Use Case Implementation
The CCI Use Case Implementation group had its 15th meeting on September 1st, 2020. Two use case implementations were demonstrated to the group.
Josh Mandel, MD (Chief Architect for Microsoft Healthcare and SMART Health IT) presented the SMART Health Cards Framework. Health Cards defines a way to share and manage clinical data including immunizations and laboratory results for COVID-19. The term “card” is used as a consumer-facing alternative to “verifiable credential”. The implementation is based on standardized Fast Healthcare Interoperability Resources APIs (FHIR), an open standard for healthcare developed by Health Level 7. Dr. Mandel demonstrated how a user can obtain and share a "COVID Card" using the DID-SIOP protocol based on OpenID Conenct, leveraging the ion DID method for peer-to-peer as well as blockchain-anchored identifiers. The framework supports minimal disclosure for privacy by tailoring credential contents to specific use cases. The framework specification is available here, with issue tracking and spec development managed here. An open-source reference implementation is available here.
David Chadwick (Verifiable Credentials Ltd) presented a verifiable credential middleware architecture, including a set of APIs for issuing and verifying. Instead of DID or blockchain, state-of-the-art X.509 certificates are used for secure communication. FIDO2 is used for strong authentication between holder and issuer. All verifiable credentials are short-lived and tailor-made by the issuer for a specific verification request. This eliminates the need for selective disclosure or revocation infrastructure. Click here for a demo of the laptop version.
The next CCI Use Case Implementation meeting is scheduled for Tuesday, September 15, 16:00-17:00 CEST. The agenda includes two more demonstrations of use case implementations.
Rules & Governance
The CCI Governance Task Force has been focused on including all feedback and comments received and preparing for the versioned release of the v2 document which will be available for CCI members to review. Additionally, the members have initiated a discussion around the path to adoption of the v2 of the Governance Framework and especially the establishment of appropriate Governance Authority and roles for the same.
The members of the Task Force continue to participate in the CCI
community plans, especially around the possible future of CCI as an advocacy effort for the adoption of privacy-preserving secure verifiable credentials based systems in the healthcare sector and health information systems.
Coordination & Communications
We hosted a CCI all-hands call on August 28 to update the community on our conversation with Linux Foundation Public Health regarding joining or merging with them. For summary slides and the meeting recording, please visit CCI Internal Homepage. Moving forward, CCI all-hands call will be held on the last Friday of each month.
We followed up on an idea that came out of the all-hands call and organized a discussion on how to engage with key stakeholders in the context of some recent events, such as Abbot Labs' offering of mobile apps to display their COVID-19 antigen test result. The conclusion was we needed to leverage community members’ existing connections with stakeholders (e.g. issuers and verifiers) to get a better understanding of what they need to achieve and if/how they want to engage with CCI. Some have offered to talk to their contacts and help us answer these questions. If you are interested in contributing to this effort, please email Lucy Yang.