decentralized-id.github.io/identosphere-dump/real-world/covid-coronavirus.md
2023-05-31 22:36:44 +05:30

56 KiB
Raw Blame History

published
false

Scams

Scammers Selling Fake #COVID19 Vaccination Cards for Just $20 The security firm DomainTools claims to have seen authentic-looking CDC cards selling for as little as $20 each on domains like covid-19vaccinationcards[.]com, which features a Lets Encrypt TLS certificate. “Though selling a printed card is not necessarily illegal, the pricing, logo and cardstock of these vaccination records demonstrate a level of intent to pass as legitimate cards from the CDC,” explained DomainTools senior security researcher, Chad Anderson. https://www.infosecurity-magazine.com/news/scammers-sell-fake-covid19/ https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0077.html

COVID-19 vaccination cards are dangerously easy to fake — what you need to know Israeli security firm Check Point reports that fake American and Russian vaccination certificates are being sold online for between $100 and $200. Fake COVID-19 negative test results cost as little as $25, while (likely fake) COVID-19 vaccine sells for about $500 per vial. https://www.tomsguide.com/news/fake-covid-vaccination-cards

Standards

As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences.

The WHO guidance covers 28 types of vaccines that we (as a global society) depend on, including Measles, Smallpox, Polio, Yellow Fever, COVID-19, and others. We (Digital Bazaar) thought it might be interesting to see if we could create an interoperability test suite for the WHO Smart Vaccination Card work using the tools listed above.

https://w3id.org/vaccination/interop-reports

[1]https://w3c-ccg.github.io/vaccination-vocab/ [2]https://www.who.int/publications/m/item/interim-guidance-for-developing-a-smart-vaccination-certificate [3]https://github.com/w3c-ccg/vc-http-api

The Digital Health Credential System Implementation Guide The Implementation Guide V1 provides a set of baseline recommendations to the CCI community of application and services developers, implementers with which to evaluate product designs. The requirements mentioned in this guide should be read along side (and not as a substitute to) the regulations applicable to the jurisdiction in which the applications and services will be made available https://cci-2020.medium.com/the-implementation-guide-v1-is-out-f958e1fd69b0 https://drive.google.com/file/d/1eSrFxFldD6TBkfmOFTXBkBu2TYf3qFv2/view) Covid Credentials Initiative

This is the mailing list for the US subgroup of the Vaccine Credentials Focus Group. You can see the group charter here.

Participating and contributing in this group requires a CCI membership, open and free to all (organizations and individuals). If you are not a CCI member yet, please request a membership agreement at https://www.covidcreds.org/#Join.

Explainer

The value of verifiable credentials in the evolving digital identity landscape In my recent podcast with Brad Carr of the Institute of International Finance, we discussed how digital identity and verified credentials can support a digital-first world, something thats extremely relevant amid the current pandemic. https://verified.me/blog/the-value-of-verifiable-credentials-in-the-evolving-digital-identity-landscape/ Verified Me

Its quite important to outline the difference between #selfsovereignidentity and centralised solutions in the development of #covid #vaccinepassports.

The former requires zero trust on third parties, the latter is prone to hacking and abuse.

What if people can prove their COVID status to different entities, prove that they are authentic and prove they were intended for them, without having to reveal any of their personal information; not even their names?

Until the time digital records for vaccination are as simple and do not require a second thought around wallet/app/credential format etc - we have a long way to go before they are inevitable.

  • Evernym: Privacy-Preserving Verifiable Credentials in the Time of COVID-19 Hyperledger

    This session will focus on the analysis and discussion of two use cases where legacy identity solutions were unable to meet the needs, but ledger based solutions have been successful: covid credentials for travel, and employment credentials for staff movements.

  • Not too much identity technology, and not too little

    We should digitize nothing more and nothing less than the fact that someone received their vaccine.  A verifiable credential carrying this information would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the shot.  The underlying technology should be robust, mature and proven at scale ― as is PKI and public key certificates

  • A trusted internet. Easy and secure. For everyone. Enabled by digital credentials and SSI technology.

Already today, credentials are being used in a wide variety of applications, such as a digital identity card, a work permit or a test certificate. We would like to explain the functionality and potential use cases for credentials by following our protagonist called Sam, who has just completed a Covid-19 rapid test.

With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record.

Binding an identity to a Verifiable Credential remains valid beyond the point of verification by being able to match a real-time biometric data point with one which was logged at the point of verification

  • Setting up digital ID regime could provide boost to post-pandemic recovery

    If the global pandemic has shown us anything, its that the need for reliable and secure data is paramount as businesses, governments, and Canadians from Vancouver to Quebec City to Charlottetown and everywhere in between move online.

  • Working Together on What “Good” Looks Like - Hyperledger

    This initiative is intended to define, in the context of test results and vaccination records for opening up borders for travel and commerce, a high bar for implementations of identity and credentialing systems to meet with regards to privacy, ethics and portability. They will also work with the implementers of such systems to converge towards common standards and governance.

Immunity passports' could speed up return to work after Covid-19 https://www.theguardian.com/world/2020/mar/30/immunity-passports-could-speed-up-return-to-work-after-covid-19 * What are, in your opinion, the riskiest assumptions when writing an Software Development Kit? * For you, what are the most promising SSI projects or repos? * What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges? * What are the upsides of using Zero MQ over a common HTTP Rest connection? * How hard would it be to replace the current Transport Layer Security architecture with SSI? * Why was Rust chosen to write Indy-SDK? * Specific roadblocks other people in this space should look out for? * What are the books you have recommended most to others?

Highlights from Ping Identitys Andre Durand, and Richard Bird on an episode of Pings new podast Hello User

we explore how the pandemic has opened up an opportunity to shape the future of personal identity.

  • Takeaway #1: We digitized much of our economy during the pandemic but neglected one important aspect: identity.
  • Takeaway #2: Third parties have much more control over digital identity than individuals.
  • Takeaway #3: Were on the cusp of a tectonic shift in the notion of digital identity.
  • Takeaway #4: The pandemic has accelerated the changes needed to shape the future of digital identity security.
  • Takeaway #5: Moving control of digital identity to the individual will dramatically change our current identity and access management systems.
  • Digital Infrastructure for Vaccination Open Credentialing (DIVOC) - This is an open-source platform that enables countries to digitally orchestrate country-wide health campaigns such as vaccinations and certifications.
  • EU Digital COVID Certificate (EU-DCC) - This specification allows EU citizens and residents to have their digital health certificates issued and verified across the EU.
  • Smart Health Card (SHC) - This initiative encourages the development of open standards and technologies to connect people with their health data. Led by Microsoft, Vaccination Credential Initiative (VCI), The Commons Project, and The MITRE Corporation, SHCs are seeing wide adoption across North America.
  • International Civil Aviation Organisation - Visible Digital Seal (ICAO-VDS) - This is a travel document verification to re-establish travel and trade through aviation.

Official ID

This article discusses areas of law that are developing rapidly [...] our goal is to address some of the legal considerations that health certificates raise with respect to, and in the context of, the development of a comprehensive system of digital identity management.

This paper explores the five key challenges facing the industry and the IT investment priorities that have the greatest potential to support governments, airports, and airlines over the next 18 months to rebuild a strong and agile business.

  • Covid-19 spurs national plans to give citizens digital identities

    The MOSIP project, which got going in March 2018, is nested in Bangalores International Institute of Information Technology (IIIT-B) and endowed with funding of $16m from the Omidyar Network, the Bill and Melinda Gates Foundation and Tata Trusts.

  • Digital Health Passports for COVID-19

    This is a study of Digital Health Passports relating the benefits in managing the pandemic, while also detailing concerns around data protection and the private information at risk of being over-exposed. Recommendations include:

  • WHO goes there? Vaccination Certificates Technology and Identity Stephen Wilson

    Based on experience building a mobile credentials wallet for the Department of Homeland Security, I argue the proper goal of a digital vaccination certificate should be confined to representing nothing more and nothing less than the fact that someone received their jab. Such a Verifiable Credential would include the place, date and time, the type of vaccine, and the medico who administered or witnessed the jab.

  • We dont need immunity passports, we need verifiable credentials

    Paper certificates, PDFs, wristbands and mobile apps have all been suggested — and the former director of the Centers for Disease Control, Tom Frieden, and international human rights attorney Aaron Schwid urged the adoption of digital “immunity passports” as a way to reopen the world.

In theory, their idea is great. In practice, its terrible. Or, as the Daily Beast put it: “Vaccine Passports Are Big Techs Latest Dystopian Nightmare.”

Excelsior Pass Plus, a result of the strategic partnership between New York State and VCI, will provide New Yorkers safe access to retrieve a secure, digital copy of their COVID-19 vaccination record using the SMART Health Cards Framework - making their interstate and international travel and commerce experiences safer, contact-less, and more seamless.

LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards

The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.

"Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability." https://www.lfph.io/wp-content/uploads/2021/02/LFPH-Calls-for-Coordination-of-Digital-Vaccination-Records-Using-Open-Standards.pdf

Based on what Biden has said generally about public health, Beck believes the new administration plans to make "a big commitment to health equity and improving public health systems broadly," he said.

The EU previously announced fully vaccinated Americans could travel this summer and regional EU travellers could potentially use an EU Digital COVID Certificate as early as July 1.

  • Covid Vaccinations Data Donor Program – A Proposal for the Scottish Government

    “The Scottish Government must invest in data, digital and technology in health and social care to help Scotland recover from Covid-19. Closing the data gap in the sector could be worth £800m a year and deliver savings of £5.4bn to NHS Scotland. SCD said better data would help to build resilience against future public health challenges, which in turn will drive a healthy economy.” - Scottish Council for Development and Industry

Our solution provides a platform for achieving exactly this, both in terms of equipping Scotland with a powerful integrated data environment and also through a framework where developers can further build on this with other apps for a myriad of other use cases. It could be tied in with the vaccination scheduling system as an immediate step for example.

The DIVOC project is hosted and maintained by Indias eGov Foundation and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOCs verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOCs certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.

Digital Green (EU)

  • The EU Digital Green Certificate Program Evernym

    Although the EUs approach to COVID-19 health certificates (the Digital Green Certificate implements existing technology and supports both paper and digital credentials, offline usage, and speedy verification, it makes a number of security and privacy compromises. Our analysis found it to be inherently centralised and better suited for low assurance use cases.

  • The EU Digital Green Certificate Program: Analysis & Comparison

    The EU has announced a program called “Digital Green Certificate” intended to provide proof of COVID-19 test or vaccination status for EU citizens. The intention is to “facilitate safe and free movement during the COVID-19 pandemic within the EU”. It is voluntary and free for citizens.

    This is an analysis of the EU program and how it compares to a digital credential based approach. Important: this analysis is focused on the technical aspects of the EU program, not the medical or political aspects.

Vaccine Passports

  • Platform Architecture for Covid-19 Digital Passports

    • Appii Appii has developed their Health Passport, a service that verifies your identify through a selfie photo, is populated through recording your test result at one of their partner sites (eg. Lloyds Pharmacy) and provides a digital certification.
    • Digi.me Digi.me is a specialist in general data sharing services and have developed a number of apps that build on this capability, including a Covid-19 solution.
  • Coming Soon: The Vaccine Passport

    “The global passport system took 50 years to develop,” said Drummond Reed, chief trust officer for Evernym. “Even when they wanted to add biometrics to that to make it stronger, that took over a decade to agree on just how youre going to add a fingerprint or a facial biometric to be verified on a passport. Now, in a very short period of time, we need to produce a digital credential that can be as universally recognized as a passport and it needs an even greater level of privacy because its going to be digital.”

  • Everything You Need to Know About “Vaccine Passports” IdentityWoman \ Mother Jones

    Andy Slavitt, a White House senior adviser for COVID response, specified at a March 29 briefing that “unlike other parts of the world, the government here is not viewing its role as the place to create a passport, nor a place to hold the data of citizens.”

  • Vaccine Passports Must Leverage Decentralized Identity Solutions Ontology

Decentralized identity solutions offer an ideal solution to the data privacy and identity risks associated with COVID-19 passports and other verification methods.

Health Pass

Health passes, though, are much more flexible as they provide multiple options. They can still be used as proof of vaccination, if the user chooses to share their health information in this way.

But, importantly and in a crucial difference from vaccine passports, they can also be used to securely display a test result, such as a negative PCR or rapid antigen test (also known as lateral flow tests) today. Additionally, they are also future-proofed for options such as rapid antibody test results when those come into play on a large scale.

App

ZADA apps are all launched and our first digital ID a COVIDPASS is being issued by Pun Hlaing Hospitals to everyone who gets vaccinated.

“We envision a world where your VeriFLY digital wallet will provide access to the places you and your family want to visit. And the ability to accept a vaccine health credential will accelerate opportunities to resume activities weve all dearly missed.”  – Tom Grissen, CEO, Daon

Apple Announces Support for VCI credentials at WWDC (Almost proper JSON-JWT but not quite)

Interoperability is a fundamental property of tech systems that are generative and respect individual privacy and autonomy. And, as a bonus, it makes people's live easier!

  • Health data must be private and secure by design, always

    But there is always time to reflect on privacy and security, and design from the ground up accordingly. At digi.me, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our Consentry health pass as they move forwards.

  • PocketCred Verifiable Credentials

    Pravici PocketCred (formerly VeriCred) is built on Blockchain technology, specifically to address credential issuance and verification, such as one for COVID-19 vaccines. We at Pravici have been working to build a digital pass that citizens can carry in their mobile device or digital card to prove that they have taken a test or vaccine. Our software application features user-friendly creation of schemas* and proof templates, as well as QR code technology for credential issuance and verification.

  • Digi.me creates first working UK vaccine passport capability

    Digi.mes health pass is built on the same principles as our existing secure data exchange platform, and can be displayed on demand on a users phone. It is verified fully private, secure and tamper-proof due to multiple robust security measures including encryption.

This health pass has been designed to be fully interoperable with other international standards, such as the UN Good Health Pass Collaborative, of which digi.me is a member.

  • Digi.me partners with Healthmark to enable Covid testing and verified result reporting

    Consentry healthpass capability is an end-to-end solution which enables users to take a self-administered PCR saliva test, send it in for processing, and then receive an in-app result. Crucially, Consentry also generates a certified and dated travel certificate, together with qualifying details of the test taken, which can be printed, shared securely or displayed as needed.

MedCreds

Cardea

Travel

Tata Consulting Services a vision for how SSI can be used to re-open global travel with the reality of COVID-19.

SSI still requires market validation, and support for its implementation is currently limited to a relatively small group of technologists and enthusiasts. However, the implementation of SSI in the travel industry at a future point in time, especially once the standards and protocols are production ready and existing user experience challenges have been resolved, is something that all travel industry stakeholders should be watching, waiting and ready for.

Reviving trust in safe travel is possible using digital identity and immunity credentials.

  • Travel bans, quarantines and lockdowns have negatively impacted the travel industry
  • Restoring trust and safety is paramount for travel, tourism and hospitality industries to recover
  • Self-sovereign identity (SSI) built on distributed ledger technology (like blockchain) and cryptography could be used to reinvigorate travel by allowing individuals to easily and securely demonstrate their immunity status

Together SITA and Indicio.tech utilized Hyperledger Aries, Ursa, and Indy to create a secure travel credential that is accepted by airlines, hotels and hospitality partners without sharing private health information. In this panel discussion, SITA and Indicio.tech will share their journey of applying verifiable credentials in commercial aviation and travel/hospitality to make it easy for visitors entering a country to share a trusted traveler credential based on their health status, yet revealing no personal information or health data privately and securely on their mobile device.

Guidance

Without transparent operational guidance, peoples privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.

  • Getting Privacy Right with Verifiable Health Credentials

    Verifiable health credentials have never been more important or more urgently needed. Yet, as an industry, we have a responsibility to ensure that the solutions we deploy today are held to the highest bar and set the right precedent for personal data privacy.

Demo - Trials

  • British Airways to trial Verifly digital health passport

    The trial begins on February 4 on all of the carriers transatlantic routes between London and the US (currently New York JFK, Los Angeles, San Francisco, Boston, Chicago, Dallas, Miami, Washington, Houston and Seattle).

It will be run in conjunction with joint business and Oneworld partner American Airlines, which is already using the technology on international routes to the US.

Good Health Pass

Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the DIF Interop Working Group

  1. Paper Based Credentials will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
  2. Consistent User Experience will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
  3. Standard Data Models and Elements will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
  4. Credential Formats, Signatures, and Exchange Protocols will specify the requirements for technical interoperability of Good Health Pass implementations.
  5. Security, Privacy, and Data Protection will define the safety requirements for Good Health Pass compliant implementations.
  6. Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
  7. Rules Engines will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
  8. Identity Binding will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
  9. Governance Framework will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.

COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests

The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.

Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows

Trust Registries

Trust registries primarily answer the question of how a verifier can trust that an issuer is authoritative to issue a particular type of verifiable credential under the policies of a particular governance framework.

  • [Dave Chadwick] The trust registry should not mandate that it contains a DID, The feedback is that it will be a URI.

we are proud to launch the Global COVID Certificate Network (GCCN), an initiative to enable interoperable and trustworthy verification of COVID certificates between jurisdictions for safe border reopening. GCCN will include a global directory of trust registries to enable cross-border certificate verification, and be a home for toolkits and community-managed support for those building and managing COVID certificate systems.

  1. Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.

Development

  1. The thing just has to work — This may sound like a no-brainer, but from our experience, this can be often overlooked. Want broad adoption? Your application must be fast and functional. If it causes too much friction people either wont use it or theyll look for ways around it.

Ever since the Covid pandemic started in 2020, various groups have seen verifiable credentials as a means for providing a secure, privacy-respecting system for health and travel data sharing. This post explores the ecosystem of ecosystems that is emerging as hundreds of organizations around the world rise to the challenge of implementing a globally interoperable system that also respects individual choice and privacy.

COVID, Verifiable Credentials, Biometrics, Privacy

Converting the COVID CDC Vaccination Card into a standardized digital credential is turning out to be harder than expected. The conversation has become prominent in the news and risks being politicized to the detriment of public health efforts around the world.

Defining the Future of IoT with Distributed Identity Management

Dylan realizes that the identified design requirements correspond to properties that are typically solved by means of cryptography. To embed cryptographic methods securely in their network, VirGo needs to identify both a network architecture and an identity management paradigm that fulfill the design principles when they interact.

Dylan has identified the requirements towards their IoT network and possible secure network architectures. Still, two challenges remain unsolved: the configuration effort required to setup device APIs and communication protocols, and the question of how to securely identify and authenticate the devices.

CCI

If you havent already you might want to check out this google sheet

As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news.

If you'd like to submit relevant news or articles for the database, please go to https://bit.ly/2JfKbpf.

CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes. CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact.

Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke

In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued
- Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve
- Issuers asking what if we make a mistake (re-issue)
- Holders having problems findin there vaccination VC
- Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details
- Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.
- Unclear on how to get VC and underlying data into the hands of holders, particularly as holders dont have the technology and skills to manage their health data.
- Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data
- WHO standard will likely be adopted in the Global South (hemisphere)
- GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)
- The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult
- Paper credentials have been getting consensus on interim solutions.
- W3C and WHO are great candidates.
- Affinidi is making a universal verifier application (https://www.affinidi.com/)

This is a thread to keep an eye on. >> Anil John writes:

Because I believe that this is an important conversation, I figure I would put together some high level slideware that synthesizes and shares the answers I have provided directly to those who have asked.  I am not in the hearts and minds business, so consider this in the spirit of the quote from Bruce Lee - "Absorb what is useful, Discard what is not, Add what is uniquely your own."

Happy to chat to share our mistakes, so that you don't need to repeat them, with those who have a public interest focus in this area.

This is the Use Case Implementation Workstream of the COVID Credentials Initiative (CCI). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.

User Experience

Though we often get lost in technologies, frameworks, legislation, and economic models, its ultimately the human aspect that will define the future of the digital identity industry. Bearing this in mind can determine the heights we scale and how quickly we can get there.

We are starting a new research project — and wed like you to join us on the journey. Over the course of 2021, Qhala and Caribou Digital, with the support of the Mastercard Foundation, will work to understand the impact of COVID-19 on young womens experiences working or selling through online platforms in Kenya.

But who is the “we”? The research asks exactly that — who is the “we” that needs to make the platform work better for women?

fixes the pain points of other testing processes especially as infectious and asymptomatic people can test without travelling is cheap, eminently scalable, and can be used as secure proof of Covid health status where needed.

Well, my proof of vaccination finally arrived, and the result is… actually pretty okay. Still, there's always some fun to be had in zero-knowledge hacks, so I thought I'd blog about my experiences anyway.

Version 1 of the Ontario COVID Vaccine Certificate is a cumbersome experience that needs some work

What I observed is NOT a user-friendly experience for either the customer or the business. For the experience to be improved it needs to be a single presentation operation of either a paper or digital certificate that the business can verify in one step.

The advantage of a paper and ID card presentation ritual is that it is difficult to hack. So if we are going to improve the presentation with a single credential as above, privacy and security MUST be protected.

Building on Lessons from Digital ID for the Digital Yellow Card

Covid Vaccination Certificate will be a formidable challenge, not only to international cooperation, but because it will need to be implemented in the course of mass vaccination campaigns across countries with very different health management systems and ID systems and with a constantly evolving situation.

Caution

Any Covid-19 vaccine passport scheme set up in the UK could easily turn out to be discriminatory and invasive, and open the door to worse abuses of privacy in future, say security experts and campaigners.

[Research] Vaccine passports and COVID status apps Ada Lovelace Inst.

Not to late to contribute to this Ada Lovelace Institute Project the due date is Feb 28th

An evidence review and expert deliberation of the practical and ethical issues around digital vaccine passports and COVID status apps