decentralized-id.github.io/_posts/organizations/2021-04-17-lfph-cci-ghp.md

124 lines
22 KiB
Markdown
Raw Normal View History

2023-06-18 12:46:09 -04:00
---
title: "Covid-19: LFPH - CCI and Good Health Pass"
description: Linux Foundation Public Health's response to the Covid-19 pandemic
excerpt: After initial success with deploying exposure notification apps, LFPH started to host CCI in December 2020 to advance the use of Verifiable Credentials (VCs) and data and technical interoperability of VCs in the public health realm, starting with vaccine credentials.
layout: single
toc: true
toc_sticky: true
permalink: application/covid-19/lfph_cci_good-health-pass/
redirect_from:
- organizations/covid-credentials-initiative/
canonical_url: 'https://decentralized-id.com/application/covid-19/lfph_cci_good-health-pass/'
categories: ["History","Application"]
tags: ["Linux Foundation","LFPH","MedCreds","Evernym","ID2020","uPort","Dutch Research","TNO","Microsoft","Consensys Health","Luxoft","CCI","SITA","WHO","Good Health Pass","Vaccine Credentials"]
last_modified_at: 2023-06-18
---
## Linux Foundation Public Health
* [Understanding the Global COVID Certificate Landscape](https://www.lfph.io/2021/10/13/divoc/) 2021-10-13 DIVOC
> The DIVOC project is hosted and maintained by [Indias eGov Foundation](https://egov.org.in/) and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOCs verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOCs certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.
* [Linux Foundation Public Health creates the Global COVID Certificate Network (GCCN)](https://www.prnewswire.com/news-releases/linux-foundation-public-health-creates-the-global-covid-certificate-network-gccn-301307874.html) 2021-06-08 PRNewsWire
> Linux Foundation Public Health (LFPH) today announces the launch of the Global COVID Certificate Network (GCCN) to facilitate the safe and free movement of individuals globally during the COVID pandemic. GCCN will establish a global trust registry network that enables interoperable and trustworthy exchanges of COVID certificates among countries for safe reopening and provide related technology and guidance for implementation. The effort is initially supported by Affinidi, AOKPass, Blockchain Labs, Evernym, IBM, Indicio.Tech, LACChain, Lumedic, Proof Market and ThoughtWorks, who have implemented COVID certificate or pass systems for governments and industries. LFPH will work with them to define and implement GCCN.
* [Introducing the Global COVID Certificate Network (GCCN)](https://www.lfph.io/2021/06/08/gccn/) 2021-06-08 LFPH
> As more and more governments adopt [major COVID certificate standards](https://www.lfph.io/2021/10/12/global-covid-certificate-landscape/) to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences
- [ProofMarket/Medcreds Submission to LFPH](https://docs.google.com/document/d/1hlR_2yp7EJQqYvxm8mNY-KNgwScTsClKDp6W6yw33Ic/edit?usp=sharing) 2021-03-04
> MedCreds is a reference implementation of the Governance Framework and Use-Cases that have been developed in the CCI community.
>
> MedCreds is built on top of INDY and ARIES and is running on the SOVRIN Main Net. This is done through Trinsic (a third-party vendor)s APIs. Trinsic agreed to document how to do this using the APIs on ARIES and devote an engineer to give instructions for how to use the open source code to run MedCreds.
>
> MedCreds can be extended to support new credential schemas.
- [Indicio Submission to LFPH](https://docs.google.com/document/d/1Vl9IKRg6ygHD1njc8GfnjsQglDOVglBKbuXHSuqQ7T4/edit?usp=sharing) 2021-03
> Indicios Cardea ecosystem easily integrates with existing applications, allowing people, businesses, healthcare systems, and governments to work together to safely reopen physical locations such as offices, restaurants, venues, schools, and travel, while complying with global health and data privacy laws. The ecosystem frees businesses, organizations, and governments from having to store and manage peoples private medical information. Instead, decentralized identity enables the individual to independently acquire and control their data and securely share or selectively disclose it at their discretion with full consent.
* [LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards](https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf) 2021-02 LFPH
> The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.
>
> "Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability."
### Good Health Pass
* [Implementing the Good Health Passs recommendations with Cardea](https://indicio.tech/blog/implementing-the-good-health-passs-recommendations-with-cardea/) 2021-10-14 Indicio
> Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.
>
> Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the [DIF Interop Working Group](https://us02web.zoom.us/rec/play/Si6s-_rvMU7FuHW6QnJVxW47CFiotXDMWutkWMgePKdSWVhTYyADaldJhvzqOl1JPP297-lvSYXCDuk2.rMFee21Ba1fU6y2R?continueMode=true&_x_zm_rtaid=dQ0WNpJPS2WF1QUlmxYwBQ.1624241159436.7617ddee4319249d32a108bb882dc0ec&_x_zm_rhtaid=623)
* [Linux Foundation Public Health introduces the Global COVID Certificate Network to operationalize the Good Health Pass Interoperability Blueprint](https://humancolossus.foundation/blog/ujalo98s00b93gh7gqkuqd3lfj52xq-cn2ct) 2021-06-10 Human Colossus Foundation
> Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows
* [Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit](https://id2020.medium.com/good-health-pass-collaborative-releases-draft-blueprint-for-digital-health-passes-in-advance-of-g7-68a48534f024) 2021-06-08 ID2020
> The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK.
>
> For a high level view, check out the [terminology deck](https://docs.google.com/presentation/d/1fM-EpIdLGdKniFjHR4ZhdgFA-HBSEmpMai8ljqti4Gw/edit) or the [slide deck](https://docs.google.com/presentation/d/1AibzpUh70UDJVapC2wlICz2voBAMxZLQ_jQOxZwF57Y/edit) that was shared on webinars with the travel industry.
* [Dynamic Disambiguation and Deconfliction of Complex Access Controls from Multiple Verifiable Sources](https://iiw.idcommons.net/1F/_Dynamic_Disambiguation_and_Deconfliction_of_Complex_Access_Controls_from_Multiple_Verifiable_Sources) 2021-05-06 Chris Buchanan
> COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests
>
> The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.
* [ToIP Foundation Hosts the Interoperability Working Group for Good Health Pass](https://trustoverip.org/blog/2021/04/12/toip-foundation-hosts-the-interoperability-working-group-for-good-health-pass/) 2021-04-12 TOIP
> The nine drafting groups collaborating within the new Working Group are:
> 1. [Paper Based Credentials](https://wiki.trustoverip.org/display/HOME/Paper+Based+Credentials+Drafting+Group) will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
> 2. [Consistent User Experience](https://wiki.trustoverip.org/display/HOME/Consistent+User+Experience+Drafting+Group) will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
> 3. [Standard Data Models and Elements](https://wiki.trustoverip.org/display/HOME/Standard+Data+Models+and+Elements+Drafting+Group) will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
> 4. [Credential Formats, Signatures, and Exchange Protocols](https://wiki.trustoverip.org/display/HOME/Credential+Formats%2C+Signatures%2C+and+Exchange+Protocols+Drafting+Group) will specify the requirements for technical interoperability of Good Health Pass implementations.
> 5. [Security, Privacy, and Data Protection](https://wiki.trustoverip.org/display/HOME/Security%2C+Privacy%2C+and+Data+Protection+Drafting+Group) will define the safety requirements for Good Health Pass compliant implementations.
> 6. [Trust Registries](https://wiki.trustoverip.org/display/HOME/Trust+Registries+Drafting+Group) will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
> 7. [Rules Engines](https://wiki.trustoverip.org/display/HOME/Rules+Engines+Drafting+Group) will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
> 8. [Identity Binding](https://wiki.trustoverip.org/display/HOME/Identity+Binding+Drafting+Group) will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
> 9. [Governance Framework](https://wiki.trustoverip.org/display/HOME/Governance+Framework+Drafting+Group) will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.
## Covid Credentials Initiative (CCI)
> COVID-19 Credentials Initiative (CCI) is a part of Linux Foundation Public Health (LFPH), an initiative by Linux Foundation to build, secure, and sustain open-source software to help public health authorities (PHAs) combat COVID-19 and future epidemics. After initial success with deploying exposure notification apps, LFPH started to host CCI in December 2020 to advance the use of Verifiable Credentials (VCs) and data and technical interoperability of VCs in the public health realm, starting with vaccine credentials.
[Website](https://www.covidcreds.com/) • [Blog](https://medium.com/@cci.2020) • [Twitter](https://twitter.com/CCI_CovidCreds) • [Linkedin](https://www.linkedin.com/company/covidcreds/) • [Forum](https://covidcreds.groups.io/)
* [COVID Credentials Initiative Update/Overview](https://iiw.idcommons.net/1C/_COVID_Credentials_Initiative_Update/Overview) 2021-05-06 [presentation](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/) Lucy Yang, Kaliya Young, John Walker
> CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes.
>
> CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact.
* [CCI: Challenges and Learning](https://iiw.idcommons.net/10C/_COVID_Credentials_Initiative:_Challenges_%26_Learning) 2021-05-06 [presentation](https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing)
> Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke
>
> In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued
> - Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve
> - Issuers asking what if we make a mistake (re-issue)
> - Holders having problems findin there vaccination VC
> - Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details
> - Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.
> - Unclear on how to get VC and underlying data into the hands of holders, particularly as holders dont have the technology and skills to manage their health data.
> - Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data
> - WHO standard will likely be adopted in the Global South (hemisphere)
> - GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)
> - The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult
> - Paper credentials have been getting consensus on interim solutions.
> - W3C and WHO are great candidates.
> - Affinidi is making a universal verifier application (https://www.affinidi.com/)
* [CCI has joined Linux Foundation Public Health!](https://cci-2020.medium.com/cci-has-joined-linux-foundation-public-health-607e1af1b2b8) 2021-01-13
> When the COVID-19 Credentials Initiative (CCI) was formed in April 2020, we were a self-organizing group of companies and individuals, held together by a few mailing lists and working groups, to explore how Verifiable Credentials (VCs), an open standard and an emerging technology, could be used for the public health crisis unfolding with COVID-19. Recognizing our limits early on as an informal group, we quickly pivoted from developing a solution together to supporting each other to build for their local contexts. Over the course of nine months, we have seen over 20 projects present their work to the CCI community and developed an MVP governance framework that can be adapted to specific COVID-19 use cases.
* [CCI Knowledge Base](https://docs.google.com/spreadsheets/d/1z0MaGrb-Py7V3ZO4AnmYMHsXNgTmLhVocyaX7ySQ5mI/edit#gid=1671625933) 2021-03-01
> As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news.
>
> If you'd like to submit relevant news or articles for the database, please go to [https://bit.ly/2JfKbpf.](https://bit.ly/2JfKbpf.)
* [CCI GF Task Force](https://wiki.trustoverip.org/display/HOME/CCI+GF+Task+Force) 2020-11-24
> This page describes the COVID-19 Credentials Initiative Governance Framework Task Force (the "CCI GF TF"). It was created by Sankarshan Mukhopadhyay and Chris Raczkowski.
* [Hello World from the COVID-19 Credentials Initiative](https://cci-2020.medium.com/hello-world-from-the-covid-19-credentials-initiative-6d45534c4b3a) 2020-06-25 CCI 2020
> The COVID-19 pandemic has, in a few months time, taken the lives of almost half a million people worldwide and brought economies into lockdown globally. While many are struggling with the effects of social distancing, financial distress, or fear of contracting the virus, here at the COVID-19 Credentials Initiative (CCI), nearly 300 individuals from 100 organizations have united around a cause worthy of our collective efforts: supporting projects that deploy privacy-preserving Verifiable Credentials (VCs) to mitigate the spread of COVID-19 and strengthen our societies and economies.
### Ecosystem
* [Medcreds Conforms to the CCI Governance Framework](https://medium.com/@medcreds/medcreds-conforms-to-the-cci-governance-framework-eb13256a7f31) 2020-06-24 Medcreds
> One of the important efforts by the CCI has been completed by the [Rules and Governance Workstream](https://docs.google.com/document/d/1L7V2mXWUO5fjiwJODyq_wMvkL9EDSf3m7emLxLpvzTk/edit#). This workstream is in charge of defining the rules of how VC technology is to be used, as well as the algorithmic and human trust mechanisms to ensure sensitive personal data remains secure, private, and tamper-proof.
* [Zerion Joins Covid Credentials Initiative](https://www.zerionsoftware.com/big-data/covid-credentials) 2020-04-16 Zerion Software
> As such, Zerion Software is proud to announce our participation in the Covid Credentials Initiative. This global, cross-sector community of organizations committing to finding ways to use digital identities as a way to mitigate the spread of COVID-19 while rebooting public trust.
* [60 strong Self Sovereign Identity group targets COVID-19 immunity passports, credentials](https://www.ledgerinsights.com/sovereign-identity-covid-19-immunity-passports-credentials/) 2020-04-14 LedgerInsights
> The COVID Credentials initiative (CCI) has launched to use digital identity to address the spread of COVID-19. The aim is to develop “immunity passports” and much more. The group includes individuals who are part of Evernym, ID2020, uPort, Dutch research organization TNO, Microsoft, ConsenSys Health and consultants Luxoft. So far, at least 69 have signed up.
### Explainer
* [Carrying Your COVID-19 Credentials in a Physical “Wallet”](https://cci-2020.medium.com/carrying-your-covid-19-credentials-in-a-physical-wallet-cafe26bfbbe4) 2020-10-30 CCI
> We are all painfully aware of the economic and social restrictions imparted on us as a result of the COVID-19 pandemic. In order to reopen offices, restaurants, local private and public facilities — and most importantly, international borders — will likely require a flexible, interoperable, and ubiquitous system that preserves individual agency and privacy. The COVID-19 Credentials Initiative (CCI) focuses its efforts on supporting technology projects that work to meet these requirements through the utilization of W3C compliant Verifiable Credentials (VCs), a tamper-evident credential that has authorship that can be cryptographically verified.
* [Bringing emerging privacy-preserving technology to a public health crisis](https://cci-2020.medium.com/the-covid-19-credentials-initiative-cci-b00c1d858ccb) 2020-10-02 CCI
> We submitted this position statement to the “[Privacy & Pandemics Workshop: Responsible Uses of Technology and Health Data During Times of Crisis — An International Tech and Data Conference](https://cci-2020.medium.com/the-covid-19-credentials-initiative-cci-b00c1d858ccb)” by the Future of Privacy Forum. The aim is to, from two participants point of view, share an abbreviated case study of CCI and to highlight key challenges that arose in our efforts to responsibly use new privacy-preserving technologies to mitigate the spread of COVID-19. We wanted to share our submission with the CCI community and the public in the hope to invite some further discussions.
### Guidance
* [From Closed Loop Systems to Open World COVID Credentials Exchange](https://www.lfph.io/wp-content/uploads/2021/04/CCI-Summit-Summary-Report-From-Closed-to-Open.pdf) 2021-04 CCI Report
> This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesnt matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.
- [Response to WHO Interim Guidance for Development a Smart Vaccination Certificate](https://docs.google.com/document/d/1HwWUxMY2EynkWFrlNQqh8IF7rE_5aFn74ZreYq0IAYg/edit?usp=sharing) 2021-03
- [Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification](https://docs.google.com/document/d/1y5vyLzsVUzhiFNcWHGHLVlQHnRad73q3F50a-8gr83Y/edit?usp=sharing) 2021-03
> The Government has announced a review into introducing a Covid vaccine certificate system or “vaccine passports. The Committee has launched an inquiry to consider potential ethical, legal and operational issues and the efficacy and appropriateness of a certificate system.
- [Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence](https://docs.google.com/document/d/1ykUUDak47lYkUJeZvxs7FxDyy8bQ48FkF47IxMclppE/edit?usp=sharing) 2021-02-27 CCI Lucy Yang, Kaliya Young
> Before responding to the questions, we want to point out that the use of the term “COVID-19 passports” is questionable as the word passport is used for the identity and travel document issued by nation states to their citizens. Another reason to question the use of passport is the fact that our passport data is stored or centralized by the nation state issuer. Centralized systems are notorious and can be a source of potential data breaches and abuses.