- From: Markus Sabadello <markus@danubetech.com>
- Date: Thu, 11 Nov 2021 06:23:35 +0100
- To: public-credentials@w3.org
- Message-ID: <1cabef29-9bd6-1a97-343c-c68bc773cc2d@danubetech.com>
Looks great.. Few comments/questions: - The JSON-LD context URL https://nzcp.covid19.health.nz/contexts/v1 can't be dereferenced (but the context is provided in the specification, so no problem). - The CWT choice probably makes sense, just curious if CBOR-LD been considered at some point in the project? - Interesting how the pass contains givenName, familyName, dob, and no other claims. - The subject doesn't have a DID? - Given the previous two points, I assume this means that a holder would typically have to present this VC together with some other form of other ID? Any privacy concerns here? - Agree with David that did:web could be replaced with https://. Domain names are not "decentralized identifiers" in the classic sense. But did:web still has its use insofar as it applies the common DID syntax, data model, and resolution interface to domain names. Anyway, congratulations NZ and MATTR! Markus On 08.11.21 20:54, John, Anil wrote: > > Congratulations to the Ministry of Health New Zealand on choosing W3C > Verifiable Credentials and W3C Decentralized Identifiers as the basis > of their roll out of the “NZ COVID Pass”: > > > > /The New Zealand COVID Pass is a cryptographically signed document > which can be represented in the form of a QR Code that enables an > individual to express proof of having met certain health policy > requirements in regards to COVID-19 such as being vaccinated against > the virus./ > > > > /The QR code is assembled using existing open specifications./ > > / / > > · /Underlying data model based on W3C Verifiable Credentials/ > > · /Each pass has an expiry date (exp) and not before date (nbf)/ > > · /Issuer uses DID:WEB identifiers to resolve the public key > used to verify the pass digital signature./ > > · /CBOR Web Token (CWT) is the cryptographic structure used to > represent claims in the pass, which uses Concise Binary Object > Representation (CBOR) and CBOR Object Signing and Encryption (COSE). > CWT is derived from JSON Web Token (JWTs), but is more compact./ > > · /ECDSA with P-256 for the digital signature algorithm/ > > · /Base32 encoding of CWT into QR code in Alphanumeric mode, > using a prefix of NZCP:/ and a version number. Some manipulation of > the Base32 may be required when decoding./ > > > > > > Press release @ > https://www.health.govt.nz/news-media/media-releases/technical-information-published-support-covid-19-vaccine-pass-and-verifiers > <https://www.health.govt.nz/news-media/media-releases/technical-information-published-support-covid-19-vaccine-pass-and-verifiers> > > > Technical Specification @ https://nzcp.covid19.health.nz/ > <https://nzcp.covid19.health.nz/> > > Documentation @ https://github.com/minhealthnz/nzcovidpass-spec > <https://github.com/minhealthnz/nzcovidpass-spec> > > / / > > I am always happy when a fellow public service entity make a conscious > choice to support openly developed, global, royalty free and free to > use standards and specifications in their technical implementations to > ensure equity, access and global interoperability! > > > > Oh … In case you miss it, they are deploying DID:WEB in production! > Way to go! > > > > Needless to say – Congratulations also to the entire MATTR team << > Read the NZ Gov press release : -) > > > > Best Regards, > > > > Anil > > > > Anil John > > Technical Director, Silicon Valley Innovation Program > > Science and Technology Directorate > > US Department of Homeland Security > > Washington, DC, USA > > > > Email Response Time – 24 Hours > > > > A picture containing graphical user interface Description > automatically generated > <https://www.dhs.gov/science-and-technology>/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395 > > > > >
Received on Thursday, 11 November 2021 05:23:52 UTC