W3C home > Mailing lists > Public > public-credentials@w3.org > June 2021

Re: California Digital Vaccine Record based on VCs

From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
Date: Tue, 22 Jun 2021 17:31:11 +0200
Message-ID: <CAE8zwO1=1enwEawvy2B0W8JObciR+vg0xF-6hiOfct8k4wuaXA@mail.gmail.com>
To: Alan Karp <alanhkarp@gmail.com>
Cc: "Jim St.Clair" <jim.stclair@lumedic.io>, Kaliya IDwoman <kaliya-id@identitywoman.net>, Heather Vescent <heathervescent@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
In Norway we still have to log in to a webpage, with BankID and get the
view of a vaccination passport. Which can be downloaded or probably
screenshotted to dont have to login to BankID every time. But that means
that the webpage provider holds all my data, and that is fine, they are a
custody provider for my web wallet which is only holding my vaccination
records. But it is the external transport that needs to be discussed. And
where everything can fall in place

On Tue, Jun 22, 2021 at 5:20 PM Alan Karp <alanhkarp@gmail.com> wrote:

> On Tue, Jun 22, 2021 at 12:35 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
>> Im just curious to why it falls back to QR code all the time, because it
>> is easy to understand as a transport?
>> I wonder why cant they build it in layers that can offer the user to
>> select what they want based on an informative choice?
>> Going wallet and SSI first, and taking things to a QR code from there is
>> then easier.
>>
>
> Probably because most people not only don't have a digital wallet, but
> most don't even know what one is.  The only practical way to start with
> wallets and SSI would be to provide an app specifically for the vaccine
> record.  Even then, you'll probably have to provide a web-based version as
> well.
>
> --------------
> Alan Karp
>
>
> On Tue, Jun 22, 2021 at 12:35 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
>> Im just curious to why it falls back to QR code all the time, because it
>> is easy to understand as a transport?
>> I wonder why cant they build it in layers that can offer the user to
>> select what they want based on an informative choice?
>> Going wallet and SSI first, and taking things to a QR code from there is
>> then easier.
>> But you inform the user about privacy concerns if they go with QR code.
>> I see the aspect of time, it was the argument in Norway aswell.
>> But are any of these foras thinking about the next pandemic? Or digital
>> future?
>>
>> Much of these questions are the reason DIN is having this discussion on
>> the future of the yellow vaccination card.
>> https://www.din.foundation/initiativ/norstella-din-snakker-fremtidens-digital-identitet
>> It is planned to be in english, but no guarantees
>> ᐧ
>> ᐧ
>>
>> On Mon, Jun 21, 2021 at 9:50 PM Jim St.Clair <jim.stclair@lumedic.io>
>> wrote:
>>
>>> I agree with Kaliya’s assessment. I also agree that reading the comments
>>> in the GitHub, while lengthy, are very informative – essentially, “we could
>>> follow the standards but we just don’t have time for that now.”
>>>
>>> In addition, they “punted” on offering any governance framework or
>>> identity binding.
>>>
>>> There have also been substantive discussions in the GHP working groups
>>> about QR codes – Canada drafted a position paper on QR codes and privacy
>>> that makes the standard of compliance a non-trivial effort.
>>>
>>> Speaking from the Health IT perspective, the Smart Health Cards
>>> framework is also in development, meaning it’s not an HL7-balloted
>>> Implementation Guide.
>>>
>>>
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Jim
>>>
>>> *_______________*
>>>
>>>
>>>
>>> *Jim St.Clair *
>>>
>>> Chief Trust Officer
>>>
>>> jim.stclair@lumedic.io | 228-273-4893
>>>
>>> *Let’s meet to discuss patient identity exchange*:
>>> https://calendly.com/jim-stclair-1
>>>
>>>
>>>
>>> *From:* Kaliya IDwoman <kaliya-id@identitywoman.net>
>>> *Sent:* Saturday, June 19, 2021 8:27 PM
>>> *To:* Heather Vescent <heathervescent@gmail.com>
>>> *Cc:* W3C Credentials CG (Public List) <public-credentials@w3.org>
>>> *Subject:* Re: California Digital Vaccine Record based on VCs
>>>
>>>
>>>
>>> CAUTION: This email originated from outside of the organization. Do not
>>> click links or open attachments unless you recognize the sender and know
>>> the content is safe.
>>>
>>>
>>>
>>> Well the are sort of VCs.
>>>
>>> But if you talk with Manu he can explain that despite being
>>> developed primarily by Josh Mandel at MSFT - its not even conformant with
>>> the Identity side of MSFT's version of JSON-JWTs.
>>>
>>>
>>>
>>> The other big issue with their format and modality is that they are
>>> coming from Health Care IT  - where they move around patient records
>>> between HIPAA protected entities. They are used to sharing a lot of data
>>> with entities about people and literally never worrying about privacy issue
>>> related to how much data is disclosed or even considering how you might
>>> empower citizens to withhold some information - with all the work we have
>>> done on Selective Disclosure capabilities - they were not interested in at
>>> all.
>>>
>>>
>>>
>>> They format is also QR code oriented and QR codes that are signed and
>>> shared are "the document" - the Verifiable Credential - rather then a proof
>>> of position as we have worked so hard on with the VErifiable Presentation
>>> format that proves you own the thing - but doesn't give the actual thing to
>>> the verifier.
>>>
>>>
>>>
>>> If you want to entertain yourself reading through closed issues where
>>> folks in our communities raised issues with VCI - I recommend it.
>>>
>>>
>>> https://github.com/smart-on-fhir/health-cards/issues?q=is%3Aissue+is%3Aclosed
>>>
>>>
>>>
>>> Based on feedback and a write up by John Jordan submitted into the Good
>>> Health Pass working group at ToIP I began a document "The Dangers of Using
>>> QR Codes for Data About People"
>>>
>>>
>>>
>>> I'll share a link - its not complete but the meet of the article is
>>> there
>>>
>>>
>>> https://docs.google.com/document/d/1o7vXiQyp8j92_Q5wVT3gXCH_reXIhJvbsljNuu95TBY/edit?usp=sharing
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jun 18, 2021 at 10:09 AM Heather Vescent <
>>> heathervescent@gmail.com> wrote:
>>>
>>> May be of interest:
>>> https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records
>>>
>>>
>>>
>>> SMART Health Card Framework: https://vci.org/about#smart-health
>>> To achieve this purpose, the founding members of VCI™ have collaborated
>>> to develop (1) the SMART Health Cards Framework Implementation Guide based
>>> on the World Wide Web Consortium (W3C) Verifiable Credential and Health
>>> Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards:
>>> Vaccination & Testing Implementation Guide.
>>>
>>>
>>>
>>> If you are in California, you can get your vaccine record here:
>>> https://myvaccinerecord.cdph.ca.gov/
>>>
>>> (The system seems delayed for me.)
>>>
>>>
>>>
>>> --
>>>
>>> Heather Vescent <http://www.heathervescent.com/>
>>>
>>> Co-Chair, Credentials Community Group @W3C
>>> <https://www.w3.org/community/credentials/>
>>>
>>> President, The Purple Tornado, Inc <https://thepurpletornado.com/>
>>>
>>> Author, The Secret of Spies <https://amzn.to/2GfJpXH>
>>>
>>> Author, The Cyber Attack Survival Manual
>>> <https://www.amazon.com/Cyber-Attack-Survival-Manual-Apocalypse/dp/1681886545/>
>>>
>>> Author, A Comprehensive Guide to Self Sovereign Identity
>>> <https://ssiscoop.com/>
>>>
>>>
>>>
>>> @heathervescent <https://twitter.com/heathervescent> | Film Futures
>>> <https://vimeo.com/heathervescent> | Medium
>>> <https://medium.com/@heathervescent/> | LinkedIn
>>> <https://www.linkedin.com/in/heathervescent/> | Future of Security
>>> Updates <https://app.convertkit.com/landing_pages/325779/>
>>>
>>>
>>
>> --
>>
>> *Snorre Lothar von Gohren Edwin*
>> Co-Founder & CTO, Diwala
>> +47 411 611 94
>> www.diwala.io
>>
>

-- 

*Snorre Lothar von Gohren Edwin*
Co-Founder & CTO, Diwala
+47 411 611 94
www.diwala.io

image001.png
(image/png attachment: image001.png)

Received on Tuesday, 22 June 2021 15:34:22 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 22 June 2021 15:34:51 UTC