56 KiB
published |
---|
false |
Scams
Scammers Selling Fake #COVID19 Vaccination Cards for Just $20 The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Let’s Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these ‘vaccination records’ demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson. https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/ https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html
COVID-19 vaccination cards are dangerously easy to fake — what you need to know Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial. https://www.tomsguide.com/news/fake-covid-vaccination-cards
Standards
As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.
-
Vaccination Certificate Vocabulary Tobias Looker
I'd like to propose a new work item that formally defines a vocabulary for issuing Vaccination Certificates in the form of Verifiable Credentials.
-
Vaccination Certificate Test Suite Manu Sporny (Thursday, 8 April)
The WHO guidance covers 28 types of vaccines that we (as a global society) depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and others. We (Digital Bazaar) thought it might be interesting to see if we could create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.
https://w3id.org/vaccination/interop-reports
[1]https://w3c-ccg.github.io/vaccination-vocab/ [2]https://www.who.int/publications/m/item/interim-guidance-for-developing-a-smart-vaccination-certificate [3]https://github.com/w3c-ccg/vc-http-api
The Digital Health Credential System Implementation Guide The Implementation Guide V1 provides a set of baseline recommendations to the CCI community of application and services developers, implementers with which to evaluate product designs. The requirements mentioned in this guide should be read along side (and not as a substitute to) the regulations applicable to the jurisdiction in which the applications and services will be made available https://cci-2020.medium.com/the-implementation-guide-v1-is-out-f958e1fd69b0 https://drive.google.com/file/d/1eSrFxFldD6TBkfmOFTXBkBu2TYf3qFv2/view) Covid Credentials Initiative
-
I Want COVID-19 Certificates but I don't want a DID David Chadwick
-
Digital Identity in response to COVID-19: DGX Digital Identity Working Group
This is the mailing list for the US subgroup of the Vaccine Credentials Focus Group. You can see the group charter here.
Participating and contributing in this group requires a CCI membership, open and free to all (organizations and individuals). If you are not a CCI member yet, please request a membership agreement at https://www.covidcreds.org/#Join.
Explainer
- A Goldilocks point for Digitised Vaccination Certificates
- Digital identity is critical in the new world since covid DigitalID NZ
The value of verifiable credentials in the evolving digital identity landscape In my recent podcast with Brad Carr of the Institute of International Finance, we discussed how digital identity and verified credentials can support a digital-first world, something that’s extremely relevant amid the current pandemic. https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/ Verified Me
It’s quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports.
The former requires zero trust on third parties, the latter is prone to hacking and abuse.
- SSI COVID Passports: Why, What and How Noha Abuaesh
What if people can prove their COVID status to different entities, prove that they are authentic and prove they were intended for them, without having to reveal any of their personal information; not even their names?
Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.
-
Evernym: Privacy-Preserving Verifiable Credentials in the Time of COVID-19 Hyperledger
This session will focus on the analysis and discussion of two use cases where legacy identity solutions were unable to meet the needs, but ledger based solutions have been successful: covid credentials for travel, and employment credentials for staff movements.
-
Not too much identity technology, and not too little
We should digitize nothing more and nothing less than the fact that someone received their vaccine. A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot. The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates
-
A trusted internet. Easy and secure. For everyone. Enabled by digital credentials and SSI technology.
Already today, credentials are being used in a wide variety of applications, such as a digital identity card, a work permit or a test certificate. We would like to explain the functionality and potential use cases for credentials by following our protagonist called Sam, who has just completed a Covid-19 rapid test.
With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record.
-
How festival organisers can maximise Covid safety and eradicate ticket touts
Festival organisers will also need to do better at managing delays than other sectors. In recent weeks, we’ve seen Heathrow airport reporting delays of up to six hours. This would be catastrophic at a festival – to keep festival goers waiting, after they have already waited for months to have a great time, would only lead to frustration and likely cause a bad reputation for the festival itself.
-
My presentation at the @Hyperledger Healthcare SIG about #VerifiableCredentials for Covid-19 - How a cryptographically secure digital credential can be used instead of paper documents. (Video)
-
Blueprint for a Digital Health Pass Kuppinger Cole
Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification
-
Setting up digital ID regime could provide boost to post-pandemic recovery
If the global pandemic has shown us anything, it’s that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online.
-
Working Together on What “Good” Looks Like - Hyperledger
This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.
Immunity passports' could speed up return to work after Covid-19 https://www.theguardian.com/world/2020/mar/30/immunity-passports-could-speed-up-return-to-work-after-covid-19 * What are, in your opinion, the riskiest assumptions when writing an Software Development Kit? * For you, what are the most promising SSI projects or repos? * What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges? * What are the upsides of using Zero MQ over a common HTTP Rest connection? * How hard would it be to replace the current Transport Layer Security architecture with SSI? * Why was Rust chosen to write Indy-SDK? * Specific roadblocks other people in this space should look out for? * What are the books you have recommended most to others?
Highlights from Ping Identity’s Andre Durand, and Richard Bird on an episode of Ping’s new podast Hello User
we explore how the pandemic has opened up an opportunity to shape the future of personal identity.
- Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
- Takeaway #2: Third parties have much more control over digital identity than individuals.
- Takeaway #3: We’re on the cusp of a tectonic shift in the notion of digital identity.
- Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
- Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.
-
From Closed Loop Systems to Open World COVID Credentials Exchange CCI Report
This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesn’t matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.
-
Unlocking the Value of Verifiable Credentials in the Health Sector Affinidi
- Digital Infrastructure for Vaccination Open Credentialing (DIVOC) - This is an open-source platform that enables countries to digitally orchestrate country-wide health campaigns such as vaccinations and certifications.
- EU Digital COVID Certificate (EU-DCC) - This specification allows EU citizens and residents to have their digital health certificates issued and verified across the EU.
- Smart Health Card (SHC) - This initiative encourages the development of open standards and technologies to connect people with their health data. Led by Microsoft, Vaccination Credential Initiative (VCI), The Commons Project, and The MITRE Corporation, SHCs are seeing wide adoption across North America.
- International Civil Aviation Organisation - Visible Digital Seal (ICAO-VDS) - This is a travel document verification to re-establish travel and trade through aviation.
Official ID
This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management.
This paper explores the five key challenges facing the industry and the IT investment priorities that have the greatest potential to support governments, airports, and airlines over the next 18 months to rebuild a strong and agile business.
-
Covid-19 spurs national plans to give citizens digital identities
The MOSIP project, which got going in March 2018, is nested in Bangalore’s International Institute of Information Technology (IIIT-B) and endowed with funding of $16m from the Omidyar Network, the Bill and Melinda Gates Foundation and Tata Trusts.
-
Digital Health Passports for COVID-19
This is a study of Digital Health Passports relating the benefits in managing the pandemic, while also detailing concerns around data protection and the private information at risk of being over-exposed. Recommendations include:
-
WHO goes there? Vaccination Certificates Technology and Identity Stephen Wilson
Based on experience building a mobile credentials wallet for the Department of Homeland Security, I argue the proper goal of a digital vaccination certificate should be confined to representing nothing more and nothing less than the fact that someone received their jab. Such a Verifiable Credential would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the jab.
-
We don’t need immunity passports, we need verifiable credentials
Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid urged the adoption of digital “immunity passports” as a way to reopen the world.
In theory, their idea is great. In practice, it’s terrible. Or, as the Daily Beast put it: “Vaccine Passports Are Big Tech’s Latest Dystopian Nightmare.”
- Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence
- Response to WHO Interim Guidance for Development a Smart Vaccination Certificate
- Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification (Still open for contribution)
Excelsior Pass Plus, a result of the strategic partnership between New York State and VCI, will provide New Yorkers safe access to retrieve a secure, digital copy of their COVID-19 vaccination record using the SMART Health Cards Framework - making their interstate and international travel and commerce experiences safer, contact-less, and more seamless.
LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards
The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.
"Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability." https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf
- Digital vaccine certificate looms as HR's next problem
It's going to take a while for the efforts to sort themselves out, Beck said, but he believes it will happen by the fall or year-end. Government funding may be forthcoming.
Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said.
The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an EU Digital COVID Certificate as early as July 1.
- Covid Vaccinations ‘Data Donor’ Program – A Proposal for the Scottish Government
“The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry
Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the vaccination scheduling system as an immediate step for example.
The DIVOC project is hosted and maintained by India’s eGov Foundation and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOC’s verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOC’s certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.
Digital Green (EU)
-
The EU Digital Green Certificate Program Evernym
Although the EU’s approach to COVID-19 health certificates (the Digital Green Certificate implements existing technology and supports both paper and digital credentials, offline usage, and speedy verification, it makes a number of security and privacy compromises. Our analysis found it to be inherently centralised and better suited for low assurance use cases.
-
The EU Digital Green Certificate Program: Analysis & Comparison
The EU has announced a program called “Digital Green Certificate” intended to provide proof of COVID-19 test or vaccination status for EU citizens. The intention is to “facilitate safe and free movement during the COVID-19 pandemic within the EU”. It is voluntary and free for citizens.
This is an analysis of the EU program and how it compares to a digital credential based approach. Important: this analysis is focused on the technical aspects of the EU program, not the medical or political aspects.
Vaccine Passports
-
Platform Architecture for Covid-19 Digital Passports
- Appii – Appii has developed their Health Passport, a service that verifies your identify through a selfie photo, is populated through recording your test result at one of their partner sites (eg. Lloyds Pharmacy) and provides a digital certification.
- Digi.me – Digi.me is a specialist in general data sharing services and have developed a number of apps that build on this capability, including a Covid-19 solution.
-
Coming Soon: The ‘Vaccine Passport’
“The global passport system took 50 years to develop,” said Drummond Reed, chief trust officer for Evernym. “Even when they wanted to add biometrics to that to make it stronger, that took over a decade to agree on just how you’re going to add a fingerprint or a facial biometric to be verified on a passport. Now, in a very short period of time, we need to produce a digital credential that can be as universally recognized as a passport and it needs an even greater level of privacy because it’s going to be digital.”
-
Everything You Need to Know About “Vaccine Passports” IdentityWoman \ Mother Jones
Andy Slavitt, a White House senior adviser for COVID response, specified at a March 29 briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.”
-
Vaccine Passports Must Leverage Decentralized Identity Solutions Ontology
Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods.
Health Pass
Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way.
But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale.
App
ZADA apps are all launched and our first digital ID – a COVIDPASS – is being issued by Pun Hlaing Hospitals to everyone who gets vaccinated.
- VeriFLY Lets Users Upload Vaccine Credentials FindBiometrics
“We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities we’ve all dearly missed.” – Tom Grissen, CEO, Daon
-
IATA’s digital health passport paves the way to a new biometric identity for travel
As FTE has previously reported, a number of other solutions have entered the digital health passport space in the past few months from various suppliers, including AOKpass, CommonPass, Daon’s VeriFLY, CLEAR Health Pass and IBM Digital Health Pass, just to name a few. Despite the growing competition, IATA is clear that its aim is not to dominate the market, but to make sure that standards are established to create a secure and interoperable solution.
Apple Announces Support for VCI credentials at WWDC (Almost proper JSON-JWT but not quite)
- Ugh! There's an App for That! <-Phil Windley on Vaccine certificates.
Interoperability is a fundamental property of tech systems that are generative and respect individual privacy and autonomy. And, as a bonus, it makes people's live easier!
-
Health data must be private and secure by design, always
But there is always time to reflect on privacy and security, and design from the ground up accordingly. At digi.me, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our Consentry health pass as they move forwards.
-
PocketCred Verifiable Credentials
Pravici PocketCred (formerly VeriCred) is built on Blockchain technology, specifically to address credential issuance and verification, such as one for COVID-19 vaccines. We at Pravici have been working to build a digital pass that citizens can carry in their mobile device or digital card to prove that they have taken a test or vaccine. Our software application features user-friendly creation of schemas* and proof templates, as well as QR code technology for credential issuance and verification.
-
Digi.me creates first working UK vaccine passport capability
Digi.me’s health pass is built on the same principles as our existing secure data exchange platform, and can be displayed on demand on a user’s phone. It is verified fully private, secure and tamper-proof due to multiple robust security measures including encryption.
This health pass has been designed to be fully interoperable with other international standards, such as the UN Good Health Pass Collaborative, of which digi.me is a member.
- Digi.me partners with Healthmark to enable Covid testing and verified result reporting
Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed.
MedCreds
- Proofmarket (Medcreds)
Cardea
Travel
-
The fine line between global COVID-19 protocols and privacy Tech Republic
A panel of experts considers the best methods for safe domestic and international air travel including proof of testing, vaccination passports, and digital health passes.
-
COVID & Travel Resources for Phocuswright IdentityWoman.net
Tata Consulting Services a vision for how SSI can be used to re-open global travel with the reality of COVID-19.
SSI still requires market validation, and support for its implementation is currently limited to a relatively small group of technologists and enthusiasts. However, the implementation of SSI in the travel industry at a future point in time, especially once the standards and protocols are production ready and existing user experience challenges have been resolved, is something that all travel industry stakeholders should be watching, waiting and ready for.
- Jumpstart the Global Travel Industry Using Self-Sovereign Identity for COVID-19 Immunity Credentials TATA
Reviving trust in safe travel is possible using digital identity and immunity credentials.
- Travel bans, quarantines and lockdowns have negatively impacted the travel industry
- Restoring trust and safety is paramount for travel, tourism and hospitality industries to recover
- Self-sovereign identity (SSI) built on distributed ledger technology (like blockchain) and cryptography could be used to reinvigorate travel by allowing individuals to easily and securely demonstrate their immunity status
Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential – based on their health status, yet revealing no personal information or health data – privately and securely on their mobile device.
Guidance
- how to re-open our economy while protecting privacy Joni Brennan of DIACC & IdentityWoman
Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.
- Getting Privacy Right with Verifiable Health Credentials
Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy.
Demo - Trials
- British Airways to trial Verifly digital health passport
The trial begins on February 4 on all of the carrier’s transatlantic routes between London and the US (currently New York JFK, Los Angeles, San Francisco, Boston, Chicago, Dallas, Miami, Washington, Houston and Seattle).
It will be run in conjunction with joint business and Oneworld partner American Airlines, which is already using the technology on international routes to the US.
Good Health Pass
- Implementing the Good Health Pass’s recommendations with Cardea
Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.
Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the DIF Interop Working Group
-
The Politics of Vaccination Passports Windley
For example, I’d prefer a vaccination passport that is built according to principles of the Good Health Pass collaborative than, say, one built by Facebook, Google, Apple, or Amazon. Social convention, and regulation where necessary, can limit where such a passport is used. It’s an imperfect system, but social systems are.
-
ToIP Foundation Hosts the Interoperability Working Group for Good Health Pass
The nine drafting groups collaborating within the new Working Group are:
- Paper Based Credentials will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
- Consistent User Experience will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
- Standard Data Models and Elements will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
- Credential Formats, Signatures, and Exchange Protocols will specify the requirements for technical interoperability of Good Health Pass implementations.
- Security, Privacy, and Data Protection will define the safety requirements for Good Health Pass compliant implementations.
- Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
- Rules Engines will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
- Identity Binding will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
- Governance Framework will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.
- Dynamic Disambiguation and Deconfliction of Complex Access Controls from Multiple Verifiable Sources by Chris Buchanan
COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests
The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction. Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.
-
The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK. For a high level view, check out the terminology deck or the slide deck that was shared on webinars with the travel industry.
Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows
Trust Registries
- Trust Registries - Good Health Pass - DIDs and X.509 by Darrell O’Donnell
Trust registries primarily answer the question of how a verifier can trust that an issuer is authoritative to issue a particular type of verifiable credential under the policies of a particular governance framework.
- [Dave Chadwick] The trust registry should not mandate that it contains a DID, The feedback is that it will be a URI.
we are proud to launch the Global COVID Certificate Network (GCCN), an initiative to enable interoperable and trustworthy verification of COVID certificates between jurisdictions for safe border reopening. GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems.
- Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
Development
- The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either won’t use it or they’ll look for ways around it.
Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.
- [Biometric Health Card (Adrian Gropper)](https://iiw.idcommons.net/1A/_Biometric_COVID_Verifiable_Credential https://docs.google.com/document/d/1o_773vzcbtSf59oU-iRUfAy5WSz3Wn9JUAvi0hKHE48/edit)
COVID, Verifiable Credentials, Biometrics, Privacy
Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world.
-
Trinsic Open Source - BBS+ VCs over DIDComm v2 - End-to-end vaccination credential example by Michael Boyd
-
Safeguarding COVID-19 Vaccines with SSI Frank Kottler — Part 1/3
Defining the Future of IoT with Distributed Identity Management
Dylan realizes that the identified design requirements correspond to properties that are typically solved by means of cryptography. To embed cryptographic methods securely in their network, VirGo needs to identify both a network architecture and an identity management paradigm that fulfill the design principles when they interact.
Dylan has identified the requirements towards their IoT network and possible secure network architectures. Still, two challenges remain unsolved: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices.
CCI
If you haven’t already you might want to check out this google sheet
As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news.
If you'd like to submit relevant news or articles for the database, please go to https://bit.ly/2JfKbpf.
- [COVID Credentials Initiative Update/Overview](https://iiw.idcommons.net/1C/_COVID_Credentials_Initiative_Update/Overview https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/) Lucy Yang, Kaliya Young, John Walker
CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes. CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact.
-
COVID Credentials Initiative: Challenges & Learning by Lucy Yang, Kaliya Young, John Walker
Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke
In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued
- Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve
- Issuers asking what if we make a mistake – (re-issue)
- Holders having problems findin there vaccination VC
- Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details
- Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.
- Unclear on how to get VC and underlying data into the hands of holders, particularly as holders don’t have the technology and skills to manage their health data.
- Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data
- WHO standard will likely be adopted in the Global South (hemisphere)
- GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)
- The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult
- Paper credentials have been getting consensus on interim solutions.
- W3C and WHO are great candidates.
- Affinidi is making a universal verifier application (https://www.affinidi.com/)
This is a thread to keep an eye on. >> Anil John writes:
Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked. I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."
Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.
This is the Use Case Implementation Workstream of the COVID Credentials Initiative (CCI). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.
User Experience
-
Covid has accelerated Canadians’ demand for digital ID DIACC
three-quarters of the population feels it’s important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey.
-
Innovation in Digital Identity and Credentials in the Post-Covid World Affinidy
Though we often get lost in technologies, frameworks, legislation, and economic models, it’s ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there.
-
Their recent survey found 85 percent of respondents said there was a lack of transparency, as well as concern in having to share data with so many organisations.
-
How to Prove You're Vaccinated for COVID-19 Consumer Reports
-
Women and platform livelihoods in Kenya: The impact of COVID-19
We are starting a new research project — and we’d like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young women’s experiences working or selling through online platforms in Kenya.
But who is the “we”? The research asks exactly that — who is the “we” that needs to make the platform work better for women?
fixes the pain points of other testing processes – especially as infectious and asymptomatic people can test without travelling – is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed.
Well, my proof of vaccination finally arrived, and the result is… actually pretty okay. Still, there's always some fun to be had in zero-knowledge hacks, so I thought I'd blog about my experiences anyway.
- The Vaccine Certificate Experience WEBISTEMOLOGY
Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work
What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.
The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.
Building on Lessons from Digital ID for the Digital Yellow Card
Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation.
Caution
-
‘Vaccination Passports’: State of Play Infinite Ideas Machine
‘vaccination passports’ are unwarranted, in practice near-pointless clinically, and potentially risky in a number of ways.
Any Covid-19 vaccine passport scheme set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners.
[Research] Vaccine passports and COVID status apps Ada Lovelace Inst.
Not to late to contribute to this Ada Lovelace Institute Project the due date is Feb 28th
An evidence review and expert deliberation of the practical and ethical issues around digital vaccine passports and COVID status apps