v1.0.0

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document.

This is a living OCI Document developed by OCI Members with input from relevant interested parties. It is anticipated that the contents of this document will be reviewed and updated to address any applicable feedback. A list of current public OCI Documents, including Conformance Criteria, can be found in OCI's GitHub repositories.

This document lays out the conformance criteria for service providers who wish to be recognized by the Open Credentialing Initiative (OCI) as Verification Router Service (VRS) providers.

Intended Audience

The publication is intended for Verification Router Service (VRS) providers who wish to implement Authorized Trading Partner (ATP) credentialing in an Open Credentialing Initiative (OCI)-compliant way under the US Drug Supply Chain Security Act (DSCSA). Implementation means the integration of OCI trust architecture components with the VRS system.

This document provides a specification of the Conformance Criteria for a VRS provider. For a general introduction to OCI, please refer to our Getting Started guide or the Open Credentialing Initiative website.

General Terms and Abbreviations

Wallet API Integration and Authentication

In accordance with the Digital Wallet Conformance Criteria, all digital wallets provide the same APIs for creating and verifying ATP Credential Presentations. VRS providers integrate these APIs in accordance with the latest OCI Interoperability Profile. Refer to the published OCI resources for details.

VRS providers SHALL only integrate wallets that are compliant with the OCI digital wallet conformance criteria. The OCI conformance programme lays out how compliance with the OCI digital wallet conformance criteria will be verified and compliant wallets made well-known to the VRS provider.

VRS providers SHALL integrate the digital wallet REST APIs by establishing a secure authentication via OAuth2.0 bearer token and encryption via SSL TLS v1.2+. The Connection SHALL be REST on HTTPS.

VRS providers SHALL have measures in place to facilitate their access to the following wallet APIs:

Mapping of each VRS customer to their respective digital wallet

Given that VRS providers serve multiple customers, it may be expected that providers will need to integrate one or more digital wallet solutions. The mapping of each VRS customer to the respective customer digital wallet account is a critical factor in a secure integration.

When a VRS provider is connected to a wallet solution with one or multiple customer accounts, the VRS provider SHALL ensure that each of its internal customer accounts has the ability to designate and maintain its digital wallet solution. The association of a VRS customer to a digital wallet will be maintained through customer configuration.

Wallet Interoperability & Integration Testing

There are multiple potential VRS-wallet combinations. Interoperability testing supports the frictionless implementation of technology standards in the context of identity and trust as an ecosystem solution. OCI recommends use of its OCI’s published test case resources when designing interoperability test activities. Each OCI Digital Wallet provider SHALL ensure interoperability with other OCI Digital Wallets enabling VRS solution providers to seamlessly integrate with OCI Digital Wallet providers according to the APIs defined in the OCI Digital Wallet Conformance Criteria.

End-to-end Correlatability

The VRS provider SHALL send the corrUUID received in the VRS request and response messages to the digital wallet (via the Wallet API).

Latency Improvements

The VRS and Digital Wallet integration design SHOULD be optimized to minimize latency.

Audit Logs & Data Retention

VRS SHALL maintain auditable logs of Verifiable Presentation generation and verification requests and responses.