The Trust Anchor receives, aggregates and distributes PKI material to the participants within a trust network, specifically the VHL Reciver and VHL Sharer.

The VHL Holder is an individual that is holding an authorization mechanism, a VHL, which allows a VHL Receiver to access a (set of) health document(s) held by a VHL Sharer.

The VHL Receiver receives a VHL from a VHL Holder which it utilizes to request access to health documents from a VHL Sharer.

The VHL Sharer generates a VHL, provides the VHL to a VHL Holder, and responds to requests from a VHL Sharer to utilize the VHL.

Accept an mTLS in order to conduct further transactions under a secure channel

Record an event for audit purpose related to the issuance of a VHL.

In this option the VHL Sharer records an audit event for critical events in the access of health documents including:

• Request for the generation of a VHL by a VHL Holder; and
• Request for access to a (set of) health document(s) by a VHL Receiver.

Record an event for audit purpose related to the issuance of a VHL.

In this option the VHL Receiver records an audit event for critical events in the access of health documents, for example, including:

• provisioning of VHL from a Holder
• retrieval of health data from the a VHL Sharer

Accept an mTLS in order to conduct further transactions under a secure channel

Upon receipt of a set of public key material from a VHL Sharer or VHL Receiver, as trust network participants, the Trust Anchor validates and makes available a digitally signed version of the trust list.

Establish a trust relationship as participants in a trust network

The VHL Sharer shall generate a VHL to issue to a VHL Holder.

The VHL Sharer SHALL conduct or perform any necessary tasks to create or populate the folder of health documents that that VHL Holder has requested to be shared. It is left to content profiles and other implementation guides to provide any further requirements but these MAY include:

• generation of documents;
• querying for existing documents associated to the VHL Holder of the requested type; or
• creation of digital signatures.

Once these tasks are completed, VHL Sharer shall generate a VHL authorization mechanism according to a content profile.

A VHL Sharer may optionally:

• record the consent of the individual to share their information under the Record Consent option.
• create an audit trail of the creation of the VHL under the Audit Event option.

Initiate an mTLS in order to conduct further transactions under a secure channel

On receipt of a Retrieve PKI Material Request, a Trust Anchor should validate the appropriate of the request.

This transacation is initiated by a VHL Holder to transmit a VHL to the VHL Receiver. Depending on the use case and context, the payload comprising the VHL may be rendered/serialized and transmitted through various mechanisms, for example as a QR-code, Verifiable Credentials, bluetooth or near-field communication protocols. These mechanisms are described in Volume 3.

A participant of a trust network, a VHL Sharer or a VHL Receiver, SHOULD cache the received public material to reduce network and server load.

Is able to receive a VHL authorization mechanism from a VHL Holder

​The Holder accepts the VHL for storage on wallet or other utilization.

Record the consent given by the Holder for the creation and utilization of the VHL.

In this option the VHL Sharer acts a Consent Recorder from the Privacy Consent on FHIR (PCF) profile. In this option, the VHL Sharer SHALL initiate a [Access Consent : ITI-108)(https://profiles.ihe.net/ITI/PCF/ITI-108.html) transaction as part of the Expected Actions after receipt of a Generate VHL request. The Access Consent transaction is used to record the consent declarations by the VHL Holder for the sharing of the (set of) health document(s) by the VHL Sharer to any authorized VHL Receiver within the trust network for a specified use case.

Record an event for audit purpose related to the access of health data such as when, which enitity or natural person, ehich data was accessed.

A participant of a trust network, a VHL Sharer or a VHL Receiver, wishes to retrieve public key material in order to perform necessary actions such the validation of a digital signature, the establishment of a secure connection, or the decryption of encrypted content. The received key material, or trust list, SHOULD be cached by the trust network participant to reduce network and server load.

Preconditions:

• ​The trust network participant knows in advance the endpoint at which to initiate the Retrieve PKI material from, which is provided by the Trust Anchor.

This transaction is initiated by a VHL Receiver to request a single health document from a VHL Sharer. This transaction should be conducted in such a manner that the VHL Receiver and VHL Sharer can validate their respective participation in the same trust network. The VHL Receiver shall optionally be able to validate that the veracity of the health document received through this transaction under the Verify Document Signature option. The VHL Sharer shall optionally be able to record an audit event for the access of the folder by the VHL Receiver upon the transaction request under the Audit Event option.

This transactions is initiated by a VHL Receiver to request a set of health documents from a VHL Sharer. This transaction should be conducted in such a manner that the VHL Receiver and VHL Sharer can validate one another's participation in the same trust network. The VHL Sharer shall optionally be able to record an audit event for the access of the folder by the VHL Receiver upon the transaction request under the Audit Event option.

​A VHL Holder triggers a request for a VHL authorization mechanism to be generated from a Sharer in order to share health documents with a VHL Receiver.

The VHL Holder requests that a VHL authorization mechanism be issued to provide access to one or more health documents.

The [VHL Holder]((ActorDefinition-VHLHolder.html) MAY provide optional parameters. The parameters may be to protect or constrain the scope of the authorization (e.g. configure a pass code, set the time period for which these documents should be made available).

Preconditions:

• The Holder SHALL trust that Sharer has been authorized by its jurisidiction to authorize and provide access to health documents.
• (optional) the Holder has selected consent and selective disclosure directives.

When a trust network participant, a VHL Sharer or a VHL Receiver, generates a set of public-private key pair, it initiates submits this key material for validation and distribution by the VHL Receiver.

In this option the VHL Receiver, after receipt of a digitally signed document from a VHL Sharer, shall verify the digtial signature using previosuly retrieved PKI material. This key material may or may not be distributed under the same trust network under which the VHL was distributed. This key material may or may not be the same key material that was used to verify the VHL.

See cross-profile considerations for a discussion of the relationship of this option to the IHE Document Signature profile.

CapabilityStatement for Trust Anchor Actor in the IHE IT Infrastructure Technical Framework Supplement IHE VHL. The Trust Anchor receives, aggregates and distributes PKI material to the participants within a trust network, specifically the VHL Reciver and VHL Sharer.