W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

Re: Digital Vaccination Certificates -- Here Be Dragons!

From: Oliver Terbu <oliver.terbu@mesh.xyz>
Date: Mon, 1 Mar 2021 13:46:09 +0100
Message-ID: <CABEPdrCGXOeBqHh-96-ssJuK7tNwp_mwPcMjF0rMyfSfL=d76A@mail.gmail.com>
To: Adrian Gropper <agropper@healthurl.com>
Cc: "John, Anil" <anil.john@hq.dhs.gov>, "public-credentials@w3.org" <public-credentials@w3.org>
Thank you very much for sharing and I'm glad to see the community is
getting more aligned.

The slides are great but could you please provide an example of a W3C
Verifiable Presentation (VP). I'm interested where you landed there
technology-wise. Many people might be interested in how holder-binding is
achieved. There are two popular approaches I did observe in our community:
- Linked Secrets
- DID Auth (using one of the authentication keys from the DID Doc in the VP
proof)

If it is Linked Secrets I would be really interested in an implementation
of using BBS+ for VPs that have holder binding and I'm also interested in
the data model that is used for the proof in the VP.

Thanks,
Oliver

On Sat, Feb 27, 2021 at 9:43 PM Adrian Gropper <agropper@healthurl.com>
wrote:

> Let's heed Bruce Lee while considering the REQUIRED constraints.
>
> A vaccine certificate is a human right. Making them accessible to everyone
> regardless of their fear of technology or government protects us all.
>
> Can we stipulate that various credential formats will be coded as standard
> VCs and that paper cards are private and accessible enough?
>
> Can we stipulate that issuers and verifiers benefit from technology much
> more than the subjects? They are getting paid, are licensed, maybe
> federated, and depend on efficiency to stay competitive. In the case of
> vaccines, at least, standards are a pure win for the issuers and verifiers.
>
> The question then becomes: What is the digital infrastructure "good
> enough" to meet these constraints?
>
>    - Who will fund this human right infrastructure?
>    - Will this infrastructure also deal with COVID testing on day one?
>    - Do subjects need a digital identity on day one or can we link
>    vaccines (and tests) to legacy (paper) credentials?
>
> - Adrian
>
>
>
> On Sat, Feb 27, 2021 at 2:07 PM John, Anil <anil.john@hq.dhs.gov> wrote:
>
>> I am watching with dismay the swirling whirlpool of confusion that is
>> being driven by a combination of good intentions, desperation, competing
>> interests and self-interest around the domain of Digital Vaccination
>> Certificates.
>>
>>
>>
>> I do not work for a public health agency, so have no perspective, remit
>> or authorities when it comes to the authoritativeness of the data and the
>> specific elements that would need to feed a digital VaxCert
>> representation.  I defer to the experts at our U.S. CDC and the WHO that
>> have this remit to inform and influence this in a manner that incorporates
>> the broadest possible public interest equities.
>>
>>
>>
>> However, as you all know, we have done extensive public work (5+ years
>> and counting to date) to ensure that technical implementations of solutions
>> that could support digital VaxCerts (and many other things) are not
>> developed in manner that enables “walled gardens” or closed technology
>> platforms that do not support common standards for security, privacy, and
>> data exchange.  In particular, as a potential future consumer of digital
>> VaxCerts, we have a vested interest in ensuring the global interoperability
>> of such solutions.
>>
>>
>>
>> Over the last number of months we have been bombarded with a singular
>> question “What are the lessons learned or feedback you could share from
>> your interoperability journey that **may** be relevant here?”
>>
>>
>>
>> The answer to this in general has three aspects:
>>
>>    1. Expect and anticipate breakage, but don’t let the perfect be the
>>    enemy of the good
>>    2. Everyone is not going to get everything they want right now
>>    3. Real interoperability REQUIRES constraints!
>>
>>
>>
>> Because I believe that this is an important conversation, I figure I
>> would put together some high level slideware that synthesizes and shares
>> the answers I have provided directly to those who have asked.  I am not in
>> the hearts and minds business, so consider this in the spirit of the quote
>> from Bruce Lee – “Absorb what is useful, Discard what is not, Add what is
>> uniquely your own.”
>>
>>
>>
>> Happy to chat to share our mistakes, so that you don’t need to repeat
>> them, with those who have a public interest focus in this area.
>>
>>
>>
>> Best Regards,
>>
>>
>>
>> Anil
>>
>>
>>
>> Anil John
>>
>> Technical Director, Silicon Valley Innovation Program
>>
>> Science and Technology Directorate
>>
>> US Department of Homeland Security
>>
>> Washington, DC, USA
>>
>>
>>
>> Email Response Time – 24 Hours
>>
>>
>>
>> [image: https://www.dhs.gov/science-and-technology/svip]
>>
>>
>>
>>
>>
>

image003.png
(image/png attachment: image003.png)

Received on Monday, 1 March 2021 12:48:24 UTC

This archive was generated by hypermail 2.4.0 : Monday, 1 March 2021 12:48:24 UTC