Verifiable Health Link
0.0.2-current - ci-build
Verifiable Health Link
0.0.2-current - ci-build
Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions
| Official URL: https://profiles.ihe.net/ITI/VHL/ExampleScenario/UseCaseGDHCN | Version: 0.0.2-current | |||
| Active as of 2026-03-13 | Computable Name: GDHCN | |||
The World Health Organization (WHO) operates the Global Digital Health Certification Network (GDHCN), a trust network for public-sector health jurisdictions. The GDHCN provides the infrastructure for the bilateral verification and utilization of Verifiable Digital Health Certificates across participating jurisdictions.
The GDHCN uses the notion of a Trust Domain which is defined by a set of:
How Trust is Established:
Trust in the GDHCN is established through a Public Key Infrastructure (PKI). Each participating jurisdiction submits its PKI material — including Signing Certificate Authority (SCA) certificates and Document Signer Certificates (DSCs) — to the WHO Trust Anchor through a formal onboarding process. The Trust Anchor publishes this key material in trust lists that other participants can retrieve and use to verify the digital signatures on health certificates.
DID-Based Trust List Distribution:
The GDHCN distributes trust lists using Decentralized Identifiers (DIDs). Each participating jurisdiction's key material is represented as a DID Document containing verification methods with the jurisdiction's public keys. These DID Documents are published as endpoints by the Trust Anchor, analogous to how the IHE mCSD Profile distributes service endpoints for Organizations. This enables participants to discover and retrieve the PKI material needed for signature verification through a standardized, cacheable, and federated mechanism.
Trust Network Gateway:
The GDHCN Trust Network Gateway (TNG) provides a federated architecture that enables multiple trust anchors and cross-gateway trust propagation. The TNG supports both an API gateway method and DID-based resolution for trust list distribution, ensuring interoperability across diverse jurisdictional implementations.
The PKI operated by the WHO supports a variety of trust domains, two of which — the Hajj Pilgrimage and the Pan-American Highway for Health — are described below.
Figure X.X.X.X-TN: WHO GDHCN Trust Network
Process for establishing trust within the WHO GDHCN trust network through PKI material submission and trust list distribution.
Pre-conditions:
Jurisdiction has completed the GDHCN onboarding process and has generated SCA and DSC certificates.
Post-conditions:
Jurisdiction's PKI material is published in the GDHCN trust list and available for retrieval by other participants.
| Name | Type | Content | Description |
|---|
IG © 2024+ IHE IT Infrastructure Technical Committee. Package ihe.iti.vhl#0.0.2-current based on FHIR 4.0.1. Generated 2026-03-13
Links: Table of Contents |
QA Report
| New Issue | Issues
Version History |
|
Propose a change