- From: Adrian Gropper <agropper@healthurl.com>
- Date: Thu, 6 May 2021 12:07:47 -0400
- To: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
- Cc: Credentials CG <public-credentials@w3.org>
- Message-ID: <CANYRo8gQdLtt9W4866=7eNFudC3jUozEf2f_sKiTRatrTbvUxA@mail.gmail.com>
It's the same issue you have if you show your drivers license to 10 bars. Can you be sure the verifier isn't taking and storing photos with a surveillance camera (they almost always are)? There's no need for the verifier in #1 to call "home" or store anything if all they want to check is the authenticity of the credential but managing ambient surveillance is a completely different issue unrelated to the purpose of the VC. See https://github.com/w3c/did-use-cases/pull/140 for a threads on Ambient Surveillance. - Adrian On Thu, May 6, 2021 at 11:11 AM Snorre Lothar von Gohren Edwin < snorre@diwala.io> wrote: > No, #1 is also what I have suggested, but I just need to make sure my > arguments are sound 😅 > But it still does not avoid correlatebility on ID, if that even is a > problem? Meaning I use my paper cert at 10 places, and I can be pinned to > 10 places. Is that a privacy/correlatebility/tracking issue? > ᐧ > ᐧ > > On Thu, May 6, 2021 at 4:40 PM Adrian Gropper <agropper@healthurl.com> > wrote: > >> Hi Snorre, >> >> There are many tech enhancements that can be applied in any of the 10 >> concerns. My goal was not perfection but rather a framing for how to talk >> about the 10 concerns as separately as possible. >> >> For example, is there any major reason not to do #1? >> >> - Adrian >> >> On Thu, May 6, 2021 at 7:20 AM Snorre Lothar von Gohren Edwin < >> snorre@diwala.io> wrote: >> >>> Has there been any thoughts of flows for how this could work? Like this >>> one? >>> >>> A solution without pairings, where one can give a range-proof for date. >>> online registration with FHI(Norwegian trusted authority): >>> 1. commit to ID, validity period, and status "protected" >>> 2. ZK proof of known opening >>> 3. FHI signs commitment >>> 4. build this into QR >>> 5. print certificate >>> offline verification by player: >>> 1. scan QR >>> 2. check signature >>> 3. check ZK proof >>> 4. check ID >>> 5. approve / reject >>> ᐧ >>> >>> On Thu, May 6, 2021 at 1:13 PM Snorre Lothar von Gohren Edwin < >>> snorre@diwala.io> wrote: >>> >>>> Thanks Adrian! >>>> >>>> In terms of this: >>>> "4. Privacy >>>> Patients can be vaccinated anonymously while still producing authentic >>>> credentials as described in #1-3 above. However, being able to track >>>> patients across time provides valuable additional information. This >>>> includes the emergence of variants, vaccine efficacy in various contexts, >>>> side-effects, and long-term health impact. Technology for tracking people >>>> across time while preserving privacy is already deployed to assist with >>>> contact tracing. The de-identified individuals can only be tracked with >>>> their informed authorization. Privacy-by-default tracking as a feature of >>>> digital credentials is practical given planning and coordination." >>>> >>>> How do you keep privacy when you start discussing ID correlation over >>>> time? If you use this piece of paper that is not possible to switch out >>>> easily, or can be with a printing tool online. But is there any thought >>>> gone into that? >>>> ᐧ >>>> >>>> On Thu, May 6, 2021 at 1:05 PM Adrian Gropper <agropper@healthurl.com> >>>> wrote: >>>> >>>>> >>>>> https://blog.petrieflom.law.harvard.edu/2021/05/05/design-considerations-vaccine-credentials/ >>>>> >>>>> - Adrian >>>>> >>>>> On Thu, May 6, 2021 at 6:59 AM Snorre Lothar von Gohren Edwin < >>>>> snorre@diwala.io> wrote: >>>>> >>>>>> Just wanted to follow up on this. What are peoples thoughts on this >>>>>> QR representation and that it is not using VC or did relate technology. >>>>>> But it is using CBOR and other technology mentioned in this list >>>>>> before >>>>>> ᐧ >>>>>> >>>>>> On Tue, May 4, 2021 at 9:38 AM Snorre Lothar von Gohren Edwin < >>>>>> snorre@diwala.io> wrote: >>>>>> >>>>>>> Hi! I wonder if anyone on this list has been involved in the work of >>>>>>> this: https://github.com/ehn-digital-green-development/hcert-spec >>>>>>> >>>>>>> I just cannot see any reference to what this group work so hard at >>>>>>> achieving. Or have they only taken inspiration and basically just use >>>>>>> different terminology for what might be similar? >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Snorre Lothar von Gohren Edwin* >>>>>>> Co-Founder & CTO, Diwala >>>>>>> +47 411 611 94 >>>>>>> www.diwala.io >>>>>>> ᐧ >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Snorre Lothar von Gohren Edwin* >>>>>> Co-Founder & CTO, Diwala >>>>>> +47 411 611 94 >>>>>> www.diwala.io >>>>>> >>>>> >>>> >>>> -- >>>> >>>> *Snorre Lothar von Gohren Edwin* >>>> Co-Founder & CTO, Diwala >>>> +47 411 611 94 >>>> www.diwala.io >>>> >>> >>> >>> -- >>> >>> *Snorre Lothar von Gohren Edwin* >>> Co-Founder & CTO, Diwala >>> +47 411 611 94 >>> www.diwala.io >>> >> > > -- > > *Snorre Lothar von Gohren Edwin* > Co-Founder & CTO, Diwala > +47 411 611 94 > www.diwala.io >
Received on Thursday, 6 May 2021 16:08:52 UTC