5.3 Asserzione di informativa

Gli attributi dell’asserzione di informativa devono essere valorizzati come specificato in Tabella 5.3-1.

Tabella 5.3-1

Valore

Codifica

Note

urn:oasis:names:tc:xacml:2.0:subject:role

Tabella 5.4-1

Obbligatorio

urn:oasis:names:tc:xspa:1.0:environment:locality

Codifica HSP.11 - HSP.11bis - STS.11 - RIA.11, ovvero codifica ISTAT della Azienda (ASL) o codifica Tabella 5.4-3

Obbligatorio

urn:oasis:names:tc:xspa:1.0:subject:organization-id

Tabella 5.4-3

Obbligatorio

urn:oasis:names:tc:xacml:1.0:subject:subject-id

Codice fiscale dell’operatore di informativa, codificato secondo il tipo di dato CX HL7 V2.5 (per come indicato in IHE ITI TF-3: Table 4.2.3.1.7-2)

Obbligatorio

urn:oasis:names:tc:xacml:1.0:action:action-id

Tabella 5.4-5

Obbligatorio

 

 

Un esempio di asserzione di attributo è mostrato di seguito.

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_9f0e7f1c63533be16e6191deb6b6c622" IssueInstant="2016-02-22T10:54:43.029Z" Version="2.0" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:assertion saml-schema-assertion-2.0.xsd">
                <saml2:Issuer>080</saml2:Issuer>
                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                        <ds:Reference URI="#_9f0e7f1c63533be16e6191deb6b6c622">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
                                </ds:Transform>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <ds:DigestValue>DWW6yXTLtMTfUvZ1O30ZvOgZVXE=</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>...</ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>...</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                </ds:Signature>
                <saml2:Subject>
                    <saml2:NameID>VRDMRC67T20I257E^^^&amp;2.16.840.1.113883.2.9.4.3.2&amp;ISO</saml2:NameID>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2017-02-22T10:54:43.027Z" NotOnOrAfter="2018-02-22T12:54:43.027Z"/>
                <saml2:AuthnStatement AuthnInstant="2017-02-22T10:54:43.028Z">
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue xsi:type="xs:string">OPI</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:environment:locality" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue xsi:type="xs:string">080037</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue xsi:type="xs:string">080</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xacml:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue xsi:type="xs:string">VRDMRC67T20I257E^^^&amp;2.16.840.1.113883.2.9.4.3.2&amp;ISO</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xacml:1.0:action:action-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue xsi:type="xs:string">CREATE</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </wsse:Security>

Ultimo aggiornamento: 06/02/2018