UseCaseGDHCN - TTL Representation - Verifiable Health Link v0.0.2-current

Verifiable Health Link
0.0.2-current - ci-build International flag
Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions
: UseCaseGDHCN - TTL Representation

Active as of 2026-03-13
Raw ttl | Download

@prefix fhir: <http://hl7.org/fhir/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

# - resource -------------------------------------------------------------------

 a fhir:ExampleScenario ;
  fhir:nodeRole fhir:treeRoot ;
  fhir:id [ fhir:v "UseCaseGDHCN"] ; # 
  fhir:text [
fhir:status [ fhir:v "generated" ] ;
fhir:div [ fhir:v "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: ExampleScenario UseCaseGDHCN</b></p><a name=\"UseCaseGDHCN\"> </a><a name=\"hcUseCaseGDHCN\"> </a><p><b>url</b>: <a href=\"ExampleScenario-UseCaseGDHCN.html\">GDHCN</a></p><p><b>version</b>: 0.0.2-current</p><p><b>name</b>: GDHCN</p><p><b>status</b>: Active</p><p><b>date</b>: 2026-03-13 13:59:49+0000</p><p><b>publisher</b>: IHE IT Infrastructure Technical Committee</p><p><b>contact</b>: <a href=\"https://www.ihe.net/ihe_domains/it_infrastructure/\">https://www.ihe.net/ihe_domains/it_infrastructure/</a>, <a href=\"mailto:iti@ihe.net\">iti@ihe.net</a>, IHE IT Infrastructure Technical Committee: <a href=\"mailto:iti@ihe.net\">iti@ihe.net</a></p><p><b>jurisdiction</b>: <span title=\"Codes:{http://unstats.un.org/unsd/methods/m49/m49.htm 001}\">Global (Whole world)</span></p><p><b>purpose</b>: </p><div><p>The World Health Organization (WHO) operates the <a href=\"https://smart.who.int/trust\">Global Digital Health Certification Network (GDHCN)</a>, a trust network for public-sector health jurisdictions. The GDHCN provides the infrastructure for the bilateral verification and utilization of Verifiable Digital Health Certificates across participating jurisdictions.</p>\n<p>The GDHCN uses the notion of a <strong>Trust Domain</strong> which is defined by a set of:</p>\n<ul>\n<li>use cases and business processes related to the utilization of Verifiable Digital Health Certificates</li>\n<li>open, interoperable technical specifications that define the applicable Trusted Services and verifiable digital health certificates for the use case</li>\n<li>policy and regulatory standards describing expected behavior of participants for the use case</li>\n</ul>\n<p><strong>How Trust is Established:</strong></p>\n<p>Trust in the GDHCN is established through a Public Key Infrastructure (PKI). Each participating jurisdiction submits its PKI material — including Signing Certificate Authority (SCA) certificates and Document Signer Certificates (DSCs) — to the WHO Trust Anchor through a formal onboarding process. The Trust Anchor publishes this key material in trust lists that other participants can retrieve and use to verify the digital signatures on health certificates.</p>\n<p><strong>DID-Based Trust List Distribution:</strong></p>\n<p>The GDHCN distributes trust lists using <a href=\"https://www.w3.org/TR/did-core/\">Decentralized Identifiers (DIDs)</a>. Each participating jurisdiction's key material is represented as a DID Document containing verification methods with the jurisdiction's public keys. These DID Documents are published as endpoints by the Trust Anchor, analogous to how the <a href=\"https://profiles.ihe.net/ITI/mCSD/\">IHE mCSD Profile</a> distributes service endpoints for Organizations. This enables participants to discover and retrieve the PKI material needed for signature verification through a standardized, cacheable, and federated mechanism.</p>\n<p><strong>Trust Network Gateway:</strong></p>\n<p>The GDHCN Trust Network Gateway (TNG) provides a federated architecture that enables multiple trust anchors and cross-gateway trust propagation. The TNG supports both an API gateway method and DID-based resolution for trust list distribution, ensuring interoperability across diverse jurisdictional implementations.</p>\n<p>The PKI operated by the WHO supports a variety of trust domains, two of which — the Hajj Pilgrimage and the Pan-American Highway for Health — are described below.</p>\n<p>&lt;figure&gt;\n&lt;img src=\"trust_network.png\" caption=\"WHO GDHCN Trust Network\" style=\"width:45em; max-width:100%;\"/&gt;\n&lt;p id=\"fX.X.X.X-TN\" class=\"figureTitle\"&gt;Figure X.X.X.X-TN: WHO GDHCN Trust Network&lt;/p&gt;\n&lt;/figure&gt;</p>\n</div><blockquote><p><b>process</b></p><p><b>title</b>: GDHCN Trust Establishment</p><p><b>description</b>: </p><div><p>Process for establishing trust within the WHO GDHCN trust network through PKI material submission and trust list distribution.</p>\n</div><p><b>preConditions</b>: </p><div><p>Jurisdiction has completed the GDHCN onboarding process and has generated SCA and DSC certificates.</p>\n</div><p><b>postConditions</b>: </p><div><p>Jurisdiction's PKI material is published in the GDHCN trust list and available for retrieval by other participants.</p>\n</div><blockquote><p><b>step</b></p><h3>Operations</h3><table class=\"grid\"><tr><td style=\"display: none\">-</td><td><b>Number</b></td><td><b>Name</b></td><td><b>Description</b></td></tr><tr><td style=\"display: none\">*</td><td>1</td><td>Jurisdiction Onboarding</td><td><div><p>A participating jurisdiction completes the GDHCN onboarding process and submits its Signing Certificate Authority (SCA) and Document Signer Certificates (DSCs) to the WHO Trust Anchor. The Trust Anchor validates the submitted certificates and onboards the jurisdiction into the trust network.</p>\n</div></td></tr></table></blockquote><blockquote><p><b>step</b></p><h3>Operations</h3><table class=\"grid\"><tr><td style=\"display: none\">-</td><td><b>Number</b></td><td><b>Name</b></td><td><b>Description</b></td></tr><tr><td style=\"display: none\">*</td><td>2</td><td>Trust List Publication</td><td><div><p>The WHO Trust Anchor publishes the jurisdiction's PKI material as DID Documents in the GDHCN trust list. Each DID Document contains verification methods with the jurisdiction's public keys, distributed as endpoints that can be discovered and retrieved by other trust network participants.</p>\n</div></td></tr></table></blockquote><blockquote><p><b>step</b></p><h3>Operations</h3><table class=\"grid\"><tr><td style=\"display: none\">-</td><td><b>Number</b></td><td><b>Name</b></td><td><b>Description</b></td></tr><tr><td style=\"display: none\">*</td><td>3</td><td>Trust List Retrieval</td><td><div><p>Participating jurisdictions (acting as VHL Sharers or VHL Receivers) retrieve the trust list from the Trust Anchor. The retrieved DID Documents provide the public keys needed to verify digital signatures on health certificates and to establish secure channels for document exchange.</p>\n</div></td></tr></table></blockquote></blockquote></div>"^^rdf:XMLLiteral ]
  ] ; # 
  fhir:url [
fhir:v "https://profiles.ihe.net/ITI/VHL/ExampleScenario/UseCaseGDHCN"^^xsd:anyURI ;
fhir:l <https://profiles.ihe.net/ITI/VHL/ExampleScenario/UseCaseGDHCN>
  ] ; # 
  fhir:version [ fhir:v "0.0.2-current"] ; # 
  fhir:name [ fhir:v "GDHCN"] ; # 
  fhir:status [ fhir:v "active"] ; # 
  fhir:date [ fhir:v "2026-03-13T13:59:49+00:00"^^xsd:dateTime] ; # 
  fhir:publisher [ fhir:v "IHE IT Infrastructure Technical Committee"] ; # 
  fhir:contact ( [
    ( fhir:telecom [
fhir:system [ fhir:v "url" ] ;
fhir:value [ fhir:v "https://www.ihe.net/ihe_domains/it_infrastructure/" ]     ] )
  ] [
    ( fhir:telecom [
fhir:system [ fhir:v "email" ] ;
fhir:value [ fhir:v "iti@ihe.net" ]     ] )
  ] [
fhir:name [ fhir:v "IHE IT Infrastructure Technical Committee" ] ;
    ( fhir:telecom [
fhir:system [ fhir:v "email" ] ;
fhir:value [ fhir:v "iti@ihe.net" ]     ] )
  ] ) ; # 
  fhir:jurisdiction ( [
    ( fhir:coding [
fhir:system [
fhir:v "http://unstats.un.org/unsd/methods/m49/m49.htm"^^xsd:anyURI ;
fhir:l <http://unstats.un.org/unsd/methods/m49/m49.htm>       ] ;
fhir:code [ fhir:v "001" ]     ] )
  ] ) ; # 
  fhir:purpose [ fhir:v "The World Health Organization (WHO) operates the [Global Digital Health Certification Network (GDHCN)](https://smart.who.int/trust), a trust network for public-sector health jurisdictions. The GDHCN provides the infrastructure for the bilateral verification and utilization of Verifiable Digital Health Certificates across participating jurisdictions.\n\nThe GDHCN uses the notion of a **Trust Domain** which is defined by a set of:\n- use cases and business processes related to the utilization of Verifiable Digital Health Certificates\n- open, interoperable technical specifications that define the applicable Trusted Services and verifiable digital health certificates for the use case\n- policy and regulatory standards describing expected behavior of participants for the use case\n\n**How Trust is Established:**\n\nTrust in the GDHCN is established through a Public Key Infrastructure (PKI). Each participating jurisdiction submits its PKI material — including Signing Certificate Authority (SCA) certificates and Document Signer Certificates (DSCs) — to the WHO Trust Anchor through a formal onboarding process. The Trust Anchor publishes this key material in trust lists that other participants can retrieve and use to verify the digital signatures on health certificates.\n\n\n**DID-Based Trust List Distribution:**\n\nThe GDHCN distributes trust lists using [Decentralized Identifiers (DIDs)](https://www.w3.org/TR/did-core/). Each participating jurisdiction's key material is represented as a DID Document containing verification methods with the jurisdiction's public keys. These DID Documents are published as endpoints by the Trust Anchor, analogous to how the [IHE mCSD Profile](https://profiles.ihe.net/ITI/mCSD/) distributes service endpoints for Organizations. This enables participants to discover and retrieve the PKI material needed for signature verification through a standardized, cacheable, and federated mechanism.\n\n**Trust Network Gateway:**\n\nThe GDHCN Trust Network Gateway (TNG) provides a federated architecture that enables multiple trust anchors and cross-gateway trust propagation. The TNG supports both an API gateway method and DID-based resolution for trust list distribution, ensuring interoperability across diverse jurisdictional implementations.\n\nThe PKI operated by the WHO supports a variety of trust domains, two of which — the Hajj Pilgrimage and the Pan-American Highway for Health — are described below.\n\n<figure>\n  <img src=\"trust_network.png\" caption=\"WHO GDHCN Trust Network\" style=\"width:45em; max-width:100%;\"/>\n  <p id=\"fX.X.X.X-TN\" class=\"figureTitle\">Figure X.X.X.X-TN: WHO GDHCN Trust Network</p>\n</figure>"] ; # 
  fhir:process ( [
fhir:title [ fhir:v "GDHCN Trust Establishment" ] ;
fhir:description [ fhir:v "Process for establishing trust within the WHO GDHCN trust network through PKI material submission and trust list distribution." ] ;
fhir:preConditions [ fhir:v "Jurisdiction has completed the GDHCN onboarding process and has generated SCA and DSC certificates." ] ;
fhir:postConditions [ fhir:v "Jurisdiction's PKI material is published in the GDHCN trust list and available for retrieval by other participants." ] ;
    ( fhir:step [
fhir:operation [
fhir:number [ fhir:v "1" ] ;
fhir:name [ fhir:v "Jurisdiction Onboarding" ] ;
fhir:description [ fhir:v "A participating jurisdiction completes the GDHCN onboarding process and submits its Signing Certificate Authority (SCA) and Document Signer Certificates (DSCs) to the WHO Trust Anchor. The Trust Anchor validates the submitted certificates and onboards the jurisdiction into the trust network." ]       ]     ] [
fhir:operation [
fhir:number [ fhir:v "2" ] ;
fhir:name [ fhir:v "Trust List Publication" ] ;
fhir:description [ fhir:v "The WHO Trust Anchor publishes the jurisdiction's PKI material as DID Documents in the GDHCN trust list. Each DID Document contains verification methods with the jurisdiction's public keys, distributed as endpoints that can be discovered and retrieved by other trust network participants." ]       ]     ] [
fhir:operation [
fhir:number [ fhir:v "3" ] ;
fhir:name [ fhir:v "Trust List Retrieval" ] ;
fhir:description [ fhir:v "Participating jurisdictions (acting as VHL Sharers or VHL Receivers) retrieve the trust list from the Trust Anchor. The retrieved DID Documents provide the public keys needed to verify digital signatures on health certificates and to establish secure channels for document exchange." ]       ]     ] )
  ] ) . #
<prev
top
next>
IG © 2024+ IHE IT Infrastructure Technical Committee. Package ihe.iti.vhl#0.0.2-current based on FHIR 4.0.1. Generated 2026-03-13
Links: Table of Contents | QA Report | New Issue | Issues Version History | | Propose a change external