- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Tue, 12 May 2020 21:36:25 +0100
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
On 12/05/2020 18:19, Adrian Gropper wrote: > This work complements efforts to focus our community on adoption > issues around SSI in general. > > The IIW30 session > https://iiw.idcommons.net/*SSI_Adoption_Sequence_in_a_Pandemic* > <https://iiw.idcommons.net/SSI_Adoption_Sequence_in_a_Pandemic> comes > at this by drawing a parallel with the W3C Prescription Use Case. > Please check out the doc at the top of the notes as well as the IIW > discussion. > > The prescription use case assumes there are two identities involved: > the doctor as prescriber and the patient as subject. The pharmacist is > the verifier. Mapping to COVID credentials, the lab is the issuer but > a doctor could also be the issuer. > > I was unable to open the link to your COVID credentials demo on this > slide https://youtu.be/yqSr0xKcG18?t=1123 What follows may be a bad > assumption on my part... The link is actually https://youtu.be/Q-1X1FRSTss This shows the benefit of base58 encoding!! The font used in the ppt does not differentiate between one and capital eye unfortunately > The key point for both David and my framing is that the patient as > subject does not need a DID. The issuer may need a DID but since their > credentials are typically public the holder / presentation issue for > privacy might be an unnecessary barrier to adoption. > > Another DID issue has to do with correlation. I agree with David that > FIDO2 should be baseline and DIDs pose a privacy risk that is often > unnecessary. However, in general, patient privacy benefits from a > self-sovereign authorization server that represents their persona > across multiple service providers. How do we avoid unwarranted > correlation when "registering" the FIDO2 key (browser fingerprinting?) Because FIDO2 ensures a different key pair is used for every service provider. It strongly enforces SOP. Kind regards David > or the authorization server (as a pairwise DID service endpoint)? > > Also, as we heard in the fabulous EuroPass presentation in the Ed > Credentials call on Monday, in practice the verification of the > subject's credential (be it about immunity or a prescription) might > often be outsourced to an intermediary by the verifier and this seems > to overlap with our DID Resolution work. > > - Adrian > > > > On Tue, May 12, 2020 at 6:01 AM David Chadwick > <D.W.Chadwick@kent.ac.uk <mailto:D.W.Chadwick@kent.ac.uk>> wrote: > > Hi Everyone, > > Kuppinger Cole is having a free online seminar today on the Future of > Identity Management. Registration is open to everyone. See > > https://www.kuppingercole.com/events/identity-fabrics-iam > > I have just given a talk entitled "I want COVID-19 Certificates but I > don't want a DID" which some of you might find relevant and > interesting. > I have recorded it and put it on YouTube here, just in case you > missed it > > https://youtu.be/yqSr0xKcG18 > > I would be very interested in anyone's critical appraisal of my > talk, so > that it can be improved next time > > > Kind regards > > David > > >
Received on Tuesday, 12 May 2020 20:36:42 UTC