net.ihe.gazelle.assets.SearchCriteria : 21 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ITI40ITI40-003reviewedTestable 10 3 The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary144Section 3.40.4.1.19/10/19 11:55:46 AM by aeschlimann
ITI40ITI40-005reviewedTestable 1 3 The X-Service User shall include the OASIS Web Services Security (WSS) Header144Section 3.40.4.1.29/9/19 10:04:23 PM by ceoche
ITI40ITI40-006reviewedTestable 1 3 The X-Service User shall include a SAML 2.0 Assertion as the security token144Section 3.40.4.1.29/9/19 10:04:28 PM by ceoche
ITI40ITI40-007reviewedTestable 0 3 Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding).145Section 3.40.4.1.29/17/19 11:07:26 AM by ceoche
ITI40ITI40-015reviewedNot testable 0 3 An X-Service User may ignore a ProxyRestriction condition.144Section 3.40.4.1.29/17/19 4:56:07 PM by mtoudic
ITI40ITI40-016reviewedNot testable 0 3 An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)144Section 3.40.4.1.29/17/19 4:56:13 PM by mtoudic
ITI40ITI40-017reviewedNot testable 0 3 An X-Service User may ignore a OneTimeUsecondition.144Section 3.40.4.1.29/17/19 4:56:18 PM by mtoudic
ITI40ITI40-018reviewedNot testable 0 3 An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)144Section 3.40.4.1.29/17/19 4:56:24 PM by mtoudic
ITI40ITI40-020reviewedNot testable 7 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute.144Section 3.40.4.1.29/17/19 4:56:30 PM by mtoudic
ITI40ITI40-029reviewedNot testable 7 3 The SAML assertion sent by the X-Service User may contain other statements.150Section 3.40.4.1.39/17/19 4:54:41 PM by mtoudic
ITI40ITI40-037reviewedTestable 0 3 The X-Service Provider shall place the PurposeOfUse value into the ATNA Audit Message associated with the transaction according to the ATNA Audit Message transaction ITI-20 (see ITI-TF-2a: 3.20.7.3).150Section 3.40.4.1.2.3.15/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-038reviewedTestable 0 3 The X-Service Provider shall validate the X-User Assertion by processing the Web-Services Security header in accordance with the Web-Services Security Standard, and SAML 2.0 Standard processing rules150Section 3.40.4.1.35/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-039reviewedTestable 0 3 If the validation of the X-User assertion performed by the X-Service Provider fails, the actor grouped with the X-Service Provider (ie the one performing the underlying web services transaction), shall return with an error code as described in WS-Security core specification Section 12 (Error Handling, using the SOAP Fault mechanism),150Section 3.40.4.1.35/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-040reviewedTestable 0 3 If the validation of the X-User assertion performed by the X-Service Provider fails, the X-Service Provder shall send an ATNA Audit Message for Authentication Failure.150Section 3.40.4.1.35/2/19 11:31:13 AM by NicolasBailliet
ITI40ITI40-049reviewedTestable 19 3 When an ATNA Audit message needs to be generated and the user is authenticated by way of an X-User Assertion, the ATNA Audit message UserNameelement shall record the X-User Assertion using the following encoding: alias"<"user"@"issuer">" where: • alias is the optional string within the SAML Assertion's Subject element SPProvidedID attribute • user is the required content of the SAML Assertion's Subject element151Section 3.40.4.29/11/19 3:59:14 PM by r.hilary
ITI40ITI40-056reviewedNot testable 0 3 The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute.148Section 3.40.4.1.2.29/17/19 4:53:29 PM by mtoudic
XUAXUA-001reviewedTestable 24 2 XUA specifies that when a Cross-Enterprise User Assertion is needed, these Web-Services transactions (ie those based on ITI TF-2x: Appendix V) will additionally use the Web-Services Security header with a SAML 2.0 Token containing the identity Assertion.128Section 13.29/13/19 6:00:54 PM by ycadoret
XUAXUA-004reviewedTestable 25 2 X-Service User shall support [ITI-40]129Section 13.4-19/13/19 6:01:07 PM by ycadoret
XUAXUA-012reviewedTestable 22 2 The X-Service User shall protect the X-User Assertion. If the system supports ATNA, then TLS meets this requirement. If the system does not support ATNA, then it shall provide another mechanism to protect the X-User Assertion.131Section 13.6.19/11/19 3:59:36 PM by r.hilary
XUAXUA-014reviewedTestable 20 2 The X-Service User shall represent the X-User Assertion in ATNA Audit Messages according the the encoding rules in ITI TF-2b: 3.40.4.2.131Section 13.6.19/11/19 3:59:39 PM by r.hilary