Re: EU Health sertificates

@Jim, what’s the same problem?

On Fri, May 7, 2021 at 9:35 AM Jim St.Clair <jim.stclair@lumedic.io> wrote:

> The problem Adrian describes is the same problem with the proposed
> structure of the current VCI Smarthealth.cards model too, which has support
> from the largest Health IT vendors…
>
>
>
> Best regards,
>
> Jim
>
> *_______________*
>
>
>
> *Jim St.Clair *
>
> Chief Trust Officer
>
> jim.stclair@lumedic.io | 228-273-4893
>
> *Let’s meet to discuss patient identity exchange*:
> https://calendly.com/jim-stclair-1
>
>
>
> *From:* Snorre Lothar von Gohren Edwin <snorre@diwala.io>
> *Sent:* Friday, May 7, 2021 5:23 AM
> *To:* Adrian Gropper <agropper@healthurl.com>
> *Cc:* Credentials CG <public-credentials@w3.org>
> *Subject:* Re: EU Health sertificates
>
>
>
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> Interesting, thanks for sharing!
>
>
>
> If anyone else has some thoughts on this I would love to hear them!
>
> ᐧ
>
>
>
> On Thu, May 6, 2021 at 6:07 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
> It's the same issue you have if you show your drivers license to 10 bars.
> Can you be sure the verifier isn't taking and storing photos with a
> surveillance camera (they almost always are)? There's no need for the
> verifier in #1 to call "home" or store anything if all they want to check
> is the authenticity of the credential but managing ambient surveillance is
> a completely different issue unrelated to the purpose of the VC.
>
>
>
> See https://github.com/w3c/did-use-cases/pull/140 for a threads on
> Ambient Surveillance.
>
>
>
> - Adrian
>
>
>
> On Thu, May 6, 2021 at 11:11 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
> No, #1 is also what I have suggested, but I just need to make sure my
> arguments are sound 😅
>
> But it still does not avoid correlatebility on ID, if that even is a
> problem? Meaning I use my paper cert at 10 places, and I can be pinned to
> 10 places. Is that a privacy/correlatebility/tracking issue?
>
> ᐧ
>
> ᐧ
>
>
>
> On Thu, May 6, 2021 at 4:40 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
> Hi Snorre,
>
>
>
> There are many tech enhancements that can be applied in any of the 10
> concerns. My goal was not perfection but rather a framing for how to talk
> about the 10 concerns as separately as possible.
>
>
>
> For example, is there any major reason not to do #1?
>
>
>
> - Adrian
>
>
>
> On Thu, May 6, 2021 at 7:20 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
> Has there been any thoughts of flows for how this could work? Like this
> one?
>
>
>
> A solution without pairings, where one can give a range-proof for date.
> online registration with FHI(Norwegian trusted authority):
> 1. commit to ID, validity period, and status "protected"
> 2. ZK proof of known opening
> 3. FHI signs commitment
> 4. build this into QR
> 5. print certificate
> offline verification by player:
> 1. scan QR
> 2. check signature
> 3. check ZK proof
> 4. check ID
> 5. approve / reject
>
> ᐧ
>
>
>
> On Thu, May 6, 2021 at 1:13 PM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
> Thanks Adrian!
>
>
>
> In terms of this:
>
> "4. Privacy
>
> Patients can be vaccinated anonymously while still producing authentic
> credentials as described in #1-3 above. However, being able to track
> patients across time provides valuable additional information. This
> includes the emergence of variants, vaccine efficacy in various contexts,
> side-effects, and long-term health impact.  Technology for tracking people
> across time while preserving privacy is already deployed to assist with
> contact tracing. The de-identified individuals can only be tracked with
> their informed authorization. Privacy-by-default tracking as a feature of
> digital credentials is practical given planning and coordination."
>
>
>
> How do you keep privacy when you start discussing ID correlation over
> time? If you use this piece of paper that is not possible to switch out
> easily, or can be with a printing tool online. But is there any thought
> gone into that?
>
> ᐧ
>
>
>
> On Thu, May 6, 2021 at 1:05 PM Adrian Gropper <agropper@healthurl.com>
> wrote:
>
>
> https://blog.petrieflom.law.harvard.edu/2021/05/05/design-considerations-vaccine-credentials/
>
>
>
> - Adrian
>
>
>
> On Thu, May 6, 2021 at 6:59 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
> Just wanted to follow up on this. What are peoples thoughts on this QR
> representation and that it is not using VC or did relate technology.
>
> But it is using CBOR and other technology mentioned in this list before
>
> ᐧ
>
>
>
> On Tue, May 4, 2021 at 9:38 AM Snorre Lothar von Gohren Edwin <
> snorre@diwala.io> wrote:
>
> Hi! I wonder if anyone on this list has been involved in the work of this:
> https://github.com/ehn-digital-green-development/hcert-spec
>
> I just cannot see any reference to what this group work so hard at
> achieving. Or have they only taken inspiration and basically just use
> different terminology for what might be similar?
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>
> ᐧ
>
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>
>
>
>
> --
>
> *Snorre Lothar von Gohren Edwin*
>
> Co-Founder & CTO, Diwala
>
> +47 411 611 94
> www.diwala.io
>