Attendees

  • Paul Knowles
  • Brian Plew
  • Rebecca Distler
  • Wendy Henry
  • Katy
  • Sandeep Jain 
  • David Janes
  • Drummond Reed
  • John Walker
  • Kaliya Young
  • Paul Murdock
  • Sherill Lavagnino
  • Steven Milstein 
  • Tony Little

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeRebecca
25 minPasses vs. CredentialsPaul Knowles & Drummond Reed
10 min

Phases (Business Requirements)

Paul Knowles

15 min Governance Policy StatementsPaul Knowles
5GHPC Technical Implementation GuidePaul Knowles
3 minWrap upChair 

Presentations

Recording

Topic: Good Health Pass - Standard Data Models and Elements
Start Time : Apr 26, 2021 11:58 AM

Meeting Recording:
https://zoom.us/rec/share/i_jxVbGXKyBdsvhbb_QbdgZzZ8TlkwymUhhDT88DDirHbdH8fi_beKCVznCQP5dS.CNrNCbm-s1KSaSjL

Notes

1. Welcome and Linux Foundation antitrust policy

2. Passes vs. Credentials

  • Lightweight, keep as generic as possible
  • Last cross reference activity - EU is prescriptive on what they want; both WHO and EU are promoting FHIR as a common data model, can use this as a basis 
  • If we have something that approaches a “light spec” - basic requirements, this document format is not intended to capture specification - reference from this document (must, may, should from this spec)
  • Needs to be some metadata associated with the pass for the next step in the journey and what should that be?
    • Could make recommendations about what 
  • EU has put forward minimum viable certificate 
    • Could be in a hospital database or personal data store
    • Record = persistent object 
  • Credential carries the data attributes that are needed to be in the holder’s possession in order to proceed
  • Transient vs. persistent object 
  • Passes could be cryptographically linked to credentials (verifiable = always crypotgraphically signed)
    • Can issue pass directly
    • Can issue a digital pass directly (and sign)
    • Can issue a VC which you can use ZKP to produce a pass
  • Only way to do this with physical pass (paper) is to issue a booklet (not correlatable, but can’t be reused)
  • IATA will issue pass (signed by IATA); Julian Ranger / digime
  • Number one recommendation is “as little as possible” for a pass - whole point of a pass is contextual; a few other groups may make other recommendations 
  • Pick our context first and in that, for this context, for these reasons, we recommend the following elements 
  • Should it have to reference the rules engine? The digital signature would be from the rules engine;
    • Look at rules engine without interacting with verifier - interact within wallet
    • Discover presentation request that is needed, but produced within wallet - never have to share anything other than itinerary in order to learn what the verifier needs to know
  • Reference minimal-ish documents already exist - CDC's, Ontario, from all over the world. So you can use those as reference and justification

3. Phases (business requirements)

  • Issuers will likely focus on certificates and passes upfront (earlier phases) as opposed to credentials; for bigger issuers, may still take longer 
  • Accelerated product release for Thermo Fisher 9 months; full record could take a year - in pandemic time, that be reduced to 9 months and 6 months (for credential)

4. Governance Policy Statements

  • Establish common semantics for data in a credential vs. a pass
  • A spec to say here are defined data fields (+ associated definitions) - based on output of credential formats group, what identifier is being used - should publish JSON-LD context for elements
    • Should add something in JSON (with all the semantic stuff backing it) as that will help us out in paper credentials for compression.
  • Most important recommendation(s) from this group are defining the common semantic data elements for any form of a GHP credential or schema
  • Could break into a short spec (e.g., vaccine credential) or add all of them together 
  • Policy statement = GHP-compliant implementation must use these element names 
  • This group will be mostly about the “musts” - need common semantics for interoperability

5. Wrap-Up

GHPC technical implementation guide

  • John and Paul to discuss offline
  • Pull request being evaluated for W3C vocabulary - FHIR terms

Sharing with other groups

  • Paper creds (by Weds)
  • In schema base, need to tag PII (connect with security group?)

Action Items

  1. Brian to update phased recommendations
  2. Paul to update the credential vs. pass chart
  3. Paul & John to discuss implementation guide (e.g., around FHIR) 
  4. Paul to bring in recommendations on minimization