2021-06-18 Paper Based Credentials Drafting Group Meeting Notes
Attendees
- David Janes
- Kaliya Young
- Tony Rose
- Rebecca Distler
- Vitor Pamplona
- Justin Dossey
- Marie Wallace
- Travis James
Agenda Items
Time | Item | Who |
---|---|---|
2 min | Welcome & Antitrust Policy Notice | Rebecca |
55 min | Review of Public Input | Rebecca & all |
3 min | Wrap up | Chair |
Presentations
Recording
Topic: Good Health Pass - Paper Credentials
Start Time : Jun 18, 2021 10:59 AM
Meeting Recording:
https://zoom.us/rec/share/IFe4677O2vLJsMlS05TIDkjLUaBsT3fenncJgHrD3FLTH5foauctraPB3O444f0V.uo0Os0Xd4EHOinBv
Notes
1. Welcome and Linux Foundation antitrust policy
2. Review of Public Input
- Move input on executive level decision makers into general feedback
- Input on privacy
- Make it clear that the requirements drove this paper-based option
- Reality is suboptimal; here are risks but if you have to do it, this is the way to do it
- Already out there; not the best thing, already out there
- Constrained this - big warning label - best way to do this is digital
- Can have credentials on paper and expiring passes
- QR code with your information, exchange this for a pass, but pass can’t be digitally signed
- Fundamentally, want to go to a URL that disappears - no information can be derived after a few days
- Distinction between paper cred as we see it, and the link to portal
- If you’re providing a link to portal; it’s a wallet, holder is the owner of - holding information online; QR not a credential, just a link
- Online version - custodial wallet and holder places credentials there
- If they want to use QR to represent information, we don’t need to follow paper creds
- Not trying to solve the problem of how do you give a person a piece of paper that provides a proof response online - harder problem
- Offline presentation and verification is incompatible with verifier collusion - but design constraints require we come up with something workable in this ecosystem
- Offline use case is not a secondary use case - if you look at Europe, 26 countries with millions of credentials and a basic requirement is that if they can’t be verified offline
- Separate offline from paper credentials - two separate problems; paper-based is paper, offline is different
- Proof request offline (cached keys); two separate problems
- Harder problem is doing request from QR code - it’s entirely new protocol that won’t do anything; maybe we need to create working group for that option - if you have wallet online, way to communicate with verifier that is not online
- Offline/offline vs. offline/online
- Action item: Explicitly separate offline vs paper - requirement for paper vs. offline; can use standard digital wallet and can do offline verification; you do not need ot use a paper based credential
- Better than what exists today (a PDF, CDC card) and easy for IIS systems to do
- Difference between QR and photo of CDC card
- QR code is the credential
- CDC is the record; it’s obvious it’s a photo - QR codes can be replicated
- In practice, very few people care about it - the value-add of the signature in practice is minimum or non-existent
- Should be mindful because having something you can share
- Unique ID to anonymous entity? If name and DOB is there; psyneuonomized?
- Only do this if you have a paper based requirement
- Verify the verifier
- No one wants to go the paper route - there is nobody out there; if governments do it for citizens, could do it quickly, but no appetite for governments to stand up digital wallets for all of their citizens
- Be explicit in that we’re not doing offline/online
5. Wrap up
Action Items
- Rebecca & Marie to revise intro and background