Decentralized Adoption of Decentralization

cross-posted to

I’m using the immunity credential use case to sequence adoption into 8
steps (table below). I hope to have a session at IIW about this sequence of
standards. It might also inform DIF, SDS, and glossary discussions.

I strongly recommend reading the Solid / Sovrin paper “COVID-19 Antibody
Test Certification There’s an app for that”
to understand the reason for my approach. HT Kaliya for pointing it out.

The sequence below is captured in our Trustee Immunity Passport demo which
I hope Solid, Sovrin, and others will sponsor and interop with. See:

Editable gdoc is here:


Standard component introduced

Why is this the next step to decentralization


Doctor gets a secure element - DID

Enables a non-repudiable signature.


Patient gets an authorization server - UMA AS

Otherwise report remains centralized to the doctor’s employer institution,
a hospital.


Hospital can present human-readable report with photo - SSL

Patient can direct the destination verifier. Biometric mitigates


Verifier installs secure display app - JWT

Necessary to trust patient as holder


Hospital can present a signed human-readable report - JWT

Allows patient to direct destination to personal data store (PDS). Report
includes photo or drivers’ license number


Hospital installs identity provider API - OpenID Connect

Allows doctor to sign-in and sign a credential directly in the patient’s
PDS with their DID


Verifier installs signature verification to doctor directory or DID

Verifier will need the doctor’s public key from somewhere.


Patient PDS installs doctor sign-in and report signature API

Allows patient to avoid tracking of credential use by the hospital


Patient PDS installs doctor credential verification - VC

Allows doctor to sign-in and act independently of the hospital


Doctor installs credentials storage. - VC

Allows doctor to avoid tracking of credential use


Hospital or licensing board installs credentialing API - VC

Allows doctor to avoid tracking of credential use


Verifier installs doctor’s credential verification - VC

Allows doctor to avoid tracking of credential use by the hospital operating
a directory - revocation method is involved


Immunity credential is standardized as a VC

Allows machine verification of the patient’s credential as long as the
biometric can also be checked by the machine.

Decentralization is achieved...

for the immunity credential use case. Note that the patient may not need a

Hope this helps,
- Adrian

Received on Saturday, 25 April 2020 15:39:08 UTC