Re: covid-19 immunisation record as a pair of VC - does anyone have an example? from Jeremy Townson on 2020-09-10 (public-credentials@w3.org from September 2020)

From: Jeremy Townson <jeremy.townson@gmail.com>
Date: Thu, 10 Sep 2020 16:57:47 +0200
To: steve capell <steve.capell@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAAic94FwStDNNabR9DHir-B1oR7=GojnV1eitPCHiEsE6k23WQ@mail.gmail.com>

Hi Steve,

A couple of things I noted about your approach:

> That the identifiable subject DID-X...
It is arguably better not to use a DID here. The presence of the DID will
bind the credential to a specific wallet/device, which could conceivably
invalidate the credential in scenarios where it is in fact valid.
The important binding seems to be to the individual who has been vaccinated
and the best way to do that is probably to use the full name and date of
birth. The reason for that is name/dob is an identifier commonly used in a
medical setting. A passport number might be useful, especially given the
verifier app you sketch out, however, it might also be impractical because,
in general, doctors do not hold their patient's passport numbers.

> VC-2: That physician DID-Y is accredited...
Have you considered instead a second credential issued by the supplier of
the vaccine? This could then also contain specific details of the vaccine
itself -- strain, date of production, etc. Effectively, the border force
has to then configure the specific vaccine/suppliers which they accept. You
want to handle the edge case where a qualified doctor administers a vaccine
that does not work.

Regards,
Jeremy Townson


On Thu, 10 Sep 2020 at 00:58, steve capell <steve.capell@gmail.com> wrote:

> Hi team,
>
> I'm working on an example of a covid-19 immunisation record for
> cross-border travellers and wondered if anyone had an example.
>
> For the VC to be acceptable as proof to the arrival country, i think there
> would need to be two separate proofs:
>
>    - VC-1: That the identifiable subject DID-X (with passport number 123)
>    was vaccinated by physician issuer DID-Y
>    - VC-2: That physician DID-Y is accredited by authority
>    well-known-domain-Z
>
> Verifier process would be something like
>
>    - confirm holder is the subject (check /scan passport)
>    - confirm subject is vaccinated (VC-1)
>    - use issuer DID-Y to discover VC-2
>    - confirm issuer is accredited by an authority trusted by the arrival
>    border control (typically a .gov domain in the issuing country)
>
> will do an example of this with an SG govt style open attestation - maybe
> with oracle as issuer approach.  would be nice to do another one with W3C
> VC - maybe with the trust chain discovery approach.
>
> thoughts?
>
> kind regards,
>
> --
> Steve Capell
>
>

Received on Thursday, 10 September 2020 14:58:12 UTC