- From: Adrian Gropper <agropper@healthurl.com>
- Date: Tue, 15 Dec 2020 16:26:25 -0500
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8j55K-YY_qc+PAra_4GGeT+fDP9FUC79Guz4PgGOOfGnw@mail.gmail.com>
The verifier is presented with a vaccination credential equivalent to the paper travel and school document. Postulate a vaccinator registry that issues a registration number and stamp to certified vaccinators. The registration number is effectively public because every patient sees it in the clear. Note that it is not a vaccination registry because it has no notion of a particular patient / subject. The patient wants to prove vaccination without disclosing the actual identity of the vaccinator. It's none of the verifier's business. The vaccinator also has a privacy interest in not letting them be tracked by unknown verifiers. The patient and/or vaccinator enlist a notary to verify the credential of the vaccinator and of the patient. Banks typically provide this low-cost service as part of a broader customer relationship. The notary effectively replaces the vaccinator's registration number with their own and creates an auditable log of the transaction. The log is accessible to the verifier under court order or other expense. The log is accessible for sampling by other independent auditors who might revoke either the vaccinator or the notary registration. + The subject is not allowed to see the contents of the verifiable credential. Imagine it's a letter of recommendation instead of a vaccination. The school does not want to release the contents of the letter of recommendation to just anyone. The school has policies that require the verifier to be credentialed and registered somewhere (e.g. Fortune 500, or D&B) and to have a public encryption key associated with their registration. The VC is encrypted with the verifier's public key by either the issuer or a notary as an intermediary that has checked the verifier's credential and keeps an audit log. = These two use-cases are also economically important because the issuer does not want to bear the risk of dealing with the verifier and the verifier does not want to bear the risk of dealing with the issuer. A notary limits the risk of both parties by checking the (deduplicated) identity of the VC subject and any registered credentials of the issuer or verifier. The economy comes because whether it's vaccination or voting, a sample audit can suffice to keep the bonded participants honest. Adrian
Received on Tuesday, 15 December 2020 21:26:50 UTC