Auth.+Framework-+Missing+resource+ID

Please contribute your comments via the discussion tab above. Outcomes and resolution will be added at the bottom of this page. =Auth framework: impact of missing resource id?=

0 row selected - rows selected - [|clear] || Issue: The urn:oasis:names:tc:xacml:2.0:resource:resource-id attribute is missing from the SAML header of some request messages.
 * ~ 1 - 1 of 1
 * [[image:http://www.wikispaces.com/i/user_none_lg.jpg width="48" height="48" caption="JoeLamy" link="http://www.wikispaces.com/user/view/JoeLamy"]] || [|JoeLamy]

No legal (e.g. HIPAA) requirements are noted in the spec, so we are assuming that the sole purpose of this is to aid in the authorization decision by the responder. If this is the case, then the potential impact is to interoperability, where violators will not be able to conduct exchanges with NHIN participants that use this value in their policy business rules.

Workarounds suggested: work with partners to ensure that this value is not used for these specific exchanges; exchange information with participants using out of band means.

Tentative severity level: 2-high. [|[delete]] ||