ITI40 | ITI40-015 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a ProxyRestriction condition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:07 PM by mtoudic |
|
ITI40 | ITI40-016 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:13 PM by mtoudic |
|
ITI40 | ITI40-017 | reviewed | Not testable |
0
|
3
| | An X-Service User may ignore a OneTimeUsecondition. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:18 PM by mtoudic |
|
ITI40 | ITI40-018 | reviewed | Not testable |
0
|
3
| | An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:24 PM by mtoudic |
|
ITI40 | ITI40-020 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:30 PM by mtoudic |
|
ITI40 | ITI40-022 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:34 PM by mtoudic |
|
ITI40 | ITI40-023 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:56:39 PM by mtoudic |
|
ITI40 | ITI40-025 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Home Community ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:ihe:iti:xca:2010:homeCommunityId”. The value shall be the Home Community ID (an Object Identifier) assigned to the Community that is initiating the request (ie the X-Service User, using the urn format (that is, “urn:oid:” appended with the OID). | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:03 PM by mtoudic |
|
ITI40 | ITI40-026 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a National Provider Identifier (NPI) attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:npi”. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:16 PM by mtoudic |
|
ITI40 | ITI40-027 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain other Attributes than those listed above. | 144 | Section 3.40.4.1.2 | 9/17/19 4:54:35 PM by mtoudic |
|
ITI40 | ITI40-029 | reviewed | Not testable |
7
|
3
| | The SAML assertion sent by the X-Service User may contain other statements. | 150 | Section 3.40.4.1.3 | 9/17/19 4:54:41 PM by mtoudic |
|
ITI40 | ITI40-041 | reviewed | Not testable |
0
|
3
| Note: All assertions for this AIPO are stated as "may" in the TF documentation. The CASC XUA tests will need to document a policy regarding the purpose-of-use codes and write a test to have the Provider enforce the policy. | The X-Service Provider may utilize the Subject-Role values in local policy for access control decision making | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:54:55 PM by mtoudic |
|
ITI40 | ITI40-042 | reviewed | Not testable |
0
|
3
| | The X-Service Provider may need to bridge the Subject-Role values into local role vocabulary. | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:54:59 PM by mtoudic |
|
ITI40 | ITI40-043 | reviewed | Not testable |
0
|
3
| | The Subject-Role may be used to populate the ATNA Audit Message. | 151 | Section 3.40.4.1.3.1 | 9/17/19 4:55:03 PM by mtoudic |
|
ITI40 | ITI40-044 | reviewed | Not testable |
0
|
3
| Note: All assertions for this AIPO are stated as "may" in the TF documentation. The CASC XUA tests will need to document a policy regarding the purpose-of-use codes and write a test to have the Provider enforce the policy. | When the Authz-Consent Option is used, the X-Service Provider may utilize the Authz-Consent values in local policy for access control decision making. The values are informative to the X-Service Provider which may choose to ignore the values. | 151 | Section 3.40.4.1.3.2 | 9/17/19 4:55:17 PM by mtoudic |
|
ITI40 | ITI40-045 | reviewed | Not testable |
0
|
3
| | This may require the X-Service Provider to lookup the metadata by reference to the values given, and may require the X-Service Provider to retrieve the consent documents. | 151 | Section 3.40.4.1.3.2 | 9/17/19 4:51:37 PM by mtoudic |
|
ITI40 | ITI40-046 | reviewed | Not testable |
0
|
3
| | The Authz-Consent value may be used to populate the ATNA Audit Message. | 151 | Section 3.40.4.1.3.2 | 9/17/19 4:52:56 PM by mtoudic |
|
ITI40 | ITI40-048 | reviewed | Not testable |
0
|
4
| | The X-Service Provider MAY use the PurposeOfUse value in Access Control decisions. | 151 | Section 3.40.4.1.3.3 | 9/17/19 4:53:10 PM by mtoudic |
|
ITI40 | ITI40-056 | reviewed | Not testable |
0
|
3
| | The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute. | 148 | Section 3.40.4.1.2.2 | 9/17/19 4:53:29 PM by mtoudic |
|
ITI40 | ITI40-057 | reviewed | Not testable |
0
|
3
| | The value of the Patient Identifier attribute is recommended when the InstanceAccessConsentPolicy attribute is specified in an Authorization Decision Statement. | 148 | Section 3.40.4.1.2.2 | 9/17/19 4:57:28 PM by mtoudic |
|