- From: Kaliya IDwoman <kaliya-id@identitywoman.net>
- Date: Sat, 19 Jun 2021 18:26:34 -0700
- To: Heather Vescent <heathervescent@gmail.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CA+z9oKCxvxr0Wx3qB9U-owdiU-JdKr3MRxVrg=+PjNYYBfQEKg@mail.gmail.com>
Well the are sort of VCs. But if you talk with Manu he can explain that despite being developed primarily by Josh Mandel at MSFT - its not even conformant with the Identity side of MSFT's version of JSON-JWTs. The other big issue with their format and modality is that they are coming from Health Care IT - where they move around patient records between HIPAA protected entities. They are used to sharing a lot of data with entities about people and literally never worrying about privacy issue related to how much data is disclosed or even considering how you might empower citizens to withhold some information - with all the work we have done on Selective Disclosure capabilities - they were not interested in at all. They format is also QR code oriented and QR codes that are signed and shared are "the document" - the Verifiable Credential - rather then a proof of position as we have worked so hard on with the VErifiable Presentation format that proves you own the thing - but doesn't give the actual thing to the verifier. If you want to entertain yourself reading through closed issues where folks in our communities raised issues with VCI - I recommend it. https://github.com/smart-on-fhir/health-cards/issues?q=is%3Aissue+is%3Aclosed Based on feedback and a write up by John Jordan submitted into the Good Health Pass working group at ToIP I began a document "The Dangers of Using QR Codes for Data About People" I'll share a link - its not complete but the meet of the article is there https://docs.google.com/document/d/1o7vXiQyp8j92_Q5wVT3gXCH_reXIhJvbsljNuu95TBY/edit?usp=sharing On Fri, Jun 18, 2021 at 10:09 AM Heather Vescent <heathervescent@gmail.com> wrote: > May be of interest: > https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records > > SMART Health Card Framework: https://vci.org/about#smart-health > To achieve this purpose, the founding members of VCI™ have collaborated to > develop (1) the SMART Health Cards Framework Implementation Guide based on > the World Wide Web Consortium (W3C) Verifiable Credential and Health Level > 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: > Vaccination & Testing Implementation Guide. > > If you are in California, you can get your vaccine record here: > https://myvaccinerecord.cdph.ca.gov/ > (The system seems delayed for me.) > > -- > Heather Vescent <http://www.heathervescent.com/> > Co-Chair, Credentials Community Group @W3C > <https://www.w3.org/community/credentials/> > President, The Purple Tornado, Inc <https://thepurpletornado.com/> > Author, The Secret of Spies <https://amzn.to/2GfJpXH> > Author, The Cyber Attack Survival Manual > <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/> > Author, A Comprehensive Guide to Self Sovereign Identity > <https://ssiscoop.com/> > > @heathervescent <https://twitter.com/heathervescent> | Film Futures > <https://vimeo.com/heathervescent> | Medium > <https://medium.com/@heathervescent/> | LinkedIn > <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates > <https://app.convertkit.com/landing_pages/325779/> >
Received on Monday, 21 June 2021 05:33:11 UTC