- From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
- Date: Fri, 7 May 2021 12:22:35 +0200
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Credentials CG <public-credentials@w3.org>
- Message-ID: <CAE8zwO2wV=YmyidK-5=EauC0+uAeQ9tbUp7Hq+hz3w3rsOph9Q@mail.gmail.com>
Interesting, thanks for sharing! If anyone else has some thoughts on this I would love to hear them! ᐧ On Thu, May 6, 2021 at 6:07 PM Adrian Gropper <agropper@healthurl.com> wrote: > It's the same issue you have if you show your drivers license to 10 bars. > Can you be sure the verifier isn't taking and storing photos with a > surveillance camera (they almost always are)? There's no need for the > verifier in #1 to call "home" or store anything if all they want to check > is the authenticity of the credential but managing ambient surveillance is > a completely different issue unrelated to the purpose of the VC. > > See https://github.com/w3c/did-use-cases/pull/140 for a threads on > Ambient Surveillance. > > - Adrian > > On Thu, May 6, 2021 at 11:11 AM Snorre Lothar von Gohren Edwin < > snorre@diwala.io> wrote: > >> No, #1 is also what I have suggested, but I just need to make sure my >> arguments are sound 😅 >> But it still does not avoid correlatebility on ID, if that even is a >> problem? Meaning I use my paper cert at 10 places, and I can be pinned to >> 10 places. Is that a privacy/correlatebility/tracking issue? >> ᐧ >> ᐧ >> >> On Thu, May 6, 2021 at 4:40 PM Adrian Gropper <agropper@healthurl.com> >> wrote: >> >>> Hi Snorre, >>> >>> There are many tech enhancements that can be applied in any of the 10 >>> concerns. My goal was not perfection but rather a framing for how to talk >>> about the 10 concerns as separately as possible. >>> >>> For example, is there any major reason not to do #1? >>> >>> - Adrian >>> >>> On Thu, May 6, 2021 at 7:20 AM Snorre Lothar von Gohren Edwin < >>> snorre@diwala.io> wrote: >>> >>>> Has there been any thoughts of flows for how this could work? Like this >>>> one? >>>> >>>> A solution without pairings, where one can give a range-proof for date. >>>> online registration with FHI(Norwegian trusted authority): >>>> 1. commit to ID, validity period, and status "protected" >>>> 2. ZK proof of known opening >>>> 3. FHI signs commitment >>>> 4. build this into QR >>>> 5. print certificate >>>> offline verification by player: >>>> 1. scan QR >>>> 2. check signature >>>> 3. check ZK proof >>>> 4. check ID >>>> 5. approve / reject >>>> ᐧ >>>> >>>> On Thu, May 6, 2021 at 1:13 PM Snorre Lothar von Gohren Edwin < >>>> snorre@diwala.io> wrote: >>>> >>>>> Thanks Adrian! >>>>> >>>>> In terms of this: >>>>> "4. Privacy >>>>> Patients can be vaccinated anonymously while still producing authentic >>>>> credentials as described in #1-3 above. However, being able to track >>>>> patients across time provides valuable additional information. This >>>>> includes the emergence of variants, vaccine efficacy in various contexts, >>>>> side-effects, and long-term health impact. Technology for tracking people >>>>> across time while preserving privacy is already deployed to assist with >>>>> contact tracing. The de-identified individuals can only be tracked with >>>>> their informed authorization. Privacy-by-default tracking as a feature of >>>>> digital credentials is practical given planning and coordination." >>>>> >>>>> How do you keep privacy when you start discussing ID correlation over >>>>> time? If you use this piece of paper that is not possible to switch out >>>>> easily, or can be with a printing tool online. But is there any thought >>>>> gone into that? >>>>> ᐧ >>>>> >>>>> On Thu, May 6, 2021 at 1:05 PM Adrian Gropper <agropper@healthurl.com> >>>>> wrote: >>>>> >>>>>> >>>>>> https://blog.petrieflom.law.harvard.edu/2021/05/05/design-considerations-vaccine-credentials/ >>>>>> >>>>>> - Adrian >>>>>> >>>>>> On Thu, May 6, 2021 at 6:59 AM Snorre Lothar von Gohren Edwin < >>>>>> snorre@diwala.io> wrote: >>>>>> >>>>>>> Just wanted to follow up on this. What are peoples thoughts on this >>>>>>> QR representation and that it is not using VC or did relate technology. >>>>>>> But it is using CBOR and other technology mentioned in this list >>>>>>> before >>>>>>> ᐧ >>>>>>> >>>>>>> On Tue, May 4, 2021 at 9:38 AM Snorre Lothar von Gohren Edwin < >>>>>>> snorre@diwala.io> wrote: >>>>>>> >>>>>>>> Hi! I wonder if anyone on this list has been involved in the work >>>>>>>> of this: >>>>>>>> https://github.com/ehn-digital-green-development/hcert-spec >>>>>>>> >>>>>>>> I just cannot see any reference to what this group work so hard at >>>>>>>> achieving. Or have they only taken inspiration and basically just use >>>>>>>> different terminology for what might be similar? >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Snorre Lothar von Gohren Edwin* >>>>>>>> Co-Founder & CTO, Diwala >>>>>>>> +47 411 611 94 >>>>>>>> www.diwala.io >>>>>>>> ᐧ >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Snorre Lothar von Gohren Edwin* >>>>>>> Co-Founder & CTO, Diwala >>>>>>> +47 411 611 94 >>>>>>> www.diwala.io >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> >>>>> *Snorre Lothar von Gohren Edwin* >>>>> Co-Founder & CTO, Diwala >>>>> +47 411 611 94 >>>>> www.diwala.io >>>>> >>>> >>>> >>>> -- >>>> >>>> *Snorre Lothar von Gohren Edwin* >>>> Co-Founder & CTO, Diwala >>>> +47 411 611 94 >>>> www.diwala.io >>>> >>> >> >> -- >> >> *Snorre Lothar von Gohren Edwin* >> Co-Founder & CTO, Diwala >> +47 411 611 94 >> www.diwala.io >> > -- *Snorre Lothar von Gohren Edwin* Co-Founder & CTO, Diwala +47 411 611 94 www.diwala.io
Received on Friday, 7 May 2021 10:27:07 UTC