Re: [PROPOSED WORK ITEM] Vaccination Certificate Vocabulary

It goes deeper than just the paper credential issue. The current model for
SSI seems to be unnecessarily brittle and this will harm adoption.

If we all want the controller (of the wallet) to be in control, why are we
not building on a foundation where the controller can control the issuer
through a capability so that the verifier can get the credential directly
from the issuer, IFF the controller agrees?

Adrian



On Thu, Feb 18, 2021 at 3:44 PM Steve Capell <steve.capell@gmail.com> wrote:

> Thinking about it
>
> Isn’t it FAR more likely that the verifier has internet access (because
> they are standing in a coverage area) but has no smart phone (because it
> needs charging or is misplaced). I’m constantly running out of power or
> leaving my phone in the car/office/house. Same would be true in the
> developing world.  Therefore equity is served by making sure that both
> sides can just use paper - with digital verification happening later.
>  “Thanks, let me take a copy of your certificate,  it looks real and I can
> see that the name on the cert is the same as the name on your drivers
> license - but I’ll verify it later when I find / charge my phone”..
>
> Steven Capell
> Mob: 0410 437854
>
> On 19 Feb 2021, at 6:07 am, Steve Capell <steve.capell@gmail.com> wrote:
>
> Thank you all for your answers
>
> Just to be clear, I wasn’t questioning the need for holders to have paper
> credentials.  100% agree with that.  Huge numbers of people don’t have
> smart devices.  Sometimes I wish I didn’t have one either..
>
> The question was about verifiers.  As a holder of a paper cert, I usually
> am asked to present it to some kind of authority or institution (border,
> transport, agency, bank, etc) in order to complete some transaction.  It is
> much less common for the verifier not to have access even in the developing
> world. They still need a smart phone to read the QR in any case. I take the
> point about power outages.  But then a few hours after the outage my
> battery would be dead anyway.  Typically the default in this situation is
> that the verifier will just inspect the paper, maybe jot down the key
> details to verify later.  In that scenario, as a verifier (without a
> working smart phone), I need to see the actual data on the paper because my
> brain can’t parse the QR.
>
> Steven Capell
> Mob: 0410 437854
>
> On 19 Feb 2021, at 4:23 am, Adrian Gropper <agropper@healthurl.com> wrote:
>
> 
> To provide equity and access, we should be offering everyone a baseline
> service like India does with IndiaStack. Once people have a right to a
> secure on-line document store they control, the issue of access to mobile
> devices and people like children and elders that need guardians will no
> longer be an issue.
>
> The cost of an on-line secure wallet would be trivial if we see it as a
> commodity and a human right. It's inevitable. We're just wasting time and
> lives.
>
> Adrian
>
> On Thu, Feb 18, 2021 at 12:06 PM Scott Gallant <scott@scottgallant.com>
> wrote:
>
>> in my delay...
>>
>> @Jim wrote... "we’re forming a working group on verifiable credentials
>> and equity."
>>
>> ...very nice
>>
>>
>> On Thu, Feb 18, 2021 at 11:49 AM Scott Gallant <scott@scottgallant.com>
>> wrote:
>>
>>> The struggle is real. I need help/solution for the intermittent/offline
>>> in island nations (even innovative ones with national id systems in flight,
>>> etc) with successful VC early use cases forImmigrations/Customs and Health
>>> testing/vax proofs. Note also these are at known main-stream
>>> experiences/transactions and I have creds/assertions to render based on
>>> softer triggers of time, movement, and behavior at a very local level
>>> outside party-party transaction that require local processing standards.
>>> Context switching, caching, syncing required along with added controls for
>>> in-person-proofing, etc which, once a party pops back online enhance the
>>> trust model with new creds itself. At a business level, we've had to scale
>>> our Health Threat Response offerings to optionally include expanded
>>> wifi/satellite/telco solutions- but that shoudln't be the only answer.
>>>
>>> Vaccination Cred points to serve infectious disease... always on the top
>>> ten list of world Health Threats. Right next to it on that list are Access
>>> & Equity in care. Thus... should other pointed VC standards isolate/attack
>>> this top down in addition to it being a core part of 'Society' above?
>>>
>>> -Scott
>>>
>>>
>>> On Thu, Feb 18, 2021 at 10:38 AM John, Anil <anil.john@hq.dhs.gov>
>>> wrote:
>>>
>>>> Very much agree.
>>>>
>>>>
>>>>
>>>> As an FYI, our internal rationale for why we are on this public journey
>>>> in the DID/VC ecosystem has multiple components:
>>>>
>>>>
>>>>
>>>>    - Technical ~ Need for systems and services that are resilient,
>>>>    self-healing, and can operate under duress in a world where perimeter-based
>>>>    security is no longer enough.
>>>>    - Business ~ Prevent development of “walled gardens” or closed
>>>>    technology platforms that do not support common standards for security,
>>>>    privacy, and data exchange.
>>>>    - Society ~ Remove limits on the growth and availability of a
>>>>    competitive marketplace of diverse, interoperable solutions for government
>>>>    and industry to draw upon to deliver cost effective and innovative
>>>>    solutions that are in the public interest.
>>>>
>>>>
>>>>
>>>> The “ … in the public interest” bit REQUIRES us to deliberately,
>>>> consistently and with discipline focus on ensuring equity and access. Not
>>>> saying that we get it right all the time or that we succeed every time, but
>>>> we try and will keep trying.
>>>>
>>>>
>>>>
>>>> <step-off-my-soapbox />
>>>>
>>>>
>>>>
>>>> Best Regards,
>>>>
>>>>
>>>>
>>>> Anil
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Leonard Rosenthol <lrosenth@adobe.com>
>>>> *Sent:* Thursday, February 18, 2021 9:56 AM
>>>> *To:* John, Anil <anil.john@hq.dhs.gov>; W3C Credentials CG <
>>>> public-credentials@w3.org>
>>>> *Subject:* Re: [PROPOSED WORK ITEM] Vaccination Certificate Vocabulary
>>>>
>>>>
>>>>
>>>> *CAUTION: *This email originated from outside of DHS. DO NOT click
>>>> links or open attachments unless you recognize and/or trust the sender.
>>>> Contact your component SOC with questions or concerns.
>>>>
>>>>
>>>>
>>>> >The use case is to ensure equity and access … Globally, and not just
>>>> in the fully connected world.
>>>>
>>>>
>>>>
>>>> And this needs to be true for **EVERYTHING** we design and build – not
>>>> just this project.
>>>>
>>>>
>>>>
>>>> Leonard
>>>>
>>>>
>>>>
>>>> *From: *"John, Anil" <anil.john@hq.dhs.gov>
>>>> *Date: *Thursday, February 18, 2021 at 8:39 AM
>>>> *To: *W3C Credentials CG <public-credentials@w3.org>
>>>> *Subject: *RE: [PROPOSED WORK ITEM] Vaccination Certificate Vocabulary
>>>> *Resent-From: *<public-credentials@w3.org>
>>>> *Resent-Date: *Thursday, February 18, 2021 at 8:36 AM
>>>>
>>>>
>>>>
>>>> > More generally, what is the evidence / use case metrics for offline
>>>> verifiers ?
>>>>
>>>>
>>>>
>>>> “offline” has nuances.
>>>>
>>>> Is it never online, or is it occasionally connected over sparse or
>>>> unreliable networks?
>>>>
>>>> I would assume (as I don’t have ready access to data that will
>>>> prove/disprove this assertion) that it is more likely to be the latter and
>>>> not the former.
>>>>
>>>>
>>>>
>>>> However, to answer your actual question  -
>>>>
>>>>
>>>>
>>>> The use case is to ensure equity and access … Globally, and not just in
>>>> the fully connected world.
>>>>
>>>>
>>>>
>>>> Best Regards,
>>>>
>>>>
>>>>
>>>> Anil
>>>>
>>>>
>>>>
>>>> Anil John
>>>>
>>>> Technical Director, Silicon Valley Innovation Program
>>>>
>>>> Science and Technology Directorate
>>>>
>>>> US Department of Homeland Security
>>>>
>>>> Washington, DC, USA
>>>>
>>>>
>>>>
>>>> Email Response Time – 24 Hours
>>>>
>>>>
>>>>
>>>> <image001.png>
>>>>
>>>>
>>>>
>>>