Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Scope

This transaction is used to add user attributes in the SOAP TTA transactions. The attributes are placed in a SAML-token in the security header of a, for example, ITI-75 transaction.

Use Case Roles

...

Referenced Standards

  • OASIS http://www.oasis-open.org/committees/security/

  • SAMLCore SAML V2.0 Core standard

  • WSS10 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", March 2004.

  • WSS11 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006.

  • WSS:SAMLTokenProfile1.0 OASIS Standard, “Web Services Security: SAML Token Profile”, December 2004

  • WSS:SAMLTokenProfile1.1 OASIS Standard, “Web Services Security: SAML Token Profile 1.1”, February 2006

  • XSPA-SAMLv1.0 OASIS Standard, “Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare v1.0” , November 2009

  • SAML 2.0 Profile For XACML 2.0 OASIS Standard, February 2005

Informative -- assist with understanding or implementing this transaction

Messages
Provide X-User Assertion

For more technical specification, see the original document: https://profiles.ihe.net/ITI/TF/Volume2/ITI-40.html

Twiin implementation

The SAML token is only valid for 10 minutes. The SAML token has the following attributes (in addition to the required attributes from the SAML-standard)

Element

Opt.

DataType

urn:nl:otv:names:tc:1.0:subject:mandated

C

HL7 V3 II

urn:ihe:iti:xua:2017:subject:provider-identifier

R

HL7 V3 II

urn:oasis:names:tc:xacml:2.0:subject:role

R

HL7 V3 CE

urn:ihe:iti:appc:2016:document-entry:event-code

O

HL7 V3 CV

urn:nl:otv:names:tc:1.0:subject:provider-institution

R

HL7 V3 II

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

R

HL7 V3 CV

Note

The SAML token is only required in the transactions between GtK (external traffic).

Identification Raadpleger

Name:

urn:nl:otv:names:tc:1.0:subject:mandated

Type:

urn:hl7-org:v3:II

Example:

extension="123456789" root="2.16.528.1.1007.3.1" assigningAuthorityName="CIBG"

Opt.:

Conditional, required if the person is mandated by the verantwoordelijke-id.

Identification Verantwoordelijke

Name:

urn:ihe:iti:xua:2017:subject:provider-identifier

Type:

urn:hl7-org:v3:II

Example:

extension="123456782" root="2.16.528.1.1007.3.1" assigningAuthorityName="CIBG"

Opt.:

Required, UZI-nummer verantwoordelijke.

Rolcode verantwoordelijke healthcare provider

Name:

urn:oasis:names:tc:xacml:2.0:subject:role

Type:

urn:hl7-org:v3:CE

Example:

code="01.013" codeSystem="2.16.840.1.113883.2.4.15.111" codeSystemName="RoleCodeNL" displayName="Arts v. maag-darm-leverziekten"

Opt.:

Required, UZI rolcode

Data category

Name:

urn:ihe:iti:appc:2016:document-entry:event-code

Type:

urn:hl7-org:v3:CV

Example:

code="GGC007" codeSystem="2.16.840.1.113883.2.4.3.111.5.10.1"

Opt.:

Optional

Identification verantwoordelijke provider

Name:

urn:nl:otv:names:tc:1.0:subject:provider-institution

Type:

urn:hl7-org:v3:II

Example:

<AttributeValue DataType="urn:hl7-org:v3#II" > <InstanceIdentifier xmlns="urn:hl7-org:v3" extension="00014332" root="2.16.528.1.1007.3.3" /></AttributeValue>

Opt.:

Required, URA

Purpose of use

Name:

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

Type:

urn:hl7-org:v3#CV

Example:

<AttributeValue DataType=" urn:hl7-org:v3#CV">
<CodedValue xmlns="urn:hl7-org:v3" code="TREAT" codeSystem="2.16.840.1.113883.1.11.20448" displayName="treatment" />
</AttributeValue>

Opt.:

Required