Assertion

AssertionId
CH-ADR-073 Testable
predicate
The PEP authorizing ITI-18 transactions by implementing an Authorization Decision Consumer MUST, in addition to the result from the Authorization Decision Query, validate that the resource-id from the SAML Assertion identifies the same patient as the MPI-PID supplied in the Registry Stored Query transaction. If not true, the transaction MUST be denied (see Section 3.1.6.1 CH:ADRdue to XDS Registry Stored Query [ITI-18])
Prescription level
Mandatory / Required / Shall
Page
13
Section
3.1.6.1
Status
reviewed
Last changed
6/22/21 4:31:13 PM by aeschlimann
Comment

Applies to

Audit Messages

Integration Profiles

Standards

Covered by (Deprecated)

Test Steps

Rules

Document name
Provenance
Revision
Action
Annex 5 Extension 2.1 (CH:ADR, CH:PPQ) | 2.1CH2.1