WHO SMART Trust
1.1.6 - CI Build International flag

WHO SMART Trust, published by WHO. This guide is not an authorized publication; it is the continuous build for version 1.1.6 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/WorldHealthOrganization/smart-trust/tree/main and changes regularly. See the Directory of published versions

Concepts Onboarding

The following describes the on-boarding processes for the Global Digital Health Certification Network (GDHCN).

These concepts and the following table contains abbreviations and terminology used throughout this document.

The GDHCN Administrative and Operational Framework should be considered the authoritative source of definitions and concepts in case of any discrepncies.

On-boarding Process Overview

The GDHCN Secretariat manages the on-boarding process and applications of eligible GDHCN Participants to connect as a trusted party to the trust network. Prepared on-boarding records will be handed over to the GDHCN Secretariat with the request to process the technical on-boarding of the trusted party. An organizational and technical successful application results in a confirmation and the GDHCN Participant can connect to the trust network as a trusted party.

Please review the:

  • Concepts underpinning the description of these on-boarding processes including the general description of the Terms of Participation;
  • Certificate Governance describing the governance of public key certificates; and
  • Video Tutorials guiding videos through the onboarding process.

On-boarding Application Requirements

The application of the GDHCN Participant must contain at least:

  • One or more TNPSCAs, one TNPTLS and one TNPUP ;
  • A statement about the acceptance of keys and processes of other jurisdictions which are present in the gateway lists; and
  • Contact Persons - Technical, Legal, Business Owner.

Secretariat Tasks

The secretariat must handle the following tasks to establish the on-boarding process:

  • providing a Secure Channel for the GDHCN Participant to deliver secure and trustworthy applications SCA and/or DID information;
  • creation and Securing a Key Pair (Trust Anchor) to sign/confirm on-boarding requests for the gateway;
  • delivering the Public Key of the Trust Anchor to the Gateway Operations; and
  • transmitting On-boarding Requests to the Gateway Operations.

On-boarding Process

This section describes the steps for the On-boarding Process to the GDHCN

Eligibility

As per the GDHCN Administrative and Operational Framework, eligibility to join the GDHCN is limited to WHO Member States.

Organizational Identity

The organizational identity and contact will be established in an offline process by WHO through it's Member State country offices with appropriate contacts at ministries of health or appropriate public health agency.

On-boarding Steps

  • An eligible GDHCN Participant should complete the On-boarding Checklist to self-assess its readiness for the on-boarding process via the Technical Evaluation Form (TO BE DEFINED).
  • Eligible GDHCN Participants are invited to submit a signed Letter of Application for DDCC by the Full Onboarding Process with:
    • the necessary information to connect to the production environment
    • attestation to comply with the Terms of Participation.
  • After positively assessing the Letter of Application and assessing the Technical Evaluation Form, WHO will:
    • provide the necessary technical specifications and configuration information to connect to their back-end systems to the WHO GDHCN Trust Network Gateway (TNG)
    • invite the GDHCN Participant to register their production certificates and promote them to the production environment.