Good Health Pass compliant implementations must meet baseline security and privacy requirements that enable holders to maintain full control of their personal data.
All stakeholders in the Good Health Pass Collaborative digital trust ecosystem need to be confident in the security and privacy protections that the ecosystem enforces. In some jurisdictions, these protections are already required by existing data protection regulations; in other cases, governance authorities may seek to pass new legislation to enshrine them in law.
To be consistent with the Good Health Pass principles, it is anticipated that Good Health Pass solutions will need to be built on a decentralized identity architecture that places an emphasis on privacy and personal data control. Such systems seek to put the user in control of their personal identity data – including health attributes – which they can selectively disclose for a specified purpose and duration. Such systems stand in contrast to centralized models, which amass and store large amounts of personal data that is under the primary control of the aggregator.
For Good Health Pass systems, the issuance, holding, presentation, and verification of digital health credentials must – at a minimum – comply with applicable regulations requiring:
Of particular importance with digital health credentials are privacy-preserving identifiers. This topic is discussed at length in the W3C Decentralized Identifiers (DIDs) Core 1.0 Specification. Specific DID methods support privacy-preserving identifiers that can provide the benefits of cryptographic verifiability without correlatability.
Key Interoperability Questions That Must Be Answered
Only members of the Trust Over IP Foundation who have signed the necessary agreements and charters are permitted to participate in this Drafting Group and contribute to its deliverables.
Please add your name to the list below to indicate you have joined the Drafting Group:
The Drafting Group generally meets Tuesdays and Thursdays at 16:00 UTC.
Please find agendas, presentations, notes and recordings for all Drafting Group meetings HERE.
The Slack channel for this Drafting Group (trustoverip.slack.com) is #ghp-wg-security-privacy