Re: Example Immunoglobulin Detection Test Credential

Daniel Hardman <daniel.hardman@...>

Regarding Eric's comments about identifying the subject:

The strategy proposed in the schemas doc in a couple places [1, 2] is to provide just enough information about the holder to let them be linked to other credentials (physical or digital/VC) that provide strong identification as needed. Orie's example is mostly aligned with this proposal, though its birthdate + photo may be a little more than is needed. The reasoning behind this is that a lab isn't going to be authoritative about facts of birth, and probably isn't going to take a photo of each test subject, but probably will check a stronger form of ID when the test sample is submitted -- so whatever form of ID they check, they need to embed just enough info about the holder in their results to allow the holder to present the same strong identification later.

An example of how this could be tweaked to embody the proposal a little better might be to remove the photo and birthdate fields, and to add the following two fields:

presentedIDType: a picklist with strings such as "drivers license", "passport", "national ID card", etc
presentedIDNumber: the number from whatever strong identification the test subject supplied when submitting the sample

Now it becomes clear how Eric can explain the trust dynamics to a harried government official: "The testing regime has the same trust dynamics as our national ID card/passport/driver's licenses, because that form of ID has to be used to submit a sample, and the same ID has to be used when presenting the test results."

On Fri, Apr 10, 2020 at 3:58 AM Eric Welton (Korsimoro) <eric@...> wrote:
Fantastic!  Thanks!

I have a two questions and am thinking about how I could summarize/present this to a government minister and relate it to a paper form version of the same.

First question: what is a TestCard? and what role does that play?

Second - and this is a question that is more "general" - i'm not nitpicking this specific example, but wondering more about credential design in general and how we want to deal with the issue of subject identification:

- in addition to IgG and IgM - the context explicitly out a name-pair, birthday, and something to do with the subject's sexuality, and the Person structure from is called out, where most of the fields in the Person model are not particularly useful for identifying a Person but more about "describing" a Person or Person-like thing.

Taken together, the presented information doesn't let me easily point to a Person in a way that is immediately useful to me - for my use cases, I would imagine one of the two:
- a national id number or semantic model, with optional image (citizens)
- a passport semantic model, with optional image (foreigners)

I don't see this as a deep problem, because I can always build up context that matches the identification context relative to my expected use context - e.g. I want a checkpoint guard to be able to see the IgM/IgG information, an F2F presented plastic national id card or passport, and make a policy enforcement decision.

So the question is just more generic - drawing on this example as a starting point and using it to explore guidance - how can we do this systematically so that we don't have covid credentials that vary for every issuance context based solely on the properties of "subject identification"?

One option is to push that out of the credential entirely, and let that come from the wallet or alternate documents provided during presentation - linked only by cryptographic material.  But that brings in a raft of problems and would be a hard sell in a 30 second elevator pitch to a busy and distracted government minister - especially one with a mental model of a physical form with tons of lateral information on it.

The other option is to try to "define the subject information" in the credential over and over - like, family name, given name, birth date, sexual idiosyncracies, DUNS number, brand, funder, honorificSuffix, interactionStatistic, product offerings, performances, employer, or many of the other Person attributes ;)

Perhaps a strategy of figuring out how to pool information in loosely coupled groups - e.g. only the Ig* values in one group, the person identification in another - perhaps as a one-or-more-of-many selection - there might be a pattern we can establish here that clearly isolates the human-identification-variability from the relatively stable science-driven covid-19 data.

again - my concern is for explaining this to a non-technical politician as soon as Monday - and we assume that person has an existing mental model, one that looks like "all the other test result documentation" they've seen - with a bunch of socially-specific subject identification information, issuer identification information, document photocopies, and signatures, stamps, and more signatures, and more stamps - in red, for extra authentication and security.



On Fri, Apr 10, 2020 at 1:06 AM orie <orie@...> wrote:

Based on the new definitions for COVID-19 testing facilities and the DHS SVIP hypothetical Permanent Resident Card. 

Issued from a did:web, Presented by a did:key.

Comments welcome.

Chief Technical Officer

Join { to automatically receive all group messages.