman
CH-ADRCH-ADR-006reviewedTestable 14 3 Checking only the BODY part of the messageA SAML 2.0 Identity Assertion SHALL be conveyed within the WS-Security Security header (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:58:49 AM by vhofman
CH-ADRCH-ADR-007reviewedTestable 15 2 FAIL_adr_request_sample_1_XACMLAuthzDecisionQuery_Structure.xmlThe body of the message SHALL use an <XACMLAuthzDecisionQuery>element (defined in the SAML 2.0 Profile for XACML v2.0) to convey a <Request> with the Authorization Query parameters (Subject, Resource, Action, Environment). (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:58:50 AM by vhofman
CH-ADRCH-ADR-008reviewedTestable 14 2 FAIL_adr_request_sample_2_XACMLAuthzDecisionQuery_Opening_Tags_Attributes.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @ReturnContext attribute that SHOULD be set to "false" (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:58:52 AM by vhofman
CH-ADRCH-ADR-009reviewedTestable 15 2 FAIL_adr_request_sample_2_XACMLAuthzDecisionQuery_Opening_Tags_Attributes.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @InputContextOnly attribute that SHALL be set to "false" (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:58:54 AM by vhofman
CH-ADRCH-ADR-010reviewedTestable 14 2 FAIL_adr_request_sample_1_XACMLAuthzDecisionQuery_Structure.xmlThe <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL have only one child element <Request> (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:58:56 AM by vhofman
CH-ADRCH-ADR-011reviewedTestable 15 2 FAIL_adr_request_sample_3_Request_Element_Structure.xmlThe <Request> element SHALL contain only 4 types of XACML child elements, namely <Subject>, <Resource>, <Action> and <Environment> (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:58:58 AM by vhofman
CH-ADRCH-ADR-012reviewedTestable 15 2 FAIL_adr_request_sample_3_Request_Element_Structure.xmlThe <Request> element SHALL contain only one <Subject> child element, one <Action> child element and one <Environment> child element (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:59:00 AM by vhofman
CH-ADRCH-ADR-013reviewedTestable 15 2 FAIL_adr_request_sample_3_Request_Element_Structure.xmlThe <Request> element MAY contain more than one <Resource> child elements (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:59:04 AM by vhofman
CH-ADRCH-ADR-014reviewedTestable 14 2 FAIL_adr_request_sample_3_Request_Element_Structure.xml<Request> and all subsequent elements, attributes and values SHALL comply to the namespace: xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" (see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:59:06 AM by vhofman
CH-ADRCH-ADR-015reviewedTestable 14 2 FAIL_adr_request_sample_4_Subject_Element_Structure.xml See also: Page 20The <Subject> element (see Req. 11) SHALL have at least the 6 following <Attribute> child elements:@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" @DataType="urn:hl7-org:v3#CV"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:organization-id" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:purposeofuse" @DataType="urn:hl7-org:v3#CV"(see Section 3.1.6.5 Semantics)14Section 3.1.6.53/8/24 10:59:08 AM by vhofman
CH-ADRCH-ADR-016reviewedTestable 15 2 FAIL_adr_request_sample_5_Subject_Element_Missing_Subject_id_Attribute.xml & FAIL_adr_request_sample_6_Subject_Element_Wrong_Subject_id_Attribute.xmlThe <AttributeValue> child element SHALL convey the subject identifier (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:59:10 AM by vhofman
CH-ADRCH-ADR-017reviewedTestable 14 2 -The <AttributeValue> child element SHALL have the same value of the /Subject/NameID element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:59:12 AM by vhofman
CH-ADRCH-ADR-018reviewedTestable 15 2 FAIL_adr_request_sample_7_Subject_Element_Missing_Subject_id_qualifier_Attribute.xml & FAIL_adr_request_sample_8_Subject_Element_Wrong_Subject_id_qualifier_Attribute.xmlThe <AttributeValue> child element SHALL convey the subject ID qualifier (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:59:15 AM by vhofman
CH-ADRCH-ADR-019reviewedTestable 15 2 FAIL_adr_request_sample_27_Subject_Element_InvalidInput_Subjectidqualifier_Attribute.xmlThe <AttributeValue> child element SHALL be equal to urn:e-health-suisse:2015:epr-spid (in case of patient), urn:e-health-suisse:representative-id (in cas of a representative) or equal to urn:gs1:gln (in case of a healthcare professional or auxiliary person) (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:59:17 AM by vhofman
CH-ADRCH-ADR-020reviewedTestable 15 2 -The <AttributeValue> child element SHALL have the same value as the /Subject/NameID/@NameQualifier element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics) 14Section 3.1.6.53/8/24 10:59:20 AM by vhofman