Verifiable Health Links
1.0.0-comment - ballot International flag

Verifiable Health Links - Downloaded Version 1.0.0-comment See the Directory of published versions

Requirements: Retrieve Trust List Response

Official URL: https://profiles.ihe.net/ITI/VHL/Requirements/RespondtoRetrieveTrustListRequest Version: 1.0.0-comment
Active as of 2026-06-14 Computable Name: RetrieveTrustListResponse

Upon receipt of Retrieve Trust List Request from a VHL Sharer or VHL Receiver, the Trust Anchor SHALL organize, sign, and expose the PKI material as part of a trusted, canonical trust list.

This MAY include:

  • Public key certificates, trust chains, or JWKS structures
  • Revocation data (CRL or OCSP)
  • Usage metadata (e.g., key type, scope, intended usage)

The Trust Anchor SHALL only respond with validated and trustworthy material in accordance with the governance policies of the VHL trust framework. This signed trust list enables all participants in the VHL trust network to verify digital signatures and establish secure connections in accordance with the governance policies of the Trust Anchor.

Upon receipt of this response, participants SHALL process the trust list as described in Receive Trust List.

These requirements apply to the actor Trust Anchor

These requirements derive from Establish Trust

Receive PKI Distribution RequestSHALL

Receive a PKI material submission from a VHL Sharer or VHL Receiver.

Assemble Trust ListSHALL

Organize validated PKI material into a structured trust list. The Trust Anchor SHOULD support categorization by submitting participant, key usage type (e.g., signing, encryption, secure channels), and operational context.

Sign Trust ListSHALL

Digitally sign the assembled trust list using the Trust Anchor's private key, ensuring the integrity and authenticity of the distributed material.

Expose Trust List Distribution EndpointSHALL

Make the signed trust list available via one or more distribution endpoints accessible to authorized trust network participants.