Stream: smart/health-cards
Topic: How to register in the CommonTrust Network
Kevin Snow (Aug 26 2021 at 06:07):
I'm a week or two into my journey of building out VCI SMART Health Cards for the 19 immunization registries we represent as a vendor. I'm struggling to figure out how to get the state registries we represent registered in the CommonTrust Network. I see the vci-directory repo, but I'm still unsure how to resolve this. My questions are
1) Where and how does one register each State Registry (Issuer)?
2) Can we, as an IIS vendor, register on behalf of each jurisdiction? If so, how would that be set up? We provide the hosting for most of the registries where this will sit
3) I see the form
https://github.com/the-commons-project/vci-directory/blob/main/VCI%20Directory%20Agreement.pdf
From the requirements, the QR Code I am generating passes the outlined checks via the health-cards-validation-SDK and the VerifierPortal.html. However, it does fail with "Unsupported QR" when scanning through the SMART Health Card Verifier, so I'm guessing there is still something I need to fix before being able to submit???
SHC Below (QR Code Attached QRCode-0.png ):
shc:/567629595326546034602925407728043360287028656767542228092862372537602870286471674522280928616339334332065224086144414137380308744003110441427137390544064524376640254560404128055563207745255477416232764062626057360106253333611232742435036952315964117642583866105337416662592922095425650407236939456720502871722930254100263655002465002164533831126922102903082435643926320550565610455050507504206666374272593926642953252063612865572803400340765372247265575600323275041207427175124326097122726241634069124266537121097624237112712342100569640053716860766973327558037122562821032759355300100720661057063865647372610950357445402423353711655744395541437744580445347769096637293959050326346422273167247664062706234340383873725674635432286600417311653173262936764109356961333212743621667500237569722535637405706670540333074437593424232759203431292637590933003728322577770371764043352037352027126468717473236068314575216376392056533258345445637466206445097704547005223406005674654165566163615061406822412341335404414273262256707656084122127700572344732075604064644072112427357559323032547730520629075567062207310527550042594344117566390554674307542768777665030725342969245262691235385520535923457143632272537165322574324222597011562039695812126600317333456142314524102106453203393352635460342035610309573710612374376963116259037410270574626442263860573557765766302008263137446962574568535460374571000577046343500857420457305250670404733453082374202020355050207420016553715230530477370730454545504207416540740852532273755425324156524050664029373832036539673275643231435875054206366706745643302044576244212962654356566134077225047237253820
Paul Denning (Aug 26 2021 at 12:34):
I think that Verifier app has a different set of trusted issuers than those listed at https://raw.githubusercontent.com/the-commons-project/vci-directory/main/vci-issuers.json so it probably does not have https://testing.envisiontechnology.com/HL7SmartHealthCardDemo as an issuer
Josh Mandel (Aug 26 2021 at 12:39):
Will see if @JP Pollak can weigh in. The SMART Health Cards Verifier app should happily display information from any spec-conformant issuer (albeit with a warning label if the issue is not part of the configured trust network). The "QR not supported" error is something I would expect only if the QRs contains something other than immunization records.
Josh Mandel (Aug 26 2021 at 12:43):
Re: Common Trust, I think the right first step is to get included in the VCI directory. That's a public, transparent resource that serves as an on-ramp into trust networks like common trust.
It sounds like you have already found the VCI Directory application form and are passing the validator, which is a great start. The states that turn this feature on will be the ones to actually apply for inclusion in the directory; you can help them fill out the forms etc but we will list individual states rather than technology vendors in the VCI directory.
JP Pollak (Aug 26 2021 at 14:00):
thanks Josh. @Kevin Snow yes to Josh's point about starting with VCI Directory- that's the best onramp into the CommonTrust Network and hopefully it's a quick step to get each state added.
JP Pollak (Aug 26 2021 at 14:03):
also: awesome that you're digging in! :)
Kevin Snow (Aug 26 2021 at 23:14):
Thanks all. We verbally communicated with our jurisdictions today that they will need to be the ones that apply and at least gave them a rough idea of what this process will look like. People had a lot of questions, so we might assist one of the states through the process first; hopefully, soon after that, we'll be able to flush through the rest
Regarding the QR code not scanning in the mobile app, I'll try adjusting the payload to look as close as possible to one of the examples, fingers crossed that it helps pinpoint the difference.
Again, thank you all for the timely response. It came in handy having that information for our community call.
James Kizer (Aug 27 2021 at 16:20):
@Kevin Snow just a shot in the dark, but could you try generating a new SHC with the iss value all lower case?
Kevin Snow (Aug 27 2021 at 20:25):
@James Kizer Unfortunately, no luck. I updated the code to use the iss with all lowercase and to also generate as similar as possible to the example here. The attached screenshot shows minor differences, nothing I can tell that should break it from that. The QR codes passes the VerifierPortal and health-cards-validation-SDK but the mobile app yields the attached screenshot. I don't know if it helps but the code I'm using for the proof of concept is available on github here.
I believe the author of the library I'm using is on here.
CC: @Angus Millar
If anyone has any ideas I'd definitely appreciate it. I'm clearly missing something obvious.
shc:/5676295953265460346029254077280433602870286567675422280928623725376028702864716745222809286163393343320652240861444141373803087440031104414271373905440645243766402545604041280555632077452554774162327640626260573601062531315371707424357641442772412940673444046006342043093421362562734438002421395207702527743008247266520069285600626512593808632905032029085756307322584356103477587706040700572112207536580371403757696660223267330372377757666831036141300677757250057257300552320660047067203140672369453059525521097632217171632243410632596367577700414072325958400420565857445536067711346027505211123657437505234236664409356209534206731227552939347325367240270645373142265658206153663824717705050000666829245255736811204123627057303106343763077643706873563344536727602158122704365623573759123325556728237659732352245464352223704238326112114511236644312773676974364035743765583976762700083423037228373725677126200072275556243432064409362645103904111126053041776470377552070338770061523824413808576377333777606621070860554541340077345312400770613856693955732339557444290374323340606571113244062407317623565031372377722809241231373450232212311070347238320742403956252669077520275662424541447431585632005934256275037159613629420850341159254368620039255529102905053707596824607638313435674405110626355922392550307066255327057730326234677635355720376655347632656204540625055037444523640767053565384567053110045474084250094223045730705807715054082335343507262020235050743220013355583154246830052534317043656357586035292321255827610859441032095228404412353460412525095076293231325065296257702106407050740823305845303027417130033257273312095836126036
content_diff-2021-08-27_14-07-48.png QRCode-0.png Screenshot_20210827-141249.png
James Kizer (Aug 27 2021 at 20:58):
It looks like "Smart" still contains a capital "S". Perhaps also try removing the .0 at the end of nbf. Generally though, the SHC looks good to me so I can't see why it should be failing in the verifier
Angus Millar (Aug 28 2021 at 04:42):
@Kevin Snow Hi Guys, yes that is my library. I'm starting to get the impression my QR Code images are not correct in some way. What does work, yet may still not prove ultimately correct, is that scanning my QR Codes with an iPhone camera and then pasting the resulting string into the 'Numeric QR Data' text box as seen here: Verifier Portal. From that point forward everything checks out correct in my testing. Yet I suspect the QR Code image is somehow not correct. If I attempt to scan my QR Code using the "Scan QR Code" button on the same page I find that it never recognises the QR Code, it just never completes a scan.
So what is it that I'm doing wrong with the QR Code creation?
I know my JWS Token is correct.
I then chunk the JWS as a string into chunks smaller than 1195 in string length.
I then numeric encode each chunk by doing the below. It gets the integer value of each char of the string and subtracts 45 and then converts that integer into a 0 padded string. So integer 5 becomes "05" and integer 15 remains as sting "15". (Integer.ToString("D2") does that padding)
public string Encode(string JWSToken)
{
StringBuilder StringBuilder = new StringBuilder();
foreach (char Char in JWSToken.ToCharArray())
{
int Integer = Char - 45;
StringBuilder.Append(Integer.ToString("D2"));
}
return StringBuilder.ToString();
}
This gives me the numeric portion of my QR Code payload.
I then have the prefix which is a string of "shc:/" which is not numeric encoded,. Where if there are many chunks that string looks like this "shc:/2/3/" where 2 is the current chunk and 3 is the total chunks. This all happens in the class SmartHealthCardJwsChunker
Then I feed both of these into the QR Code library I use manuelbl/QrCodeGenerator.
That QR Code library allows you to specify segments to be encoded into the QR Code in different ways. For the prefix "shc:/" I get it's ASCII bytes and provide that to the QR Code libaray as QrSegment.MakeBytes(Encoding.ASCII.GetBytes("shc:/)), and I provide the numeric encoded data to the same libaray as QrSegment.MakeNumeric(Chunk.NumericSegment)
That is all done in this class : QRCodeEncoder.
I will have to play some more and see where I'm going wrong. I'm surprised the vanilla iPhone camera scan output string works yet other scanners fail.
Angus Millar (Aug 28 2021 at 04:53):
Another thought, does anyone else have a working example of using that QR Code library: manuelbl/QrCodeGenerator. I remember I was lead to it by a post on these forums. It is hard to find QR Code libraries that support multi segments of Numeric and non-numeric as this one reports too.
Josh Mandel (Aug 30 2021 at 17:07):
Interesting -- the example QR above scans for me, but the deflated payload has a non-breaking space character at the front, which makes it invalid JSON.
Josh Mandel (Aug 30 2021 at 17:10):
// In the code below, x is the deflated payload...
// This fails
JSON.parse(x)
// Because the following is a BOM/ZERO WIDTH NO-BREAK SPACE (https://www.fileformat.info/info/unicode/char/feff/index.htm)
// instead of `{`
x.toString().charCodeAt(0)
// And this works
JSON.parse(x.slice(0))
Josh Mandel (Aug 30 2021 at 18:35):
@Kevin Snow does this give you any insight? Starting from the payload in your QR:
import pako from 'pako';
import b64u from 'base64url';
const x = '3FLLbtswEPyVYHuVJUpOY1i3OAX6OBQFkvYS-EBTa4sFHwK5Euoa-rIe-kn9hS5lJ20AJ5feKvCgXe7Ozgz314-fB9AxQg0tURfroiCMpN0uRzfoqL0jVK3zxu_2ufK2aM3i1spALUpDrZKhadB6yMBttlCXV3Mhlpfz-VUuMhgU1AegfYdQ3z8OiH_a89QfXx2DWQoY6Pk6bW3v9HdJTOvFQuUH3ZRLWGegAjboSEtz22--oqJEadvq8AVDksfKL3ORl4yXsqveNYbpHiBg9H1QeDfRh9NFdpIDyhvDaEcmPCDsWSMj98Z8DoYLHvprwQUPwRngTyyH-5OD0uIRRFptGA-uHdeEOM3Y6QGZ7T188G2KVzmsRxa40Sz-jaSEVS5flzNRzioB45idZVO-zOb9U4sjSerTdvDTdwYJ0wMNUint8MY3E4LyDe_LRDzuI6E9LRO_DC9L7sOuSM4WUTeFGr4xAHekWZVYwLgeM-hOFkx0thjQJW5_O8hFXqk-TFdJ7J22R4hqEiySLOPpY283GPhCTF_KsoFbH2zKMkOpyPPfARodOyMnk1c3F2_RYZDm4p2PnSZp2L71cw5W_6WD1fKsg4t_c5DPOP4GAAD__wMA'
let y = b64u.toBuffer(x);
let z = Buffer.from(pako.inflateRaw(y)).toString();
console.log(z.charCodeAt(0), "BAD BOM!");
console.log(JSON.parse(z.slice(1)));
Yields the following:
$ node test.mjs
65279 BAD BOM!
{
iss: 'https://testing.envisiontechnology.com/hl7Smarthealthcarddemo',
<<snipped for brevity>>
Kevin Snow (Aug 31 2021 at 05:27):
@Josh Mandel That was it! Between what you just mentioned and what @JP Pollak let me know about the mobile app scanning error, I was able to figure out the part of the code that needed to be fixed and then I verified the QR code scanned through the mobile after the change :tada:
@Angus Millar I just sent a PR your way with an update to the Compress method that allows the QR codes to scan.
A huge thank you to everyone for their help on this!!! The views I was looking at did not include these characters; who knows how long this would have taken to trace down otherwise. If we ever get some in-person HL7 conferences again, I owe you all a round :beers:
BAD BOM!
Angus Millar (Aug 31 2021 at 08:01):
Hi Guys, I've taken in the GitHub PR @Kevin Snow and published new Nuget packages. However, I am still seeing little difference in my testing outcomes. The issue I face is that the QR Code is never recognised/scanned by the VerifierPortal when using my phone camera (Android or iPhone) or my PC webcam. Yet if I paste in the raw QR Code data, as seen below, into the VerifierPortal site it can decompress and parse out the FHIR resources as expected. Yet this worked for me before the BOM removal change. So I don't follow what this changed has achieved. @Kevin Snow are you able to post here a QR Code that does scan, I don't have any that are successful.
Raw QR Code data:
shc:/567629595326546034602925407728043360287028656767542228092862372537602870286471674522280928631257543955373326336433625405344041074041337645635404364111764477337138652903546329363664590353042940564167704040036057360157292933610870742428535076646709214228656220065471726330695538686343520635527576322644585366035505384538713430505503760056716164583223646543565600435823083904407020045908097345232765341106760453224276772739345070644059363732064031256374720530287238087563314422005956663374052225406975542306747043716059030526453872324550342110385622226150007262065272266310212936236770032036631233333650034445446845056812753555250845361122246227277660105457211233666665582359120734397231773720426527116429246839416471766036743040742103286545742769410054297024087364286234215056325707595868310705216137071225241224683927097771744452447125331029333743003040030661062245683938205930211052563673552123552573765732414540454563204125393005693329032464255723765767267632630374263257624341450064504110105527717552656827663428286612765422665426762171240841572769107631225624323624573721616045693930222405216265580909760721766539396777500758253935332562525324234330053404103610454171126504654277335762503953684573553062251173623930212553450328114407663372571064746404414053263325565332600030414368720831672223637103522630535059030460532171070531703253531242544245746777335654683055290939117408555204053553642966633312672452571270351005563555080564335244087764331103040460756839425030710873380676612226127161627665390567626505247067117643315654244440421026544369267374202020355050207420012457043226112841663656236536602927287123250570740929572064093030683539053153690867583329342563077410224465382804603043715977257131581166207162412156406141684332585433046258
Josh Mandel (Aug 31 2021 at 13:28):
Excellent progress @Kevin Snow -- glad this helped. For the BOM issue, I've submitted an issue on our testing tool at https://github.com/smart-on-fhir/health-cards-validation-SDK/issues/145 So future developers to get clear feedback about this kind of issue.
Josh Mandel (Aug 31 2021 at 13:32):
@Angus Millar that's troubling :-) do you have an example of one of the QRs you are now generating, which is not scanning correctly? Is it possible that the pull request introduced changes to something other than the payload, or that other changes accumulated in the project between releases?
Josh Mandel (Aug 31 2021 at 13:35):
Looking through https://github.com/angusmillar/SmartHealthCard/pull/2/files -- there's not a whole lot of surface area changing...
Kevin Snow (Aug 31 2021 at 21:09):
@Angus Millar I was able to get the bar code to scan through the Verifier Portal using the latest NuGet package. I attached QR Codes generated with 1.0.0 (QRCode-Include-BOM.png) and 1.0.1 (QRCode-Exclude-BOM.png). It did take some work to get the image to line up just right for the webcam. I'm using the code here and just updating the package references to try both. QRCode-Exclude-BOM.png QRCode-Include-BOM.png.
Josh Mandel (Aug 31 2021 at 21:11):
I have the same results as Kevin -- both QRs scan for me; the former validates and the latter fails to validate in personal pet testing app (http://jmandel.github.io/health-card-scanner-demo)
Angus Millar (Aug 31 2021 at 23:46):
Thank you both for your help @Kevin Snow and @Josh Mandel . I have finally managed to get a few to scan, it took a bit of camera holding and playing around. I also managed to get a multi-part QR Code to scan as well. I was surprised just how much data you can stuff inside a single QR Code.
Last updated: Apr 12 2022 at 19:14 UTC
