RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

Re: I guess I’m going through this scenario because I don’t understand the need for the third-party credential notarization service… but maybe I’m missing something.


  1.  I believe third-party credential notarization service providers will be (are) necessary for small organizations, individuals, students, etc. who can’t afford to or otherwise don’t have the resources to be/act as Everyday Issuers.

Once established in the “small” …left side of the technology adoption curve (https://hyperonomy.com/2019/10/16/technology-adoption-models/), I can see an entire industry of third-party credential notarization service providers evolving providing their services to SMBs, local, state/province, as well as federal government departments/organizations as well as corporations. …similar to the way on-premise systems have evolved into cloud-based services, etc.

  2.  The home medical monitoring scenario is a tricky one (the way you described it). The device may have been entirely preset/configured by the health care provider and, in a sense, is actually operating on their behalf …not yours.  The patient in this scenario is more of a subject as in an animal subject generating readings. :-)  …that’s why I choose the blood pressure *home* monitoring scenario because that’s more typically a device I buy, own, and control …and hence, (usually) own and control the data displayed on it.  CPAP machines that automatically upload your evening’s sleep pattern to a cloud-based service that you subscribe to falls somewhere in the middle. It appears you own and control your data but not really.

Thank you for continuing the discussion Leah,
Michael

From: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Sent: July 17, 2021 7:50 AM
To: Leah Houston, MD <leah@hpec.io>
Cc: public-credentials@w3.org
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios


Ok, except for the statement "Her data should be ZKP shared". I think the requirement actually is selectively disclosed. ZKP is an example of just one technology that can do this.

Kind regards

David
On 17/07/2021 13:04, Leah Houston, MD wrote:

As a physician I’d like to jump in here,

We were talking about the digital health Industry currently nearly $150B and slated to be over $400 billion by 2027:

https://www.gminsights.com/industry-analysis/digital-health-market


A self sovereign interface to home monitoring systems that are completely controlled by the individual patient should be our goal, and it’s important for us to understand the privacy preservIng scenarios that put the patient at the center, as we design and build the solutions that are going to feed into this industry.

Ex: Alice is discharged from the hospital with a device (or a device is sent to her home ) that records her temperature heart rate blood pressure, respiratory rate and oxygen saturation X numbers of time per day.

As part of her discharge planning she may be required to send this information to her doctor three times per day for the first 30 days after discharge, and then twice a week for the next 30 days and then once a week moving forward.

* returns after discharge or a major cost for health systems and they are carefully monitored*

Through her digital health monitoring device, connected through her self sovereign application for recording storing, and sharing any data that that device produces - the monitoring program should be automated and easily programmable where Alice is in control. She could get text message, or automatic phone call notifications prompting her to check her vitals signs with the device for example, and she could be prompted to share it with her doctor every time, or she could agree to a specified monitoring. As part of her discharge planning.

If there is a self sovereign interface the device should not have any personal identifying information attached to it.

Her data should be ZKP shared and only her and her doctor (nurses and other clinicians) should have access.

Now regarding billing, insurance, and things of that nature, there should be an audit trail with timestamps demonstrating that “data” was in fact coming from Alice, and being checked by her doctor, but the insurance company shouldn’t have access to any other information. Just enough to pay for the services that are being rendered by the doctor.

I guess i’m going through this scenario because I don’t understand the need for the third-party credential notarization service… but maybe I’m missing something.

In the above case the doctor, or the doctors office would be the “notary?” For the insurance company.

Moving forward Alice might want to share this data for another reason, say she is going to visit a new cardiology office that’s not affiliated with the hospital she should be able to easily do that as well, including the audit trail in the timestamps if she chooses.

She should also be able to give permission to her doctor to share that information with any consultants, or referrals.

In the above case the doctor or doctors office would be the “notary“ for any other specialist.

I’m trying to wrap my head around any other entities that should be involved here, and I can’t really think of any…




On Sat, Jul 17, 2021 at 6:37 AM David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>> wrote:

Hi Michael

I have a real life example of what you are trying to achieve. I had to sign a deposition in front of a notary that could subsequently be used in court if needed.  So I took the unsigned letter to the notary, and we both signed it in front of each other. The notary is not validating the content of my letter (or blood pressure or anything else). They dont care. They are simply validating my signature, and my identity, as I had to show the notary my passport first before the signing took place. I am asserting the truth of the contents, not the notary. The court will believe my deposition is the truth, the whole truth and nothing but the truth from my perspective, since each witness is obliged to do this.

This is the example you should be trying to replicate in A rather than your stated ones.

B does not work in my opinion. If the verifier cannot verify the signature of Sovrona because they do not trust it, then it does not matter how many notories validate the signature. The contents still wont be trusted.

Kind regards

David
On 16/07/2021 22:10, Michael Herman (Trusted Digital Web) wrote:
RE: but I would be uncomfortable as a notary notarizing that a person’s Blood Pressure was 120/80 or any other number as it is dependent on the accuracy of the device and the skill of the individual using it

John, that’ not the point …my apologies if my example was too specific.

Alice simply has 2 numbers to report. …2 metrics Alice wants to send to Dr. Bob …where there exists an existing trusted relationship as a patient of the doctor and doctor to the patient.

Scenario A could, alternatively, be recast as Alice wanting to send an Appointment Confirmation to Dr. Bob’s Clinic …instead of a blood pressure reading.

This is important feedback.

Thank you,
Michael

p.s. When a public notary witnesses your signature on a passport application, for example, they’re simply attesting to the fact they saw you sign the passport application (and perhaps your address information) …not that any of the information provided by you is correct.

From: john@reliableid.com<mailto:john@reliableid.com> <john@reliableid.com><mailto:john@reliableid.com>
Sent: July 16, 2021 1:46 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net><mailto:mwherman@parallelspace.net>; public-credentials@w3.org<mailto:public-credentials@w3.org>; 'David Chadwick' <d.w.chadwick@verifiablecredentials.info><mailto:d.w.chadwick@verifiablecredentials.info>
Subject: RE: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

Not sure of all the background discussion on this, but I would be uncomfortable as a notary notarizing that a person’s Blood Pressure was 120/80 or any other number as it is dependent on the accuracy of the device and the skill of the individual using it
John King

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Sent: Friday, July 16, 2021 2:36 PM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>; David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

In scenario A, Alice wants to report an actual blood pressure reading to Dr. Bob's Clinic. ...something like "120/80" ... really the pair of individual numbers. Alice wants the reading to be signed by her and notarized by SOVRONA as trusted notary ...that is, SOVRONA acts as a witness to Alice's signature of her own self-issued blood pressure home reading.
Wrt to your question about scenario B, the Sovronia driver's license should appear to be signed by the Province of Sovronia whose signature is witnessed by SOVRONA, the mutually trusted credential notary.
A and B are actually different examples of the same more generic credential notarization scenario/problem.
Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: David Chadwick <d.w.chadwick@verifiablecredentials.info<mailto:d.w.chadwick@verifiablecredentials.info>>
Sent: Friday, July 16, 2021 11:05:33 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios


Hi Michael

can you please explain these scenarios a bit more for me.

A. The user creates any blood pressure reading they like, true or false, and gets a notary to certify this? Is this what you intended?

B. What is the difference between a Sovronia DL signed with Sovronia's key or with Soveronia's notariser's key if the verifier knows and trusts the right public key?

Kind regards

David
On 15/07/2021 20:45, Michael Herman (Trusted Digital Web) wrote:

I believe there are a large number of scenarios where individual Persons as well as Organizations are going to want to (self) issue Verifiable Credentials using the credential notarization services of a third-party notary service provider.

Here’s 2 user scenarios as examples:



  *   User Scenario A:  (steps A1…A8)
Alice self-issues a blood pressure home reading (BPHR) credential to Dr. Bob’s Clinic using SOVRONA’s credential notarization services. SOVRONA is a third-party notary services provider/network.
  *   User Scenario B: (steps B1…B8)
The Province of Sovronia issues a Sovronia Driver’s License to Alice using SOVRONA’s credential notarization services. SOVRONA is a third-party notary services provider/network.



I have a some drill-down questions (e.g. protocol detail questions) but first, let me ask what general questions/comments have about the validity of the  2 user scenarios depicted below.



[cid:image001.jpg@01D77AE1.BD13CA20]



Best regards,

Michael Herman

Far Left Self-Sovereignist



Self-Sovereign Blockchain Architect

Trusted Digital Web

Hyperonomy Digital Identity Lab

Parallelspace Corporation



[cid:image002.jpg@01D77AE1.BD13CA20]


--
Leah Houston M.D.
President and Founding Partner
www.hpec.io<http://www.hpec.io>
Humanitarian Physicians Empowerment Community
Humanitarian Physicians Empowerment Coin

Received on Saturday, 17 July 2021 14:13:26 UTC