Re: Digital Vaccination Certificates -- Here Be Dragons!

Hi everyone,

Thought will be useful for me to chime in here - some of the providers the
Singapore government is working at
https://www.healthcerts.gov.sg/list-of-providers/

Am certain you folks would find something useful in the link above. (Yes,
digital vaccination is going to be a reality, like it or not -- and it is
up to us to shape how it will look like, now!)

Thank you.

Regards,

Nathan Aw
https://sg.linkedin.com/in/awnathan

On Mon, 1 Mar 2021, 21:26 John, Anil, <anil.john@hq.dhs.gov> wrote:

> Hi Oliver,
>
>
>
> I anticipate providing a concrete answer later this month after we analyze
> and verify the results of our next cross-platform / cross-vendor interop
> plug-fest.
>
>
>
> As you know, a hard contractual requirement for our 8 portfolio companies
> who are working with DID/VC ecosystem tech is to truly demonstrate
> interoperability (rather than self-attest to standards/interop) across
> their very diverse implementations.
>
>
>
> The feature-sets we are focused on this time include what we already
> proved back in May 2020 (
> https://lists.w3.org/Archives/Public/public-credentials/2020Jun/0100.html
> ) + verifiable credential aggregation using verifiable presentation,
> revocation with herd privacy, and much more which REQUIRES us to show that
> the choices we make work for real across diverse platforms/tech-stacks.
>
>
>
> I prefer to share those real results, when we have them, rather than make
> paper/marketing statements that cannot be backed up by reality.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
>
>
> *From:* Oliver Terbu <oliver.terbu@mesh.xyz>
> *Sent:* Monday, March 1, 2021 7:46 AM
> *To:* Adrian Gropper <agropper@healthurl.com>
> *Cc:* John, Anil <anil.john@hq.dhs.gov>; public-credentials@w3.org
> *Subject:* Re: Digital Vaccination Certificates -- Here Be Dragons!
>
>
>
> *CAUTION: *This email originated from outside of DHS. DO NOT click links
> or open attachments unless you recognize and/or trust the sender. Contact
> your component SOC with questions or concerns.
>
>
>
> Thank you very much for sharing and I'm glad to see the community is
> getting more aligned.
>
>
>
> The slides are great but could you please provide an example of a W3C
> Verifiable Presentation (VP). I'm interested where you landed there
> technology-wise. Many people might be interested in how holder-binding is
> achieved. There are two popular approaches I did observe in our community:
>
> - Linked Secrets
>
> - DID Auth (using one of the authentication keys from the DID Doc in the
> VP proof)
>
>
>
> If it is Linked Secrets I would be really interested in an implementation
> of using BBS+ for VPs that have holder binding and I'm also interested in
> the data model that is used for the proof in the VP.
>
>
>
> Thanks,
>
> Oliver
>
>
>
> On Sat, Feb 27, 2021 at 9:43 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
> Let's heed Bruce Lee while considering the REQUIRED constraints.
>
>
>
> A vaccine certificate is a human right. Making them accessible to everyone
> regardless of their fear of technology or government protects us all.
>
>
>
> Can we stipulate that various credential formats will be coded as standard
> VCs and that paper cards are private and accessible enough?
>
>
>
> Can we stipulate that issuers and verifiers benefit from technology much
> more than the subjects? They are getting paid, are licensed, maybe
> federated, and depend on efficiency to stay competitive. In the case of
> vaccines, at least, standards are a pure win for the issuers and verifiers.
>
>
>
> The question then becomes: What is the digital infrastructure "good
> enough" to meet these constraints?
>
>    - Who will fund this human right infrastructure?
>    - Will this infrastructure also deal with COVID testing on day one?
>    - Do subjects need a digital identity on day one or can we link
>    vaccines (and tests) to legacy (paper) credentials?
>
> - Adrian
>
>
>
>
>
>
>
> On Sat, Feb 27, 2021 at 2:07 PM John, Anil <anil.john@hq.dhs.gov> wrote:
>
> I am watching with dismay the swirling whirlpool of confusion that is
> being driven by a combination of good intentions, desperation, competing
> interests and self-interest around the domain of Digital Vaccination
> Certificates.
>
>
>
> I do not work for a public health agency, so have no perspective, remit or
> authorities when it comes to the authoritativeness of the data and the
> specific elements that would need to feed a digital VaxCert
> representation.  I defer to the experts at our U.S. CDC and the WHO that
> have this remit to inform and influence this in a manner that incorporates
> the broadest possible public interest equities.
>
>
>
> However, as you all know, we have done extensive public work (5+ years and
> counting to date) to ensure that technical implementations of solutions
> that could support digital VaxCerts (and many other things) are not
> developed in manner that enables “walled gardens” or closed technology
> platforms that do not support common standards for security, privacy, and
> data exchange.  In particular, as a potential future consumer of digital
> VaxCerts, we have a vested interest in ensuring the global interoperability
> of such solutions.
>
>
>
> Over the last number of months we have been bombarded with a singular
> question “What are the lessons learned or feedback you could share from
> your interoperability journey that **may** be relevant here?”
>
>
>
> The answer to this in general has three aspects:
>
>    1. Expect and anticipate breakage, but don’t let the perfect be the
>    enemy of the good
>    2. Everyone is not going to get everything they want right now
>    3. Real interoperability REQUIRES constraints!
>
>
>
> Because I believe that this is an important conversation, I figure I would
> put together some high level slideware that synthesizes and shares the
> answers I have provided directly to those who have asked.  I am not in the
> hearts and minds business, so consider this in the spirit of the quote from
> Bruce Lee – “Absorb what is useful, Discard what is not, Add what is
> uniquely your own.”
>
>
>
> Happy to chat to share our mistakes, so that you don’t need to repeat
> them, with those who have a public interest focus in this area.
>
>
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: https://www.dhs.gov/science-and-technology/svip]
>
>
>
>
>
>