Generic Structure of the Treatment Relationship Assertion

Transcription

1 epsos ECCF Artifact Matrix Excerpt: Context and elated Information epsos Conceptual Logical Implementable Enterprise Dimension "Why" - Policy Information Dimension "What" - Content Computational Dimension "How" - Behavior epsos Principles of epsos Layered Design Principles on epsos Security Security, Privacy and Safety epsos Messaging Security equirements Authentification HP and Authentication Authorization HP Authorization Flows Non-epudiation Algorithms and Key Lengths Standards and Profiles Used in epsos OASIS SAML 2.0 Assertions Terminologies and Value Sets SAML Assertion Profiles epsos HP Identity Assertion - SAML Binding epsos TC Assertion - SAML Binding XML Signatures on SAML Assertions epsos Common Message Format The Confirmation Assertion is a profiled SAML v2.0 assertion. It attests the existence of a treatment relationship between a patient and a HCPO and provides information about the context of a certain treatment scenario. Generic Structure of the Treatment elationship Assertion The epsos Confirmation Assertion is encoded as a SAML 2.0 assertion. The following restrictions and recommendations apply: Generic Structure of the Treatment elationship Assertion 1

2 Assertion Element Opt. Usage Must be UN encoded unique identifier (UUID) of the Time instant of issuance in UTC Issuer Subject NameID Address UI that identifies the endpoint of the issuing service (e.g. it ma of NCP-B as the issuer of the IdA) Identifier of the health professional encoded as an X.509 subject name, an address, or as a string value (unspecified format). The same identifier and MUST be used as for the referenced HP Identity Assertion. MUST be or urn:oasis:names:tc:saml:1.1:nameid-format:x509sub Conditions Advice or MUST be "urn:oasis:names:tc:saml:2.0:cm:sender-vouches" AssertionIdef AuthnStatement Time instant from which the assertion is useable. This condition MUST b the assertion consumer to prove the validity of the assertion. Time instant at which the assertion expires. This condition MUST be asse assertion consumer to prove the validity of the assertion. The maximum v timespan for an Treatment elationship Confirmation Assertion MUST N than 2 hours. eference to the HP identity assertion that provides information on the H healthcare facility that were authorized by the patient to access his Time instant of authentication in O Time instant of the expiration of the session AuthnContext AuthnContextClassef MUST be urn:oasis:names:tc:saml:2.0:ac:classes:previousse AttributeStatement Patient identity attributes and treatment context information ds:signature Signature of the issuer (e.g. NCP-B) of the Treatment elationship Confo Assertion Generic Structure of the Treatment elationship Assertion 2

3 Assertion Signature EveryTreatment elationship Confirmation Assertion MUST be signed by its issuer. For the TC assertion, it MAY be the NCP-B. The XML signature MUST be applied by using the saml:assertion/ds:signature element as defined in [EED-B Crypt]. Patient Identity and Treatment Context Attributes A Treatment elationship Confirmation assertion can carry an arbitrary number of attributes on the identified patient and the current treatment context. Each attribute MUST be encoded using a SAML attribute element. For epsos the following attribute names and catalogues are defined. FriendlyName: XSPA subject Name: Values: Type: Optionality: Patient Identifier urn:oasis:names:tc:xacml:1.0:resource:resource-id UI encoded identifier of the patient as obtained by the id traits handshake urn:oasis:names:tc:saml:2.0:attrname-format:uri Mandatory FriendlyName: XSPA Purpose Of Use Name: Values: Optionality: Description: Purpose of Use urn:oasis:names:tc:xspa:1.0:subject:purposeofuse For epsos only TEATMENT (healthcare treatment) and EMEGENCY (emergency treatment) are allowed as purpose of use. If a requests claims for another purpose of use, the request must be rejected as unauthorized. Optional If this attribute is present, it overwrites the purpose of use attribute contained with the HCP identity assertion. Sample Assertion (non-normative) <soap12:envelope... > <soap12:header... > <wsse:security... > <saml:assertion xmlns:saml="urn:oasis:names:tc:saml:2.0:assertion" ID="urn:uuid:7102AC72154DCFD1F " IssueInstant=" T12:03:28.788Z" Version="2.0"> <saml:issuer>urn:austria:ncpb </saml:issuer> <ds:signature xmlns:ds=" <ds:signedinfo> <ds:canonicalizationmethod Algorithm=" /> <ds:signaturemethod Algorith Algorithm=" /> <ds:transform Algorithm=" Assertion Signature 3

4 <ec:inclusivenamespaces xmlns:ec=" PrefixList="ds saml xs" /> </ds:transform> </ds:transforms> <ds:digestmethod Algorithm=" /> <ds:digestvalue>a1lylvfhryaoj28yvfd3mfkgsi=</ds:digestvalue> </ds:eference> </ds:signedinfo> <ds:signaturevalue>ch+lcy â?š </ds:signaturevalue> <ds:keyinfo> <ds:x509data> <ds:x509certificate>miiiads â?š </ds:x509certificate> </ds:x509data> </ds:keyinfo> </ds:signature> <saml:subject> <saml:nameid Format="urn:oasis:names:tc:SAML:1.1:nameid-format: Address"> </saml:nameid> <saml:subjectconfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/> </saml:subject> <saml:conditions NotBefore=" T12:03:28.788Z" NotOnOrAfter=" T14:03:28.788Z"> </saml:conditions> <Advice> <AssertionIdef>_2c356d f9-93a0-fc6fab1c966e</AssertionIdef> </Advice> <saml:authnstatement AuthnInstant=" T12:03:28.788Z" SessionNotOnOrAfter=" T14:03:28.788Z"> <saml:authncontext> <saml:authncontextclassef> urn:oasis:names:tc:saml:2.0:ac:classes:previoussession </saml:authncontextclassef> </saml:authncontext> </saml:authnstatement> <saml:attributestatement> <saml:attribute FriendlyName="XSPA subject" Name="urn:oasis:names:tc:xacml:1.0:resource:resource-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string">patient ID </saml:attributevalue> </saml:attribute> <saml:attribute FriendlyName="XSPA Purpose Of Use" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:attributevalue xmlns:xs=" xmlns:xsi=" xsi:type="xs:string">teatment Sample Assertion (non-normative) 4

5 </saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> Audit Trail Consideration The NCP MUST write an audit trail entry for the confirmation of a treatment relationship (e.g. after the attesting signature has been applied to the Treatment elationship Confirmation Assertion). The audit message MUST be assembled according to the HP Assurance audit schema as defined in Audit Trail. The following table defines which categories MUST be filled (), which MAY be filled (O) and which categories MUST NOT be used (X). epsos Instance Opt. Description Event Audited event equesting Point of Care HCPO which is in a treatment relationship with the patient Human equestor HP who requested the confirmation of the treatment relationship Source Gateway Target Gateway Audit Source X Outbound gateway that attested the authenticity of the Treatment elationship Confirmation Assertion Legal entity that ensures the uniqueness of the identifiers that are used to identify active participants Patient Patient who is in a treatment relationship with the HCPO Event Target X Audit Trail Consideration 5