This repository contains the template for building onboarding informations for the Smart Trust Network Attendees. This includes CSCAs, Auth information, signing information and other relevant files for onboarding a participant.
Collect this information and transfer it for each environment:
-
Create an private git repository on github.
-
Prepare the following information for onboarding request:
- Environment Repository (all private to hide uploader's identity) (DEV, UAT, PROD)
- Repository URL
- Invite WHO Bot User to Repository (with read rights). The Bot User is:
- tng-bot for production (PROD)
- tng-bot-dev for development (DEV) and user acceptance testing (UAT) environments.
- Create GPG Keys for responsible persons for each environment (see below)
-
Fill in content for your country:
- for DEV and UAT environments you may use the conf files and the certgen bash script as a guideline according to the Certificate Preparation
-
Send an onboarding/participation request to gdhcn-support@who.int which contains:
- URL of the private repository created in Step 1
- The GPG key exported in Step 3.iv
Follow the instructions to create a key.
Algorithm RSA or EC. Minimum Keylength 4096 bit (RSA) or 256 bit (EC)
- The Repo will be onboarded + the Public GPG keys. Export it by using:
gpg --armor --export [key-id]
Keys can be listed by:
gpg -k
- Tag the version of your latest informations by using git tag + signing commands either from terminal or developer IDE. Please Note that an update in github web desktop itself is not working, because the platform will use an intermediate key.
- The Bot user clones the latest tag of your private repo and verifies the signature of the tag against the onboarded GPG keys
- After verification the content will be taken over for your country
- The bot creates a PR
Supported Domains:
- DCC
- IPS-PILGRIMAGE
- DICVP
- PH4H
New trust domains can be established only in agreement between the requesting party and WHO. Collaborate with the WHO's secretariat to gather comprehensive insights and feedback for the development of the new trust domain.
Once the new trust domain is established create new subdirectory in 'onboarding' subdir that reflect the agreed domain name. If you are already onboarded for a domain (e.g. DCC, IPS-PILGRIMAGE,DICVP,PH4H etc.) you only need to provide SCA for the the newly added domain. This can either be an existing SCA or a new SCA. If the newly added domain is the first one for this participant, UPLOAD, TLS and SCA must be generated.
To onboard Trusted Issuer, provide input via the subfolder ISSUER.