Back to Trust Bundle Pilots.

NATE Trust Bundle Pilot

This page describes the production implementation of trust bundles for the National Association for Trusted Exchange (NATE) trust community. NATE was formerly known as the Western States Consortium.

Trust Bundle Usage within the Community

NATE concentrates on the policies, practices, and technologies to enable interstate exchange using Direct. Currently, NATE publishes production and staging trust bundles for a single trust profile to use Direct Project specifications to exchange health information among providers for treatment purposes. HISPs on-boarded for inclusion into the production trust bundle must conform to eligibility criteria listed in Provider-to-Provider for Treatment Trust Profile.

NATE is also publishing pilot trust bundles that support patient-mediated exchange via Direct-enabled PHRs via two trust bundles enabling provider-to-PHR and PHR-to-provider exchange.

Technical Details

Production and staging trust bundles conforming to the Implementation Guide for Direct Project Trust Bundle Distribution Version 1.0 are published at Trust bundles are published by the California Health eQuality program as an unconditionally-conforming publisher, funded under California’s State HIE Cooperative Agreement Program. Pilot trust bundles for patient-mediated exchange are likewise published at without corresponding staging/testing bundles.

CHeQ is testing use of the Java tools developed as part of the Direct Reference Implementation to create its trust bundles.

Trust Bundle Packaging

NATE publishes unsigned trust bundles with metadata. This format was selected to:

  1. enable manual installation of trust anchor certificates using standard MS Windows tools until HISPs update to automated means, and
  2. discourage out-of-band distribution.

NATE considered the signed trust bundle format as well. However, none of the HISPs initially in the trust bundles had implemented the trust bundle content or distribution standards as a requester and therefore were using manual retrieval and installation. Use of signed trust bundles and the requirement for specialized software to manage them was thought to be an undo barrier for small HISPs given that out-of-band distribution is discouraged.

Metadata includes the full description of the trust profile, a “valid from” date comprising the date the trust bundle was created and published, and trust anchor certificate issuer and serial number information for all certificates included in the trust bundle. It does not include a "valid to" date. See the publication site for a listing of metadata included in each trust bundle.

NATE began publishing its trust bundles in November 2012, before the current standard had been developed. It continues to distribute trust bundles in a legacy format comprising a ZIP compressed archive containing trust anchor certificates and metadata in a text "README" file.

Trust Bundle Distribution

Trust bundles are currently published at conforming to the Implementation Guide for Direct Project Trust Bundle Distribution for unsigned trust bundles.

Trust Bundle Requesters

HISPs in the NATE trust community have begun to implement the standards for automatic request and installation of trust bundles. Some trust bundles are still downloaded and installed manually.


This section will include an ongoing list of the findings as NATE continues production use of the trust bundle implementation guide.
  • It would be useful to include the organization to which the trust anchor certificate was issued, in addition to the issuer, in the trust bundle metadata. The issuer is of limited utility to many trust community members in identifying a trust anchor.
  • Even those Direct services that have implemented the trust bundle standards to retrieve and install trust bundles as Requesters found it difficult to manage anchors in their trust stores if they had installed multiple bundles and/or some point-to-point trust agreements and anchor exchanges.