- From: Jeremy Townson <jeremy.townson@gmail.com>
- Date: Thu, 10 Sep 2020 16:57:47 +0200
- To: steve capell <steve.capell@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAAic94FwStDNNabR9DHir-B1oR7=GojnV1eitPCHiEsE6k23WQ@mail.gmail.com>
Hi Steve, A couple of things I noted about your approach: > That the identifiable subject DID-X... It is arguably better not to use a DID here. The presence of the DID will bind the credential to a specific wallet/device, which could conceivably invalidate the credential in scenarios where it is in fact valid. The important binding seems to be to the individual who has been vaccinated and the best way to do that is probably to use the full name and date of birth. The reason for that is name/dob is an identifier commonly used in a medical setting. A passport number might be useful, especially given the verifier app you sketch out, however, it might also be impractical because, in general, doctors do not hold their patient's passport numbers. > VC-2: That physician DID-Y is accredited... Have you considered instead a second credential issued by the supplier of the vaccine? This could then also contain specific details of the vaccine itself -- strain, date of production, etc. Effectively, the border force has to then configure the specific vaccine/suppliers which they accept. You want to handle the edge case where a qualified doctor administers a vaccine that does not work. Regards, Jeremy Townson On Thu, 10 Sep 2020 at 00:58, steve capell <steve.capell@gmail.com> wrote: > Hi team, > > I'm working on an example of a covid-19 immunisation record for > cross-border travellers and wondered if anyone had an example. > > For the VC to be acceptable as proof to the arrival country, i think there > would need to be two separate proofs: > > - VC-1: That the identifiable subject DID-X (with passport number 123) > was vaccinated by physician issuer DID-Y > - VC-2: That physician DID-Y is accredited by authority > well-known-domain-Z > > Verifier process would be something like > > - confirm holder is the subject (check /scan passport) > - confirm subject is vaccinated (VC-1) > - use issuer DID-Y to discover VC-2 > - confirm issuer is accredited by an authority trusted by the arrival > border control (typically a .gov domain in the issuing country) > > will do an example of this with an SG govt style open attestation - maybe > with oracle as issuer approach. would be nice to do another one with W3C > VC - maybe with the trust chain discovery approach. > > thoughts? > > kind regards, > > -- > Steve Capell > >
Received on Thursday, 10 September 2020 14:58:12 UTC