| Term | What is it? |
|---|---|
| Authorized Trading Partner (ATP) | DSCSA defines trading partners in the pharmaceutical supply chain as entities that accept or transfer direct product ownership. A trading partner is authorized when they hold either a valid license or FDA registration. There are five types of trading partners: manufacturers, wholesale distributors, dispensers, repackagers, and third-party logistics providers (3PLs). |
| Dive Deeper - FDA Guidance | |
| Application Programming Interface (API) | An API basically works as a relay between one entity's app data and functionality and a third party. This allows developers to build new programmatic interactions on top of the original app. In the case of CARO, other service providers, such as VRS, can connect their existing tech stack via our APIs to our digital wallet. |
| Term | What is it? |
|---|---|
| Blockchain | A decentralized ledger that stores data permanently in a secure, sequential, and immutable manner. |
| Term | What is it? |
|---|---|
| CARO | CARO is the acronym for Credentialing of ATP for Regulatory Observance. It is Spherity's web-based app solution to authenticate direct and indirect trading partners in real-time. |
| Dive deeper - Website | |
| Client ID & Client Secret | Essentially, these are access details. The Client ID is a public identifier for apps that, for security reasons, should not be guessable by third parties. The Client Secret is effectively a confidential password that is only known to the application and authorization server. In CARO, these details allow Service Providers to access and communicate with the CARO app. |
| Dive deeper - oauth intro | |
| Correlation Universally Unique Identifier (corrUUID) | This is a unique ID for a set of transactions. In CARO, it allows us to group all transactions that pertain to the same VRS roundtrip, e.g. a Product Identifier verification request, to understand the complete history of the VRS-facilitated interactions. |
| Counterparty | In CARO this is the trading partner with whom the CARO Enterprise Account holder has interacted in a VRS-facilitated credential exchange. It is basically the other side in a product enquiry process. |
| Credential | Credentials exist in the physical and digital world. They are essentially certificates that attest to a certain status or achievement. This means an electronic credential is a digital assertion containing a set of claims made by an entity about itself or another entity. The entity described by the claims is called the subject of the credential. |
| See Verifiable Credential. | |
| Credentialing | Credentialing in the context of DSCSA is the process of verifying documentation that proves a certain legal or regulatory status, e.g. the formal review of a pharmacy’s State license and proof of the company’s existence. Within the digital world, electronic credentials can be issued once electronic and/or physical documentation has been approved. |
| See Verifiable Credential. | |
| Credential Issuer | This is an entity that is authorized to issue a credential and transmit the credential to a holder who stores Verifiable Credentials in a digital wallet. Issuers are, for example, government organizations, healthcare centers, financial organizations, universities, and regulatory compliance providers. |
| Dive Deeper - OCI Credential Issuer Conformance Criteria |
| Term | What is it? |
|---|---|
| Decentralized Identifier (DID) | A DID is a type of identifier that enables verifiable, decentralized digital identity. A DID is unique and may refer to any subject (e.g. a person, organization, thing, data model, abstract entity). It is a simple text string consisting of three parts: 1) the did URI scheme identifier, 2) the identifier for the DID method, and 3) the DID method-specific identifier. An example of a DID is did:ethr:123454123412341236abcdef. DIDs and DID documents are managed via verifiable data registries. |
| Dive Deeper - W3C DID | |
| DID Document | This is the cryptographic metadata associated with a specific DID, such as the public key information or service endpoints. This record is accessible using a DID resolver. |
| Dive Deeper - W3C DID Resolution | |
| DID Method | This is a mechanism by which a particular type of DID and its associated DID document are created, resolved, updated, and deactivated. DID methods are defined using DID method specifications. |
| Dive Deeper - W3C DID Method Specifications | |
| DID Resolver | This software derives the DID document for a given DID by applying the respective DID method. |
| Digital Wallet | A physical wallet stores your IDs like drivers' licenses, credit cards, and other credentials. In a similar sense, a digital wallet is a piece of software that allows you to securely acquire, store, manage and check Verifiable Credentials (VCs) as well as Decentralized Identifiers (DIDs). The wallet is not just a storage facility but also permits the use of VCs. This means that the wallet enables you to access certain services or exchange information. In the OCI ecosystem, integrators like VRS providers are able to connect themselves to your digital wallet to facilitate your drug information enquiries. This enables your compliance with DSCSA. |
| Dive Deeper - OCI Digital Wallet Conformance Criteria | |
| Drug Supply Chain Security Act (DSCSA) | The DSCSA was enacted by US Congress on November 27, 2013. It demands several improvements to the US drug supply chain, for example, through an electronic, interoperable system to identify and trace prescription drugs. The goal is to prevent harmful drugs from entering or spreading across the US supply chain. |
| Dive Deeper - DSCSA |
| Term | What is it? |
|---|---|
| Enterprise Identifier | This is a unique ID for an enterprise. In CARO, this is the DID of an organization. |
| See DID. |
| Term | What is it? |
|---|---|
| JSON Web Token (JWT) | JWT is an open standard for secure data transmission. The transmitted information is digitally signed and can be verified. JWT is often used for authorization management, as the token can be used to manage access permissions. |
| Dive Deeper - JWT intro |
| Term | What is it? |
|---|---|
| Open Credentialing Initiative (OCI) | OCI is a collaborative non-profit industry collaboration formed in April 2021 by a group of trading partners, solution providers, and standards organizations to support the US pharmaceutical industry in adopting credentialing and digital wallet technologies to enhance supply chain security, and thus the protection of consumers. The ecosystem is open to trading partners, solution providers, associations, standards bodies, and others interested in contributing to future enhancements of the architecture and use cases. |
| Dive Deeper - OCI Website |
| Term | What is it? |
|---|---|
| Product Identifier (PI) | This is an ID fixed to each package and homogenous case of a marketed product. |
| Dive Deeper - FDA Guidance - PI | |
| Proxy Server | This is an intermediary system that acts as a gateway between internet users and the web pages they visit online. A proxy aims to increase cybersecurity for your computer by protecting you from internet threats like malware. |
| Term | What is it? |
|---|---|
| Trust Triangle | There are three entities in a Verifiable Credential (VC) ecosystem: Issuer, Holder, and Verifier. The issuer generates and bestows the credential; the holder is the entity about and/or for whom the credential is issued; and the verifier checks claims within a credential. The latter trusts the legitimacy of the issuer but does not need to trust the holder thanks to the verifiability of the holder's VC. |
| Dive Deeper - W3C Ecosystem |