13N/ SSI for COVID-19 - Compared to the altenratives which we want to articulate
SSI for COVID 19: A Comparison With Alternatives
Wednesday 13NConvener: Kaliya Young Identity Woman, Lucy Yang
Notes-taker(s):
Tags for the session - technology discussed/ideas considered:
SSI, covid, corona, pandemic, public health
CARE principals for data: https://www.gida-global.org/care
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
The general goal of this session is to collect input from session members on what are the alternatives to Verifiable Credentials that are being applied to address the health information challenges within this pandemic.
Alternatives to test result delivery VC’s:
In person - face to face
Test results communicated via a telephone call
Text message
Email delivery PDF document delivery of test results
Sending to a third party on your behalf.
Employer Testing on site.
Direct Access to Health Records - for decision making about COVID travel.
Government keeps a database of test results relative to a national ID number
Mobile phone app authentication
In the Ukraine
Install of the app for authentication
Intermittent checking from a government authority on location
Once tested-intermittent feedback fr government on test result status
Alternatives to Vaccination Records
Yellow Cards
Child Vaccination systems today track who has been vaccinated in the state level
in databases.National Level Database of people’s name addresses and status.
Problems
Fraud - easily faked
Theft
Malicious disruption (county where defence workers - your test came back clear
- ok to go to work)Impersonation
Damage to the artifact
Loss of phone
Binding
Closed source code is a threat vector so you can’t see it.
People who don’t have conventional forms of ID
No state ID / health care number / birth records
No stable address / phone number / email address
Attacks and failures are at the edges.
Fax Machine is core to the healthcare system today.
Infrastructure - verify signatures with public keys is 50 years out?
Johannes - gorry details of COVID apps.
Failure scenarios - what if the subcontractor of your official app snuck in some code that benefit the contractor (actual case)
Failure scenarios are whole system
Operations
Governance
Technology
Authenticity
| Goals | Updatable/Revocable | Who sees the data? | Verifiable (crypto Signatures match and come from assured place) | Binding | Durable | Secure (at systems level?) | Portable | Interoperable | Scalable | Shareable |
|---|---|---|---|---|---|---|---|---|---|---|
| Goal Definition | Tamper proof? | |||||||||
| CommonPass |
|
Trusted intermediary |
80% yes Trust framework |
Yes | Yes | Encrypted central database | Yes | No. Only within the network | Limited? | Yes |
| Phone calls | No | Parties on the call | No | ?? (subjective -dependant on the call participants | No | No | No | No | No | No |
| SMS | Multiple delivery possible | Sender / Receiver | No | No | No | No | No (point to point) | Yes | No | Yes (forwarding) |
| Fax/Mails | Lab - person - whoever they send it to. | No | Hard (name match?) | no | No | no | NO | Yes (works at scale today) | ||
| Paper f2f | No | Lab - person - whoever they share paper with | No | Hard (name match) photo? fingerprint) | Paper can get wet & lost | No | Yes | Anyone can read it | Yes | Yes |
| No | Lab - person - whoever they e-mail | limited | No | |||||||
| Centralized Database | Yes | Database owner (they also see who pings DB) | depend | yes | depends | no | yes? | hard | ||
| Web Portal (With weak Authentication) | Yes |
Lab whoever upload the information Probably lab has a database |
No Unless you want to share the authentication | |||||||
| Workplace testing |
|
The employer |
|
Yes |
|
|
Yes | No | No | No |
| Verifiable Credential JSON-LD | In theory. | Lab - person. | Yes | Name Match possible | Yes | Yes | Yes | Yes - It is based on an open standard | Yes | Yes |
| Verifiable Credential with ZKP | In theory. | Lab - person. | Yes | Name Match possible | Yes | Yes |
