decentralized-id.github.io/_posts/identosphere-dump/use-case/covid-coronavirus.md
2022-10-28 03:58:24 -04:00

58 KiB
Raw Blame History

published
false

Covid

Tata Consulting Services a vision for how SSI can be used to re-open global travel with the reality of COVID-19.

SSI still requires market validation, and support for its implementation is currently limited to a relatively small group of technologists and enthusiasts. However, the implementation of SSI in the travel industry at a future point in time, especially once the standards and protocols are production ready and existing user experience challenges have been resolved, is something that all travel industry stakeholders should be watching, waiting and ready for.

Without transparent operational guidance, peoples privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.

Its quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports.

The former requires zero trust on third parties, the latter is prone to hacking and abuse.

“Under the bonnet, the VMT sends copies of the records of immunisations to the NCDS. For those that may be interested, this is achieved using a “FHIR API” based on the UK FHIR Core Immunisation Profile. A FHIR API is essentially an industry standard way of sharing digital health data. The NCDS can then securely share citizens immunisation history records to other services, again using a FHIR API.”

As well explore in the upcoming and future webinars, Scotlands opportunity is to build upon this core innovation through a collaborating community, a Digital Healthcare Ecosystem, to flesh it out in multiple directions including ways to expand user uptake and to enable new scenarios for how users interact with and update data.

  • The EU Digital Green Certificate Program: Analysis & Comparison

    The EU approach does not support selective disclosure, i.e. allowing a subset of attributes from a credential to be used without revealing all the data in the credential.

  • Getting Privacy Right with Verifiable Health Credentials

    Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy.

  • Coming Soon: The Vaccine Passport

    “The global passport system took 50 years to develop,” said Drummond Reed, chief trust officer for Evernym. “Even when they wanted to add biometrics to that to make it stronger, that took over a decade to agree on just how youre going to add a fingerprint or a facial biometric to be verified on a passport. Now, in a very short period of time, we need to produce a digital credential that can be as universally recognized as a passport and it needs an even greater level of privacy because its going to be digital.”

  • Digi.me creates first working UK vaccine passport capability

    Digi.mes health pass is built on the same principles as our existing secure data exchange platform, and can be displayed on demand on a users phone. It is verified fully private, secure and tamper-proof due to multiple robust security measures including encryption.

This health pass has been designed to be fully interoperable with other international standards, such as the UN Good Health Pass Collaborative, of which digi.me is a member.

  • The ezcap library - Manu Sporny

    Now might be a good time to announce some open source tooling a few of us have been working on related to zcaps that is being created to simplify the developer experience when developing with zcaps.

  • ezcap (pronounced "Easy Cap") - An easy to use, opinionated Authorization Capabilities (zcap) client library for the browser and Node.js.

  • Everything You Need to Know About “Vaccine Passports” IdentityWoman \ Mother Jones

    Andy Slavitt, a White House senior adviser for COVID response, specified at a March 29 briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.”

  • WHO goes there? Vaccination Certificates Technology and Identity Stephen Wilson

    Based on experience building a mobile credentials wallet for the Department of Homeland Security, I argue the proper goal of a digital vaccination certificate should be confined to representing nothing more and nothing less than the fact that someone received their jab. Such a Verifiable Credential would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the jab.

  • We dont need immunity passports, we need verifiable credentials

    Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid urged the adoption of digital “immunity passports” as a way to reopen the world.

In theory, their idea is great. In practice, its terrible. Or, as the Daily Beast put it: “Vaccine Passports Are Big Techs Latest Dystopian Nightmare.”

  • British Airways to trial Verifly digital health passport

    The trial begins on February 4 on all of the carriers transatlantic routes between London and the US (currently New York JFK, Los Angeles, San Francisco, Boston, Chicago, Dallas, Miami, Washington, Houston and Seattle).

It will be run in conjunction with joint business and Oneworld partner American Airlines, which is already using the technology on international routes to the US.

  1. Paper Based Credentials will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
  2. Consistent User Experience will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
  3. Standard Data Models and Elements will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
  4. Credential Formats, Signatures, and Exchange Protocols will specify the requirements for technical interoperability of Good Health Pass implementations.
  5. Security, Privacy, and Data Protection will define the safety requirements for Good Health Pass compliant implementations.
  6. Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
  7. Rules Engines will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
  8. Identity Binding will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
  9. Governance Framework will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.
  • Not too much identity technology, and not too little

    We should digitize nothing more and nothing less than the fact that someone received their vaccine.  A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot.  The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates

  • 3 key areas of enterprise blockchain adoption in 2021 IBM

    Government policies vary on the topic, standards are only just starting to emerge, and citizens and enterprises are rightly focused on preserving privacy and equality with our national and international responses. IBM is supporting countries like Germany as well as the State of New York to issue trusted, privacy-preserving credentials.

Its also important to note that “health passports” exist on a spectrum of sophistication and in most cases do not yet include tethering to a verifiable personal ID capability

COVID, Verifiable Credentials, Biometrics, Privacy

Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world.

  1. [Eric] Continuing updates from the Thoughtful Biometrics workshop (Biometrics and DIDs - where next?

Session Slides: https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/

Current Open Proposals: We will host another session (Day 2 Session 14 2:30 pm PT) to talk about these proposals

COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests

The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.

Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke

In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued

·         Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve

·         Issuers asking what if we make a mistake (re-issue)

·         Holders having problems findin there vaccination VC

·         Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details

·         Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.

·         Unclear on how to get VC and underlying data into the hands of holders, particularly as holders dont have the technology and skills to manage their health data.

·         Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data

·         WHO standard will likely be adopted in the Global South (hemisphere)

·         GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)

·         The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult

·         Paper credentials have been getting consensus on interim solutions.

·         W3C and WHO are great candidates.

·         Affinidi is making a universal verifier application (https://www.affinidi.com/)

Trust registries primarily answer the question of how a verifier can trust that an issuer is authoritative to issue a particular type of verifiable credential under the policies of a particular governance framework.

The importance and need for an Ethical framework/standards for the delivery technology development and implementations in healthcare. Apply the biomedical ethics that exist in healthcare to technology specifically SSI & user sovereignty.

"The physician must ... have two special objects in view with regard to disease, namely, to do good or to do no harm.”

Hippocrates, Epidemics (book I, section. 11) c. 410 BC

Autonomy respect for the patients right to self-determination

Beneficence the duty to do good.

Non-Maleficence the duty to do no harm.

Justice to treat all people equally and equitably for the benefit of society.

4 principles of biomedical ethics

No more in my everyday life have these four pillars been so important to me as they have been over the past year.

I clutched on to these while delivering care to patients gasping for breath, clinging onto life and some sadly succumbing to COVID-19.

  • [...]

Do we need a Covid vaccine passport whether this is paper based or digital?

If there is or are contexts where a vaccine passport would be more beneficial than not, what are the technical principles, implementations and considerations that need to be met to ensure that they are implemented to comply with medical ethics and law?

After all this is personal health information and therefore should be treated as such.

What problem are we really trying to solve with a Covid Vaccine Passport, Covid Passport, Covid credential, digital green certificate, or any other named health pass solution?

To do this there needs to be a basic understanding of this infectious disease, what tools we have currently to deal with it and address assumptions that have been made, many of which may change or are yet unknown such is the dynamic nature of a pandemic.

This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesnt matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.

Reviving trust in safe travel is possible using digital identity and immunity credentials.

  • Travel bans, quarantines and lockdowns have negatively impacted the travel industry
  • Restoring trust and safety is paramount for travel, tourism and hospitality industries to recover
  • Self-sovereign identity (SSI) built on distributed ledger technology (like blockchain) and cryptography could be used to reinvigorate travel by allowing individuals to easily and securely demonstrate their immunity status

Already today, credentials are being used in a wide variety of applications, such as a digital identity card, a work permit or a test certificate. We would like to explain the functionality and potential use cases for credentials by following our protagonist called Sam, who has just completed a Covid-19 rapid test.

we are proud to launch the Global COVID Certificate Network (GCCN), an initiative to enable interoperable and trustworthy verification of COVID certificates between jurisdictions for safe border reopening. GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems.

Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows

Apple Announces Support for VCI credentials at WWDC (Almost proper JSON-JWT but not quite)

Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.

The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an EU Digital COVID Certificate as early as July 1. Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the DIF Interop Working Group

We are starting a new research project — and wed like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young womens experiences working or selling through online platforms in Kenya.

This paper explores the five key challenges facing the industry and the IT investment priorities that have the greatest potential to support governments, airports, and airlines over the next 18 months to rebuild a strong and agile business.

This is the mailing list for the US subgroup of the Vaccine Credentials Focus Group. You can see the group charter here.

Participating and contributing in this group requires a CCI membership, open and free to all (organizations and individuals). If you are not a CCI member yet, please request a membership agreement at https://www.covidcreds.org/#Join.

Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods.

Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way.

But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale.

Defining the Future of IoT with Distributed Identity Management

Dylan realizes that the identified design requirements correspond to properties that are typically solved by means of cryptography. To embed cryptographic methods securely in their network, VirGo needs to identify both a network architecture and an identity management paradigm that fulfill the design principles when they interact.

Dylan has identified the requirements towards their IoT network and possible secure network architectures. Still, two challenges remain unsolved: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices.

Get a first look at the Gartner report for decentralized identity and verifiable claims. Access promising use cases, risks and considerations, and expert recommendations on creating value for a fully decentralized future.

Heres your complimentary access to Gartners Innovation Insights.

Interoperability is a fundamental property of tech systems that are generative and respect individual privacy and autonomy. And, as a bonus, it makes people's live easier!

Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.

A vaccine passport is a physical or digital health credential to confirm a person has been vaccinated for a particular contagious disease to enable travel.

Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work

What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.

The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.

On the occasion of the #100CroreVaccinationCertificates milestone, @pramodkvarma CTO, @eksteporg shares the journey of #DigitalPublicGood - DIVOC (Digital Infrastructure for Vaccination Open Credentialing) for vaccination credentialing

As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.

  1. The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either wont use it or theyll look for ways around it.

This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management.

The DIVOC project is hosted and maintained by Indias eGov Foundation and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOCs verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOCs certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.

fixes the pain points of other testing processes especially as infectious and asymptomatic people can test without travelling is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed.

Though we often get lost in technologies, frameworks, legislation, and economic models, its ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there.

This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.

Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential based on their health status, yet revealing no personal information or health data privately and securely on their mobile device.

Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification

The states contract with IBM details a Phase 2 of the Excelsior Pass, which could include uses that some advocates say raise privacy concerns.

What if people can prove their COVID status to different entities, prove that they are authentic and prove they were intended for them, without having to reveal any of their personal information; not even their names?

“We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities weve all dearly missed.”  – Tom Grissen, CEO, Daon

  • IATAs digital health passport paves the way to a new biometric identity for travel

    As FTE has previously reported, a number of other solutions have entered the digital health passport space in the past few months from various suppliers, including AOKpass, CommonPass, Daons VeriFLY, CLEAR Health Pass and IBM Digital Health Pass, just to name a few. Despite the growing competition, IATA is clear that its aim is not to dominate the market, but to make sure that standards are established to create a secure and interoperable solution.

  • Setting up digital ID regime could provide boost to post-pandemic recovery

    If the global pandemic has shown us anything, its that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online.

  • Digital vaccine certificate looms as HR's next problem

    It's going to take a while for the efforts to sort themselves out, Beck said, but he believes it will happen by the fall or year-end. Government funding may be forthcoming.

Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said.

LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards

The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.

Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability.

LFPH and our partner organizations are ready to collaborate with you on this.

  • Covid Vaccinations Data Donor Program – A Proposal for the Scottish Government

    “The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry

Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the vaccination scheduling system as an immediate step for example.

On Tuesday, the Good Health Pass Collaborative (GHPC) launched.

ID2020 announced the launch of the Good Health Pass Collaborative along with more than 25 leading individual companies and organizations in the technology, health, and travel sectors — including the Airports Council International (ACI), Commons Project Foundation, Covid Credentials Initiative, Evernym, Hyperledger, IBM, International Chamber of Commerce (ICC), Linux Foundation Public Health, Lumedic, Mastercard, Trust Over IP Foundation, and others.

  • Working Together on What “Good” Looks Like - Hyperledger

    This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.

  • Digital Health Pass IBM

    the digital wallet can allow individuals to maintain control of their personal health information and share it in a way that is secured, verifiable, and trusted.  Individuals can share their health pass to return to the activities and things they love, without requiring exposure of the underlying personal data used to generate the credential.

  • Microsoft joins coalition to accelerate the release of COVID-19 Vaccine Passports

    VCI coalition members are working to enable digital access to vaccination records using the open, interoperable SMART Health Cards specification, based on W3C Verifiable Credential and HL7 FHIR standards. The VIC will enable individuals to obtain an encrypted digital copy of their immunization credentials to store in a digital wallet of their choice. Those without smartphones could receive paper printed with QR codes containing W3C verifiable credentials.

  • Vaccination Certificate Vocabulary Tobias Looker

    I'd like to propose a new work item that formally defines a vocabulary for issuing Vaccination Certificates in the form of Verifiable Credentials.

  • Covid has accelerated Canadians demand for digital ID DIACC

    three-quarters of the population feels its important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey.

  • Digi.me partners with Healthmark to enable Covid testing and verified result reporting

    Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed.

  • Center for Global Development: A COVID Vaccine Certificate

Building on Lessons from Digital ID for the Digital Yellow Card

Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation.

This is a thread to keep an eye on. >> Anil John writes:

Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."

Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.

Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.

If you havent already you might want to check out this google sheet

As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news.

If you'd like to submit relevant news or articles for the database, please go to https://bit.ly/2JfKbpf.

Any Covid-19 vaccine passport scheme set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners.

[Research] Vaccine passports and COVID status apps Ada Lovelace Inst.

Not to late to contribute to this Ada Lovelace Institute Project the due date is Feb 28th

An evidence review and expert deliberation of the practical and ethical issues around digital vaccine passports and COVID status apps

Highlights from Ping Identitys Andre Durand, and Richard Bird on an episode of Pings new podast Hello User

we explore how the pandemic has opened up an opportunity to shape the future of personal identity.

  • Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
  • Takeaway #2: Third parties have much more control over digital identity than individuals.
  • Takeaway #3: Were on the cusp of a tectonic shift in the notion of digital identity.
  • Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
  • Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.