W3C home > Mailing lists > Public > public-credentials@w3.org > November 2021

Re: New Zealand - W3C VC/DID based Vaccine Pass, Verifiers ...

From: Markus Sabadello <markus@danubetech.com>
Date: Thu, 11 Nov 2021 06:23:35 +0100
To: public-credentials@w3.org
Message-ID: <1cabef29-9bd6-1a97-343c-c68bc773cc2d@danubetech.com>
Looks great.. Few comments/questions:

- The JSON-LD context URL https://nzcp.covid19.health.nz/contexts/v1
can't be dereferenced (but the context is provided in the specification,
so no problem).

- The CWT choice probably makes sense, just curious if CBOR-LD been
considered at some point in the project?

- Interesting how the pass contains givenName, familyName, dob, and no
other claims.

- The subject doesn't have a DID?

- Given the previous two points, I assume this means that a holder would
typically have to present this VC together with some other form of other
ID? Any privacy concerns here?

- Agree with David that did:web could be replaced with https://. Domain
names are not "decentralized identifiers" in the classic sense. But
did:web still has its use insofar as it applies the common DID syntax,
data model, and resolution interface to domain names.

Anyway, congratulations NZ and MATTR!

Markus

On 08.11.21 20:54, John, Anil wrote:
>
> Congratulations to the Ministry of Health New Zealand on choosing  W3C
> Verifiable Credentials and W3C Decentralized Identifiers as the basis
> of their roll out of the “NZ COVID Pass”:
>
>  
>
> /The New Zealand COVID Pass is a cryptographically signed document
> which can be represented in the form of a QR Code that enables an
> individual to express proof of having met certain health policy
> requirements in regards to COVID-19 such as being vaccinated against
> the virus./
>
>  
>
> /The QR code is assembled using existing open specifications./
>
> / /
>
> ·         /Underlying data model based on W3C Verifiable Credentials/
>
> ·         /Each pass has an expiry date (exp) and not before date (nbf)/
>
> ·         /Issuer uses DID:WEB identifiers to resolve the public key
> used to verify the pass digital signature./
>
> ·         /CBOR Web Token (CWT) is the cryptographic structure used to
> represent claims in the pass, which uses Concise Binary Object
> Representation (CBOR) and CBOR Object Signing and Encryption (COSE).
> CWT is derived from JSON Web Token (JWTs), but is more compact./
>
> ·         /ECDSA with P-256 for the digital signature algorithm/
>
> ·         /Base32 encoding of CWT into QR code in Alphanumeric mode,
> using a prefix of NZCP:/ and a version number. Some manipulation of
> the Base32 may be required when decoding./
>
>  
>
>  
>
> Press release @
> https://www.health.govt.nz/news-media/media-releases/technical-information-published-support-covid-19-vaccine-pass-and-verifiers
> <https://www.health.govt.nz/news-media/media-releases/technical-information-published-support-covid-19-vaccine-pass-and-verifiers>
>
>
> Technical Specification @ https://nzcp.covid19.health.nz/
> <https://nzcp.covid19.health.nz/>
>
> Documentation @ https://github.com/minhealthnz/nzcovidpass-spec
> <https://github.com/minhealthnz/nzcovidpass-spec>
>
> / /
>
> I am always happy when a fellow public service entity make a conscious
> choice to support openly developed, global, royalty free and free to
> use standards and specifications in their technical implementations to
> ensure equity, access and global interoperability!
>
>  
>
> Oh … In case you miss it, they are deploying DID:WEB in production!
> Way to go!
>
>  
>
> Needless to say – Congratulations also to the entire MATTR team <<
> Read the NZ Gov press release : -)
>
>  
>
> Best Regards,
>
>  
>
> Anil
>
>  
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>  
>
> Email Response Time – 24 Hours
>
>  
>
> A picture containing graphical user interface Description
> automatically generated
> <https://www.dhs.gov/science-and-technology>/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395
>
>  
>
>  
>
Received on Thursday, 11 November 2021 05:23:52 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:24 UTC