External Validation Service Front-end

Information

File Name: adr_abilis_response.xml
OID :: 1.3.6.1.4.1.12559.11.25.1.1359282
Schematron :: CH:ADR_due_to_XDS_response (Version N/A)
Schematron Validation Result :: FAILED
Validation Date :: 3/13/23 4:36:51 PM (CET GMT+0100)
Model Based Validator :: N/A (Tool Version N/A)
Model Based Validation Result :: N/A
Permanent link :: https://ehealthsuisse.ihe-europe.net/EVSClient/detailedResult.seam?type=XML&oid=1.3.6.1.4.1.12559.11.25.1.1359282
Data Visibility :: Public

Validation Results

Schematron validation

$type Validation Report

Well-formednessPASSED

The document you have validated is supposed to be a well-formed document. The validator has checked if it is well-formed, results of this validation are gathered in this section.

The document is well-formed

Schema Validation detailed ResultFAILED

Your document has been validated with the appropriate schema, here is the detail of the validation outcome.

The document is not valid regarding the schema because of the following reasons:

Summary of reports: 6

Description: Line:Col[5:654]:UndeclaredPrefix: Cannot resolve 'xacml-saml:XACMLAuthzDecisionStatementType' as a QName: the prefix 'xacml-saml' is not declared.

Description: Line:Col[5:654]:cvc-elt.4.1: The value 'xacml-saml:XACMLAuthzDecisionStatementType' of attribute 'http://www.w3.org/2001/XMLSchema-instance,type' of element 'saml:Statement' is not a valid QName.

Description: Line:Col[5:654]:cvc-type.2: The type definition cannot be abstract for element saml:Statement.

Description: Line:Col[5:654]:UndeclaredPrefix: Cannot resolve 'xacml-saml:XACMLAuthzDecisionStatementType' as a QName: the prefix 'xacml-saml' is not declared.

Description: Line:Col[5:654]:cvc-attribute.3: The value 'xacml-saml:XACMLAuthzDecisionStatementType' of attribute 'xsi:type' on element 'saml:Statement' is not valid with respect to its type, 'QName'.

Description: Line:Col[5:1429]:cvc-complex-type.2.1: Element 'saml:Statement' must have no character or element information item [children], because the type's content type is empty.

Schematron validator resultsPASSED

Summary of checks: 98

Reports

Test: *[1] = 'urn:e-health-suisse:2015:policy-enforcement:XACMLAuthzDecisionResponse'R - 1
Location: /SOAP-ENV:Envelope/SOAP-ENV:Header
Description: Error : The WS-Addressing Action header of the SOAP message SHALL be urn:e-health-suisse:2015:policy-enforcement:XACMLAuthzDecisionResponse

Test: *[1] = 'urn:e-health-suisse:2015:policy-enforcement:XACMLAuthzDecisionResponse'R - 2
Location: /SOAP-ENV:Envelope/SOAP-ENV:Header
Description: Success : The WS-Addressing Action header of the SOAP message SHALL be to urn:e-health-suisse:2015:policy-enforcement:XACMLAuthzDecisionResponse

Test: count(*) = 1 and count(samlp:Response) = 1 or count(soap:Fault) = 1R - 3
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body
Description: Error : A samlp:Response element shall be conveyed within the message body

Test: count(*) = 1 and count(samlp:Response) = 1 or count(soap:Fault) = 1R - 4
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body
Description: Success : A samlp:Response element shall be conveyed within the message body

Test: count(*) = 2R - 5
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Error : The samlp:Response inside the message body shall convey two (2) child elements, namely samlp:Status and saml:Assertion

Test: count(*) = 2R - 6
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Success : The samlp:Response inside the message body shall convey two (2) child elements, namely samlp:Status and saml:Assertion

Test: count(saml:Assertion) = 1R - 7
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Error : A SAML v2.0 Assertion shall be conveyed within the Response message body

Test: count(saml:Assertion) = 1R - 8
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Success : A SAML v2.0 Assertion shall be conveyed within the Response message body

Test: count(samlp:Status) = 1R - 9
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Error : A samlp:Status element shall be conveyed within the Response message body

Test: count(samlp:Status) = 1R - 10
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response
Description: Success : A samlp:Status element shall be conveyed within the Response message body

Test: count(*) >= 1 and count(samlp:StatusCode) = 1 and count(samlp:StatusMessage)>=0 and count(samlp:StatusDetail)>=0R - 11
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/Status
Description: Error : The Status element conveyed within the Body's Response shall contain exactly one child element named samlp:StatusCode

Test: count(*) >= 1 and count(samlp:StatusCode) = 1 and count(samlp:StatusMessage)>=0 and count(samlp:StatusDetail)>=0R - 12
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/Status
Description: Success : The Status element conveyed within the Body's Response shall contain exactly one child element named samlp:StatusCode

Test: *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Success' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Requester' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Responder' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' or *[1]/@Value = 'urn:e-health-suisse:2015:error:not-holder-of-patient-policies'R - 13
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/Status
Description: Error : StatusCode child element contained under Status shall include a Value attribute equal to urn:oasis:names:tc:SAML:2.0:status:Success, urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:Responder, urn:oasis:names:tc:SAML:2.0:status:VersionMismatch or urn:e-health-suisse:2015:error:not-holder-of-patient-policies

Test: *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Success' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Requester' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:Responder' or *[1]/@Value = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' or *[1]/@Value = 'urn:e-health-suisse:2015:error:not-holder-of-patient-policies'R - 14
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/Status
Description: Success : StatusCode child element contained under Status shall include a Value attribute equal to urn:oasis:names:tc:SAML:2.0:status:Success, urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:Responder, urn:oasis:names:tc:SAML:2.0:status:VersionMismatch or urn:e-health-suisse:2015:error:not-holder-of-patient-policies

Test: count(*) = 2 and count(saml:Issuer) = 1 and count(saml:Statement) = 1R - 15
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Error : The SAML Assertion conveyed within the Response's body shall contain a total of 2 child elements, i.e. saml:Issuer and saml:Statement

Test: count(*) = 2 and count(saml:Issuer) = 1 and count(saml:Statement) = 1R - 16
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Success : The SAML Assertion conveyed within the Response's body shall contain a total of 2 child elements, i.e. saml:Issuer and saml:Statement

Test: count(saml:Issuer) = 1R - 17
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Error : The SAML Assertion conveyed within the Response's body shall contain a child element named saml:Issuer

Test: count(saml:Issuer) = 1R - 18
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Success : The SAML Assertion conveyed within the Response's body shall contain a child element named saml:Issuer

Test: count(saml:Statement) = 1R - 19
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Error : The SAML Assertion conveyed within the Response's body shall contain a child element named saml:Statement for the XACML Authorization Statement

Test: count(saml:Statement) = 1R - 20
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion
Description: Success : The SAML Assertion conveyed within the Response's body shall contain a child element named saml:Statement for the XACML Authorization Statement

Test: normalize-space()R - 21
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Error : The Issuer child element of the SAML Assertion conveyed within the Response's body shall not be empty

Test: normalize-space()R - 22
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Success : The Issuer child element of the SAML Assertion conveyed within the Response's body shall not be empty

Test: @NameQualifier != ''R - 23
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Error : The Issuer child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute named NameQualifier

Test: @NameQualifier != ''R - 24
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Success : The Issuer child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute named NameQualifier

Test: @NameQualifier='urn:e-health-suisse:community-index'R - 25
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Error : The Issuer child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute with name equal to NameQualifier and value equal to urn:e-health-suisse:community-index (i.e. NameQualifier="urn:e-health-suisse:community-index")

Test: @NameQualifier='urn:e-health-suisse:community-index'R - 26
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Success : The Issuer child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute with name equal to NameQualifier and value equal to urn:e-health-suisse:community-index (i.e. NameQualifier="urn:e-health-suisse:community-index")

Test: matches(., $regex_urn_oid)R - 27
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Error : The Issuer child element of the SAML Assertion conveyed within the Response's body shall have a value that follows URN:OID syntax (e.g. urn:oid:xx.xx.xx.xx, where x=any integer)

Test: matches(., $regex_urn_oid)R - 28
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Issuer
Description: Success : The Issuer child element of the SAML Assertion conveyed within the Response's body shall have a value that follows URN:OID syntax (e.g. urn:oid:xx.xx.xx.xx, where x=any integer)

Test: @xsi:type != ''R - 29
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Error : The Statement child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute named xsi:type

Test: @xsi:type != ''R - 30
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Success : The Statement child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute named xsi:type

Test: every $i in . satisfies matches($i/@xsi:type, '(.*:)?XACMLAuthzDecisionStatementType')R - 31
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Error : The Statement child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute with name equal to xsi:type and value equal to xacml-saml:XACMLAuthzDecisionStatementType

Test: every $i in . satisfies matches($i/@xsi:type, '(.*:)?XACMLAuthzDecisionStatementType')R - 32
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Success : The Statement child element of the SAML Assertion conveyed within the Response's body shall contain a non-empty attribute with name equal to xsi:type and value equal to xacml-saml:XACMLAuthzDecisionStatementType

Test: count(*) = 1 and count(xacml-context:Response) = 1R - 33
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Error : The Statement element of the SAML Assertion conveyed within the Response's body shall contain a child element named xacml-context:Response

Test: count(*) = 1 and count(xacml-context:Response) = 1R - 34
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement
Description: Success : The Statement element of the SAML Assertion conveyed within the Response's body shall contain a child element named xacml-context:Response

Test: count(*) >= 1 and count(xacml-context:Result) >= 1R - 35
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response
Description: Error : The Response element (under SAML Assertion's Statement) shall contain at least 1 child element named xacml-context:Result (may contain more depending on the request)

Test: count(*) >= 1 and count(xacml-context:Result) >= 1R - 36
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response
Description: Success : The Response element (under SAML Assertion's Statement) shall contain at least 1 child element named xacml-context:Result (may contain more depending on the request)

Test: ((count(*[matches(xacml-context:Decision, 'Indeterminate')]) = count(xacml-context:Result)) and (matches($resp_status_code, 'urn:e-health-suisse:2015:error:not-holder-of-patient-policies'))) or ((count(*[matches(xacml-context:Decision, 'Indeterminate')]) != count(xacml-context:Result)) and (matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Success') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Requester') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Responder') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch')))R - 37
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response
Description: Error : The StatusCode of the Result/Status shall be equal to urn:e-health-suisse:2015:error:not-holder-of-patient-policies in case of all Resources resulting in a decision of "Indeterminate". Otherwise, the StatusCode of the Response/Status shall be equal to one of the values defined in OASIS SAML 2.0 profile of XACML v2.0 (i.e. urn:oasis:names:tc:SAML:2.0:status:Success, urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:Responder or urn:oasis:names:tc:SAML:2.0:status:VersionMismatch)

Test: ((count(*[matches(xacml-context:Decision, 'Indeterminate')]) = count(xacml-context:Result)) and (matches($resp_status_code, 'urn:e-health-suisse:2015:error:not-holder-of-patient-policies'))) or ((count(*[matches(xacml-context:Decision, 'Indeterminate')]) != count(xacml-context:Result)) and (matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Success') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Requester') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:Responder') or matches($resp_status_code, 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch')))R - 38
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response
Description: Success : The StatusCode of the Result/Status shall be equal to urn:e-health-suisse:2015:error:not-holder-of-patient-policies in case of all Resources resulting in a decision of "Indeterminate". Otherwise, the StatusCode of the Response/Status shall be equal to one of the values defined in OASIS SAML 2.0 profile of XACML v2.0 (i.e. urn:oasis:names:tc:SAML:2.0:status:Success, urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:Responder or urn:oasis:names:tc:SAML:2.0:status:VersionMismatch)

Test: @ResourceId != ''R - 39
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : The Result child element (under Statement/Response) shall contain a non-empty attribute named ResourceId

Test: @ResourceId != ''R - 40
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : The Result child element (under Statement/Response) shall contain a non-empty attribute named ResourceId

Test: matches(@ResourceId, $xds_resourceid)R - 41
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : In case of "ADR due to XDS", the Resourceid attribute (conveyed in Statement/Response/Result) shall represent a class of patient's data and follow URN syntax (e.g. urn:e-health-suisse:2015:epr-subset::medical, urn:e-health-suisse:2015:epr-subset::useful, etc)

Test: matches(@ResourceId, $xds_resourceid)R - 42
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : In case of "ADR due to XDS", the Resourceid attribute (conveyed in Statement/Response/Result) shall represent a class of patient's data and follow URN syntax (e.g. urn:e-health-suisse:2015:epr-subset::medical, urn:e-health-suisse:2015:epr-subset::useful, etc)

Test: count(*) = 2 and count(xacml-context:Decision) = 1 and count(xacml-context:Status) = 1R - 43
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : The Result child element (under Statement's Response) shall convey 2 child elements, namely xacml-context:Decision and xacml-context:Status

Test: count(*) = 2 and count(xacml-context:Decision) = 1 and count(xacml-context:Status) = 1R - 44
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : The Result child element (under Statement's Response) shall convey 2 child elements, namely xacml-context:Decision and xacml-context:Status

Test: *[1] = xacml-context:Decision and *[2] = xacml-context:StatusR - 45
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : The element xacml-context:Decision (under Statement/Response/Result) must appear before element xacml-context:Status

Test: *[1] = xacml-context:Decision and *[2] = xacml-context:StatusR - 46
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : The element xacml-context:Decision (under Statement/Response/Result) must appear before element xacml-context:Status

Test: xacml-context:Decision != ''R - 47
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : Decision child element (under Statement/Response/Result) shall not be empty

Test: xacml-context:Decision != ''R - 48
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : Decision child element (under Statement/Response/Result) shall not be empty

Test: xacml-context:Decision = 'Permit' or xacml-context:Decision = 'Deny' or xacml-context:Decision = 'NotApplicable' or xacml-context:Decision = 'Indeterminate'R - 49
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Error : Decision child element shall hold the decision value for the equivalent Resource it applies to. Possible values are Permit, Deny, NotApplicable and Indeterminate

Test: xacml-context:Decision = 'Permit' or xacml-context:Decision = 'Deny' or xacml-context:Decision = 'NotApplicable' or xacml-context:Decision = 'Indeterminate'R - 50
Location: /SOAP-ENV:Envelope/SOAP-ENV:Body/Response/saml:Assertion/saml:Statement/Response/Result
Description: Success : Decision child element shall hold the decision value for the equivalent Resource it applies to. Possible values are Permit, Deny, NotApplicable and Indeterminate

Only the first 50 reports are displayed

File Content

Raw XML Content

View lines numbers

Indent file

1	<?xml version="1.0" encoding="UTF-8" ?>
2	<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
3	<SOAP-ENV:Header>
4	<wsa:Action>urn:e-health-suisse:2015:policy-enforcement:XACMLAuthzDecisionResponse</wsa:Action><wsa:MessageID>urn:uuid:2B4992AC-C1B4-11ED-A176-0050569E5CEC</wsa:MessageID><wsa:RelatesTo>urn:uuid:0156f8d5-a05f-436b-bf27-5ea4b0849b8a</wsa:RelatesTo><wsa:To>http://www.w3.org/2005/08/addressing/anonymous</wsa:To> </SOAP-ENV:Header>
5	<SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_2B8733B4-C1B4-11ED-8E6A-0050569E5CEC" IssueInstant="2023-03-13T15:31:48.690Z" Version="2.0"><Status><StatusCode Value="urn:e-health-suisse:2015:error:not-holder-of-patient-policies"/></Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_2B873936-C1B4-11ED-8E6A-0050569E5CEC" IssueInstant="2023-03-13T15:31:48.690Z" Version="2.0"><saml:Issuer NameQualifier="urn:e-health-suisse:community-index">urn:oid:2.16.756.5.30.192</saml:Issuer><saml:Statement xsi:type="xacml-saml:XACMLAuthzDecisionStatementType"><Response xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"><Result ResourceId="urn:e-health-suisse:2015:epr-subset:761337610445502987:normal"><Decision>Indeterminate</Decision><Status><StatusCode Value="urn:e-health-suisse:2015:error:not-holder-of-patient-policies"/></Status></Result><Result ResourceId="urn:e-health-suisse:2015:epr-subset:761337610445502987:restricted"><Decision>Indeterminate</Decision><Status><StatusCode Value="urn:e-health-suisse:2015:error:not-holder-of-patient-policies"/></Status></Result><Result ResourceId="urn:e-health-suisse:2015:epr-subset:761337610445502987:secret"><Decision>Indeterminate</Decision><Status><StatusCode Value="urn:e-health-suisse:2015:error:not-holder-of-patient-policies"/></Status></Result></Response></saml:Statement></saml:Assertion></Response></SOAP-ENV:Body>
6	</SOAP-ENV:Envelope>