This page describes the different elements of the SAML token that are optional / required within the XUA profile and the Brusafe+ environment.
| SAML2 Attribute | Example value | Required | Comment | Type | More information |
|---|---|---|---|---|---|
| urn:oasis:names:tc:xspa:1.0:subject:subject-id | <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id"> | O | Plain text | IHE Volume 2B 3.40.4.1.2 | |
| urn:oasis:names:tc:xspa:1.0:subject:organization | <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization"> | O | Plain text | IHE Volume 2B 3.40.4.1.2 | |
| urn:oasis:names:tc:xspa:1.0:subject:organization-id | <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id"> | O | Plain text | IHE Volume 2B 3.40.4.1.2 | |
| urn:ihe:iti:xca:2010:homeCommunityId | <saml:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId"> | O | Only required for XCA | Plain text | IHE Volume 2B 3.40.4.1.2 |
| urn:oasis:names:tc:xspa:1.0:subject:npi | <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:npi"> | O | Plain text | IHE Volume 2B 3.40.4.1.2 | |
urn:oasis:names:tc:xacml:2.0:subject:role (Subject-Role Option) | <saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role"> | R | urn:hl7-org:v3:CE element | ||
urn:ihe:iti:bppc:2007:docid (Authz-Consent Option) | <saml2:Attribute FriendlyName="Patient Privacy Policy Acknowledgement Document" Name="urn:ihe:iti:bppc:2007:docid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> | O/R | At least 1 Authz-Consent is required | Plain text | IHE Volume 2B 3.40.4.1.2.2 |
urn:ihe:iti:xua:2012:acp (Authz-Consent Option) | <saml2:Attribute FriendlyName="Patient Privacy Policy Identifier" Name="urn:ihe:iti:xua:2012:acp" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> | O/R | At least 1 Authz-Consent is required | Plain text | IHE Volume 2B 3.40.4.1.2.2 |
urn:oasis:names:tc:xacml:2.0:resource:resource-id (Patient Identifier attribute) | <saml:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id"> | R | Patient id | Plain text | IHE Volume 2B 3.40.4.1.2.2.1 |
urn:oasis:names:tc:xspa:1.0:subject:purposeofuse (PurposeOfUse Option) | <saml:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse"> | O | urn:hl7-org:v3:CE element | IHE Volume 2B 3.40.4.1.2.3 | |
urn:enovation:xua:2016:patientRelationship (Patient relationship) true / false | <saml:Attribute FriendlyName="Patient Relationship" Name="urn:enovation:xua:2016:patientRelationship" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">true</saml:AttributeValue> </saml:Attribute> | R | Patient Relationship | Plain text (true / false) |
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="true">
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="d830e30d-a2f5-4546-9525-b503ac84f0f5" IssueInstant="2016-09-29T12:44:41.904Z" Version="2.0">
<saml2:Issuer>Reinier de Graaf Groep</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#d830e30d-a2f5-4546-9525-b503ac84f0f5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>vwrH38HPJfT4wEETiacotZ0HDVI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>u+0N90iJhHkAIk85m3N6AHZPDnCMaVj9ob5tRsWVjJay7sZP/n1LUelIRmWUhmKZ9MHwWmbL9r0T7/ySAfLldL3xBI298a2FprdBDxJrikZk9CmmAFal2F0aa0jdFK1oRlMLpFoXq6tI3H7KBzVUe/QuU7TBZDxqfj+NJ8ECs4A9ITnN9yc0j4ChNRt4BwhSNZv1VRs673+BfPnFSnIVb3h76h/8K2dkvqc3L3G6ud1zzfLsoJYdRzf1z+rE3oqqbkrRNhwX0lx72UgP64QzYqvcVwf561oCUVc8daFkn0e2SrZqcZhw4IwdRcbjbsQQ8WYSnYIxRGYEyQJI28E8qQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIELzCCAxegAwIBAgIDCI/XMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMzAeFw0xNTEx
MjYwMDM4NTNaFw0xNjExMjcyMjI0NTVaMB4xHDAaBgNVBAMMEyouYWNjLnhkc2Nvbm5lY3Qubmww
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjq+/q/OIWCFuUXW+kbsOQnb76SoiSgyj/
iC5mUf3pqo/5fiLKBoIeqaMPgJUV89n/LvFTzblCFY6my0GPozLLSl13Kl4Waud6lJ94bxopzogu
TOPgi1C3akszSvmroEY9+KbO2PXpx2jMVK9TwuMwIxjF+m4TDHvjvP3GNsqYykJdie9rARaSJIFq
7oxOpi535oh/p1adE6JOQt9GN25eH5I6iFPU5h4YvRe/EBsW/VvPY4pLEhkDTs2MBk8MCMjfksNL
lmruDpVlMEA+8PRjhM/rt+aq+vrZOgkfASYcBqwT8zG475zPSoBn8FOpOmBLFVwZKqbXd/p2u0Ss
cDyxAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTBXBggrBgEF
BQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwHgYDVR0RBBcwFYITKi5hY2MueGRzY29ubmVjdC5ubDArBgNVHR8EJDAi
MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAAMEEGA1UdIAQ6
MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdh
bDANBgkqhkiG9w0BAQsFAAOCAQEAKRYTkcUesB7j1CIRPAzQFrdfX4DlD+24OY/TG8Uhn5sVQd33
cfrpZPZ52w32tsKfWfTsHAWLf+zTo/Q6tdo5ICLExMZD1s1sdAYyarIP7dV/uUYj8QRNJ1AOEF1Z
aBu7xGKeIqxG/t2HyUUu3raII5v6u+ANwjtuFoPScpN7gaRGS/XfBI8mCGn4miAJAgKMK9pO2a+H
q3f6c6t08h4kZxaOEJ2+R+GUK3dRCMmwuqAGFwjqGlT7KlEOV1jZmZISRveDwLKkoUq3b97OGcL0
9xv21fDhsdNukpvO0yEbUvM3WFZDdx5Yl0gXZ66Ps76jguRtEy2NtysiCa0mcchVzA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID SPProvidedID="8027286">Vermeulen</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
</saml2:Subject>
<saml2:Conditions NotBefore="2016-09-29T12:44:41.904Z" NotOnOrAfter="2016-09-29T12:54:41.855Z">
<saml2:AudienceRestriction>
<saml2:Audience>Regionaal Zorgvenster</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2016-09-29T12:44:41.904Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:ihe:iti:xca:2010:homeCommunityId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:oid:2.16.840.1.113883.2.4.3.64</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">90000380</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:2.0:subject:npi">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">900013100</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="Patient Relationship" Name="urn:enovation:xua:2016:patientRelationship" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">true</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</wsse:Security>
<Action xmlns="http://www.w3.org/2005/08/addressing">urn:ihe:iti:2007:RegistryStoredQuery</Action>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:bab872d3-37d5-4c35-9c71-effa0b3e3913</MessageID>
<To xm
lns="http://www.w3.org/2005/08/addressing">https://192.168.52.3:8004/services/registry/2.16.840.1.113883.2.4.3.64</To>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
</soap:Header>
<soap:Body>
<ns3:AdhocQueryRequest xmlns="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns2="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" xmlns:ns5="urn:hl7-org:v3">
<ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
<AdhocQuery id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
<Slot name="$XDSDocumentEntryPatientId">
<ValueList>
<Value>'019563255^^^NLMINBIZA&2.16.840.1.113883.2.4.6.3&ISO'</Value>
</ValueList>
</Slot>
<Slot name="$XDSDocumentEntryStatus">
<ValueList>
<Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</Value>
</ValueList>
</Slot>
</AdhocQuery>
</ns3:AdhocQueryRequest>
</soap:Body>
</soap:Envelope>
<saml2:Attribute FriendlyName="Patient Relationship" Name="urn:enovation:xua:2016:patientRelationship" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">true</saml2:AttributeValue> </saml2:Attribute>