View scope

keyword
CAS-2.2017
Description
Profiles in CAS-2.2017 cycle

178 Assertions in Scope

Search Criteria

Id scheme
Assertion id
Predicate
ITI40ITI40-003The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary
ITI40ITI40-004The X-Service Provider is configurable as to when [ITI-40] Provide X-User Assertion is necessary
ITI40ITI40-005The X-Service User shall include the OASIS Web Services Security (WSS) Header
ITI40ITI40-006The X-Service User shall include a SAML 2.0 Assertion as the security token
ITI40ITI40-007Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding).
ITI40ITI40-009The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request
ITI40ITI40-010The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion.
ITI40ITI40-011The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element.
ITI40ITI40-012The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3.
ITI40ITI40-013In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion
ITI40ITI40-014The SAML Assertion Conditions element, sall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider.
ITI40ITI40-015An X-Service User may ignore a ProxyRestriction condition.
ITI40ITI40-016An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)
ITI40ITI40-017An X-Service User may ignore a OneTimeUsecondition.
ITI40ITI40-018An X-Service Provider may ignore a OneTimeUse condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.)
ITI40ITI40-019The SAML assertion sent by the X-Service User shall contain an AuthnStatement to specify the AuthnContextClassRef or AuthnContextDeclRef
ITI40ITI40-020The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Subject ID attribute.
ITI40ITI40-021If the Subject ID is present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:subject-id”. The name of the user shall be placed in the value of the <AttributeValue> element.
ITI40ITI40-022The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with an Subject Organization attribute. If present, the value of the Subject Organization shall be a plain text description of the organization.
ITI40ITI40-023The SAML assertion sent by the X-Service User may contain an <AttributeStatement> element with a Organization ID attribute. If present, this <Attribute> element shall have the Name attribute set to “urn:oasis:names:tc:xspa:1.0:subject:organization-id”.