W3C home > Mailing lists > Public > public-credentials@w3.org > April 2020

Decentralized Adoption of Decentralization

From: Adrian Gropper <agropper@healthurl.com>
Date: Sat, 25 Apr 2020 11:38:42 -0400
Message-ID: <CANYRo8jXOFszJ2Y2_mCn99najyijPH48FgN5JciqLQ5D9OsQaA@mail.gmail.com>
To: W3C Credentials Community Group <public-credentials@w3.org>
cross-posted to https://difdn.slack.com/archives/C4X1Z0T7H/p1587828480246600

I’m using the immunity credential use case to sequence adoption into 8
steps (table below). I hope to have a session at IIW about this sequence of
standards. It might also inform DIF, SDS, and glossary discussions.

I strongly recommend reading the Solid / Sovrin paper “COVID-19 Antibody
Test Certification There’s an app for that” https://arxiv.org/abs/2004.07376
to understand the reason for my approach. HT Kaliya for pointing it out.

The sequence below is captured in our Trustee Immunity Passport demo which
I hope Solid, Sovrin, and others will sponsor and interop with. See:
https://bit.ly/Trustee-Summary

Editable gdoc is here:
https://docs.google.com/document/d/1KX6Xcm_jAzj_CWMhoYjFBOX7KXE8vVEgYHua6Kj_AKo/

Step

Standard component introduced

Why is this the next step to decentralization

1

Doctor gets a secure element - DID

Enables a non-repudiable signature.

2

Patient gets an authorization server - UMA AS

Otherwise report remains centralized to the doctor’s employer institution,
a hospital.

3

Hospital can present human-readable report with photo - SSL

Patient can direct the destination verifier. Biometric mitigates
impersonation.

4a

Verifier installs secure display app - JWT

Necessary to trust patient as holder

4b

Hospital can present a signed human-readable report - JWT

Allows patient to direct destination to personal data store (PDS). Report
includes photo or drivers’ license number

5a

Hospital installs identity provider API - OpenID Connect

Allows doctor to sign-in and sign a credential directly in the patient’s
PDS with their DID

5b

Verifier installs signature verification to doctor directory or DID

Verifier will need the doctor’s public key from somewhere.

5c

Patient PDS installs doctor sign-in and report signature API

Allows patient to avoid tracking of credential use by the hospital

6a

Patient PDS installs doctor credential verification - VC

Allows doctor to sign-in and act independently of the hospital

6b

Doctor installs credentials storage. - VC

Allows doctor to avoid tracking of credential use

6c

Hospital or licensing board installs credentialing API - VC

Allows doctor to avoid tracking of credential use

7

Verifier installs doctor’s credential verification - VC

Allows doctor to avoid tracking of credential use by the hospital operating
a directory - revocation method is involved

8

Immunity credential is standardized as a VC

Allows machine verification of the patient’s credential as long as the
biometric can also be checked by the machine.

Decentralization is achieved...

for the immunity credential use case. Note that the patient may not need a
DID.

Hope this helps,
- Adrian
Received on Saturday, 25 April 2020 15:39:08 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:58 UTC