inferno-framework · edeyoung · Jul 21, 2025 · Jun 30, 2025 · Jul 10, 2025 · Jul 10, 2025
diff --git a/lib/udap_security_test_kit/client_suite.rb b/lib/udap_security_test_kit/client_suite.rb
@@ -114,7 +114,7 @@ class UDAPSecurityClientTestSuite < Inferno::TestSuite
           required_suite_options: {
             client_type: UDAPClientOptions::UDAP_CLIENT_CREDENTIALS
           }
-    
+
     group from: :udap_client_v100_visual_inspection_and_attestation
   end
 end
diff --git a/...p_security_test_kit/requirements/generated/udap_security_client_requirements_coverage.csv b/...p_security_test_kit/requirements/generated/udap_security_client_requirements_coverage.csv
diff --git a/lib/udap_security_test_kit/requirements/generated/udap_security_requirements_coverage.csv b/lib/udap_security_test_kit/requirements/generated/udap_security_requirements_coverage.csv
diff --git a/...t_kit/visual_inspection_and_attestation/client/b2b_authorization_extension_object_test.rb b/...t_kit/visual_inspection_and_attestation/client/b2b_authorization_extension_object_test.rb
@@ -1,28 +1,29 @@
 module UDAPSecurityTestKit
   class B2BAuthorizationExtensionObjectAttestationTest < Inferno::Test
-    title 'B2B Authorization Extension Object Compliance'
+    title 'Complies with B2B Authorization Extension Object'
     id :udap_security_b2b_authorization_extension_object
     description %(
-      Client applications SHALL comply with the requirements for the B2B Authorization Extension Object:
-      - `subject_name` SHALL be required if known for human or non-human requestors.
-      - `subject_id` SHALL be required if known for human requestors when `subject_name` is present.
-      - `subject_id` SHALL be the National Provider Identifier (NPI) for US Realm human requestors.
-      - `subject_id` SHALL be omitted for non-human requestors or requestors without an NPI.
-      - `consent_reference` SHALL include resolvable URLs and SHALL be omitted if `consent_policy` is not present.
+      Client applications complies with requirements for the B2B Authorization Extension Object and:
+      - Includes `subject_name` parameter if it is known for human or non-human requestors.
+      - Includes `subject_id` parameter for human requestors when the `subject_name` parameter is present.
+      - Uses the National Provider Identifier (NPI) as the value for `subject_id` for human requestors in the US Realm.
+      - Ensures that the `consent_reference` parameter includes URLs that are resolvable by the receiving party
+      - Omits `consent_reference` if `consent_policy` is not present.
     )
-    verifies_requirements 'hl7.fhir.us.udap-security@203',
-                          'hl7.fhir.us.udap-security@204',
-                          'hl7.fhir.us.udap-security@205',
-                          'hl7.fhir.us.udap-security@206',
-                          'hl7.fhir.us.udap-security@207',
-                          'hl7.fhir.us.udap-security@219',
-                          'hl7.fhir.us.udap-security@220',
-                          'hl7.fhir.us.udap-security@221'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@203',
+                          'hl7.fhir.us.udap-security_1.0.0@204',
+                          'hl7.fhir.us.udap-security_1.0.0@205',
+                          'hl7.fhir.us.udap-security_1.0.0@206',
+                          'hl7.fhir.us.udap-security_1.0.0@207',
+                          'hl7.fhir.us.udap-security_1.0.0@219',
+                          'hl7.fhir.us.udap-security_1.0.0@220',
+                          'hl7.fhir.us.udap-security_1.0.0@221'
 
     input :subject_name_compliance,
-          title: "Client application includes `subject_name` if known",
+          title: 'Includes `subject_name` if known',
           description: %(
-            I attest that the client application includes the `subject_name` parameter if it is known for human or non-human requestors.
+            I attest that the client application includes the `subject_name` parameter if it is known for human
+            or non-human requestors.
           ),
           type: 'radio',
           default: 'false',
@@ -44,9 +45,10 @@ class B2BAuthorizationExtensionObjectAttestationTest < Inferno::Test
           optional: true
 
     input :subject_id_compliance,
-          title: "Client application includes `subject_id` for human requestors when `subject_name` is present",
+          title: 'Includes `subject_id` for human requestors when `subject_name` is present',
           description: %(
-            I attest that the client application includes the `subject_id` parameter for human requestors when the `subject_name` parameter is present.
+            I attest that the client application includes the `subject_id` parameter for human requestors when the
+            `subject_name` parameter is present.
           ),
           type: 'radio',
           default: 'false',
@@ -68,9 +70,10 @@ class B2BAuthorizationExtensionObjectAttestationTest < Inferno::Test
           optional: true
 
     input :subject_id_npi_compliance,
-          title: "Client application uses NPI for `subject_id` in US Realm human requestors",
+          title: 'Uses NPI for `subject_id` in US Realm human requestors',
           description: %(
-            I attest that the client application uses the National Provider Identifier (NPI) as the value for `subject_id` for human requestors in the US Realm.
+            I attest that the client application uses the National Provider Identifier (NPI) as the value for
+            `subject_id` for human requestors in the US Realm.
           ),
           type: 'radio',
           default: 'false',
@@ -92,9 +95,10 @@ class B2BAuthorizationExtensionObjectAttestationTest < Inferno::Test
           optional: true
 
     input :consent_reference_compliance,
-          title: "Client application ensures `consent_reference` URLs are resolvable",
+          title: 'Ensures `consent_reference` URLs are resolvable',
           description: %(
-            I attest that the client application ensures that the `consent_reference` parameter includes URLs that are resolvable by the receiving party and omits `consent_reference` if `consent_policy` is not present.
+            I attest that the client application ensures that the `consent_reference` parameter includes URLs that
+            are resolvable by the receiving party and omits `consent_reference` if `consent_policy` is not present.
           ),
           type: 'radio',
           default: 'false',
@@ -129,7 +133,8 @@ class B2BAuthorizationExtensionObjectAttestationTest < Inferno::Test
       pass subject_id_npi_compliance_note if subject_id_npi_compliance_note.present?
 
       assert consent_reference_compliance == 'true',
-             'Client application did not ensure `consent_reference` URLs were resolvable or omitted `consent_reference` when `consent_policy` was not present.'
+             'Client application did not ensure `consent_reference` URLs were resolvable or omitted `consent_reference`
+              when `consent_policy` was not present.'
       pass consent_reference_compliance_note if consent_reference_compliance_note.present?
     end
   end

diff --git a/...n/client/authorization_code_usage_test.rb → ...t/client_authorization_code_usage_test.rb b/...n/client/authorization_code_usage_test.rb → ...t/client_authorization_code_usage_test.rb
@@ -1,17 +1,17 @@
 module UDAPSecurityTestKit
-  class AuthorizationCodeUsageAttestationTest < Inferno::Test
-    title 'Authorization code is used correctly'
+  class ClientAuthorizationCodeUsageAttestationTest < Inferno::Test
+    title 'Uses authorization code correctly'
     id :udap_security_client_auth_code_usage
     description %(
-      Client applications SHALL use the authorization code correctly by:
-      - Ensuring the authorization code is not used more than once.
-      - Requesting an authorization code as per Section 4.1.1 of RFC 6749.
+      Client application uses the authorization code correctly by:
+            - Ensuring the authorization code is not used more than once.
+            - Requesting an authorization code as per Section 4.1.1 of RFC 6749.
     )
-    verifies_requirements 'hl7.fhir.us.udap-security@136',
-                          'hl7.fhir.us.udap-security@188'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@136',
+                          'hl7.fhir.us.udap-security_1.0.0@188'
 
     input :authorization_code_usage_correctly,
-          title: "Authorization code is used correctly",
+          title: 'Uses authorization code correctly',
           description: %(
             I attest that the client application uses the authorization code correctly by:
             - Ensuring the authorization code is not used more than once.
@@ -38,7 +38,7 @@ class AuthorizationCodeUsageAttestationTest < Inferno::Test
 
     run do
       assert authorization_code_usage_correctly == 'true',
-              'Client application did not demonstrate correct usage of the authorization code.'
+             'Client application did not demonstrate correct usage of the authorization code.'
       pass authorization_code_usage_correctly_note if authorization_code_usage_correctly_note.present?
     end
   end

diff --git a/...test_kit/visual_inspection_and_attestation/client/client_security_csrf_protection_test.rb b/...test_kit/visual_inspection_and_attestation/client/client_security_csrf_protection_test.rb
@@ -1,21 +1,23 @@
 module UDAPSecurityTestKit
   class ClientSecurityAndCSRFProtectionAttestationTest < Inferno::Test
-    title 'Client Security and CSRF Protection Compliance'
+    title 'Complies with Client Security and CSRF Protection'
     id :udap_security_client_security_csrf_protection
     description %(
-      Client applications SHALL comply with the requirements for Client Security and CSRF Protection:
-      - Implement CSRF protection for its redirection URI.
-      - Use a binding value for CSRF protection that contains a non-guessable value.
-      - Ensure the user-agent's authenticated state is accessible only to the client and user-agent, protected by the same-origin policy.
+      Client applications complies with the requirements for Client Security and CSRF Protection:
+      - Implements CSRF protection for its redirection URI.
+      - Uses a binding value for CSRF protection that contains a non-guessable value.
+      - Ensures the user-agent's authenticated state is accessible only to the client and user-agent, protected by
+        the same-origin policy.
     )
-    verifies_requirements 'hl7.fhir.us.udap-security@275',
-                          'hl7.fhir.us.udap-security@276',
-                          'hl7.fhir.us.udap-security@277'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@275',
+                          'hl7.fhir.us.udap-security_1.0.0@276',
+                          'hl7.fhir.us.udap-security_1.0.0@277'
 
     input :csrf_protection_implementation,
-          title: "Client application implements CSRF protection for its redirection URI",
+          title: 'Implements CSRF protection for its redirection URI',
           description: %(
-            I attest that the client application implements CSRF protection for its redirection URI to prevent cross-site request forgery attacks.
+            I attest that the client application implements CSRF protection for its redirection URI to prevent
+            cross-site request forgery attacks.
           ),
           type: 'radio',
           default: 'false',
@@ -37,9 +39,10 @@ class ClientSecurityAndCSRFProtectionAttestationTest < Inferno::Test
           optional: true
 
     input :csrf_binding_value_compliance,
-          title: "Client application uses a non-guessable binding value for CSRF protection",
+          title: 'Uses a non-guessable binding value for CSRF protection',
           description: %(
-            I attest that the client application uses a binding value for CSRF protection that contains a non-guessable value to ensure security.
+            I attest that the client application uses a binding value for CSRF protection that contains a non-guessable
+            value to ensure security.
           ),
           type: 'radio',
           default: 'false',
@@ -61,9 +64,10 @@ class ClientSecurityAndCSRFProtectionAttestationTest < Inferno::Test
           optional: true
 
     input :authenticated_state_protection,
-          title: "Client application ensures authenticated state is protected by same-origin policy",
+          title: 'Ensures authenticated state is protected by same-origin policy',
           description: %(
-            I attest that the client application ensures the user-agent's authenticated state is stored in a location accessible only to the client and user-agent, protected by the same-origin policy.
+            I attest that the client application ensures the user-agent's authenticated state is stored in a location
+            accessible only to the client and user-agent, protected by the same-origin policy.
           ),
           type: 'radio',
           default: 'false',
@@ -94,7 +98,8 @@ class ClientSecurityAndCSRFProtectionAttestationTest < Inferno::Test
       pass csrf_binding_value_compliance_note if csrf_binding_value_compliance_note.present?
 
       assert authenticated_state_protection == 'true',
-             'Client application did not ensure the user-agent\'s authenticated state is protected by the same-origin policy.'
+             'Client application did not ensure the user-agent\'s authenticated state is protected by the same-origin
+              policy.'
       pass authenticated_state_protection_note if authenticated_state_protection_note.present?
     end
   end

diff --git a/...ty_test_kit/visual_inspection_and_attestation/client/idp_supports_required_scopes_test.rb b/...ty_test_kit/visual_inspection_and_attestation/client/idp_supports_required_scopes_test.rb
@@ -1,40 +1,42 @@
 module UDAPSecurityTestKit
   class IdPSupportsRequiredScopesAttestationTest < Inferno::Test
-      title 'IdP supports required scopes'
-      id :udap_security_idp_supports_scopes
-      description %(
-        Identity Providers (IdPs) SHALL include `"openid"` and `"udap"` in the array of scopes returned for the `scopes_supported` parameter.
+    title 'Supports required scopes in IdPs'
+    id :udap_security_idp_supports_scopes
+    description %(
+        Identity Provider (IdP) includes `"openid"` and `"udap"` in the array of scopes returned
+        for the `scopes_supported` parameter.
       )
-      verifies_requirements 'hl7.fhir.us.udap-security@235'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@235'
 
-      input :idp_supports_required_scopes,
-            title: "IdP supports required scopes",
-            description: %(
-              I attest that the Identity Provider (IdP) includes `"openid"` and `"udap"` in the array of scopes returned for the `scopes_supported` parameter.
+    input :idp_supports_required_scopes,
+          title: 'Supports required scopes',
+          description: %(
+              I attest that the Identity Provider (IdP) includes `"openid"` and `"udap"` in the array of scopes returned
+              for the `scopes_supported` parameter.
             ),
-            type: 'radio',
-            default: 'false',
-            options: {
-              list_options: [
-                {
-                  label: 'Yes',
-                  value: 'true'
-                },
-                {
-                  label: 'No',
-                  value: 'false'
-                }
-              ]
-            }
-      input :idp_supports_required_scopes_note,
-            title: 'Notes, if applicable:',
-            type: 'textarea',
-            optional: true
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :idp_supports_required_scopes_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
 
-      run do
-        assert idp_supports_required_scopes == 'true',
-               'Identity Provider (IdP) did not demonstrate support for required scopes.'
-        pass idp_supports_required_scopes_note if idp_supports_required_scopes_note.present?
-      end
+    run do
+      assert idp_supports_required_scopes == 'true',
+             'Identity Provider (IdP) did not demonstrate support for required scopes.'
+      pass idp_supports_required_scopes_note if idp_supports_required_scopes_note.present?
+    end
   end
-end
+end
diff --git a/...p_security_test_kit/visual_inspection_and_attestation/client/jti_reuse_prevention_test.rb b/...p_security_test_kit/visual_inspection_and_attestation/client/jti_reuse_prevention_test.rb
@@ -1,18 +1,20 @@
 module UDAPSecurityTestKit
   class JTIReusePreventionAttestationTest < Inferno::Test
-    title 'Client prevents reuse of JTI values in authentication tokens'
+    title 'Prevents reuse of JTI values in authentication tokens'
     id :udap_security_jti_reuse_prevention
     description %(
-      Client applications SHALL prevent reuse of JTI values in authentication tokens by:
-      - Ensuring the `jti` parameter is not reused in another authentication JWT before the time specified in the `exp` claim has passed.
+      Client application prevents reuse of JTI values in authentication tokens by:
+            - Ensuring the `jti` parameter is not reused in another authentication JWT before the time specified
+              in the `exp` claim has passed.
     )
-    verifies_requirements 'hl7.fhir.us.udap-security@159'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@159'
 
     input :jti_reuse_prevention_correctly,
-          title: "Client prevents reuse of JTI values in authentication tokens",
+          title: 'Prevents reuse of JTI values in authentication tokens',
           description: %(
             I attest that the client application prevents reuse of JTI values in authentication tokens by:
-            - Ensuring the `jti` parameter is not reused in another authentication JWT before the time specified in the `exp` claim has passed.
+            - Ensuring the `jti` parameter is not reused in another authentication JWT before the time specified
+              in the `exp` claim has passed.
           ),
           type: 'radio',
           default: 'false',
@@ -35,7 +37,7 @@ class JTIReusePreventionAttestationTest < Inferno::Test
 
     run do
       assert jti_reuse_prevention_correctly == 'true',
-              'Client application did not demonstrate prevention of JTI reuse in authentication tokens.'
+             'Client application did not demonstrate prevention of JTI reuse in authentication tokens.'
       pass jti_reuse_prevention_correctly_note if jti_reuse_prevention_correctly_note.present?
     end
   end

diff --git a/...ecurity_test_kit/visual_inspection_and_attestation/client/metadata_interpretation_test.rb b/...ecurity_test_kit/visual_inspection_and_attestation/client/metadata_interpretation_test.rb
@@ -1,20 +1,22 @@
 module UDAPSecurityTestKit
   class MetadataInterpretationAttestationTest < Inferno::Test
-    title 'Client interprets metadata correctly'
+    title 'Interprets metadata correctly'
     id :udap_security_metadata_interpretation
     description %(
-      Client applications SHALL interpret metadata correctly by:
-      - Interpreting an empty array value in metadata as indicating that the corresponding capability is NOT supported by the server.
-      - Using applicable values returned in a server’s UDAP metadata for workflows defined in this guide.
+      Client application interprets metadata correctly by:
+            - Interpreting an empty array value in metadata as indicating that the corresponding capability is
+              NOT supported by the server.
+            - Using applicable values returned in a server’s UDAP metadata for workflows defined in this guide.
     )
-    verifies_requirements 'hl7.fhir.us.udap-security@20',
-                          'hl7.fhir.us.udap-security@21'
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@20',
+                          'hl7.fhir.us.udap-security_1.0.0@21'
 
     input :interprets_metadata_correctly,
-          title: "Interprets metadata correctly",
+          title: 'Interprets metadata correctly',
           description: %(
             I attest that the client application interprets metadata correctly by:
-            - Interpreting an empty array value in metadata as indicating that the corresponding capability is NOT supported by the server.
+            - Interpreting an empty array value in metadata as indicating that the corresponding capability is
+              NOT supported by the server.
             - Using applicable values returned in a server’s UDAP metadata for workflows defined in this guide.
           ),
           type: 'radio',
@@ -38,8 +40,8 @@ class MetadataInterpretationAttestationTest < Inferno::Test
 
     run do
       assert interprets_metadata_correctly == 'true',
-              'Client application did not demonstrate correct interpretation of metadata.'
+             'Client application did not demonstrate correct interpretation of metadata.'
       pass interprets_metadata_correctly_note if interprets_metadata_correctly_note.present?
     end
   end
-end
+end