Here is the draft agenda for
Thursday (tomorrow) - a special meeting. Please
contact me ASAP if you want to suggest edits or additions.
Healthcare - HIAWG and IDEF sub WG Created by: kantarai...@gmail.com
Time 2pm - 3pm (Eastern Time - New York)
Date Thursday, September 30, 2021
Where GoToMeeting (GTM2)
Description: USUALLY
Occurs every first and third Thursday of the month at 2:00 PM US Eastern Time --- zone
converter: www.thetimenow.com/timezone-converter.php
Please join our meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/975495917
Access Code: 975-495-917
1. Roll Call: Start recording!! Tom Sullivan
Here are some of the emails to set up this call led by Tom Jones:
From Tom Jones today:
The example of a sporting event is a great one. And it might well fit into an expanded view of a mobile credential in this way.
++++++++++++++++++++++++++++++++++++++++++++++++
From Tom Jones yesterday:
Here's the problem that I think is in-scope essentially immediately. Several states are not issuing mobile driver's licenses, rather they are calling them mobile ID from the git go.
++++++++++++++++++++++++++++++++++++++++++++++++++
From Tom Jpnes:
Thanks John, 100, valid for authorization.
What is useful is a discussion perhaps of how the credential has the ability to be used, even by DHS, in a decentralized manner that doesn’t require secure connections to databases. Decentralized authrorization.
From: John Wunderlich <jo...@wunderlich.ca>
Sent: Wednesday, September 29, 2021 8:29 AM
To: Tom Jones <thomascli...@gmail.com>
Cc: jim kragh <kra...@gmail.com>; Salvatore DAgostino <s...@idmachines.com>; Christopher Williams <willia...@gmail.com>; Thomas Sullivan <tsul...@drfirst.com>; Catherine Schulten <catherin...@yahoo.com>
Subject: Re: interesting proposal to add a cert of vax to the mDL
Tom;
I agree with you that this is a use case for the PEMC WG, and should probably make it into the interim PEMC report. I’ll also note that a number of members of the PImDL DG are authors of this report. TL:DR my view is that verifiers too often ask for both identification
and authorization when all that is necessary for the context is authorization. So while a TSA boarding agent may require both identity (mDL) and e-ticket at a boarding gate, the person at the gate for a sports event only needs a valid e-ticket and a green
check mark for vaccination status, not identification.
Each of us can obviously respond individually. What are you proposing beyond that?
Have a better than expected day,
John Wunderlich
LinkedIn: https://www.linkedin.com/in/privacycdn/
Twitter: https://twitter.com/PrivacyCDN
On Sep 28, 2021, 5:26 PM -0400, Tom Jones <thomascli...@gmail.com>, wrote:
Here's the problem that I think is in-scope essentially immediately. Several states are not issuing mobile driver's licenses, rather they are calling them mobile ID from the git go.
So why does this matter to a privacy profile for getting onto an airplane? or to Healthcare, or to getting into a ball park?
The mDL will be in a wallet with multiple creds. Whether they are in a single cred, or multiple creds is not the issue. What needs to happen, essentially from day one, is that the mDL will be paired with authorization. If you look at the DHS request access to nuclear facilities was included from the git go.
Here are some links to the Smart Health Card. TL;DR, the point is that the shc (and most medical authz as well) ask for the legal name and birthdate. If that cred is in a wallet with an mDL the verifier needs both. We need to understand that binding created by the wallet as one of the use cases for mDL.
Another use case is the TSA agent wants the mdl AND the e-ticket. The wallet is likely to have both.
from apple: https://support.apple.com/en-us/HT212752from SHC: https://spec.smarthealth.cards
Be the change you want to see in the world ..tom
On Tue, Sep 28, 2021 at 1:39 PM John Wunderlich <jo...@wunderlich.ca> wrote:
I don’t think so from the perspective of the new privacy enhancing mobile credentials work group. I think that server retrieval of a vaccine status has real risks to privacy so this highlights the utility of a PEMC the extends this document. Trying to address these issues in this work effort would be problematic or out of scope I’m thinking.
Have a better than expected day,
John Wunderlich
Best regards,
Jim
_______________
Jim St.Clair
Chief Trust Officer
jim.s...@lumedic.io | 228-273-4893
Let’s meet to discuss patient identity exchange: https://calendly.com/jim-stclair-1
Health Equity requires that any patient that wants to access their health data can provide given their capabilities and resources (or lack of resources). A variety of capabilities will be enabled with the trust registry to assure that vulnerable populations can be served when and where they chose. While this Patient Experience document focuses on the smart-phone case, other media, like paper based QR codes need to be provided in complete solutions.
As a place holder this is the current status of the Smart Health Card use case
Link to Smart Health Cards https://tcwiki.azurewebsites.net/index.php?title=Smart_Health_Card
link to this https://tcwiki.azurewebsites.net/index.php?title=Patient_Experience
Notice of Confidentiality: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended for the addressee. Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information is prohibited. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. _______________________________________________
WG-HealthIDAssurance mailing list
WG-HealthI...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-healthidassurance
_______________
Jim St.Clair
Chief Trust Officer
Health Equity requires that any patient that wants to access their health data can provide given their capabilities and resources (or lack of resources). A variety of capabilities will be enabled with the trust registry to assure that vulnerable populations can be served when and where they chose. While this Patient Experience document focuses on the smart-phone case, other media, like paper based QR codes need to be provided in complete solutions.
As a place holder this is the current status of the Smart Health Card use case
Link to Smart Health Cards https://tcwiki.azurewebsites.net/index.php?title=Smart_Health_Card
Savita Farooqui |
_______________
Jim St.Clair
Chief Trust Officer
jim.stclair@lumedic.io | 228-273-4893