LFPH and Covid-19: CCI and Good Health Pass

Linux Foundation Public Health

• Understanding the Global COVID Certificate Landscape 2021-10-13 DIVOC

  The DIVOC project is hosted and maintained by India’s eGov Foundation and is available as an MIT-licensed open source software package DIVOC is also supported by various multilateral funding institutions, as well as a community of software contributors and adopters in various geographies. DIVOC’s verifiable COVID credentials have also been tested for interoperability with several consumer-health and locker applications globally; and DIVOC’s certificates from the adopter countries can now be scanned/read/ingested by these domestic and international applications.

• Linux Foundation Public Health creates the Global COVID Certificate Network (GCCN) 2021-06-08 PRNewsWire

  Linux Foundation Public Health (LFPH) today announces the launch of the Global COVID Certificate Network (GCCN) to facilitate the safe and free movement of individuals globally during the COVID pandemic. GCCN will establish a global trust registry network that enables interoperable and trustworthy exchanges of COVID certificates among countries for safe reopening and provide related technology and guidance for implementation. The effort is initially supported by Affinidi, AOKPass, Blockchain Labs, Evernym, IBM, Indicio.Tech, LACChain, Lumedic, Proof Market and ThoughtWorks, who have implemented COVID certificate or pass systems for governments and industries. LFPH will work with them to define and implement GCCN.

• Introducing the Global COVID Certificate Network (GCCN) 2021-06-08 LFPH

  As more and more governments adopt major COVID certificate standards to reopen borders, the travel industry is working hard to catch up on their technology to meet the evolving travel requirements. However, there is still no shortage of complaints from travelers about their cumbersome international travel experiences

• ProofMarket/Medcreds Submission to LFPH 2021-03-04

  MedCreds is a reference implementation of the Governance Framework and Use-Cases that have been developed in the CCI community.

  MedCreds is built on top of INDY and ARIES and is running on the SOVRIN Main Net. This is done through Trinsic (a third-party vendor)’s APIs. Trinsic agreed to document how to do this using the API’s on ARIES and devote an engineer to give instructions for how to use the open source code to run MedCreds.

  MedCreds can be extended to support new credential schemas.

• LFPH Calls for Coordination of Digital Vaccination Records Using Open Standards 2021-02 LFPH

  The CCI community collaborated with Linux Foundation Public Health to write a letter to the Biden Administration about how Verifiable Credentials could be used to support re-opening the economy.

  “Some states and other countries have started to pilot this approach, as have various industries like film and aviation. But, the inconsistent use of standards and varying implementations have already led to confusion and public concern. An effort coordinated at the federal level would lead most quickly to uniform adoption and true inter-state and cross-domain interoperability.”

Good Health Pass

• Implementing the Good Health Pass’s recommendations with Cardea 2021-10-14 Indicio

  Cardea, a full, open-source ecosystem for verifiable health credentials developed by Indicio and now a community-led project at LFPH, meets the major recommendations of the Good Health Pass and facilitates the goals of the Global COVID Certificate Network.

  Good Health Pass Blueprint and the Global Covid Credentials Initiative by LFPH presented at the DIF Interop Working Group

• Linux Foundation Public Health introduces the Global COVID Certificate Network to operationalize the Good Health Pass Interoperability Blueprint 2021-06-10 Human Colossus Foundation

  Paul Knowles, Head of the Advisory Council at the Human Colossus Foundation, co-led the Standard Data Models and Elements drafting group, one of the nine interconnected GHPC drafting groups, to spearhead group recommendations on data elements, common models for data exchange, and semantic harmonization. The recommendations of that drafting group will help to enable data interoperability without putting any undue burden on existing health systems and workflows

• Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit 2021-06-08 ID2020

  The Blueprint — released today in draft form for a three-week period of stakeholder consultations and public comment — is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK.

  For a high level view, check out the terminology deck or the slide deck that was shared on webinars with the travel industry.

• Dynamic Disambiguation and Deconfliction of Complex Access Controls from Multiple Verifiable Sources 2021-05-06 Chris Buchanan

  COVID-19, Good Health Pass Collaborative, Rules Engines, Verifiable Presentation Requests

  The transition from contemporary access controls to SSI will need a metalanguage for access control rules in order to allow verifiers and holders to trust the transaction.  Not everyone will know how to write the complex branching and contextual rules logic that make up real life access controls.

• ToIP Foundation Hosts the Interoperability Working Group for Good Health Pass 2021-04-12 TOIP

  The nine drafting groups collaborating within the new Working Group are:

  1. Paper Based Credentials will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
  2. Consistent User Experience will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
  3. Standard Data Models and Elements will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
  4. Credential Formats, Signatures, and Exchange Protocols will specify the requirements for technical interoperability of Good Health Pass implementations.
  5. Security, Privacy, and Data Protection will define the safety requirements for Good Health Pass compliant implementations.
  6. Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
  7. Rules Engines will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
  8. Identity Binding will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
  9. Governance Framework will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.

Covid Credentials Initiative (CCI)

COVID-19 Credentials Initiative (CCI) is a part of Linux Foundation Public Health (LFPH), an initiative by Linux Foundation to build, secure, and sustain open-source software to help public health authorities (PHAs) combat COVID-19 and future epidemics. After initial success with deploying exposure notification apps, LFPH started to host CCI in December 2020 to advance the use of Verifiable Credentials (VCs) and data and technical interoperability of VCs in the public health realm, starting with vaccine credentials.

Website • Blog • Twitter • Linkedin • Forum

• COVID Credentials Initiative Update/Overview 2021-05-06 presentation Lucy Yang, Kaliya Young, John Walker

  CCI is an open global community collaborating to enable the use of W3C Verifiable Credentials (VCs) and other related privacy-preserving technologies for public health purposes.

  CCI is hosted by Linux Foundation Public Health (LFPH), a project of the Linux Foundation that works with public health authorities and their key stakeholders to ensure that investments into public health technology meet common needs and have maximum impact.

• CCI: Challenges and Learning 2021-05-06 presentation

  Solution assumption with the Good Health Pass is revoking is not necessary as VCs are short lived (solution to invalid credential). Issuers will re-issue vs. revoke

  In many cases, labs are providing incorrect information in vaccination records, which need to be re-issued

  • Still need to notify the holder that their (current VC) is invalid and they need to take action to resolve
  • Issuers asking what if we make a mistake – (re-issue)
  • Holders having problems findin there vaccination VC
  • Many of the unresolved issues are governance/policy related (for which the “health authorities”) have not worked out the details
  • Policy providers are applying the brakes through in-grained bureaucracy to produce a perfect standard for their jurisdiction vs. rapidly evolving a common standard and “usable solution” in the short term.
  • Unclear on how to get VC and underlying data into the hands of holders, particularly as holders don’t have the technology and skills to manage their health data.
  • Data privacy is an issue across each of the implementers and users of the Issuer, Holder and Verifier roles. Lack of common understanding and agreement on how and who owns and controls the data
  • WHO standard will likely be adopted in the Global South (hemisphere)
  • GHP looking to paint a forward looking common picture, including interim solutions (iterate standards)
  • The number of players (and their levels of understanding/expertise and agreement with the current direction) alone makes consensus very difficult
  • Paper credentials have been getting consensus on interim solutions.
  • W3C and WHO are great candidates.
  • Affinidi is making a universal verifier application (https://www.affinidi.com/)

• CCI has joined Linux Foundation Public Health! 2021-01-13

  When the COVID-19 Credentials Initiative (CCI) was formed in April 2020, we were a self-organizing group of companies and individuals, held together by a few mailing lists and working groups, to explore how Verifiable Credentials (VCs), an open standard and an emerging technology, could be used for the public health crisis unfolding with COVID-19. Recognizing our limits early on as an informal group, we quickly pivoted from developing a solution together to supporting each other to build for their local contexts. Over the course of nine months, we have seen over 20 projects present their work to the CCI community and developed an MVP governance framework that can be adapted to specific COVID-19 use cases.

• CCI Knowledge Base 2021-03-01

  As our community continues to grow and the pandemic situation keeps evoloving, this CCI Knowledge Base serves as a repository of ongoing COVID-19-related news, topics, researches and resources which are deem relevant to our community and digital identity technology. It aims to provide an up-to-date database for our CCI members to access relevant information quickly in one place whenever they need it, e.g. doing market research, developing their projects or simply keeping themseleves updated on the news.

  If you’d like to submit relevant news or articles for the database, please go to https://bit.ly/2JfKbpf.

• CCI GF Task Force 2020-11-24

  This page describes the COVID-19 Credentials Initiative Governance Framework Task Force (the “CCI GF TF”). It was created by Sankarshan Mukhopadhyay and Chris Raczkowski.

• Hello World from the COVID-19 Credentials Initiative 2020-06-25 CCI 2020

  The COVID-19 pandemic has, in a few months’ time, taken the lives of almost half a million people worldwide and brought economies into lockdown globally. While many are struggling with the effects of social distancing, financial distress, or fear of contracting the virus, here at the COVID-19 Credentials Initiative (CCI), nearly 300 individuals from 100 organizations have united around a cause worthy of our collective efforts: supporting projects that deploy privacy-preserving Verifiable Credentials (VCs) to mitigate the spread of COVID-19 and strengthen our societies and economies.

Ecosystem

• Medcreds Conforms to the CCI Governance Framework 2020-06-24 Medcreds

  One of the important efforts by the CCI has been completed by the Rules and Governance Workstream. This workstream is in charge of defining the rules of how VC technology is to be used, as well as the algorithmic and human trust mechanisms to ensure sensitive personal data remains secure, private, and tamper-proof.

• Zerion Joins Covid Credentials Initiative 2020-04-16 Zerion Software

  As such, Zerion Software is proud to announce our participation in the Covid Credentials Initiative. This global, cross-sector community of organizations committing to finding ways to use digital identities as a way to mitigate the spread of COVID-19 while rebooting public trust.

• 60 strong Self Sovereign Identity group targets COVID-19 immunity passports, credentials 2020-04-14 LedgerInsights

  The COVID Credentials initiative (CCI) has launched to use digital identity to address the spread of COVID-19. The aim is to develop “immunity passports” and much more. The group includes individuals who are part of Evernym, ID2020, uPort, Dutch research organization TNO, Microsoft, ConsenSys Health and consultants Luxoft. So far, at least 69 have signed up.

Explainer

• Carrying Your COVID-19 Credentials in a Physical “Wallet” 2020-10-30 CCI

  We are all painfully aware of the economic and social restrictions imparted on us as a result of the COVID-19 pandemic. In order to reopen offices, restaurants, local private and public facilities — and most importantly, international borders — will likely require a flexible, interoperable, and ubiquitous system that preserves individual agency and privacy. The COVID-19 Credentials Initiative (CCI) focuses its efforts on supporting technology projects that work to meet these requirements through the utilization of W3C compliant ‘Verifiable Credentials (VCs)’, a tamper-evident credential that has authorship that can be cryptographically verified.

• Bringing emerging privacy-preserving technology to a public health crisis 2020-10-02 CCI

  We submitted this position statement to the “Privacy & Pandemics Workshop: Responsible Uses of Technology and Health Data During Times of Crisis — An International Tech and Data Conference” by the Future of Privacy Forum. The aim is to, from two participants’ point of view, share an abbreviated case study of CCI and to highlight key challenges that arose in our efforts to responsibly use new privacy-preserving technologies to mitigate the spread of COVID-19. We wanted to share our submission with the CCI community and the public in the hope to invite some further discussions.

Guidance

• From Closed Loop Systems to Open World COVID Credentials Exchange 2021-04 CCI Report

  This summit, convened by CCI, was designed to beginarticulating a roadmap to get from closed loop systems to an open systemwhere it doesn’t matter if issuers, holders and verifiers are using the tool provided by the same solution provider as long as all solution providers are building on a certain common ground.The discussion focused on domestic reopening use cases using the US as the context.

• Response to WHO Interim Guidance for Development a Smart Vaccination Certificate 2021-03
• Response to Call for Evidence: UK Parliament Covid 19 Vaccine Certification 2021-03

  The Government has announced a review into introducing a Covid vaccine certificate system or “vaccine passports. The Committee has launched an inquiry to consider potential ethical, legal and operational issues and the efficacy and appropriateness of a certificate system.

• Response to Ada Lovelace Institute: Vaccine passports and COVID status apps: Call for Public Evidence 2021-02-27 CCI Lucy Yang, Kaliya Young

  Before responding to the questions, we want to point out that the use of the term “COVID-19 passports” is questionable as the word ‘passport’ is used for the identity and travel document issued by nation states to their citizens. Another reason to question the use of ‘passport’ is the fact that our passport data is stored or centralized by the nation state issuer. Centralized systems are notorious and can be a source of potential data breaches and abuses.