Time	Item	Who
2 min	Welcome & Antitrust Policy Notice	Rebecca
20 min	Discussion on Recommendations	David
35 min	Discussions on Draft	David
3 min	Wrap up	David

Topic: Good Health Pass - Paper Credentials
Start Time : Apr 23, 2021 11:01 AM

1. Welcome and Linux Foundation antitrust policy

2. Discussion on Recommendations

50 year requirement

Have to renew passes (might need to renew)
Every single solution has this problem
Test results and vaccines will expire
Credentialing an “arms race” - build something to replace credentials periodically
Immunization certificates will not have an expiration date
Inherently doing something that’s signed

If you want it to work in the future, making decisions about it’s signed
Has to be readable - even if all of the infrastructure disappears, there is a readable document (every credential must have human readable and machine readable)

List of “Musts”

Reference Implementation

Facilitate adoption of framework to optimize development time
For QR code and card design, use some existing designs?
Don’t overwhelm implementers
Open source repos: medcreds going into linux foundation, add paper creds reference (e.g., how to verify)

Has gone through code reviews, tech advisory committee voting next week
Repo open and can figure out how to structure it
Medcreds built on sovrin, aries - ties to trinsic - question of how paper fits into this; add to Github?

Nested under ToIP so that specs can be leveraged - maybe hosted in the long-run? Need to determine where to host code
Take IDEO design and make some variations for different use cases; requires some human readable aspects

3. Walk Through of the Draft

QR code size limitations - how do I optimize
Payload shouldn’t be encrypted in such a way that the holder can’t see what’s in it
No customer wants the QR code to be easily readable (not everyone should be able to open it up) - to be debated on Slack
BC government very worried about “naked” QR codes

Can you have credentials out there that fit our description but are not owned by holder? Could be a barrier to implementation
Important to have credentials widely rather than limit implementation by using laws
How do you implement right to be forgotten?
Implementers should think through these things - we’re describing best practices.

5. Wrap up

Action Items

Browser not supported