The Good Health Pass Interoperability Blueprint Approved Deliverable of the Interoperability Working Group for Good Health Pass Version 1.0.0 — August 1, 2021 The Good Health Pass Interoperability Blueprint 1 Table of Contents Notices ..................................................................................................................... III Table of Figures ....................................................................................................... IV 1 The Problem We Are Solving: Reopening Global Travel ..................................... 1 1.1 The Challenge Of Health Data Exchange Across Ecosystems ..............................3 2 The Good Health Pass Interoperability Blueprint ..............................................5 2.1 Our Approach To A Good Health Pass .....................................................................5 2.2 Key Design Choices ...................................................................................................6 3 Where Does the Blueprint Fit Within the Industry? .........................................10 3.1 Good Health Pass Ecosystem ................................................................................10 3.2 Integration With Open Standards ...........................................................................11 3.3 Building A Community Consensus ........................................................................ 12 4 Solving for Interoperability: An Overview of the Blueprint .............................13 4.1 Next Steps Beyond the Blueprint .......................................................................... 16 5 Overall Recommendations ................................................................................. 17 5.1 Recommendation #1: Consistent User Experience ............................................. 18 5.2 Recommendation #2: Security, Privacy, and Data Protection ........................... 31 5.3 Recommendation #3: Identity Binding ................................................................ 46 6 Credential Recommendations ..........................................................................60 6.1 Recommendation #4: Standard Data Models and Elements ............................. 61 6.2 Recommendation #5: Credential Formats, Signatures, and Protocols ............ 69 6.3 Recommendation #6: Offline Paper Credentials ................................................. 81 7 Operational Infrastructure Recommendations ............................................... 95 7.1 Recommendation #7: Rules Engines .................................................................... 96 7.2 Recommendation #8: Trust Registries ...............................................................102 7.3 Recommendation #9: Governance and Trust Frameworks ................................113 Appendices ............................................................................................................122 References ....................................................................................................................123 Glossary .........................................................................................................................131 Acknowledgements ...................................................................................................... 155 The Good Health Pass Interoperability Blueprint I Appendix A: Example User Flows for Obtaining a Health Pass .............................156 Appendix B: COVID-19 Credentials Initiative (CCI) Schema Task Force Data Specification Repositories ......................................158 Appendix C: OCA Background ..................................................................................159 Appendix D: FHIR-OCA Data Pipeline....................................................................... 161 Appendix E: About the Good Health Pass Collaborative .......................................162 The Good Health Pass Interoperability Blueprint II Notices The Trust over IP Foundation’s Interoperability Working Group for Good Health Pass (the “Project”) would like to receive input, contributions, suggestions and other feedback (“Contributions”) on the specifications, documents, source code, data, and other artifacts being developed within its working groups (the “Materials”). By contributing comments to the draft, you (on behalf of yourself if you are an individual and your company if you are providing Contributions on behalf of the company) grant the Project under all applicable intellectual property rights owned or Controlled by you or your company a non-exclusive, non-transferable, worldwide, perpetual, irrevocable, royalty-free license to use, disclose, copy, publish, license, modify, sublicense or otherwise distribute and exploit Contributions you provide for the purpose of developing and promoting the Materials and in connection with any product that implements and complies with the Materials. You warrant to the best of your knowledge that you have rights to provide these Contributions, and if you are providing Contributions on behalf of a company, you warrant that you have the rights to provide Contributions on behalf of your company. You also acknowledge that the Project is not required to incorporate your Contributions into any version of the Materials. You further agree that you and your company will not disclose it or distribute drafts of the non- public Project Materials to third parties. Unless the parties agree otherwise or the Project Materials are made publicly available by the Project, this obligation of non-disclosure will expire five (5) years from the date the material was disclosed to you. Source Code Any source code you provide to the Project is subject to the Developer Certificate of Origin version 1.1, available at http://developercertificate.org/ and the license indicated in the Project’s source repository for the Materials. Copyright Notice Copyright © 2021, Trust over IP Foundation. THESE MATERIALS ARE PROVIDED “AS IS.” The parties expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user. IN NO EVENT WILL THE PARTIES BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THIS DELIVERABLE OR ITS GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER MEMBER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License The Project is made available by the Joint Development Foundation. The current Working Group charter, which includes the IP policy governing all working group deliverables (including specifications, source code, and datasets) may be found on page 20 of this link. Currently, the licenses governing the Interoperability Working Group for Good Health Pass deliverables are: Copyright mode: Creative Commons Attribution 4.0. Patent mode: W3C Mode (based on the W3C Patent Policy). Source code: Apache 2.0. The WG is not expected to produce source code. Living Links Links to items referenced in the Good Health Pass Interoperability Blueprint, and materials developed to support its implementation, can be found on this Trust over IP Foundation Interoperability Working Group for Good Health Pass wiki page. The Good Health Pass Interoperability Blueprint III Table of Figures Figure 1: Good Health Pass Principles ............................................................................... 2 Figure 2: Good Health Pass Terminology ........................................................................... 6 Figure 3: The Good Health Pass Ecosystem .....................................................................10 Figure 4: Identity binding and authentication zones in the Good Health Pass ecosystem ................................................................................................. 20 Figure 5: Identity binding and authentication zones in the Good Health Pass ecosystem ................................................................................................. 47 Figure 6: Vaccination card .................................................................................................51 Figure 7: The four core terms for describing data containers for health data used for travel .................................................................................................... 62 Figure 8: Health certificates and credentials that are not GHP-compliant can all be used as inputs to generate a GHP-compliant health pass (or travel pass) .......................................................................................... 70 Figure 9: Holder authentication to a FHIR-enabled health record system using OAuth 2 and OIDC ..................................................................................... 71 Figure 10: A zero-knowledge proof credential can support dynamic generation of any number of context-specific GHP-compliant passes ..................................................................................................................73 Figure 11: When an issuer or holder cannot support BBS+ credentials, a static Ed25519 credential can be used (either digital or paper), but it does not support selective disclosure .....................................................75