VICAL

Certificates are needed to block attempts to reuse a valid credential from one person for any other user.

Issues of licenses need certification.

Sources for Digital credential cards will also need certification.

• The primary purpose of a Credential Service Provider (CSP or CP) is the provisioning of credentials or certificates that can be trusted. For example an HL7 report of a COVID-19 test is not in the form of a Verifiable Credential and is not bound to a user’s digital identifier. A CSP can be used to provide assertions for any identifier, attribute or authentication method. These can be combined .

Terminology

• The steps to create a Issueing Auhtority (IA) have been implemented in several states for their Driver's Licenses.
• Issuers of licenses or other certificates to users must also support a Issuing Authority Certificate Authority (IACA) end point.
• This server provides a Verified issuer certificate authority list (VICAL, aka Master List) as defined in ISO 18013-5 to contain the IACA "root" certificates.
• The Root of trust for all issuers of licenses is the VICAL defined in a Certificate Practice Statment (CPS) per ISO 18013-5 Annex C, That annex asserts that this same list could be used for other purposes like the existing card formats for access to the user's records.
• That CPS needs to be developed into a list of service assessment criteria (SAC) that can be used to evaluate the service.
• The next step is to allow testing of this VICAL test bed.
• The CA|B forum defines a set of criteria that can serve as a paradigm for this program.