2021-04-23 Paper Based Credentials Drafting Group Meeting Notes

Attendees

  • Tony Rose
  • Rebecca Distler
  • Travis James
  • David Janes
  • Vitor Pamplona
  • Marie Wallace
  • Justin Dossey
  • Drummond Reed
  • Chatchai
  • Kaliya Young
  • Jamal Dorsey

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeRebecca
20 minDiscussion on RecommendationsDavid
35 minDiscussions on DraftDavid
3 minWrap upDavid 

Presentations

Recording 

Topic: Good Health Pass - Paper Credentials
Start Time : Apr 23, 2021 11:01 AM

Meeting Recording:
https://zoom.us/rec/share/5rVl75My53IHjEC_KUxaNZFo6sTSWTRCycReqYkc1VPmu7QjSwUr0cMqkOrnFvIO.SarFMRIhkA-DnWDM

Notes

1. Welcome and Linux Foundation antitrust policy

2. Discussion on Recommendations

50 year requirement

  • Have to renew passes (might need to renew)
  • Every single solution has this problem
  • Test results and vaccines will expire
  • Credentialing an “arms race” - build something to replace credentials periodically 
  • Immunization certificates will not have an expiration date
  • Inherently doing something that’s signed
    • If you want it to work in the future, making decisions about it’s signed
    • Has to be readable - even if all of the infrastructure disappears, there is a readable document (every credential must have human readable and machine readable)

List of “Musts”

  • Consolidate list and give examples
  • A lot of things are piling into one section
  • Stuff on size of QR code, cross-reference

Reference Implementation

  • Facilitate adoption of framework to optimize development time
  • For QR code and card design, use some existing designs?
  • Don’t overwhelm implementers
  • Open source repos: medcreds going into linux foundation, add paper creds reference (e.g., how to verify)
    • Has gone through code reviews, tech advisory committee voting next week 
    • Repo open and can figure out how to structure it
    • Medcreds built on sovrin, aries - ties to trinsic - question of how paper fits into this; add to Github?
  • Nested under ToIP so that specs can be leveraged - maybe hosted in the long-run? Need to determine where to host code
  • Take IDEO design and make some variations for different use cases; requires some human readable aspects 

3. Walk Through of the Draft

  • User experience
    • Need to define “low end”
    • For any “must” we need to be specific 
  • Privacy & Disclosure
    • Move A, B, C  to new section
    • Be clear when we’re referring to verifiers or issuers 
  • Data Fungibility - move to digital interoperability
  • Lots of cases where people want to use paper credentials in a digital scenario 
  • Should specify which versions of W3C models to support
  • KIQ3 - data minimization important 
    • QR code size limitations - how do I optimize 
    • Payload shouldn’t be encrypted in such a way that the holder can’t see what’s in it
    • No customer wants the QR code to be easily readable (not everyone should be able to open it up) - to be debated on Slack
    • BC government very worried about “naked” QR codes
  • Security & Privacy
    • Can you have credentials out there that fit our description but are not owned by holder? Could be a barrier to implementation
    • Important to have credentials widely rather than limit implementation by using laws
    • How do you implement right to be forgotten?
    • Implementers should think through these things - we’re describing best practices. 

5. Wrap up 

  • Next steps

Action Items

  • Vitor to take section 7 (QR codes)
  • David to take section 2 (Standard Data Models)
  • Marie to take section 1 (Consistent User Experience)
  • Justin to take section 4 (Security, Privacy & Data Protection)