Verifiable Health Link
0.0.2-current - ci-build International flag

Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

: Accept mTLS - XML Representation

Active as of 2025-06-16

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="AcceptMTLSConnection"/>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: Requirements AcceptMTLSConnection</b></p><a name="AcceptMTLSConnection"> </a><a name="hcAcceptMTLSConnection"> </a><p>These requirements apply to the actor <a href="ActorDefinition-VHLSharer.html">VHL Sharer</a></p><p>These requirements derive from <a href="Requirements-CreateTrustedChannel.html">Create Trusted Channel</a></p><table class="grid"/></div>
  </text>
  <url
       value="https://profiles.ihe.net/ITI/VHL/Requirements/AcceptMTLSConnection"/>
  <version value="0.0.2-current"/>
  <name value="AcceptMTLSConnection"/>
  <title value="Accept mTLS"/>
  <status value="active"/>
  <date value="2025-06-16T13:14:26+00:00"/>
  <publisher value="IHE IT Infrastructure Technical Committee"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="https://www.ihe.net/ihe_domains/it_infrastructure/"/>
    </telecom>
  </contact>
  <contact>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <contact>
    <name value="IHE IT Infrastructure Technical Committee"/>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <description
               value="The [VHL Sharer](ActorDefinition-VHLSharer.html), when acting as a server in a Verified Health Link (VHL) transaction, SHALL accept a mutually authenticated TLS (mTLS) connection initiated by a [VHL Receiver](ActorDefinition-VHLReceiver.html).

During the TLS handshake, the Sharer SHALL:
* Present a valid X.509 server certificate that is anchored to a recognized Trust Anchor
* Validate the client certificate presented by the Receiver against the same trust framework
* Establish a secure channel over which all subsequent VHL-related transactions are conducted

Successful completion of the mTLS handshake is a prerequisite for all VHL operations involving sensitive data exchange. This requirement refines the bilateral obligations described in [Create Trusted Channel](Requirements-CreateTrustedChannel.html)."/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
    </coding>
  </jurisdiction>
  <derivedFrom
               value="https://profiles.ihe.net/ITI/VHL/Requirements/CreateTrustedChannel"/>
  <actor value="https://profiles.ihe.net/ITI/VHL/ActorDefinition/VHLSharer"/>
</Requirements>