The LACCPass-LACChain component enables Health Ministries/Organizations of Countries to manage their onboarding on the LACPass trust network, empowering them as Issuers, to issue and deliver health certificates to patients or individuals using digital wallets.
This manual describes the steps to run the LACPass-LACChain component, and specifies how to use the endpoints.
- Internet access
- Make sure you have up and running and instance of the LACPass-LACChain component part of
IPS-national-backendavailable at https://github.com/RACSEL/IPS-national-backend - Access to the
client-helper.shexecutable script available at https://github.com/lacchain/IPS-national-backend/blob/master/lacchain-setup-helper/client-helper.sh - Postman software
- Running the lacpass-lacchain component from
IPS-national-backendwill expose the service at port 3010. - Verify the lacpass-lacchain service is running either checking the logs or running a telnet command with the proper URL in a bash shell:
Now run the CLI Main Menú (Client helper executable script) that will enable you to setup the decentralized identifier DID for your organization and set some keys to sign the Health certificates.
- Make sure you have verified the service availability as described in the previous section Verify service availability
- Before running the CLI make sure to execute this in a linux bash terminal:
$ chmod +x client-helper.sh
$ bash client-helper.sh
- Now enter the URL of the lacpass-lacchain verified in the previous section Verify service availability as shown in the following prompt:
- The CLI (Command Line Interface) Main Menu is presented:
Please follow these steps for the onboard setup of your Health organization in the LACPass trust network:
- Create a decentralized identifier DID typing 'CD' in the CLI Main Menu:
and a DID will be created and saved in a did.txt file:
- Afterwards, a DID manager must be created, type 'CM' in the CLI Main Menu and enter the number of days in which the manager will be considered valid, for example: 1000 days. Do not enter a number less than 365 days.
and a successful response will be displayed:
- And, type 'exit' to end the onboard setup process.
After completing the onboard setup process, the following information will be in the lacchain-setup-helper directory:
- A
did.txtfile containing the decentralized identifier (DID) of your organization, have it handy in case you need to access the DID.
Now you are ready to share the onboarding information with the committee, please follow these steps:
- Start the CLI again.
- Now enter the URL of the lacpass-lacchain service (as you did previously)
- Type 'GCM' (Get Current Manager) to fetch the entity and manager details as shown:
Copy the content in a text file and name the file something like Entity-Manager-Details.txt.
- Pack the following infromation in a zip file:
a) Entity-Manager-Details.txt file
b) Organization identifying information in a text file:
i. Legal name
ii. FHIR-URL
iii. Country/State code
- Send the zip file via e-mail to epacheco@iadb.org and antoniole@iadb.org
In this section you will learn how to use the endpoint exposed by the lacpass-lacchain component to send health certificates as verifiable credentials. If you successfully followed the previous steps, you are ready to send health certificates to your users.
As explained in Verify service availability section lacpass-lacchain runs on port 3010 by default. To send DDCCCoreDataSet health certificates you can use the Postman tool with the following parameters:
- Method: POST
- http://localhost:3010/api/v1/verifiable-credential/ddcc/send (update the host properly in case you are not accessing via localhost)
- The required payload to send has the following structure:
{
"bundle":
{
"entry":
["string"]
},
"issuerDid": "string",
"receiverDid": "string"
}Where:
- bundle: DDCC FHIR Bundle, just copy and paste the full FHIR Bundle
- IssuerDid: Issuer DID, this is the decentralized identifier you created in the section Running Setup/Onboard steps in step 6 and that is available in the lacchain-setup-helper/did.txt file
- receiverDid: This is the Receiver DID (the patient/individual receiving the certificate) will share with you to receive the issued credential in their wallet. Patients/individuals can easily get their unique decentralized identifier (DID) after setting up their digital wallet available at https://lacpass-openprotest-wallet.lacchain.net/
NOTE: A full example with the required payload is available at https://github.com/lacchain/LACPass-client/blob/master/docs/Credential-Sending.md
- Internet access
- Web browser (Chrome, Firefox, Opera) desktop or mobile
- Access to the digital wallet setup available at https://lacpass-openprotest-wallet.lacchain.net/
Please follow this steps to setup your LACPass digital wallet and receive your health certificates.
- On your first access to LACPass digital wallet you will be presented with a screen like this:
(In case you already registered you may enter your email and password as the wallet credentials to login)
- If not registered, please click on the register link that takes you to Create new account (registration) form:
- Please enter the following User information: first name, family name, last name and Account information: email and password.
Note: After completing the registration information and clicking on Create account all account data will be encrypted in the browser's local storage.
After clicking Create account the following operations are displayed as shown:
a. Generating a new DID
b. Registering Public Keys
c. Changing Controller
d. Signing LACChain ID Credential
e. Auto-issuing the LACChain ID Credential in the wallet
- Once the user wallet is setup, the following LACChain ID Credential is displayed with the information registered by the user:
- Click on the LACChain ID Credential:
- And the following LACChain ID Credential information is presented as
Claims: Id, givenName, familyName, and email.
-
The Id is the (patient/individual) wallet user decentralized identifier DID, as seen in this example the DID value is:
did:lac1:1iT5kyRRuZHYjW1HJfGyNgGbCcZqhuDJLco5N4PemXBjkFSzkgP3YdLRd5BHHGT7LccZ -
The DID value of your digital wallet must be shared with your Health organization, in order to issue and deliver the health credentials to your digital wallet.
- Now, please click on the upper right button (with the blue oval) that displays the wallet user name:
- The following drop-down menu is presented on the upper right side:
-
Below the user name (which is blurred in the image) is the DID value, which can also be copied clicking on the two blue buttons on the right side.
-
The DID value of your digital wallet must be shared with your Health organization, in order to issue and deliver the health credentials to your digital wallet.
-
To synchronize your digital wallet to receive issued credentials click the Sync button as displayed:
- Once you click on the Sync button the digital wallet will retrieve the health credentials issued to your DID. As displayed the digital wallet now contains besides the LACChain ID Credential, a Vaccination Certificate.
- Please click on the Vaccination Certificate.
- The following information of the Vaccination Certificate is presented. Note: the health certificate is a LACPass-WHO-Vaccination Credential.
On the left hand is the printed version of the Digital Vaccination Certificate with all related data and its QR code to scan the Vaccination Certificate.
On the right hand under LACPass-WHO-Vaccination Credential there are three options of the Vaccination Certificate available to click on:
a) Proofs indicates the DID of the Ministry of Health - demo- LACPass who issued the Vaccination Certificate is a valid issuer.
b) Root of Trust displays the Root of Trust from the Issuer of the Vaccination Certificate (Ministry of Health - demo- LACPass) up to the chain root, in this case RACSEL.
c) Raw displays the raw vaccination certificate data in a json structure.
LACPass Verifier is the last component used to verify DDCC-compliant health certificates. This component is made up of two subcomponents:
- LACPass-front-verifier: This is a full front-end component that needs to be connected to LACPass-trusted-List to check the validity of health certificates. The repository is available at https://github.com/lacchain/LACPass-front-verifier
- LACPass-trusted-list: This is the backend API component which cryptographically verifies certificate issuers and decodes data returning it alongside the certificate health validity. Access to this repository is available at https://github.com/lacchain/LACPass-trusted-list
Note: A fully runnning instance of LACPass Verifier can be found at https://lacpass.lacchain.net/