- From: Adrian Gropper <agropper@healthurl.com>
- Date: Wed, 7 Jul 2021 21:17:29 -0400
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8iaOipqb9aWDYVG03pQM6kJqbbRveA2+MZ3Fychad4sYw@mail.gmail.com>
https://www.technologyreview.com/2021/07/06/1027770/vaccine-passport-new-york-excelsior-pass/ On Wed, Jul 7, 2021 at 7:24 PM Adrian Gropper <agropper@healthurl.com> wrote: > Thank you Manu, Dave, and Ted for your questions. I will respond to Dave's > question below as we wait for others to chime in on the numbered issues. > > Let's look at the "Vaccine Passport" use-case. It's still hot global news > and it is also an example of privacy concerns and controversies around the > W3C and the broader SSI community. > > Definition: A vaccine passport (vc) is a contextual interpretation of a > vaccine credential (vp). It's a lucky coincidence that vc / vp parallels VC > / VP :-) > > 1. Alice receives a vaccine for public health reasons without any > specific verification context in mind. The vc / VC is available in a > vaccine registry run by the state. > > 2. Alice wants to take a cruise with 1,000 strangers. The cruise operator > wants people to be safe and feel safe. For the operator, it's the only way > to stay out of bankruptcy. As a result, the operator's policy is that 100% > of anyone on board is vaccinated _and_ they have had a negative Covid test > within 72 hours. This is not an unusual context. Access to hospital > procedures, for example, also requires a recent test regardless of > vaccination status. > > 3. Alice gets tested at some lab 48 hours before boarding the cruise. This > allows 24 hours for the lab result and a 24 hr cushion on boarding delays > and other schedule mishaps. The test result also ends up in Alice's health > record but it is not in the state registry. > > 4. The cruise operator (as verifier) has contracted with a Contextual > Covid Passport Authority (CCPA, not to be confused with CCP as the passport > authority in China) to provide a Yes or No answer when Alice wants to > board. The CCPA has some complicated method of considering the context > (2), the vc in the state registry (1), and the test in Alice's health > record (3). But it works well enough for all the parties involved. > > 5. To process for the Yes / No boarding determination, access will be > needed to a VC from the state registry and another VC from the hospital > that holds Alice's health records. The Yes / No boarding determination > itself is a third VC issued to Alice 24 hours before boarding along with or > integrated into her traditional boarding pass. This is useful because > nobody wants Alice to discover a problem as she's trying to step off the > gangplank. > > 6. All three of these VCs from three separate issuers are available via > VC-HTTP API. Alice hates smartphones and apps but she is willing to use > technology to provide consent. For example, when she gets a text message on > her feature phone saying: Is it OK for {this}? Reply Yes or No. > > 7. With GNAP, the cruise operator (trusted by Alice) fronts a GNAP > Authorization Server operated by CCPA (trusted by the cruise operator). The > cruise operator is able to send consent text messages to Alice (as in step > 6) as appropriate and Alice is fine with that because she has a _voluntary_ > relationship with the cruise operator. Everyone is fine with that because > the consent questions are being presented to Alice in context of something > she more-or-less understands and expects. > > So, behind the scenes, we have all sorts of servers and clients and > user-agents and maybe a mandate to do it all according to zero-trust > architecture. There may be middlemen services and trusted microservice > platforms. Alice's health records could be in 5,000 different places and > her vaccine credential could be in 50 state registries. Of the 1,000 people > on board, some are children, others are demented, and a sizable number are > not citizens of the US. > > Notice that trust federations are of limited help in this situation. The > context definition is entirely up to the cruise operator as verifier. No > state or federal regulations are involved except to the extent access to > the vaccination registry VC is covered by some public sector law and access > to the health record is covered by HIPAA. Postulating that 70% of the 1,000 > passengers on the cruise has an Apple or Android phone, with or without > some app like Microsoft Authenticator is reasonable but I'm not sure it > helps the situation. > > Finally, I'm not saying this use-case can't work with OAuth2 and client > credentials and I'm not saying that GNAP alone will fix this. What I'm > claiming is that the success of our SSI adventure depends on not tying > VC-HTTP API to OAuth2. > > - Adrian > > > > On Wed, Jul 7, 2021 at 4:11 PM Ted Thibodeau Jr <tthibodeau@openlinksw.com> > wrote: > >> Adrian -- >> >> This brief message is to say -- >> >> The longer messages from Manu and Dave did a remarkable >> job of covering what I was thinking, and wording it more >> clearly than what I was drafting. >> >> It would (hopefully) bring me a lot closer to understanding, >> and thus to addressing, your position if you could provide >> some concrete answers and examples as they described and >> requested in their messages. >> >> Thanks, >> >> Ted > >
Received on Thursday, 8 July 2021 01:18:48 UTC