The Good Health Pass Interoperability Blueprint Approved Deliverable of the Interoperability Working Group for Good Health Pass

Total Page:16

File Type:pdf, Size:1020Kb

The Good Health Pass Interoperability Blueprint Approved Deliverable of the Interoperability Working Group for Good Health Pass The Good Health Pass Interoperability Blueprint Approved Deliverable of the Interoperability Working Group for Good Health Pass Version 1.0.0 — August 1, 2021 The Good Health Pass Interoperability Blueprint 1 Table of Contents Notices ..................................................................................................................... III Table of Figures ....................................................................................................... IV 1 The Problem We Are Solving: Reopening Global Travel ..................................... 1 1.1 The Challenge Of Health Data Exchange Across Ecosystems ..............................3 2 The Good Health Pass Interoperability Blueprint ..............................................5 2.1 Our Approach To A Good Health Pass .....................................................................5 2.2 Key Design Choices ...................................................................................................6 3 Where Does the Blueprint Fit Within the Industry? .........................................10 3.1 Good Health Pass Ecosystem ................................................................................10 3.2 Integration With Open Standards ...........................................................................11 3.3 Building A Community Consensus ........................................................................ 12 4 Solving for Interoperability: An Overview of the Blueprint .............................13 4.1 Next Steps Beyond the Blueprint .......................................................................... 16 5 Overall Recommendations ................................................................................. 17 5.1 Recommendation #1: Consistent User Experience ............................................. 18 5.2 Recommendation #2: Security, Privacy, and Data Protection ........................... 31 5.3 Recommendation #3: Identity Binding ................................................................ 46 6 Credential Recommendations ..........................................................................60 6.1 Recommendation #4: Standard Data Models and Elements ............................. 61 6.2 Recommendation #5: Credential Formats, Signatures, and Protocols ............ 69 6.3 Recommendation #6: Offline Paper Credentials ................................................. 81 7 Operational Infrastructure Recommendations ............................................... 95 7.1 Recommendation #7: Rules Engines .................................................................... 96 7.2 Recommendation #8: Trust Registries ...............................................................102 7.3 Recommendation #9: Governance and Trust Frameworks ................................113 Appendices ............................................................................................................122 References ....................................................................................................................123 Glossary .........................................................................................................................131 Acknowledgements ...................................................................................................... 155 The Good Health Pass Interoperability Blueprint I Appendix A: Example User Flows for Obtaining a Health Pass .............................156 Appendix B: COVID-19 Credentials Initiative (CCI) Schema Task Force Data Specification Repositories ......................................158 Appendix C: OCA Background ..................................................................................159 Appendix D: FHIR-OCA Data Pipeline....................................................................... 161 Appendix E: About the Good Health Pass Collaborative .......................................162 The Good Health Pass Interoperability Blueprint II Notices The Trust over IP Foundation’s Interoperability Working Group for Good Health Pass (the “Project”) would like to receive input, contributions, suggestions and other feedback (“Contributions”) on the specifications, documents, source code, data, and other artifacts being developed within its working groups (the “Materials”). By contributing comments to the draft, you (on behalf of yourself if you are an individual and your company if you are providing Contributions on behalf of the company) grant the Project under all applicable intellectual property rights owned or Controlled by you or your company a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, publish, license, modify, sublicense or otherwise distribute and exploit Contributions you provide for the purpose of developing and promoting the Materials and in connection with any product that implements and complies with the Materials. You warrant to the best of your knowledge that you have rights to provide these Contributions, and if you are providing Contributions on behalf of a company, you warrant that you have the rights to provide Contributions on behalf of your company. You also acknowledge that the Project is not required to incorporate your Contributions into any version of the Materials. You further agree that you and your company will not disclose it or distribute drafts of the non- public Project Materials to third parties. Unless the parties agree otherwise or the Project Materials are made publicly available by the Project, this obligation of non-disclosure will expire five (5) years from the date the material was disclosed to you. Source Code Any source code you provide to the Project is subject to the Developer Certificate of Origin version 1.1, available at http://developercertificate.org/ and the license indicated in the Project’s source repository for the Materials. Copyright Notice Copyright © 2021, Trust over IP Foundation. THESE MATERIALS ARE PROVIDED “AS IS.” The parties expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user. IN NO EVENT WILL THE PARTIES BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS DELIVERABLE OR ITS GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER MEMBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License The Project is made available by the Joint Development Foundation. The current Working Group charter, which includes the IP policy governing all working group deliverables (including specifications, source code, and datasets) may be found on page 20 of this link. Currently, the licenses governing the Interoperability Working Group for Good Health Pass deliverables are: Copyright mode: Creative Commons Attribution 4.0. Patent mode: W3C Mode (based on the W3C Patent Policy). Source code: Apache 2.0. The WG is not expected to produce source code. Living Links Links to items referenced in the Good Health Pass Interoperability Blueprint, and materials developed to support its implementation, can be found on this Trust over IP Foundation Interoperability Working Group for Good Health Pass wiki page. The Good Health Pass Interoperability Blueprint III Table of Figures Figure 1: Good Health Pass Principles ............................................................................... 2 Figure 2: Good Health Pass Terminology ........................................................................... 6 Figure 3: The Good Health Pass Ecosystem .....................................................................10 Figure 4: Identity binding and authentication zones in the Good Health Pass ecosystem ................................................................................................. 20 Figure 5: Identity binding and authentication zones in the Good Health Pass ecosystem ................................................................................................. 47 Figure 6: Vaccination card .................................................................................................51 Figure 7: The four core terms for describing data containers for health data used for travel .................................................................................................... 62 Figure 8: Health certificates and credentials that are not GHP-compliant can all be used as inputs to generate a GHP-compliant health pass (or travel pass) .......................................................................................... 70 Figure 9: Holder authentication to a FHIR-enabled health record system using OAuth 2 and OIDC ..................................................................................... 71 Figure 10: A zero-knowledge proof credential can support dynamic generation of any number of context-specific GHP-compliant passes ..................................................................................................................73 Figure 11: When an issuer or holder cannot support BBS+ credentials, a static Ed25519 credential can be used (either digital or paper), but it does not support selective disclosure .....................................................75
Recommended publications
  • LEI in the Payments Market
    LEI in the Payments Market Discussion Paper – Industry Update This purpose of this paper is to continue the dialogue that the PMPG started with the community on the introduction of LEI in payments November 2017 Note: Relevant regulations and any applicable legislation take precedence over the guidance notes issued by this body. These Guidelines represent an industry’s best effort to assist peers in the interpretation and implementation of the relevant topic(s). The PMPG - or any of its Members- cannot be held responsible for any error in these Guidelines or any consequence thereof. The Payments Market Practice Group (PMPG) is an independent body of payments subject matter experts from Asia Pacific, EMEA and North America. The mission of the PMPG is to: • Take stock of payments market practices across regions; • Discuss, explain, and document market practice issues, including possible commercial impact; • Recommend market practices covering end-to-end transactions; • Propose best practice, business responsibilities and rules, message flows, consistent implementation of ISO messaging standards and exception definitions; • Ensure publication of recommended best practices; • Recommend payments market practices in response to changing compliance requirements. The PMPG provides a truly global forum to drive better market practices which, together with correct use of standards, will help in achieving full STP, help risk mitigation, meet regulatory requirements and improved customer service. This purpose of this paper is to continue the dialogue that the PMPG started with the community on the introduction of LEI in payments. This initiative started in connection with the recommendations of the Committee on Payments and Market Infrastructure published in their technical report on Correspondent Banking.
    [Show full text]
  • Oracle SCM Cloud
    Oracle SCM Cloud Implementing Common Features for SCM 21B Oracle SCM Cloud Implementing Common Features for SCM 21B Part Number F39720-02 Copyright © 2011, 2021, Oracle and/or its affiliates. Authors: Cynthia Stevens Sanchez, Nuzhath Shereen, Safa Ayaz Contributor: Pramod Singh This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software
    [Show full text]
  • Unique Entity Identifiers and the Global Legal Entity Identifier (LEI): a Potential Cornerstone for Transparency of Federal Spen
    Unique Entity Identifiers and the Global Legal Entity Identifier (LEI): A Potential Cornerstone for Transparency of Federal Spending Data and the DATA Act Collaboration & Transformation (C&T) Shared Interest Group (SIG) Financial Management Committee DATA Act Transparency in Federal Financials Project Date Released: July 2015 SYNOPSIS The global Legal Entity Identifier (LEI) is gaining momentum in its adoption across a number of industries both domestically and globally. This new unique entity identifier is a non- proprietary data element that has the capability to provide financial industry stakeholders with a further transparent view into legal entities and financial transactions by revealing the interconnectedness of entities at the granular transactional level. The practical applications of a new unique entity identifier such as the global LEI extend beyond just the financial industry and could further the transparency of Digital Accountability and Transparency Act of 2014 (DATA Act, P.L. 113-101) related data. This document explores the currently available unique identifiers used with DATA Act related data, the key attributes needed for a unique entity identifier and system, an overview of the global LEI, the oversight and governance structures in place for unique entity identifiers to reduce improper payments, fraud, waste, and abuse, as well as the benefits of using a new unique entity identifier for DATA Act related data. This document also explores the key challenges, costs, and other implementation considerations associated with entities migrating to the global LEI that would need to be considered for federal agency systems and business processes. Disclaimer: This document has been prepared to provide information regarding a specific issue.
    [Show full text]
  • GLEIF Service Catalog Version 1.11
    Global Legal Entity Identifier Foundation SERVICE CATALOG 13 January 2021 Ver. 1.11 Global Legal Entity Identifier Foundation Service Catalog 1.11 - January 13, 2021 Global Legal Entity Identifier Foundation - GLEIF Service Catalog - Public Services Partnership Program Services LEI Data Services LEI Data Services LEI Search 2.0 Check for Duplicates Concatenated Files Code Lists Challenge LEI Data Publication of Mapping Files Manage Data Quality Upload LEI & LE-RD Files GLEIF API Code Lists Lifecycle Services Golden Copy Files LOU Accreditation LOU Annual Accreditation Verification Information Services Certification of LEI Mapping How to Get an LEI Re-Certification of LEI Mapping LEI Business Statistics Trigger LEI Management Transfer GLEIF Service Reporting Service Desk Communications Services Regulatory Use of the LEI LOU Communications Portal Email Notifications on Technical Updates Communications Services Social Media Videos & Podcasts Press Office & Media Third Party Events Page 2 of 28 Global Legal Entity Identifier Foundation Service Catalog 1.11 - January 13, 2021 LEI Search 2.0 Label Attributes Name LEI Search 2.0 Search for LEIs, corresponding legal entity reference data (LE-RD) and relationship reference data which defines a relationship Tag Line between two or more legal entities via an interface and display the result set. The search functionality allows to search by: - LEI code. - Keywords within LE-RD and relationship data. - Keywords and range queries within specific fields of LE-RD and relationship data. Description - Alternative identifiers (e.g. BIC, ISIN). - Registration Authority and Entity Legal Form codes. The LEI Records returned from a search can be downloaded as XML (Common Data File format), Excel, CSV and JSON files.
    [Show full text]
  • China's New Economic Frontier
    PIIE Briefi ng 16-5 China’s New Economic Frontier: Overcoming Obstacles to Continued Growth Edited by Sean Miner SEPTEMBER 2016 CONTENTS Introduction 3 1 Financial Regulation: The G-20’s Missing Chinese Dream 4 Nicolas Véron 2 Effectiveness and Independence of Monetary Policy in China and 15 Around the World Joseph E. Gagnon 3 China’s Surprisingly Poor Educational Track Record 25 Jacob Funk Kirkegaard 4 Reflections on Exchange Rate Policies and Financial Markets 33 Edwin M. Truman © 2016 Peterson Institute for International Economics. All rights reserved. The Peterson Institute for International Economics is a private nonpartisan, nonprofit institution for rigorous, intellectually open, and indepth study and discussion of international economic policy. Its purpose is to identify and analyze important issues to make globalization beneficial and sustainable for the people of the United States and the world, and then to develop and communicate practical new approaches for dealing with them. Its work is funded by a highly diverse group of philanthropic foundations, private corporations, and interested individuals, as well as income on its capital fund. About 35 percent of the Institute’s resources in its latest fiscal year were provided by contributors from outside the United States. A list of all financial supporters for the preceding six years is posted at https://piie.com/sites/default/files/supporters.pdf. Introduction China’s economy is at a pivotal moment, as it faces both imminent and long-term challenges that may sig- nificantly hamper the robust growth it has enjoyed in recent decades. Income inequality, increased debt, an aging population, shrinking labor force, and a slow transition from manufacturing to services risk threaten- ing the country’s social and economic stability.
    [Show full text]
  • Identity, Identification and Identifiers: the Global Legal Entity Identifier System
    Finance and Economics Discussion Series Divisions of Research & Statistics and Monetary Affairs Federal Reserve Board, Washington, D.C. Identity, Identification and Identifiers: The Global Legal Entity Identifier System Arthur B. Kennickell 2016-103 Please cite this paper as: Kennickell, Arthur B. (2016). “Identity, Identification and Identifiers: The Global Legal Entity Identifier System,” Finance and Economics Discussion Se- ries 2016-103. Washington: Board of Governors of the Federal Reserve System, https://doi.org/10.17016/FEDS.2016.103. NOTE: Staff working papers in the Finance and Economics Discussion Series (FEDS) are preliminary materials circulated to stimulate discussion and critical comment. The analysis and conclusions set forth are those of the authors and do not indicate concurrence by other members of the research staff or the Board of Governors. References in publications to the Finance and Economics Discussion Series (other than acknowledgement) should be cleared with the author(s) to protect the tentative character of these papers. Identity, Identification and Identifiers: The Global Legal Entity Identifier System November 8, 2016 Arthur B. Kennickell Advisor Board of Governors of the Federal Reserve System Washington, DC 20551 [email protected] The views expressed in this paper are the views of the author alone and they do not necessarily reflect the views of the Board of Governors of the Federal Reserve System or its staff, or any part of the Global LEI System. I am grateful to my colleagues on the LEI Regulatory Oversight Committee and its predecessors, the board members and staff of the Global LEI Foundation, as well as numerous other public spirited people who contributed their time to develop and guide the Global LEI System.
    [Show full text]
  • Consultative Report
    Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Consultative report Harmonisation of critical OTC derivatives data elements (other than UTI and UPI) – second batch October 2016 This publication is available on the BIS website (www.bis.org) and the IOSCO website (www.iosco.org). © Bank for International Settlements and International Organization of Securities Commissions 2016. All rights reserved. Brief excerpts may be reproduced or translated provided the source is stated. ISBN 978-92-9197-631-7 (online) Contents Executive summary ........................................................................................................................................................................... 1 1. Introduction ...................................................................................................................................................................... 3 1.1 Background .............................................................................................................................................................. 3 1.2 CPMI-IOSCO working group for harmonisation of key OTC derivatives data elements .......... 3 1.3 Critical data elements other than UTI and UPI ........................................................................................... 4 1.4 Organisation of this report and feedback to consultation .................................................................... 5 2. Harmonisation of the second batch of critical
    [Show full text]
  • LEI ROC Progress Report to FSB And
    LEI ROC Progress report by the Legal Entity Identifier Regulatory Oversight Committee (LEI ROC) The Global LEI System and regulatory uses of the LEI 5 November 2015 Executive Summary The G-20 Leaders supported in 2011 "the creation of a global legal entity identifier (LEI) which uniquely identifies parties to financial transactions” and, following recommendations by the Financial Stability Board (FSB), tasked the LEI Regulatory Oversight Committee (ROC), established in January 2013, with coordinating the actions of the regulatory community in establishing and overseeing a Global LEI System in charge of issuing and maintaining LEIs, in accordance with the principles endorsed by the G20. In October 2013, the LEI ROC started endorsing issuers of LEIs that could be used for reporting and other regulatory purposes in the various jurisdictions represented in the ROC. As of October 2015, the ROC had endorsed 27 issuers that have issued over 390’000 LEIs to entities in 195 jurisdictions. On 7 October 2015, the ROC confirmed that the Global LEI Foundation (GLEIF), established in June 2014 by the FSB as a not-for-profit organization overseen by the ROC as foreseen in the GLEIF Statutes, was ready to fully assume the tasks of the central operating unit of the system. These tasks had so far been largely assumed, on an interim basis, by the ROC and its members. The GLEIF functions are now supported by a Master Agreement, to be signed between the GLEIF and issuers, which defines how the GLEIF will proceed to their accreditation and monitor their compliance with quality requirements and service levels.
    [Show full text]
  • Miguel A. Lopera, CEO, GS1 Global
    February 14, 2011 Elizabeth Murphy, Secretary Securities and Exchange Commission 100 F Street, NE. Washington, DC 20549–1090 www.sec.gov/rules/final.shtml Re: Regulation SBSR—Reporting and Dissemination of Security-Based Swap Information Release No. 34–63346; File No. S7–34–10 RIN 3235–AK80 Thank you for the opportunity to respond to your request for comment on your proposed rule making regarding Reporting and Dissemination of Security-Based Swap Information as posted in the Federal Register / Vol. 75, No. 231 / Thursday, December 2, 2010 / Proposed Rules. The SEC’s request is unprecedented in its global scope and its outreach to the global financial industry. We responded by bringing together an ad-hoc group, the Global Financial Services Data and Standards Alliance, to provide input to us to address this request. We also wish to explain our late submission, recognizing the submission date of January 18, 2011 has passed. Our lateness was due to the logic of our proposed solution to the SEC and the two other related rule making requests - those of the US Treasury’s Office of Financial Research’s (OFR’s) Legal Entity Identifier (LEI) release for comments due January 31, 2011 and the CFTC’s Swap Data Recordkeeping and Reporting Requirements release due for comments by February 7, 2011. We have responded to both in a timely fashion. What set us on this course to respond at this late date was the OFR’s request to consider: “A LEI acceptable for use with data reported to the Office should…where possible, be compatible with existing systems, work across various platforms, and not conflict with other numbering or identification schemes” We recognized the desire of the Treasury, the CFTC and the SEC to coordinate the proposed rule making, at least as far as unique identification of participants, products and transactions were defined.
    [Show full text]
  • The Global Legal Entity Identifier System
    Journal of Risk and Financial Management Article The Global Legal Entity Identifier System: How Can It Deliver? † Ka Kei Chan 1 and Alistair Milne 2,* 1 Department of Economics and Finance, Brunel University London, Uxbridge UB8 3PH, UK; [email protected] 2 School of Business and Economics, Loughborough University, Loughborough LE11 2TU, UK * Correspondence: [email protected] † This paper is an updated version of our earlier working paper written with the support of a grant 2012-5-50CD from the Alfred P. Sloan Foundation, updated to take account of developments in the intervening five years. The opinions expressed here are our own, not those of any of the institutions involved in creating the LEI or the many individuals who have generously given of their time in order to be interviewed on the development and future of the system. Received: 17 December 2018; Accepted: 19 February 2019; Published: 7 March 2019 Abstract: We examine the global legal entity identifier (LEI) system for the identification of participants in financial markets. Semi-structured interviews with data professionals revealed the many ways in which the LEI can improve both business process efficiency, and counterparty and credit risk management. Larger social benefits, including the monitoring of systemic financial risk, are achievable if it becomes the accepted universal standard for legal entity identification. Our interviews also review the substantial co-ordination and investment barriers to LEI adoption. To address these, a clear regulatory-led road map is needed for its future development, with widespread application in regulatory reporting. Keywords: big data; data standards; entity identifiers; macroprudential policy; regulation; risk management; Dodd-Frank Act; operational efficiency; systemic risk JEL Classification: G20; G28; M15 1.
    [Show full text]
  • 2017/18 – Big Bang Year for LEI?
    2017/18 – Big Bang Year for LEI? Paul Kennedy – GLEIF Board Director Data Management Summit – London - 15 March 2017 © 2017 GLEIF and/or its affiliates. All rights reserved. | Author: GLEIF| | GLEIF unrestricted | 1 | 29 Content • What is the LEI and who is GLEIF? • What data users can get for free – now, and soon: ▫ Quality – clean, cleaner, cleanest data ▫ Improved Integration – APIs and linkage to 3rd party data ▫ A Connected World – inter-entity relationships • Over the horizon? © 2017 GLEIF and/or its affiliates. All rights reserved. | Author: GLEIF| | GLEIF unrestricted | 2 | 29 WHAT IS THE LEI? © 2017 GLEIF and/or its affiliates. All rights reserved. | Author: GLEIF| | GLEIF unrestricted | 3 | 29 LEI = Legal Entity Identifier . A unique global identifier for corporate entities that is accessible free of charge as a broad public good for the benefit of the users in the public and private sector . The Financial Stability Board (FSB), at the request of the G20, created the LEI in 2012 as a reference code to uniquely identify legally distinct entities that engage in financial transactions © 2017 GLEIF and/or its affiliates. All rights reserved. | Author: GLEIF| | GLEIF unrestricted | 4 | 29 LEI as an Identity Label The LEI is a unique 20 digit alphanumeric LEI comes with standardized business code based on ISO 17442 standard, and card information, validated at point of assigned to legal entities entry against Authoritative Sources © 2017 GLEIF and/or its affiliates. All rights reserved. | Author: GLEIF| | GLEIF unrestricted | 5 | 29 Example from www.gleif.org Validation International network of LEI issuers © 2017 GLEIF and/or its affiliates.
    [Show full text]
  • Response of the Global Legal Entity Identifier Foundation (GLEIF) to The
    Response of the Global Legal Entity Identifier Foundation (GLEIF) to the Blockchain White Paper on the technical applications of Blockchain to the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) deliverables July 2018 The Global Legal Entity Identifier Foundation (GLEIF) is pleased to provide coMMents to the Blockchain White Paper on the technical applications of Blockchain to the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) deliverables. GLEIF will focus its coMMents on the use of the Legal Entity Identifier (LEI) in the white paper. First some Background on the LEI. The development of a system to uniquely identify legal entities gloBally had its Beginnings in the 2008 financial crisis. Regulators worldwide acknowledged their inaBility to identify parties to transactions across markets, products, and regions for regulatory reporting and supervision. This hindered the ability to evaluate systemic and emerging risk, to identify trends, and to take corrective steps. Recognizing this gap, authorities, working with the private sector, have developed the framework of a GloBal LEI System (GLEIS) that will, through the issuance of unique LEIs, unamBiguously identify legal entities engaged in financial transactions. Although the initial introduction of the LEI was for financial regulatory purposes, the usefulness of the LEI can be leveraged for any purpose in identity management for legal entities both by the public and private sectors spanning all industries and sectors. The LEI initiative is driven By the Financial Stability Board (FSB) on behalf of the finance ministers and governors of central Banks represented in the Group of Twenty (G20). In 2011, the G20 called on the FSB to take the lead in developing recommendations for a gloBal LEI and a supporting governance structure.
    [Show full text]