Verifiable Health Link
0.0.2-current - ci-build International flag

Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

: Test Plan – Trust Anchor - XML Representation

Active as of 2026-03-13

Raw xml | Download


<TestPlan xmlns="http://hl7.org/fhir">
  <id value="TestPlan-TrustAnchor"/>
  <url
       value="https://profiles.ihe.net/ITI/VHL/TestPlan/TestPlan-TrustAnchor"/>
  <version value="0.0.2-current"/>
  <name value="TestPlan_TrustAnchor"/>
  <title value="Test Plan – Trust Anchor"/>
  <status value="active"/>
  <date value="2026-03-13T13:59:49+00:00"/>
  <publisher value="IHE IT Infrastructure Technical Committee"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="https://www.ihe.net/ihe_domains/it_infrastructure/"/>
    </telecom>
  </contact>
  <contact>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <contact>
    <name value="IHE IT Infrastructure Technical Committee"/>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <description
               value="Unit test plan for the **Trust Anchor** actor of the IHE ITI Verifiable Health Links (VHL) profile.

Scope: validates all behaviour expected of a Trust Anchor as described in ITI-YY1 (responder)
and ITI-YY2 (responder). Each test suite (testCase) corresponds to one transaction and exercises
three atomic feature files: message semantics (shared), responder expected actions, and security
considerations."/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
    </coding>
  </jurisdiction>
  <scope>🔗 
    <reference value="ActorDefinition/TrustAnchor"/>
  </scope>
  <testCase>
    <sequence value="1"/>
    <testRun>
      <narrative
                 value="**ITI-YY1 Message Semantics** – Verifies the DID Document message format that the Trust Anchor
must validate: mandatory @context / id / verificationMethod fields, verification method structure,
public key format (JWK/RFC 7517), private key exclusion, accepted cryptographic suites, key
strength (P-256+), and HTTP POST / Content-Type requirements.
Source: section 2:3.YY1.4.1.2 (Message Semantics)."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY1-submit-pki-material-message.feature"/>
          <display value="ITI-YY1 Submit PKI Material – Message Semantics"/>
        </sourceReference>
      </script>
    </testRun>
    <testRun>
      <narrative
                 value="**ITI-YY1 Trust Anchor Expected Actions** – Verifies structural and cryptographic validation,
identity authentication and authorisation, cataloguing, rejection criteria, revocation and
update support, and correct HTTP response codes (201 / 400 / 401 / 403 / 422).
Source: sections 2:3.YY1.4.1.3 (Responder) and 2:3.YY1.4.2 (Response Message)."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY1-submit-pki-material-responder.feature"/>
          <display
                   value="ITI-YY1 Submit PKI Material – Trust Anchor Expected Actions"/>
        </sourceReference>
      </script>
    </testRun>
    <testRun>
      <narrative
                 value="**ITI-YY1 Security Considerations** – Verifies §2:3.YY1.5 requirements: DID Document integrity
(signed submissions), key material security (private key exclusion, minimum strength), identity
verification (TLS, authentication mechanisms), DID Document validation (approved algorithms,
usage arrays), and revocation distribution controls."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY1-submit-pki-material-security.feature"/>
          <display
                   value="ITI-YY1 Submit PKI Material – Security Considerations"/>
        </sourceReference>
      </script>
    </testRun>
  </testCase>
  <testCase>
    <sequence value="2"/>
    <testRun>
      <narrative
                 value="**ITI-YY2 Message Semantics** – Verifies the request message options (single-DID GET,
bulk GET, mCSD query, URL encoding, optional query parameters) and response message
formats (single DID Document, collection, mCSD searchset Bundle, returned DID Document
content requirements).
Source: section 2:3.YY2.4 (Request and Response Messages)."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY2-retrieve-trust-list-message.feature"/>
          <display value="ITI-YY2 Retrieve Trust List – Message Semantics"/>
        </sourceReference>
      </script>
    </testRun>
    <testRun>
      <narrative
                 value="**ITI-YY2 Trust Anchor Expected Actions** – Verifies active-document-only filtering (no
revoked/expired DID Documents), authentication and authorisation enforcement (401/403),
404 handling for unknown DIDs, and optional response signing.
Source: sections 2:3.YY2.4.2 (Response Message) and 2:3.YY2.5 (Security Considerations)."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY2-retrieve-trust-list-responder.feature"/>
          <display
                   value="ITI-YY2 Retrieve Trust List – Trust Anchor Expected Actions"/>
        </sourceReference>
      </script>
    </testRun>
    <testRun>
      <narrative
                 value="**ITI-YY2 Security Considerations** – Verifies TLS enforcement, response integrity
verification, access control restrictions, and revocation propagation requirements."/>
      <script>
        <language>
          <coding>
            <system value="urn:ietf:bcp:13"/>
            <code value="text/x-gherkin"/>
          </coding>
          <text value="Gherkin"/>
        </language>
        <sourceReference>
          <reference
                     value="https://build.fhir.org/ig/IHE/ITI.VHL/ITI-YY2-retrieve-trust-list-security.feature"/>
          <display
                   value="ITI-YY2 Retrieve Trust List – Security Considerations"/>
        </sourceReference>
      </script>
    </testRun>
  </testCase>
</TestPlan>