10C/ COVID Credentials Initiative: Challenges & Learning

From IIW

COVID Credentials Initiative: Challenges & Learning

Wednesday 10C

Convener: Lucy Yang

Notes-taker(s): Neil Thomson

Tags for the session - technology discussed/ideas considered:

COVID Credentials

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps

Challenges and Learning covered. (Slides 13-14)

Slides covered https://docs.google.com/presentation/d/11K027LlitWljJu_XNTztqc6BGvhsD8JBX5OkavLEEMA/edit?usp=sharing

Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke

In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued

· Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve

· Issuers asking what if we make a mistake – (re-issue)

· Holders having problems findin there vaccination VC

· Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details

· Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.

· Unclear on how to get VC and underlying data into the hands of holders, particularly as holders don’t have the technology and skills to manage their health data.

· Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data

· WHO standard will likely be adopted in the Global South (hemisphere)

· GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)

· The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult

· Paper credentials have been getting consensus on interim solutions.

· W3C and WHO are great candidates.

· Affinidi is making a universal verifier application (https://www.affinidi.com/)

Question – what experience from the “wild” is contrary to the solution direction

· Existing imlementers (with proprietary solutions) are reluctant to move to evolving standards until they ARE standards (particularly if there are “competing” standards

· There are so many moving pieces (conceptually and details and governance frameworks and…)

· Some countries are insisting on seeing the underlying vaccination record (vs. a VC yes/no)

· What is relationship between CCI and GHP?

Answer – both groups have a large overlap in involved organizations and people

· GHP is driven by payments and travel industry

· CCI is being driven by the VC technologies

· [Anil john] this involves Pipes, Payloads and Policies

Some industry have comfort in being FHIR derived, supported by those how have bought into Electronic Health Records

Juristication – big friggin’ bomb of an issue

This is a place were Gov’t leadership would help, but concerned on hot Gov’t is acting

Perhaps throwing in out for solution and depending on Gov’t to sort out policy – is not a strong path to success

· Organization’s putting vaccines in the arm of people are not obligated to share most of the vaccination record information – but it is reality (major existing players make to much money on the data) – particularly for US organizations who are profit driven. Consistent with “Data benefiting tech” not willing to give up their data (that they make money from)