W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Re: Verifiable Credential Notarization and Third-Party Notary Services Providers: User Scenarios

From: Leah Houston, MD <leah@hpec.io>
Date: Sat, 17 Jul 2021 12:48:42 -0400
Message-ID: <CAMWC-khdkkB-xz-5dRwTM=b8SOBTU4w7Os9sKc=ovkD-zT34tA@mail.gmail.com>
To: David Chadwick <d.w.chadwick@verifiablecredentials.info>
Cc: public-credentials@w3.org
Yes thank you.

On Sat, Jul 17, 2021 at 9:49 AM David Chadwick <
d.w.chadwick@verifiablecredentials.info> wrote:

> Ok, except for the statement "Her data should be ZKP shared". I think the
> requirement actually is selectively disclosed. ZKP is an example of just
> one technology that can do this.
>
> Kind regards
>
> David
> On 17/07/2021 13:04, Leah Houston, MD wrote:
>
>
> As a physician I’d like to jump in here,
>
> *We were talking about the digital health Industry currently nearly $150B
> and slated to be over $400 billion by 2027:*
>
> https://www.gminsights.com/industry-analysis/digital-health-market
>
> A self sovereign interface to home monitoring systems that are completely
> controlled by the individual patient should be our goal, and it’s important
> for us to understand the privacy preservIng scenarios that put the patient
> at the center, as we design and build the solutions that are going to feed
> into this industry.
>
> Ex: Alice is discharged from the hospital with a device (or a device is
> sent to her home ) that records her temperature heart rate blood pressure,
> respiratory rate and oxygen saturation X numbers of time per day.
>
> As part of her discharge planning she may be required to send this
> information to her doctor three times per day for the first 30 days after
> discharge, and then twice a week for the next 30 days and then once a week
> moving forward.
>
> * *returns after discharge or a major cost for health systems and they
> are carefully monitored**
>
> Through her digital health monitoring device, connected through her self
> sovereign application for recording storing, and sharing any data that that
> device produces - the monitoring program should be automated and easily
> programmable where Alice is in control. She could get text message, or
> automatic phone call notifications prompting her to check her vitals signs
> with the device for example, and she could be prompted to share it with her
> doctor every time, or she could agree to a specified monitoring. As part of
> her discharge planning.
>
> If there is a self sovereign interface the device should not have any
> personal identifying information attached to it.
>
> Her data should be ZKP shared and only her and her doctor (nurses and
> other clinicians) should have access.
>
> Now regarding billing, insurance, and things of that nature, there should
> be an audit trail with timestamps demonstrating that “data” was in fact
> coming from Alice, and being checked by her doctor, but the insurance
> company shouldn’t have access to any other information. Just enough to pay
> for the services that are being rendered by the doctor.
>
> I guess i’m going through this scenario because I don’t understand the
> need for the third-party credential notarization service… but maybe I’m
> missing something.
>
> In the above case the doctor, or the doctors office would be the “notary?”
> For the insurance company.
>
> Moving forward Alice might want to share this data for another reason, say
> she is going to visit a new cardiology office that’s not affiliated with
> the hospital she should be able to easily do that as well, including the
> audit trail in the timestamps if she chooses.
>
> She should also be able to give permission to her doctor to share that
> information with any consultants, or referrals.
>
> In the above case the doctor or doctors office would be the “notary“ for
> any other specialist.
>
> I’m trying to wrap my head around any other entities that should be
> involved here, and I can’t really think of any…
>
>
>
>
> On Sat, Jul 17, 2021 at 6:37 AM David Chadwick <
> d.w.chadwick@verifiablecredentials.info> wrote:
>
>> Hi Michael
>>
>> I have a real life example of what you are trying to achieve. I had to
>> sign a deposition in front of a notary that could subsequently be used in
>> court if needed.  So I took the unsigned letter to the notary, and we both
>> signed it in front of each other. The notary is not validating the content
>> of my letter (or blood pressure or anything else). They dont care. They are
>> simply validating my signature, and my identity, as I had to show the
>> notary my passport first before the signing took place. I am asserting the
>> truth of the contents, not the notary. The court will believe my deposition
>> is the truth, the whole truth and nothing but the truth from my
>> perspective, since each witness is obliged to do this.
>>
>> This is the example you should be trying to replicate in A rather than
>> your stated ones.
>>
>> B does not work in my opinion. If the verifier cannot verify the
>> signature of Sovrona because they do not trust it, then it does not matter
>> how many notories validate the signature. The contents still wont be
>> trusted.
>>
>> Kind regards
>>
>> David
>> On 16/07/2021 22:10, Michael Herman (Trusted Digital Web) wrote:
>>
>> RE: but I would be uncomfortable as a notary notarizing that a person’s
>> Blood Pressure was 120/80 or any other number as it is dependent on the
>> accuracy of the device and the skill of the individual using it
>>
>>
>>
>> John, that’ not the point …my apologies if my example was too specific.
>>
>>
>>
>> Alice simply has 2 numbers to report. …2 metrics Alice wants to send to
>> Dr. Bob …where there exists an existing trusted relationship as a patient
>> of the doctor and doctor to the patient.
>>
>>
>>
>> Scenario A could, alternatively, be recast as Alice wanting to send an
>> Appointment Confirmation to Dr. Bob’s Clinic …instead of a blood pressure
>> reading.
>>
>>
>>
>> This is important feedback.
>>
>>
>>
>> Thank you,
>>
>> Michael
>>
>>
>>
>> p.s. When a public notary witnesses your signature on a passport
>> application, for example, they’re simply attesting to the fact they saw you
>> sign the passport application (and perhaps your address information) …not
>> that any of the information provided by you is correct.
>>
>>
>>
>> *From:* john@reliableid.com <john@reliableid.com> <john@reliableid.com>
>> *Sent:* July 16, 2021 1:46 PM
>> *To:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>> <mwherman@parallelspace.net>; public-credentials@w3.org; 'David
>> Chadwick' <d.w.chadwick@verifiablecredentials.info>
>> <d.w.chadwick@verifiablecredentials.info>
>> *Subject:* RE: Verifiable Credential Notarization and Third-Party Notary
>> Services Providers: User Scenarios
>>
>>
>>
>> Not sure of all the background discussion on this, but I would be
>> uncomfortable as a notary notarizing that a person’s Blood Pressure was
>> 120/80 or any other number as it is dependent on the accuracy of the device
>> and the skill of the individual using it
>>
>> John King
>>
>>
>>
>> *From:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>>
>> *Sent:* Friday, July 16, 2021 2:36 PM
>> *To:* public-credentials@w3.org; David Chadwick <
>> d.w.chadwick@verifiablecredentials.info>
>> *Subject:* Re: Verifiable Credential Notarization and Third-Party Notary
>> Services Providers: User Scenarios
>>
>>
>>
>> In scenario A, Alice wants to report an actual blood pressure reading to
>> Dr. Bob's Clinic. ...something like "120/80" ... really the pair of
>> individual numbers. Alice wants the reading to be signed by her and
>> notarized by SOVRONA as trusted notary ...that is, SOVRONA acts as a
>> witness to Alice's signature of her own self-issued blood pressure home
>> reading.
>>
>> Wrt to your question about scenario B, the Sovronia driver's license
>> should appear to be signed by the Province of Sovronia whose signature is
>> witnessed by SOVRONA, the mutually trusted credential notary.
>>
>> A and B are actually different examples of the same more generic
>> credential notarization scenario/problem.
>>
>> Get Outlook for Android <https://aka.ms/AAb9ysg>
>>
>>
>> ------------------------------
>>
>> *From:* David Chadwick <d.w.chadwick@verifiablecredentials.info>
>> *Sent:* Friday, July 16, 2021 11:05:33 AM
>> *To:* public-credentials@w3.org <public-credentials@w3.org>
>> *Subject:* Re: Verifiable Credential Notarization and Third-Party Notary
>> Services Providers: User Scenarios
>>
>>
>>
>> Hi Michael
>>
>> can you please explain these scenarios a bit more for me.
>>
>> A. The user creates any blood pressure reading they like, true or false,
>> and gets a notary to certify this? Is this what you intended?
>>
>> B. What is the difference between a Sovronia DL signed with Sovronia's
>> key or with Soveronia's notariser's key if the verifier knows and trusts
>> the right public key?
>>
>> Kind regards
>>
>> David
>>
>> On 15/07/2021 20:45, Michael Herman (Trusted Digital Web) wrote:
>>
>> I believe there are a large number of scenarios where individual Persons
>> as well as Organizations are going to want to (self) issue Verifiable
>> Credentials using the credential notarization services of a third-party
>> notary service provider.
>>
>> Here’s 2 user scenarios as examples:
>>
>>
>>
>>    - User Scenario A:  (steps A1…A8)
>>    Alice self-issues a blood pressure home reading (BPHR) credential to
>>    Dr. Bob’s Clinic using SOVRONA’s credential notarization services. SOVRONA
>>    is a third-party notary services provider/network.
>>    - User Scenario B: (steps B1…B8)
>>    The Province of Sovronia issues a Sovronia Driver’s License to Alice
>>    using SOVRONA’s credential notarization services. SOVRONA is a third-party
>>    notary services provider/network.
>>
>>
>>
>> I have a some drill-down questions (e.g. protocol detail questions) but
>> first, let me ask what general questions/comments have about the validity
>> of the  2 user scenarios depicted below.
>>
>>
>>
>>
>>
>> Best regards,
>>
>> Michael Herman
>>
>> Far Left Self-Sovereignist
>>
>>
>>
>> Self-Sovereign Blockchain Architect
>>
>> Trusted Digital Web
>>
>> Hyperonomy Digital Identity Lab
>>
>> Parallelspace Corporation
>>
>>
>>
>>
>>
>> --
> Leah Houston M.D.
> President and Founding Partner
> www.hpec.io
> Humanitarian Physicians Empowerment Community
> Humanitarian Physicians Empowerment Coin
>
> --
Leah Houston M.D.
President and Founding Partner
www.hpec.io
Humanitarian Physicians Empowerment Community
Humanitarian Physicians Empowerment Coin

image002.jpg
(image/jpeg attachment: image002.jpg)

image001.jpg
(image/jpeg attachment: image001.jpg)

Received on Saturday, 17 July 2021 16:50:11 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC