Re: California Digital Vaccine Record based on VCs

Im just curious to why it falls back to QR code all the time, because it is
easy to understand as a transport?
I wonder why cant they build it in layers that can offer the user to select
what they want based on an informative choice?
Going wallet and SSI first, and taking things to a QR code from there is
then easier.
But you inform the user about privacy concerns if they go with QR code.
I see the aspect of time, it was the argument in Norway aswell.
But are any of these foras thinking about the next pandemic? Or digital
future?

Much of these questions are the reason DIN is having this discussion on the
future of the yellow vaccination card.
https://www.din.foundation/initiativ/norstella-din-snakker-fremtidens-digital-identitet
It is planned to be in english, but no guarantees
ᐧ
ᐧ

On Mon, Jun 21, 2021 at 9:50 PM Jim St.Clair <jim.stclair@lumedic.io> wrote:

> I agree with Kaliya’s assessment. I also agree that reading the comments
> in the GitHub, while lengthy, are very informative – essentially, “we could
> follow the standards but we just don’t have time for that now.”
>
> In addition, they “punted” on offering any governance framework or
> identity binding.
>
> There have also been substantive discussions in the GHP working groups
> about QR codes – Canada drafted a position paper on QR codes and privacy
> that makes the standard of compliance a non-trivial effort.
>
> Speaking from the Health IT perspective, the Smart Health Cards framework
> is also in development, meaning it’s not an HL7-balloted Implementation
> Guide.
>
>
>
>
>
> Best regards,
>
> Jim
>
> *_______________*
>
>
>
> *Jim St.Clair *
>
> Chief Trust Officer
>
> jim.stclair@lumedic.io | 228-273-4893
>
> *Let’s meet to discuss patient identity exchange*:
> https://calendly.com/jim-stclair-1
>
>
>
> *From:* Kaliya IDwoman <kaliya-id@identitywoman.net>
> *Sent:* Saturday, June 19, 2021 8:27 PM
> *To:* Heather Vescent <heathervescent@gmail.com>
> *Cc:* W3C Credentials CG (Public List) <public-credentials@w3.org>
> *Subject:* Re: California Digital Vaccine Record based on VCs
>
>
>
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> Well the are sort of VCs.
>
> But if you talk with Manu he can explain that despite being
> developed primarily by Josh Mandel at MSFT - its not even conformant with
> the Identity side of MSFT's version of JSON-JWTs.
>
>
>
> The other big issue with their format and modality is that they are coming
> from Health Care IT  - where they move around patient records between
> HIPAA protected entities. They are used to sharing a lot of data with
> entities about people and literally never worrying about privacy issue
> related to how much data is disclosed or even considering how you might
> empower citizens to withhold some information - with all the work we have
> done on Selective Disclosure capabilities - they were not interested in at
> all.
>
>
>
> They format is also QR code oriented and QR codes that are signed and
> shared are "the document" - the Verifiable Credential - rather then a proof
> of position as we have worked so hard on with the VErifiable Presentation
> format that proves you own the thing - but doesn't give the actual thing to
> the verifier.
>
>
>
> If you want to entertain yourself reading through closed issues where
> folks in our communities raised issues with VCI - I recommend it.
>
>
> https://github.com/smart-on-fhir/health-cards/issues?q=is%3Aissue+is%3Aclosed
>
>
>
> Based on feedback and a write up by John Jordan submitted into the Good
> Health Pass working group at ToIP I began a document "The Dangers of Using
> QR Codes for Data About People"
>
>
>
> I'll share a link - its not complete but the meet of the article is there
>
>
> https://docs.google.com/document/d/1o7vXiQyp8j92_Q5wVT3gXCH_reXIhJvbsljNuu95TBY/edit?usp=sharing
>
>
>
>
>
>
>
> On Fri, Jun 18, 2021 at 10:09 AM Heather Vescent <heathervescent@gmail.com>
> wrote:
>
> May be of interest:
> https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records
>
>
>
> SMART Health Card Framework: https://vci.org/about#smart-health
> To achieve this purpose, the founding members of VCI™ have collaborated to
> develop (1) the SMART Health Cards Framework Implementation Guide based on
> the World Wide Web Consortium (W3C) Verifiable Credential and Health Level
> 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards:
> Vaccination & Testing Implementation Guide.
>
>
>
> If you are in California, you can get your vaccine record here:
> https://myvaccinerecord.cdph.ca.gov/
>
> (The system seems delayed for me.)
>
>
>
> --
>
> Heather Vescent <http://www.heathervescent.com/>
>
> Co-Chair, Credentials Community Group @W3C
> <https://www.w3.org/community/credentials/>
>
> President, The Purple Tornado, Inc <https://thepurpletornado.com/>
>
> Author, The Secret of Spies <https://amzn.to/2GfJpXH>
>
> Author, The Cyber Attack Survival Manual
> <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/>
>
> Author, A Comprehensive Guide to Self Sovereign Identity
> <https://ssiscoop.com/>
>
>
>
> @heathervescent <https://twitter.com/heathervescent> | Film Futures
> <https://vimeo.com/heathervescent> | Medium
> <https://medium.com/@heathervescent/> | LinkedIn
> <https://www.linkedin.com/in/heathervescent/> | Future of Security Updates
> <https://app.convertkit.com/landing_pages/325779/>
>
>

-- 

*Snorre Lothar von Gohren Edwin*
Co-Founder & CTO, Diwala
+47 411 611 94
www.diwala.io

Received on Tuesday, 22 June 2021 07:23:44 UTC