- From: Adrian Gropper <agropper@healthurl.com>
- Date: Sat, 8 May 2021 22:08:56 -0400
- To: Alan Karp <alanhkarp@gmail.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CANYRo8hwQCvmFFZ=DiJJuX1efVVzLfQXP7DOq-Jp+QOap=6rFw@mail.gmail.com>
I added to the document: Get Digital Vaccination Card Author: Adrian Gropper Author Email: agropper@healthurl.com GitHub: @agropper Company/Organization: HIE of One and Patient Privacy Rights Description: Izzy is an IT administrator for Charity Hospital’s COVID-19 vaccination program. Her supervisor directs them to model the digital vaccination card according to the recently posted US Centers for Disease Control (CDC) specifications and some example verifiable credentials shared by their vaccine supplier, Sysco in a standard format. Izzy copies the Sysco template, edits it to reflect the did:web of Charity Hospital as vaccinator and posts the template on the Charity Hospital website as a HTML Vaccine Request Form Progressive Web App (PWA) that patients can use to request the digital version of their paper CDC vaccination card. Ali needs to complete the Form in order to get their vaccine appointment. They enter a name and date of birth and a SMS address to receive the digital vaccination card. Ali, an undocumented person, is especially privacy sensitive and chooses a low-resolution selfie as her identifier on the digital vaccine credential. Ali uses the PWA from Charity Hospital to generate the low resolution selfie on their smartphone and return the completed form via HTTP. They make a note of their vaccination appointment time. When Ali presents for vaccination, they identify by name and DOB as entered on the Form. Charity Hospital pulls up the appointment record and verifies that the person in front of them matches the low-resolution selfie in their system. The nurse vaccinator uses a bar code reader to capture the vaccine name and lot number and adds that along with the hash of Ali’s low-resolution selfie to a Verifiable Credential signed with the did:web of Charity Hospital. (Ali’s name, DOB, and SMS address are not in the VC.) The VC is rendered as a QR code with Ali’s low resolution selfie as the logo in the middle and sent to the address provided by Ali on the Form. Ali decides to just take a picture of the QR code VC with their smartphone before leaving Charity Hospital because they think they used a fake SMS address on the registration Form. NB: Charity Hospital may be required to register Ali’s name and DOB as recorded on the paper version of the CDC card. It’s up to Charity Hospital to verify these or not depending on local payment and public health practices. The authenticity of the digital credential is not based on verification of Ali’s demographics. Ref: https://blog.petrieflom.law.harvard.edu/2021/05/05/design-considerations-vaccine-credentials/ On Tue, May 4, 2021 at 2:51 PM Alan Karp <alanhkarp@gmail.com> wrote: > I added a bunch of authorization use cases to the document. Feel free to > edit them as you see fit. > > -------------- > Alan Karp > > > On Mon, May 3, 2021 at 5:54 PM Manu Sporny <msporny@digitalbazaar.com> > wrote: > >> Hi all, I dropped a few use cases into the VC HTTP API Use Cases document >> using the template that TallTed provided (see pages 2 and 3): >> >> >> https://docs.google.com/document/d/1-u0_Ub6feiX6DH3jXFJFjt6n3CwKGpkmC3VISqDkWL4/edit#heading=h.x59zaj4pqxo1 >> >> The template works well; others should try it out. >> >> -- manu >> >> -- >> Manu Sporny - https://www.linkedin.com/in/manusporny/ >> Founder/CEO - Digital Bazaar, Inc. >> blog: Veres One Decentralized Identifier Blockchain Launches >> https://tinyurl.com/veres-one-launches >> >> >>
Received on Sunday, 9 May 2021 02:09:21 UTC