Attendees
- Paul Knowles
- Brian Plew
- Rebecca Distler
- Wendy Henry
- Katy
- Sandeep Jain
- David Janes
- Drummond Reed
- John Walker
- Kaliya Young
- Paul Murdock
- Sherill Lavagnino
- Steven Milstein
- Tony Little
Agenda Items
Time | Item | Who |
---|---|---|
2 min | Welcome & Antitrust Policy Notice | Rebecca |
25 min | Passes vs. Credentials | Paul Knowles & Drummond Reed |
10 min | Phases (Business Requirements) | Paul Knowles |
15 min | Governance Policy Statements | Paul Knowles |
5 | GHPC Technical Implementation Guide | Paul Knowles |
3 min | Wrap up | Chair |
Presentations
Recording
Topic: Good Health Pass - Standard Data Models and Elements
Start Time : Apr 26, 2021 11:58 AM
Meeting Recording:
https://zoom.us/rec/share/i_jxVbGXKyBdsvhbb_QbdgZzZ8TlkwymUhhDT88DDirHbdH8fi_beKCVznCQP5dS.CNrNCbm-s1KSaSjL
Notes
1. Welcome and Linux Foundation antitrust policy
2. Passes vs. Credentials
- Lightweight, keep as generic as possible
- Last cross reference activity - EU is prescriptive on what they want; both WHO and EU are promoting FHIR as a common data model, can use this as a basis
- If we have something that approaches a “light spec” - basic requirements, this document format is not intended to capture specification - reference from this document (must, may, should from this spec)
- Needs to be some metadata associated with the pass for the next step in the journey and what should that be?
- Could make recommendations about what
- EU has put forward minimum viable certificate
- Could be in a hospital database or personal data store
- Record = persistent object
- Credential carries the data attributes that are needed to be in the holder’s possession in order to proceed
- Transient vs. persistent object
- Passes could be cryptographically linked to credentials (verifiable = always crypotgraphically signed)
- Can issue pass directly
- Can issue a digital pass directly (and sign)
- Can issue a VC which you can use ZKP to produce a pass
- Only way to do this with physical pass (paper) is to issue a booklet (not correlatable, but can’t be reused)
- IATA will issue pass (signed by IATA); Julian Ranger / digime
- Number one recommendation is “as little as possible” for a pass - whole point of a pass is contextual; a few other groups may make other recommendations
- Pick our context first and in that, for this context, for these reasons, we recommend the following elements
- Should it have to reference the rules engine? The digital signature would be from the rules engine;
- Look at rules engine without interacting with verifier - interact within wallet
- Discover presentation request that is needed, but produced within wallet - never have to share anything other than itinerary in order to learn what the verifier needs to know
- Reference minimal-ish documents already exist - CDC's, Ontario, from all over the world. So you can use those as reference and justification
3. Phases (business requirements)
- Issuers will likely focus on certificates and passes upfront (earlier phases) as opposed to credentials; for bigger issuers, may still take longer
- Accelerated product release for Thermo Fisher 9 months; full record could take a year - in pandemic time, that be reduced to 9 months and 6 months (for credential)
4. Governance Policy Statements
- Establish common semantics for data in a credential vs. a pass
- A spec to say here are defined data fields (+ associated definitions) - based on output of credential formats group, what identifier is being used - should publish JSON-LD context for elements
- Should add something in JSON (with all the semantic stuff backing it) as that will help us out in paper credentials for compression.
- Most important recommendation(s) from this group are defining the common semantic data elements for any form of a GHP credential or schema
- Could break into a short spec (e.g., vaccine credential) or add all of them together
- Policy statement = GHP-compliant implementation must use these element names
- This group will be mostly about the “musts” - need common semantics for interoperability
5. Wrap-Up
GHPC technical implementation guide
- John and Paul to discuss offline
- Pull request being evaluated for W3C vocabulary - FHIR terms
Sharing with other groups
- Paper creds (by Weds)
- In schema base, need to tag PII (connect with security group?)
Action Items
- Brian to update phased recommendations
- Paul to update the credential vs. pass chart
- Paul & John to discuss implementation guide (e.g., around FHIR)
- Paul to bring in recommendations on minimization