2021-06-18 Paper Based Credentials Drafting Group Meeting Notes

Attendees

  • David Janes
  • Kaliya Young
  • Tony Rose
  • Rebecca Distler
  • Vitor Pamplona
  • Justin Dossey
  • Marie Wallace
  • Travis James

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeRebecca
55 minReview of Public InputRebecca & all
3 minWrap upChair 

Presentations

Recording 

Topic: Good Health Pass - Paper Credentials
Start Time : Jun 18, 2021 10:59 AM

Meeting Recording:
https://zoom.us/rec/share/IFe4677O2vLJsMlS05TIDkjLUaBsT3fenncJgHrD3FLTH5foauctraPB3O444f0V.uo0Os0Xd4EHOinBv

Notes

1. Welcome and Linux Foundation antitrust policy

2. Review of Public Input

  • Move input on executive level decision makers into general feedback
  • Input on privacy
    • Make it clear that the requirements drove this paper-based option
    • Reality is suboptimal; here are risks but if you have to do it, this is the way to do it
    • Already out there; not the best thing, already out there
    • Constrained this - big warning label - best way to do this is digital 
    • Can have credentials on paper and expiring passes
    • QR code with your information, exchange this for a pass, but pass can’t be digitally signed 
    • Fundamentally, want to go to a URL that disappears - no information can be derived after a few days
  • Distinction between paper cred as we see it, and the link to portal
    • If you’re providing a link to portal; it’s a wallet, holder is the owner of - holding information online; QR not a credential, just a link
    • Online version - custodial wallet and holder places credentials there
    • If they want to use QR to represent information, we don’t need to follow paper creds
  • Not trying to solve the problem of how do you give a person a piece of paper that provides a proof response online - harder problem
  • Offline presentation and verification is incompatible with verifier collusion - but design constraints require we come up with something workable in this ecosystem 
  • Offline use case is not a secondary use case - if you look at Europe, 26 countries with millions of credentials and a basic requirement is that if they can’t be verified offline
  • Separate offline from paper credentials - two separate problems; paper-based is paper, offline is different
  • Proof request offline (cached keys); two separate problems
  • Harder problem is doing request from QR code - it’s entirely new protocol that won’t do anything; maybe we need to create working group for that option - if you have wallet online, way to communicate with verifier that is not online
  • Offline/offline vs. offline/online 
  • Action item: Explicitly separate offline vs paper - requirement for paper vs. offline; can use standard digital wallet and can do offline verification; you do not need ot use a paper based credential
    • Better than what exists today (a PDF, CDC card) and easy for IIS  systems to do 
  • Difference between QR and photo of CDC card
    • QR code is the credential 
    • CDC is the record; it’s obvious it’s a photo - QR codes can be replicated 
    • In practice, very few people care about it - the value-add of the signature in practice is minimum or non-existent
    • Should be mindful because having something you can share 
    • Unique ID to anonymous entity? If name and DOB is there; psyneuonomized?
  • Only do this if you have a paper based requirement 
  • Verify the verifier 
  • No one wants to go the paper route - there is nobody out there; if governments do it for citizens, could do it quickly, but no appetite for governments to stand up digital wallets for all of their citizens
  • Be explicit in that we’re not doing offline/online

5. Wrap up 

       

Action Items

  1. Rebecca & Marie to revise intro and background