Versions Compared

Old Version 1

changes.mady.by.user Rebecca Distler

Saved on

compared with

New Version Current

changes.mady.by.user Rebecca Distler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
40 25 minData Minimization and CompressionDavid and Vitor
15 30 min

EU Alignment Concerns

Bart

3 minWrap upChair 

...

  • No way to achieve EU compatibility in a general worldwide sense 
  • If we stop specifying, EU is “ghpc compliant” but if we go deeper, they won't be 
  • Clear path for someone to implement and verify GHP presented credentials - and specify right to the bit level. EU health pass can be consumed into the ecosystem. 
    • Example: people are coming into Spain from all over the world. Verifier is almost certainly a commercial entity, has signed off to take in passes from all over the world. High levels of data compatibility - yes we specify that a GHP looks like this, but here’s how we get from a bunch of data and translate it into a QR code, that verifier in Spain can consume a GHP
  • Not fighting on issuing - Singapore, EU, Israel have made decisions on what they’re using - where we’re creating the most value is for the places that have not decided how to do this, based on local data needs, coding needs, local PKI needs
    • Apply principles about what should be done 
    • GHP is as privacy-preserving as possible, the world is as it is - can’t pretend everyone will do those things - systems in place around international travel will need to consume things - we’re trying to push the market in a certain direction by saying “this is the best way to do it” 
  • Can have an opinion about your competitor, but they have no incentive to play with you 
  • Difference between standards compliance and interoperability - you can be “certified GHP” (make sure whatever system implementation is, it’s a GHP); second is are you interoperable with other health pass implementations?
    • Narrative group has work cut out for them - most European citizens may not recognize the difference
    • Either we say that the EU certificate is or is not compliant - how could a non-compliant thing be consumed in our ecosystem? It goes through filtering and transformation process
    • Implementing different schemes to verify - having to add a verifiable GHP is going to be extra work
  • Canada is aligning with the GHP path with JSON-LD ZKP BBS+
  • Need to get leads to discuss
  • Gap analysis between medcreds and this; roadmap to BBS+ add paper credentials, think through how much we want to do on rules engine and trust registry - start a gap analysis        

Action Items

...

  1. Investigate three options (with input from other GHP recs):

QR = "JXT:" + JXT(template, BBS+LD-Proof(JSONLD, keyID)) -> JsonXT

QR = "CRED:"+ PathCheckBBS(template, data, keyID)-> PathCheck

QR = "VP1:" + Base32URL(CBOR-LD(template, BBS+LD-Proof(JSONLD, keyID))) -> DigitalBazar