Biometric Health Cards (was: CBOR-LD stabilization (was: Re: Regarding CBOR-LD Web Transports))

In some cases, such as COVID credentials, it makes sense to also reduce the
privacy impact of linking the subject to a correlatable identifier while
fraud-proofing the credential.

At IIW, I proposed a biometric health card that uses a quantized face as
the "logo" in the QR code with only a hash of the quantized face as a
subject identifier in the VC itself.

https://github.com/HIEofOne/Trustee-Community/blob/master/Biometric%20Health%20Card.pdf

This holder-controlled biometric avoids most, if not all, of the privacy
and equity issues raised by current health credential designs because the
biometric can be different on every issue and is not stored in any registry.

We are now looking for implementation help to add this feature to a
verification app. (The demo VC does not have the hash in it yet. Using
python hash(), it's 0x118b44a560908fbf in this example)

[image: QFVC-QR.png]

On Tue, Apr 20, 2021 at 11:35 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 4/10/21 4:42 PM, Orie Steele wrote:
> > I'm really enjoying working with CBOR-LD, even though it's still
> > pretty young I think it holds tremendous promise, particularly
> > because of its support for losses bi-directional transformations with
> > JSON (LD).
>
> Hey Orie, thanks for the shout out and for contributing Transmute's demo
> to the growing body of work around CBOR-LD.
>
> Digital Bazaar has a few updates to share with the community.
>
> 1. With a huge thank you to Dave Longley, a new version of the CBOR-LD
>     library, with generalized and stable algorithms, and that works
>     in the browser and node.js, has been released:
>     https://github.com/digitalbazaar/cborld
>
> 2. We have split out the CBOR-LD command line interface into a
>     separate project:
>     https://github.com/digitalbazaar/cborld-cli/tree/initial
>
> 3. DB has released a CBOR-LD to QR Code image library for encoding
>     and decoding Verifiable Presentations:
>     https://github.com/digitalbazaar/vpqr
>
> 4. After some consultation with Mattr and Transmute, we've settled
>     on a base32 alphanumeric QR Code encoding that is 10% more
>     space efficient than base64url byte mode. This is important because
>     this format is compatible with hundreds of QR Code readers on the
>     market. Every QR Code reader that we've tested has worked with
>     this new format.
>
> At present, we can do a 1,107 byte digitally signed Age Verification
> Token Verifiable Credential and compress it down to 357 bytes of
> CBOR-LD, which translates to the following QR Code sizes (note: "matrix
> size" can be thought of as "pixels wide x pixels high"):
>
> base32 (error correction: high) -- Version: 21, matrix size: 101x101
> base32 (error correction: medium) -- Version: 15, matrix size: 77x77
> base32 (error correction: low) -- Version: 13, matrix size: 69x69
>
> A sample QR Code encoded in this format is attached to this email. You
> should be able to scan it with any Android or iOS QR Code scanner (the
> camera app should work... the data should start with "VP1-", which means
> "Verifiable Presentation Version 1").
>
> At this point, adventurous implementers could take a look at the cborld
> library code and implement their own version. We are fairly certain that
> the code isn't going to change much at this point; we've hit a point of
> stability and are interested to see if other implementers have feedback
> on where we've landed with CBOR-LD.
>
> We'll be providing more information in a few days on how this new
> technology and these libraries are being deployed to address real use
> cases in retail and healthcare.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Veres One Decentralized Identifier Blockchain Launches
> https://tinyurl.com/veres-one-launches
>