Verifiable Health Link
0.0.2-current - ci-build
Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions
The Retrieve PKI Material transaction allows both VHL Sharers and VHL Receivers to retrieve trusted cryptographic material from the Trust Anchor. This material includes:
Retrieved material SHALL be used to determine the trustworthiness of VHL artifacts and service endpoints in accordance with the governing trust framework.
Actor | Role |
---|---|
VHL Receiver, VHL Sharer | Request PKI material |
Receive PKI material | |
Trust Anchor | Provide PKI material |
A VHL Sharer or VHL Receiver, as a participant in the trust network, SHALL be capable of requesting public key infrastructure (PKI) material from a designated Trust Anchor.
The retrieved material MAY include:
Participants SHOULD cache the received trust list to reduce network and server load.
Preconditions:
OPTIONS TO DISCUSS:
A Trust Anchor initiates an Retrieve PKI Material Response Message once it has completed, to the extent possible, the expected actions upon receipt of a Retrieve PKI Material Request message.
The Retrieve PKI Material request MAY take one of several forms, depending on the transport and representation models adopted by the content profile. Potential representations include:
The payload SHOULD include sufficient metadata to identify the submitting entity and bind the key material to its intended usage context (e.g., use: "sig", keyOps, x5c chain).
Content profiles SHALL define exact payload constraints, validation rules, and error behaviors.
A VHL Sharer or VHL Receiver, after receiving PKI material from a Trust Anchor, SHALL validate and process the trust information for subsequent cryptographic operations.
Participants SHOULD:
All Retrieve PKI Material interactions SHOULD occur over secure channels using TLS 1.2 or higher, with mTLS recommended for enhanced endpoint authentication. The Trust Anchor SHOULD validate the authenticity, scope, and expiration of all retrieved key material before publishing or caching.
Clients (e.g., VHL Receivers and VHL Sharers) SHOULD verify the signature chain or integrity envelope of the material prior to using it for signature verification or secure session establishment.
Implementers SHOULD ensure that any out-of-band trust anchors or directory sources (e.g., .well-known/ endpoints) are tamper-resistant and publicly resolvable.
Content profiles MAY define additional constraints, such as: