Please use a compatible browser :Google Chrome or Mozilla Firefox
Page expired. Any change will be lost. Try to refresh the page.
Gazelle update scheduled, unsaved changes will be lost :
Your session will timeout :
Redeployed...
Logged out...
The server is restarting. Any change will be lost.
 

Integration Profile: Authorization Decision Request

Integration Profile Information

Id: 352

Keyword: CH:ADR

Name: Authorization Decision Request

Description: This supplement defines new functionalities for XDS-based communities concerning the enforcement of access policies. They are applied to theclinical data stored by an XDS Document Registry, as well as to the access policies themselves, which are stored in a Policy Repository.

Status: Trial Implementation

Document Section:

None

Id
Keyword
Name
Description
Action
1300 AUTH_DECI_CONS Authorization Decision Consumer This actor queries for authorization decisions
1301 AUTH_DECI_PROV Authorization Decision Provider This actor accesses and interprets rules/policies and permits or denies access to resources
Id
Actor
Transaction
Optionality
2385 AUTH_DECI_CONS - Authorization Decision ConsumerAUTH_DECISION_REQUEST - Authorization Decision Request Required
2386 AUTH_DECI_PROV - Authorization Decision ProviderAUTH_DECISION_REQUEST - Authorization Decision Request Required
Id
Actor
Integration Profile Option
Assertions
2297AUTH_DECI_CONS - Authorization Decision ConsumerNONE - None0
2298AUTH_DECI_PROV - Authorization Decision ProviderNONE - None1
Assertion Id
Description
CH-ADR-001 This transaction is based on SOAP v1.2 exchange protocol and Synchronous Web services (see Section 3.1.1 Scope)
CH-ADR-002 The Authorization Decision Consumercan ask for authorization regarding a number of Resources in one query as the request message complies with the Multiple Resource Profile of XACML v2.0 (see Section 3.1.4 XACMLAuthzDecisionQuery Request)
CH-ADR-003 The WS-Addressing Action header SHALL have this value:urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest (see Section 3.1.6.5 Semantics)
CH-ADR-004 The recipient of the Authorization Decision Query SHALL be identified by the WS-Addressing <wsa:To>element in the header (URL of the endpoint) (see Section 3.1.6.5 Semantics)
CH-ADR-005 The value of the WS-Addressing To header (see Req. 4) SHALL be a URL, specifically the recipient's endpoint (see Section 3.1.6.5 Semantics)
CH-ADR-006 A SAML 2.0 Identity Assertion SHALL be conveyed within the WS-Security Security header (see Section 3.1.6.5 Semantics)
CH-ADR-007 The body of the message SHALL use an <XACMLAuthzDecisionQuery>element (defined in the SAML 2.0 Profile for XACML v2.0) to convey a <Request> with the Authorization Query parameters (Subject, Resource, Action, Environment). (see Section 3.1.6.5 Semantics)
CH-ADR-008 The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @ReturnContext attribute that SHOULD be set to "false" (see Section 3.1.6.5 Semantics)
CH-ADR-009 The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @InputContextOnly attribute that SHALL be set to "false" (see Section 3.1.6.5 Semantics)
CH-ADR-010 The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL have only one child element <Request> (see Section 3.1.6.5 Semantics)
CH-ADR-011 The <Request> element SHALL contain only 4 types of XACML child elements, namely <Subject>, <Resource>, <Action> and <Environment> (see Section 3.1.6.5 Semantics)
CH-ADR-012 The <Request> element SHALL contain only one <Subject> child element, one <Action> child element and one <Environment> child element (see Section 3.1.6.5 Semantics)
CH-ADR-013 The <Request> element MAY contain more than one <Resource> child elements (see Section 3.1.6.5 Semantics)
CH-ADR-014 <Request> and all subsequent elements, attributes and values SHALL comply to the namespace: xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" (see Section 3.1.6.5 Semantics)
CH-ADR-015 The <Subject> element (see Req. 11) SHALL have at least the 6 following <Attribute> child elements:@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" @DataType="urn:hl7-org:v3#CV"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:organization-id" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:purposeofuse" @DataType="urn:hl7-org:v3#CV"(see Section 3.1.6.5 Semantics)
CH-ADR-016 The <AttributeValue> child element SHALL convey the subject identifier (see Section 3.1.6.5 Semantics)
CH-ADR-017 The <AttributeValue> child element SHALL have the same value of the /Subject/NameID element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics)
CH-ADR-018 The <AttributeValue> child element SHALL convey the subject ID qualifier (see Section 3.1.6.5 Semantics)
CH-ADR-019 The <AttributeValue> child element SHALL be equal to urn:e-health-suisse:2015:epr-spid (in case of patient), urn:e-health-suisse:representative-id (in cas of a representative) or equal to urn:gs1:gln (in case of a healthcare professional or auxiliary person) (see Section 3.1.6.5 Semantics)
CH-ADR-020 The <AttributeValue> child element SHALL have the same value as the /Subject/NameID/@NameQualifier element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics)

Domains

Id
Keyword
Name
Description
19 EPR Elektronische Patient Record

Tool index

  • Simulators

    Copyright IHE 2024
  • Gazelle 7.1.7
Back to top