Glossary #

A #

TermWhat is it?Dive deeper
Authorized Trading Partner (ATP)DSCSA defines trading partners in the pharmaceutical supply chain as entities that accept or transfer direct product ownership. A trading partner is authorized when they hold either a valid license or FDA registration. There are five types of trading partners: manufacturers, wholesale distributors, dispensers, repackagers, and third-party logistics providers (3PLs).FDA Guidance
Application Programming Interface (API)An API basically works as a relay between one entity’s app data and functionality and a third party. This allows developers to build new programmatic interactions on top of the original app. In the case of CARO, other service providers, such as VRS, can connect their existing tech stack via our APIs to our digital wallet.

B #

TermWhat is it?Dive deeper
BlockchainA decentralized ledger that stores data permanently in a secure, sequential, and immutable manner.

C #

TermWhat is it?Dive deeper
CAROCARO is the acronym for Credentialing of ATP for Regulatory Observance. It is Spherity’s web-based app solution to authenticate direct and indirect trading partners in real-time.CARO Website
Client ID & Client SecretEssentially, these are access details. The Client ID is a public identifier for apps that, for security reasons, should not be guessable by third parties. The Client Secret is effectively a confidential password that is only known to the application and authorization server. In CARO, these details allow Service Providers to access and communicate with the CARO app.oauth intro
Correlation Universally Unique Identifier (corrUUID)This is a unique ID for a set of transactions. In CARO, it allows us to group all transactions that pertain to the same VRS roundtrip, e.g. a Product Identifier verification request, to understand the complete history of the VRS-facilitated interactions.
CounterpartyIn CARO this is the trading partner with whom the CARO Enterprise Account holder has interacted in a VRS-facilitated credential exchange. It is basically the other side in a product enquiry process.
CredentialCredentials exist in the physical and digital world. They are essentially certificates that attest to a certain status or achievement. This means an electronic credential is a digital assertion containing a set of claims made by an entity about itself or another entity. The entity described by the claims is called the subject of the credential.See Verifiable Credential
CredentialingCredentialing in the context of DSCSA is the process of verifying documentation that proves a certain legal or regulatory status, e.g. the formal review of a pharmacy’s State license and proof of the company’s existence. Within the digital world, electronic credentials can be issued once electronic and/or physical documentation has been approved.See Verifiable Credential
Credential IssuerThis is an entity that is authorized to issue a credential and transmit the credential to a holder who stores Verifiable Credentials in a digital wallet. Issuers are, for example, government organizations, healthcare centers, financial organizations, universities, and regulatory compliance providers.OCI Credential Issuer Conformance Criteria

D #

TermWhat is it?Dive deeper
Decentralized Identifier (DID)A DID is a type of identifier that enables verifiable, decentralized digital identity. A DID is unique and may refer to any subject (e.g. a person, organization, thing, data model, abstract entity). It is a simple text string consisting of three parts: 1) the did URI scheme identifier, 2) the identifier for the DID method, and 3) the DID method-specific identifier. An example of a DID is did:ethr:123454123412341236abcdef. DIDs and DID documents are managed via verifiable data registries.W3C DID
DID DocumentThis is the cryptographic metadata associated with a specific DID, such as the public key information or service endpoints. This record is accessible using a DID resolver.W3C DID Resolution
DID MethodThis is a mechanism by which a particular type of DID and its associated DID document are created, resolved, updated, and deactivated. DID methods are defined using DID method specifications.W3C DID Method Specifications
DID ResolverThis software derives the DID document for a given DID by applying the respective DID method.
Digital WalletA physical wallet stores your IDs like drivers’ licenses, credit cards, and other credentials. In a similar sense, a digital wallet is a piece of software that allows you to securely acquire, store, manage and check Verifiable Credentials (VCs) as well as Decentralized Identifiers (DIDs). The wallet is not just a storage facility but also permits the use of VCs. This means that the wallet enables you to access certain services or exchange information. In the OCI ecosystem, integrators like VRS providers are able to connect themselves to your digital wallet to facilitate your drug information enquiries. This enables your compliance with DSCSA.OCI Digital Wallet Conformance Criteria
Drug Supply Chain Security Act (DSCSA)The DSCSA was enacted by US Congress on November 27, 2013. It demands several improvements to the US drug supply chain, for example, through an electronic, interoperable system to identify and trace prescription drugs. The goal is to prevent harmful drugs from entering or spreading across the US supply chain.DSCSA

E #

TermWhat is it?Dive deeper
Early Adopter ProgramAs part of OCI’s Early Adopter Program Initiative, Spherity accepts organizations eager to experience and test our regulatory compliance solution.CARO Early Adopter Program
Enterprise IdentifierThis is a unique ID for an enterprise. In CARO, this is the DID of an organization.See DID

J #

TermWhat is it?Dive deeper
JSON Web Token (JWT)JWT is an open standard for secure data transmission. The transmitted information is digitally signed and can be verified. JWT is often used for authorization management, as the token can be used to manage access permissions.JWT intro

O #

TermWhat is it?Dive deeper
Open Credentialing Initiative (OCI)OCI is a collaborative non-profit industry collaboration formed in April 2021 by a group of trading partners, solution providers, and standards organizations to support the US pharmaceutical industry in adopting credentialing and digital wallet technologies to enhance supply chain security, and thus the protection of consumers. The ecosystem is open to trading partners, solution providers, associations, standards bodies, and others interested in contributing to future enhancements of the architecture and use cases.OCI Website

P #

TermWhat is it?Dive deeper
Product Identifier (PI)This is an ID fixed to each package and homogenous case of a marketed product.FDA Guidance - PI
Proxy ServerThis is an intermediary system that acts as a gateway between internet users and the web pages they visit online. A proxy aims to increase cybersecurity for your computer by protecting you from internet threats like malware.

T #

TermWhat is it?Dive deeper
Trust TriangleThere are three entities in a Verifiable Credential (VC) ecosystem: Issuer, Holder, and Verifier. The issuer generates and bestows the credential; the holder is the entity about and/or for whom the credential is issued; and the verifier checks claims within a credential. The latter trusts the legitimacy of the issuer but does not need to trust the holder thanks to the verifiability of the holder’s VC. Trust TriangleW3C Ecosystem

U #

TermWhat is it?Dive deeper
URL (Uniform Resource Locator)This is a unique identifier used for locating files on the internet. It is basically the full web address of any website resource, e.g. A domain name, e.g. ‘’, forms part of a URL. Hence, you often see these terms used interchangeably.

V #

TermWhat is it?Dive deeper
Verifiable Credential (VC)Credentials are sets of claims that identify a particular entity or verify a specific attribute or qualifications such as driver’s license, enterprise ID, and university degrees. W3C Verifiable Credentials provide a mechanism to express these sorts of credentials on the web in a cryptographically secure, privacy-respecting, and machine-verifiable way. Trust TriangleW3C VC Use Cases
Verifiable Data Registry (VDR)A system or network that facilitates the creation, verification, updating, and/or deactivation of DIDs and DID documents, and even verifiable credentials. Examples for VDRs include distributed ledgers, decentralized file systems, databases of any kind, peer-to-peer networks, and other forms of trusted data storage.
Verifiable Presentation (VP)A digital presentation is created from VC data in order to be shared with a verifier. A VP is a tamper-evident digital presentation that can be cryptographically verified to ascertain the trustworthiness of the presented data. Certain VP types might contain data that is synthesized from, but does not contain, the original verifiable credentials (for example zero-knowledge proofs).W3C VC Data Model - VP
Verification Router Service (VRS)VRS refers to a third-party routing system to send product information back and forth between pharmaceutical supply chain actors. Generally, the manufacturer holds all the required product identifier information. Upon information requests from downstream supply chain partners, e.g. dispensers or wholesalers, the manufacturer releases the requested information. This exchange is facilitated by VRS. Hence, within CARO a VRS can act on behalf of the VC holder (when generating a verifiable presentation) or the verifier (when verifying a verifiable presentation).HDA Saleable Returns Pilot

W #

TermWhat is it?Dive deeper
WalletSee digital wallet