Good Health Pass compliant implementations must offer a paper based alternative, based on standard QR code formats and interoperable with their digital counterparts.
Terms of Reference
An all-digital solution to health passes is simply not an option when it comes to combating a public health crisis. Simple, easy-to-use paper credentials must be an option so those in low-resource settings or those who do not own – or wish to use – a mobile phone are not excluded.
However paper credentials have numerous challenges when it comes to identity binding, including the potential for fraud and counterfeiting. Like digital credentials, they need to be verifiable as authentic, unaltered, and issued by an authorized issuer. And they need to include at least enough identity binding data so they can be manually verified against an individual’s other identity documents (if available).
One solution is a printed QR code that can transmit a digitally signed credential payload. However such a solution comes with its own set of challenges, including:
- QR codes have different types and size limits (most are between 300 - 500 bytes); many QR readers start having problems (e.g., scanner crash) above 500 bytes.
- Different QR codes require different scanner capabilities.
- The specification – and order of operations – for data compression matters.
Many of the challenges described in this paper apply equally to both paper and digital credentials. Thus, the primary goal of this Good Health Pass Collaborative workstream is to enable implementations to produce paper credentials that are interoperable with – and contain as many benefits of – their digital counterparts as possible.
Responsibilities and Deliverables
Key Interoperability Questions (from GHPC Interoperability Blueprint Outline V2)
- Which paper credential format or formats will digital health pass systems support?
- Will paper credentials be compliant with the W3C Verifiable Credentials Data Model 1.0 specification?
- Will paper credentials require a digital signature to be included? Which signature formats will Good Health Pass systems support?
- Should the same privacy policies be applied to paper credentials, such as data minimization and disclosure limited to what is strictly required?
- How will these digital QR codes relate to the QR codes for paper credentials?
- Is there a need to turn a paper credential into a digital credential, and vice versa?
- What considerations need to be made for smart cards?
- How will interoperability between these choices be tested/verified/certified?
- Tony Rose (Proofmarket.io)
- David Janes (Consensas.com)
- Project Manager: Rebecca Distler (ID2020)
Only members of the Trust Over IP Foundation who have signed the necessary agreements and charters are permitted to participate in this Drafting Group and contribute to its deliverables.
Please add your name to the list below to indicate you have joined the Drafting Group:
The Drafting Group meets weekly on Wednesday at 8:00am PT / 3:00pm UTC.
Please find agendas, presentations, notes and recordings for all Drafting Group meetings HERE.
The Slack channel for this Drafting Group (trustoverip.slack.com) is #ghp-wg-paper-credentials