eHealthSuisse ADR Provider MockUp simulates a CH:ADR Provider actor.
ADR provider, will allow to manage access policy to the clinical data stored by an XDS Document Registry as well as to the access policies themselves, which are stored in a Policy Repository.
With the informations insert in to the request, the ADR provider will could determate if user can access to the informations or no, with decision like "Permit", "Deny" or "Indeterminate".
Whether it be for the access request XDS, ATC or PPQ, the ADR request is build in two parts.
The first part,that we will call "Subject", allow to inform informations on user with a ID,a homeCommunity and the qualification id.
Finally, the second part, that we will call "Resource", allow to inform informations on the patient, like his identification.
| Subject-id | Subject-id-qualifier | IdP Simulator username |
|---|---|---|
| 7601000080776 | urn:gs1:gln | x |
| 7777 | urn:gs1:gln | x |
| 7601000050717 | urn:gs1:gln | magpar |
| 7601002033572 | urn:gs1:gln | rspieler |
| Id_extension | Id_root | HomeCommunityId | PolicyID | IdP Simulator username |
|---|---|---|---|---|
| 761337610455909127 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:1.3.6.1.4.1.21367.2017.2.6.2 | 66ad46fb-3b23-4e82-98f6-6571e5924b27 | aamrein |
| 761337610436974489 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:1.3.6.1.4.1.21367.2017.2.6.2 | e4ad4bc1-1f8b-4893-8a4b-758cd3cb0274 | lavdic |
| 761337610435209810 | 2.16.756.5.30.1.127.3.10.3 | urn:oid:2.2.2 | x | bovie |
It requires TLS mutual authentication with testing certificate (from GSS PKI). The wsdl can be browsed here
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action>
<wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID>
<wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider</wsa:To>
<wsse:Security>
<!-- Add an assertion here <saml2:Assertion.... -->
</wsse:Security>
</soap:Header>
<soap:Body>
<xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:48:29Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3">
<xacml-context:Request>
<xacml-context:Subject>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Subject>
<xacml-context:Resource>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:normal</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II">
<xacml-context:AttributeValue>
<hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="normal"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Resource>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:restricted</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II">
<xacml-context:AttributeValue>
<hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="restricted"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Resource>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:secret</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II">
<xacml-context:AttributeValue>
<hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xds-b:2007:confidentiality-code" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="1051000195109" codeSystem="2.16.756.5.30.1.127.3.10.1.5" displayName="secret"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Action>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:ihe:iti:2018:RestrictedUpdateDocumentSet</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Action>
<xacml-context:Environment/>
</xacml-context:Request>
</xacml-samlp:XACMLAuthzDecisionQuery>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action>
<wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID>
<wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider?wsdl</wsa:To>
<wsse:Security>
<!-- Add an assertion here <saml2:Assertion.... -->
</wsse:Security>
</soap:Header>
<soap:Body>
<xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:22:29Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3">
<xacml-context:Request>
<xacml-context:Subject>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Subject>
<xacml-context:Resource>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>5b15774d-61e2-4d73-98d4-15462f38d872</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II">
<xacml-context:AttributeValue>
<hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:policy-attributes:referenced-policy-set" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:policies:exclusion-list</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Action>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:policy-administration:AddPolicy</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Action>
<xacml-context:Environment/>
</xacml-context:Request>
</xacml-samlp:XACMLAuthzDecisionQuery>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:epr="urn:e-health-suisse:2015:policy-administration" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsa:Action>urn:e-health-suisse:2015:policy-enforcement:AuthorizationDecisionRequest</wsa:Action>
<wsa:MessageID>urn:uuid:e4bb38c7-e546-4bb1-8d68-2bccf783dfbf</wsa:MessageID>
<wsa:To>http://ehealthsuisse.ihe-europe.net/adr-provider</wsa:To>
<wsse:Security>
<!-- Add an assertion here <saml2:Assertion.... -->
</wsse:Security>
</soap:Header>
<soap:Body>
<xacml-samlp:XACMLAuthzDecisionQuery InputContextOnly="false" ReturnContext="false" ID="_682fee8b-46c0-442a-8c54-fd9d656412fc" Version="2.0" IssueInstant="2019-02-05T14:58:58Z" xmlns:xacml-samlp="urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:hl7="urn:hl7-org:v3">
<xacml-context:Request>
<xacml-context:Subject>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>7601000050717</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier" DataType="http://www.w3.org/2001/XMLSchema#string">
<xacml-context:AttributeValue>urn:gs1:gln</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:ihe:iti:xca:2010:homeCommunityId" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="PAT" codeSystem="2.16.756.5.30.1.127.3.10.6" displayName="Patient(in)"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:organization-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:oid:1.3.6.1.4.1.21367.2017.2.6.2</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" DataType="urn:hl7-org:v3#CV">
<xacml-context:AttributeValue>
<hl7:CodedValue code="NORM" codeSystem="2.16.756.5.30.1.127.3.10.5" displayName="Normalzugriff"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Subject>
<xacml-context:Resource>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:epr-subset:761337610436974489:patient-audit-trail-records</xacml-context:AttributeValue>
</xacml-context:Attribute>
<xacml-context:Attribute AttributeId="urn:e-health-suisse:2015:epr-spid" DataType="urn:hl7-org:v3#II">
<xacml-context:AttributeValue>
<hl7:InstanceIdentifier root="2.16.756.5.30.1.127.3.10.3" extension="761337610436974489"/>
</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Resource>
<xacml-context:Action>
<xacml-context:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<xacml-context:AttributeValue>urn:e-health-suisse:2015:patient-audit-administration:RetrieveAtnaAudit</xacml-context:AttributeValue>
</xacml-context:Attribute>
</xacml-context:Action>
<xacml-context:Environment/>
</xacml-context:Request>
</xacml-samlp:XACMLAuthzDecisionQuery>
</soap:Body>
</soap:Envelope>