Skip to main content
Skip table of contents

10.4.5 | IHE ITI-40 | Provide X-User Assertion

Scope

This transaction is used to add user attributes in the SOAP TTA transactions. The attributes are placed in a SAML-token in the security header of a, for example, ITI-75 transaction.

Use Case Roles

Referenced Standards

  • OASIS http://www.oasis-open.org/committees/security/

  • SAMLCore SAML V2.0 Core standard

  • WSS10 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)", March 2004.

  • WSS11 OASIS Standard, "OASIS Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)", February 2006.

  • WSS:SAMLTokenProfile1.0 OASIS Standard, “Web Services Security: SAML Token Profile”, December 2004

  • WSS:SAMLTokenProfile1.1 OASIS Standard, “Web Services Security: SAML Token Profile 1.1”, February 2006

  • XSPA-SAMLv1.0 OASIS Standard, “Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of the Security Assertion Markup Language (SAML) for Healthcare v1.0” , November 2009

  • SAML 2.0 Profile For XACML 2.0 OASIS Standard, February 2005

Informative -- assist with understanding or implementing this transaction

Messages
Provide X-User Assertion

For more technical specification, see the original document: https://profiles.ihe.net/ITI/TF/Volume2/ITI-40.html

Twiin implementation

The SAML token is only valid for 10 minutes. The SAML token has the following attributes (in addition to the required attributes from the SAML-standard)

Element

Opt.

DataType

urn:nl:otv:names:tc:1.0:subject:mandated

C

HL7 V3 II

urn:ihe:iti:xua:2017:subject:provider-identifier

R

HL7 V3 II

urn:oasis:names:tc:xacml:2.0:subject:role

R

HL7 V3 CE

urn:ihe:iti:appc:2016:document-entry:event-code

O

HL7 V3 CV

urn:nl:otv:names:tc:1.0:subject:provider-institution

R

HL7 V3 II

urn:oasis:names:tc:xspa:1.0:subject:organization

O

String

urn:oasis:names:tc:xspa:1.0:subject:organization-id

O

anyURI

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

R

HL7 V3 CV

The SAML token is only required in the transactions between GtK (external traffic).

Identification Raadpleger


Name:

urn:nl:otv:names:tc:1.0:subject:mandated


Type:

urn:hl7-org:v3:II


Example:

extension="123456789" root="2.16.528.1.1007.3.1" assigningAuthorityName="CIBG"


Opt.:

Conditional, required if the person is mandated by the verantwoordelijke-id.



Identification Verantwoordelijke


Name:

urn:ihe:iti:xua:2017:subject:provider-identifier

Type:

urn:hl7-org:v3:II

Example:

extension="123456782" root="2.16.528.1.1007.3.1" assigningAuthorityName="CIBG"

Opt.:

Required, UZI-nummer verantwoordelijke.


Rolcode verantwoordelijke healthcare provider


Name:

urn:oasis:names:tc:xacml:2.0:subject:role

Type:

urn:hl7-org:v3:CE

Example:

code="01.013" codeSystem="2.16.840.1.113883.2.4.15.111" codeSystemName="RoleCodeNL" displayName="Arts v. maag-darm-leverziekten"

Opt.:

Required, UZI rolcode



Data category


Name:

urn:ihe:iti:appc:2016:document-entry:event-code

Type:

urn:hl7-org:v3:CV

Example:

code="GGC007" codeSystem="2.16.840.1.113883.2.4.3.111.5.10.1"

Opt.:

Optional


Identification verantwoordelijke provider


Name:

urn:nl:otv:names:tc:1.0:subject:provider-institution

Type:

urn:hl7-org:v3:II

Example:

<AttributeValue DataType="urn:hl7-org:v3#II" > <InstanceIdentifier xmlns="urn:hl7-org:v3" extension="00014332" root="2.16.528.1.1007.3.3" /></AttributeValue>

Opt.:

Required, URA

Alternative Identification verantwoordelijke provider

Name:

urn:oasis:names:tc:xspa:1.0:subject:organization

Type:

String

Example:

<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization"> <saml:AttributeValue>Family Medical Clinic</saml:AttributeValue> </saml:Attribute>

Opt.:

Conditional, required if urn:oasis:names:tc:xspa:1.0:subject:organization-id is not empty

Alternative Identification verantwoordelijke provider (id)

Name:

urn:oasis:names:tc:xspa:1.0:subject:organization-id

Type:

AnyURI

Example:

<saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"> <saml:AttributeValue>http://familymedicalclinic.org</saml:AttributeValue> </saml:Attribute>

Opt.:

Conditional, required if urn:oasis:names:tc:xspa:1.0:subject:organization is not empty

Purpose of use



Name:

urn:oasis:names:tc:xspa:1.0:subject:purposeofuse

Type:

urn:hl7-org:v3#CV

Example:

<AttributeValue DataType=" urn:hl7-org:v3#CV">
<CodedValue xmlns="urn:hl7-org:v3" code="TREAT" codeSystem="2.16.840.1.113883.1.11.20448" displayName="treatment" />
</AttributeValue>

Opt.:

Required

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.