SMART Verifiable IPS for Pilgrimage
1.0.1 - ci-build

SMART Verifiable IPS for Pilgrimage, published by WHO. This guide is not an authorized publication; it is the continuous build for version 1.0.1 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/WorldHealthOrganization/smart-ips-pilgrimage/tree/main and changes regularly. See the Directory of published versions

Test Cases

This page will include test cases developed for the test scenarios, transactions and actors included in this implementation guide. See Testing for additional testing artifacts.

The testing artifacts in this implementation guide are not intended to be used to determine formal conformance, nor are they intended to be authoritative or comprehensive.

IPS-Pilgrimage End to End Workflow

Issuance of verifiable health document (IPS)

Feature: Record Consent

Scenario: Consent is provided and saved successfully
GIVEN an IPS is generated
WHEN a new consent directive has been recorded by a Origin Country Health Wallet
THEN the Origin Country Health wallet initiates a record consent request as a PUT/POST request along with FHIR consent resource compliant with ITI-108 Create request
AND the Origin Country HIE stores the consent resource in the consent registry
AND sends a success response as indicated by http response code

Scenario: Consent is provided but fails to save
GIVEN an IPS is generated
WHEN a new consent directive has been recorded by a Origin Country Health Wallet
THEN the Origin Country Health wallet initiates a record consent request as a PUT/POST request along with FHIR consent resource compliant with ITI-108 Create request
AND the Origin Country HIE attempts to store the consent resource in the consent registry and fails
AND sends a failure response as indicated by http response code
Issue Verifiable SHL
Feature: Issue Verifiable SHL

Scenario: QR Code with HCERT containing SHL is generated
GIVEN an IPS is generated
AND consent is provided
AND a Passcode and time limit is set
WHEN the Origin Country Digital Health Wallet sends a issue-verifiable-shl-request to Origin Country HIE
THEN the Origin Country HIE constructs a SHL payload
AND embeds the SHL in HCERT
AND constructs COSE payload
AND signs the payload with Kid
AND builds CWT structure
AND serializes CWT and encodes to Base64
AND generates the QR Code

Unplanned Clinical Encounter at Hajj Health Facility

Verify Signature on CWT Payload using Kid

Feature: Verify QR Code signature

Scenario: Verify valid QR Code
GIVEN a QR code is shared
WHEN a scanner is used to read the QR code
THEN a base64 encoded CWT is obtained
AND COSE message is extracted
AND signature on CWT Payload is verified using Kid reference in CWT Header
AND signature verification is successful and the HCERT is obtained

Scenario: QR code provided is invalid
GIVEN a QR code is shared for which the signature has expired
WHEN a scanner is used to read the QR code
THEN a base64 encoded CWT is obtained
AND COSE message is extracted
AND signature on CWT Payload is verified using Kid reference in CWT Header
AND signature verification fails
AND Error message is sent
Retrieve SHL Manifest

Feature: Retrieve SHL Manifest

Scenario: SHL Manifest Request is valid
GIVEN a HCERT containing a SMART Health Link is obtained
WHEN the Host Country EMR decodes the SHL Payload and issues a SHL Manifest Request
AND a correct passcode is provided
AND the SHL has not expired
THEN the server returns the SHL Manifest as a JSON object

Scenario: SHL Manifest Request made with invalid passcode
GIVEN a HCERT containing a SMART Health Link is obtained
WHEN the Host Country EMR decodes the SHL Payload and issues a SHL Manifest Request
AND incorrect passcode is provided
THEN the server returns an error response using 401 HTTP status code and the response body is sent as a JSON payload with
remainingAttempts

Scenario: SHL Manifest Request but the SHL has expired
GIVEN a HCERT containing a SMART Health Link is obtained
WHEN the Host Country EMR decodes the SHL Payload and issues a SHL Manifest Request
AND the SMART Health Link has expired
THEN the server returns an error response using 404 HTTP status code
Retrieve IPS

Feature: Retrieve IPS JSON

Scenario: Retrieve IPS JSON request is sent
GIVEN SHL Manifest is obtained
WHEN the Host Country EMR sends a GET request for the IPS JSON
THEN the server responds with the IPS as a JSON

Scenario: Retrieve IPS PDF request is sent
GIVEN SHL Manifest is obtained
WHEN the Host Country EMR sends a GET request for the IPS PDF
THEN the server responds with the IPS as a PDF
Validate retrieved IPS content

Feature: Validate retrieved IPS content

Scenario: Retrieved IPS content is valid
GIVEN the Host Country EMR retrieved IPS Content as JSON
WHEN the EMR validates the IPS content
THEN IPS content validation is successful
AND IPS Content is displayed

Scenario: Retrieved IPS content is invalid
GIVEN the Host Country EMR retrieved IPS Content as JSON
WHEN the EMR validates the IPS content
THEN IPS content validation fails
AND error message is sent
View IPS content

Feature: View IPS content

Scenario: View IPS content
GIVEN retrieved IPS content validated successfully
THEN the IPS narrative is rendered using tags provided in the JSON