ITI30 | ITI30-001 | reviewed | Testable |
0
|
0
| | Systems which claim support of the Merge option for the Patient Administration Management profile shall support the following messages: Create new patient, Update patient information, Change patient identifier list, Merge two patients | 14 | Section 3.30.4.1 | 5/22/19 4:17:54 PM by NicolasBailliet |
|
ITI30 | ITI30-002 | reviewed | Testable |
0
|
0
| | Systems which claim support of the Link/Unlink option for the Patient Administration Management profile shall support the following messages: Create new patient, Update patient information, Change patient identifier list, Link patient information Unlink patient information | 14 | Section 3.30.4.2 | 5/22/19 4:17:54 PM by NicolasBailliet |
|
ITI30 | ITI30-003 | reviewed | Testable |
0
|
0
| not sure we are testing this option this year, might be out of scope | Systems which claim support of the Ambulatory Patient Data Option of the Patient Administration Management profile SHALL supply the patient address in field PID-11 for ambulatory patients whenever this address is known. | 15 | Section 3.30.4.5 | 5/22/19 4:17:55 PM by NicolasBailliet |
|
ITI40 | ITI40-001 | reviewed | Testable |
0
|
0
| | The X-Service User uses the X-Assertion Provider as the third party issuer of the X-User assertion | 142 | Section 3.40.1 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-002 | reviewed | Testable |
0
|
0
| | The X-Service Provider uses the X-Assertion Provider as the third party issuer of the X-User assertion | 142 | Section 3.40.1 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-003 | reviewed | Testable |
0
|
0
| | The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary | 149 | Section 3.40.1.1 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-004 | reviewed | Testable |
0
|
0
| | The X-Service User is configurable as to when [ITI-40] Provide X-User Assertion is necessary | 149 | Section 3.40.1.1 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-005 | reviewed | Testable |
0
|
0
| | The X-Service User shall include the OASIS Web Services Security (WSS) Header | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-006 | reviewed | Testable |
0
|
0
| | The X-Service User shall include a SAML 2.0 Assertion as the security token | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-007 | reviewed | Testable |
0
|
0
| | Any ATNA Audit Messages that the X-Service User records in relationship to a transaction protected by the XUA shall have the user identity recorded according to the XUA specific ATNA encoding rules in Section 3.40.4.2 ATNA Audit encoding). | 0 | Section 3.40.4.1.2 and 3.40.4.1.3 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-008 | reviewed | Testable |
0
|
0
| Note this is effectively a duplicate of the previous assertion | Any ATNA Audit Messages recorded by Actor grouped with the X-Service User Actor, shall have the user identity recorded according to the XUA specific ATNA encoding rules (See 3.40.4.2 ATNA Audit encoding). | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-009 | reviewed | Testable |
0
|
0
| | The SAML assertion sent by the X-Service User shall contain a Subject. The Subject contains the logical identifier of the principal performing the original service request | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-010 | reviewed | Testable |
0
|
0
| | The Subject in the SAML assertion sent by the X-Service User shall remain unchanged through operations acting on the assertion. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-011 | reviewed | Testable |
0
|
0
| | The Subject in the SAML assertion sent by the X-Service User shall contain a SubjectConfirmation element. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-012 | reviewed | Testable |
0
|
0
| | The X-Service User shall support the bearer confirmation method as defined in the SAML 2.0 Profile specification, Section 3. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-013 | reviewed | Testable |
0
|
0
| | In the SAML Assertion Conditions element, the NotBefore element shall be populated with the issue instant of the Assertion | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-014 | reviewed | Testable |
0
|
0
| | The SAML Assertion Conditions element, sall contain an AudienceRestriction containing an Audience whose value is a URI identifying the X-Service Provider. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-015 | reviewed | Testable |
0
|
0
| | An X-Service User may ignore a ProxyRestriction condition. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-016 | reviewed | Testable |
0
|
0
| | An X-Service Provider may ignore a ProxyRestriction condition. (ie if the Assertion contains that condition, it is not a test failure if it is not enforced.) | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|
ITI40 | ITI40-017 | reviewed | Testable |
0
|
0
| | An X-Service User may ignore a OneTimeUsecondition. | 144 | Section 3.40.4.1.2 | 5/22/19 3:21:04 PM by NicolasBailliet |
|