W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: California Digital Vaccine Record based on VCs

From: Kaliya IDwoman <kaliya-id@identitywoman.net>
Date: Sat, 19 Jun 2021 18:26:34 -0700
Message-ID: <CA+z9oKCxvxr0Wx3qB9U-owdiU-JdKr3MRxVrg=+PjNYYBfQEKg@mail.gmail.com>
To: Heather Vescent <heathervescent@gmail.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Well the are sort of VCs.
But if you talk with Manu he can explain that despite being
developed primarily by Josh Mandel at MSFT - its not even conformant with
the Identity side of MSFT's version of JSON-JWTs.

The other big issue with their format and modality is that they are coming
from Health Care IT  - where they move around patient records between
HIPAA protected entities. They are used to sharing a lot of data with
entities about people and literally never worrying about privacy issue
related to how much data is disclosed or even considering how you might
empower citizens to withhold some information - with all the work we have
done on Selective Disclosure capabilities - they were not interested in at
all.

They format is also QR code oriented and QR codes that are signed and
shared are "the document" - the Verifiable Credential - rather then a proof
of position as we have worked so hard on with the VErifiable Presentation
format that proves you own the thing - but doesn't give the actual thing to
the verifier.

If you want to entertain yourself reading through closed issues where folks
in our communities raised issues with VCI - I recommend it.
https://github.com/smart-on-fhir/health-cards/issues?q=is%3Aissue+is%3Aclosed

Based on feedback and a write up by John Jordan submitted into the Good
Health Pass working group at ToIP I began a document "The Dangers of Using
QR Codes for Data About People"

I'll share a link - its not complete but the meet of the article is there
https://docs.google.com/document/d/1o7vXiQyp8j92_Q5wVT3gXCH_reXIhJvbsljNuu95TBY/edit?usp=sharing



On Fri, Jun 18, 2021 at 10:09 AM Heather Vescent <heathervescent@gmail.com>
wrote:

> May be of interest:
> https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records
>
> SMART Health Card Framework: https://vci.org/about#smart-health
> To achieve this purpose, the founding members of VCI™ have collaborated to
> develop (1) the SMART Health Cards Framework Implementation Guide based on
> the World Wide Web Consortium (W3C) Verifiable Credential and Health Level
> 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards:
> Vaccination & Testing Implementation Guide.
>
> If you are in California, you can get your vaccine record here:
> https://myvaccinerecord.cdph.ca.gov/
> (The system seems delayed for me.)
>
> --
> Heather Vescent <http://www.heathervescent.com/>
> Co-Chair, Credentials Community Group @W3C
> <https://www.w3.org/community/credentials/>
> President, The Purple Tornado, Inc <https://thepurpletornado.com/>
> Author, The Secret of Spies <https://amzn.to/2GfJpXH>
> Author, The Cyber Attack Survival Manual
> <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/>
> Author, A Comprehensive Guide to Self Sovereign Identity
> <https://ssiscoop.com/>
>
> @heathervescent <https://twitter.com/heathervescent> | Film Futures
> <https://vimeo.com/heathervescent> | Medium
> <https://medium.com/@heathervescent/> | LinkedIn
> <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates
> <https://app.convertkit.com/landing_pages/325779/>
>
Received on Monday, 21 June 2021 05:33:11 UTC

This archive was generated by hypermail 2.4.0 : Monday, 21 June 2021 05:47:23 UTC