CH-ADR-001 | This transaction is based on SOAP v1.2 exchange protocol and Synchronous Web services (see Section 3.1.1 Scope) |
CH-ADR-002 | The Authorization Decision Consumercan ask for authorization regarding a number of Resources in one query as the request message complies with the Multiple Resource Profile of XACML v2.0 (see Section 3.1.4 XACMLAuthzDecisionQuery Request) |
CH-ADR-003 | The WS-Addressing Action header SHALL have this value:urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest (see Section 3.1.6.5 Semantics) |
CH-ADR-004 | The recipient of the Authorization Decision Query SHALL be identified by the WS-Addressing <wsa:To>element in the header (URL of the endpoint) (see Section 3.1.6.5 Semantics) |
CH-ADR-005 | The value of the WS-Addressing To header (see Req. 4) SHALL be a URL, specifically the recipient's endpoint (see Section 3.1.6.5 Semantics) |
CH-ADR-006 | A SAML 2.0 Identity Assertion SHALL be conveyed within the WS-Security Security header (see Section 3.1.6.5 Semantics) |
CH-ADR-007 | The body of the message SHALL use an <XACMLAuthzDecisionQuery>element (defined in the SAML 2.0 Profile for XACML v2.0) to convey a <Request> with the Authorization Query parameters (Subject, Resource, Action, Environment). (see Section 3.1.6.5 Semantics) |
CH-ADR-008 | The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @ReturnContext attribute that SHOULD be set to "false" (see Section 3.1.6.5 Semantics) |
CH-ADR-009 | The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL contain a @InputContextOnly attribute that SHALL be set to "false" (see Section 3.1.6.5 Semantics) |
CH-ADR-010 | The <XACMLAuthzDecisionQuery> element (see Req. 7) SHALL have only one child element <Request> (see Section 3.1.6.5 Semantics) |
CH-ADR-011 | The <Request> element SHALL contain only 4 types of XACML child elements, namely <Subject>, <Resource>, <Action> and <Environment> (see Section 3.1.6.5 Semantics) |
CH-ADR-012 | The <Request> element SHALL contain only one <Subject> child element, one <Action> child element and one <Environment> child element (see Section 3.1.6.5 Semantics) |
CH-ADR-013 | The <Request> element MAY contain more than one <Resource> child elements (see Section 3.1.6.5 Semantics) |
CH-ADR-014 | <Request> and all subsequent elements, attributes and values SHALL comply to the namespace: xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" (see Section 3.1.6.5 Semantics) |
CH-ADR-015 | The <Subject> element (see Req. 11) SHALL have at least the 6 following <Attribute> child elements:@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" @DataType="http://www.w3.org/2001/XMLSchema#string"@AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" @DataType="urn:hl7-org:v3#CV"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:organization-id" @DataType="http://www.w3.org/2001/XMLSchema#anyURI"@AttributeId="urn:oasis:names:tc:xacml:2.0:subject:purposeofuse" @DataType="urn:hl7-org:v3#CV"(see Section 3.1.6.5 Semantics) |
CH-ADR-016 | The <AttributeValue> child element SHALL convey the subject identifier (see Section 3.1.6.5 Semantics) |
CH-ADR-017 | The <AttributeValue> child element SHALL have the same value of the /Subject/NameID element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics) |
CH-ADR-018 | The <AttributeValue> child element SHALL convey the subject ID qualifier (see Section 3.1.6.5 Semantics) |
CH-ADR-019 | The <AttributeValue> child element SHALL be equal to urn:e-health-suisse:2015:epr-spid (in case of patient), urn:e-health-suisse:representative-id (in cas of a representative) or equal to urn:gs1:gln (in case of a healthcare professional or auxiliary person) (see Section 3.1.6.5 Semantics) |
CH-ADR-020 | The <AttributeValue> child element SHALL have the same value as the /Subject/NameID/@NameQualifier element conveyed within the SAML assertion (see Section 3.1.6.5 Semantics) |