2021-04-01 Consistent User Experience Drafting Group Meeting Notes

Attendees

  • Savita Farooqi (Symsoft Solutions)
  • Daniel Bachenheimer (Accenture)
  • Drummond Reed (Evernym)
  • DHY SIA (Singapore Airlines)
  • Xiang Wang (Singapore Airlines)
  • Brian Behlendorf
  • Jacques Bikoundou (Blockchain technologist)
  • Kaliya Young
  • Stacey-Ann Pearson (Affinidi)
  • Rebecca Distler (ID2020)

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
15 minGroup IntroductionsAll
15 min

Discussion of blueprint outline / user experience challenge area

All


15 min Good UX experience in air travelXiang Wang
15 min Mapping & next stepsAll

Presentations -

(PDFs posted)

Notes

1. Welcome and Linux Foundation antitrust policy

2. Group Introductions

3. Discussion of Blueprint Outline / UX Challenge Area

  • This group has the most cross-dependencies with the other groups; needs strong ties to paper-based credentials and identity binding group

  • UX name based on Kim Cameron laws of identity (won’t get to safe and trusted infrastructure unless people instinctively know what to do when they get the solution). If you don’t have consistent user experience, can be really challenging (or dangerous from a security/privacy standpoint)
  • Need something more generic - across the industry, multiple players might pitch a different user flow
  • We need to be able to show different user flows, and talk about requirements / pros and cons of user flows 
    • Tease out buckets; where do we want to start user flow from?
      • Ensure that we all understand the user flows out there

4. Good user experience in travel

  • Use of QR or barcode is extensive; all boarding passes have code that can be scanned on boarding 
    • Discussion that QR code may not be right terminology (vs. PDF417) 
  • Health credential (test result, vaccine) used at airport - check in with staff, officers, or use it at a kiosk for travel
  • Home check-in will be a major use case (how do we get back to pre-COVID at-home check-in experience)
    • Most airlines have turned off online check-in for COVID-19 but really want to resume this; so you need to use a laptop to do an online check-in or mobile app
    • Questions of how do I present the health credential digitally (via a computer) - have to make sure laptop camera is working; health credential might be within mobile app itself
  • People don’t always use the right name (hard to do identity binding)
    • Not unique - VCs are based on information from a passport; scans passport once and VC has core identity data 
    • Now you get a health credential in identity wallet - through wallet, agents are bound to that holder
    • IATA is doing self-registration - scan visual inspection zone of passport to read chip, do a selfie, and match face to chip face - that is “good enough”
  • When I share that information through selective disclosure, I could share certain information at check-in time to airline, and different information at departure and exit control and different information at destination country
    • Won’t translate because you need infrastructure for it - people have to have smartphones and we know from this exercise that we need a paper-based alternative
    • “subset” and “superset” is helpful mental model - would call them “core” and “variant” UX components
  • In general, airlines want a yes / no pass, but don’t want to touch health data
    • IATA TravelPass - 2 credentials (1 ok to fly, when you present to airline for privacy (airlines don’t want to know PHI, they just want some assurance you’re ok to fly); but in your destination country, you may be asked to present all of your information
  • Once you optimize the user/traveler experience, optimize that traveler experience with the verifiers in mind - then you will take care of the holder as well as the verifier (e.g., the airline)

5. Mapping and next steps

  • Separate out validation, verification, checking presented credential against set of requirements (adding Zone 4 - verification
  • Need to determine if, when we're talking about user, are we only talking about the customer? Or are we only talking about the airlines?
    • If we do it based on zones, can cover different users (users, airlines, etc.); verifiers and issuers have to do the right thing too
  • DVF = desirability, viability, feasibility - https://medium.com/innovation-sweet-spot/desirability-feasibility-viability-the-sweet-spot-for-innovation-d7946de2183c
  • How is consent being managed; regardless of the flows, there are certain things that if you are trying to be GHP-compliant, you need to fit this in 

     

Action Items

  1. Group to create standard user flows for 2-4 different flows that already exist (rather than trying to create one general user flow); provide comments in advance of next meeting
  2. Follow up on question if test suites and/or certification programs will be an outcome of GHPC?