2021-04-23 Paper Based Credentials Drafting Group Meeting Notes
Attendees
- Tony Rose
- Rebecca Distler
- Travis James
- David Janes
- Vitor Pamplona
- Marie Wallace
- Justin Dossey
- Drummond Reed
- Chatchai
- Kaliya Young
- Jamal Dorsey
Agenda Items
Time | Item | Who |
---|---|---|
2 min | Welcome & Antitrust Policy Notice | Rebecca |
20 min | Discussion on Recommendations | David |
35 min | Discussions on Draft | David |
3 min | Wrap up | David |
Presentations
Recording
Topic: Good Health Pass - Paper Credentials
Start Time : Apr 23, 2021 11:01 AM
Meeting Recording:
https://zoom.us/rec/share/5rVl75My53IHjEC_KUxaNZFo6sTSWTRCycReqYkc1VPmu7QjSwUr0cMqkOrnFvIO.SarFMRIhkA-DnWDM
Notes
1. Welcome and Linux Foundation antitrust policy
2. Discussion on Recommendations
50 year requirement
- Have to renew passes (might need to renew)
- Every single solution has this problem
- Test results and vaccines will expire
- Credentialing an “arms race” - build something to replace credentials periodically
- Immunization certificates will not have an expiration date
- Inherently doing something that’s signed
- If you want it to work in the future, making decisions about it’s signed
- Has to be readable - even if all of the infrastructure disappears, there is a readable document (every credential must have human readable and machine readable)
List of “Musts”
- Consolidate list and give examples
- A lot of things are piling into one section
- Stuff on size of QR code, cross-reference
Reference Implementation
- Facilitate adoption of framework to optimize development time
- For QR code and card design, use some existing designs?
- Don’t overwhelm implementers
- Open source repos: medcreds going into linux foundation, add paper creds reference (e.g., how to verify)
- Has gone through code reviews, tech advisory committee voting next week
- Repo open and can figure out how to structure it
- Medcreds built on sovrin, aries - ties to trinsic - question of how paper fits into this; add to Github?
- Nested under ToIP so that specs can be leveraged - maybe hosted in the long-run? Need to determine where to host code
- Take IDEO design and make some variations for different use cases; requires some human readable aspects
3. Walk Through of the Draft
- User experience
- Need to define “low end”
- For any “must” we need to be specific
- Privacy & Disclosure
- Move A, B, C to new section
- Be clear when we’re referring to verifiers or issuers
- Data Fungibility - move to digital interoperability
- Lots of cases where people want to use paper credentials in a digital scenario
- Should specify which versions of W3C models to support
- KIQ3 - data minimization important
- QR code size limitations - how do I optimize
- Payload shouldn’t be encrypted in such a way that the holder can’t see what’s in it
- No customer wants the QR code to be easily readable (not everyone should be able to open it up) - to be debated on Slack
- BC government very worried about “naked” QR codes
- Security & Privacy
- Can you have credentials out there that fit our description but are not owned by holder? Could be a barrier to implementation
- Important to have credentials widely rather than limit implementation by using laws
- How do you implement right to be forgotten?
- Implementers should think through these things - we’re describing best practices.
5. Wrap up
- Next steps
Action Items
- Vitor to take section 7 (QR codes)
- David to take section 2 (Standard Data Models)
- Marie to take section 1 (Consistent User Experience)
- Justin to take section 4 (Security, Privacy & Data Protection)