The COVID-19 Credentials Initiative (CCI) is an open global community looking to deploy and/or help deploy privacy-preserving verifiable credential projects in order to mitigate the spread of COVID-19 and strengthen our societies and economies.

The community builds on Verifiable Credentials (VCs), an open standard and emerging technology, which could provide a close experience to paper/physical credentials while offering additional benefits, the most important being privacy-preserving and temper-evident.

We joined Linux Foundation Public Health (LFPH) in Dec 2020 to work together on advancing the use of VCs, and data and technical interoperability of VCs in the public health realm, starting with vaccine records for COVID-19.

The Vaccination Credential Initiative is a voluntary coalition of public and private organizations committed to empowering individuals with access to a trustworthy and verifiable copy of their vaccination records in digital or paper form using open, interoperable standards.

The scope of the Vaccine Credential Initiative (VCI™) is to harmonize the standards and produce the implementation guides needed to support the issuance of verifiable health credentials - signed clinical data bound to an individual identity. The VCI does this by leading the development and implementation of the open-source SMART Health Card Framework and specifications.

The Vaccination Credential Initiative is a voluntary coalition of public and private organizations committed to empowering individuals with access to a trustworthy and verifiable copy of their vaccination records in digital or paper form using open, interoperable standards.

The scope of the Vaccination Credential Initiative (VCI™) is to harmonize the standards and support development of implementation guides needed to issue, share, and validate vaccination records bound to an individual identity.

Paper-first Vaccination Solutions

An equitable, efficient, open source and privacy preserving protocol by MIT.

The PathCheck Verifiable QR Specification is an extension of the W3C Verifiable Credentials Data Model expressed as a URI for the purposes of providing a standardized format of describing Verifiable Credentials within the constraints of the QR specification. This document describes the protocol to create Verifiable Credentials directly as URIs for space-limited alphanumeric-required applications, such as QR Codes, NFC tags and SMS Messages.

Abstract In this report we present a tutorial on secure privacy enhancing vaccine passports. Three emerging open efforts were reviewed and all were based on W3C’s verifiable credentials data model. We explain the data model from a security, privacy, and technology standpoint, illustrate its implementation by one initiative via JSON Web Tokens (JWTs) and public-key cryptography. In addition we review the technology behind JWTs and provide a high level review of QR codes that can be used in paper based scannable vaccine passports.

Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. These credentials provide benefits to us when used in the physical world, but their use on the Web continues to be elusive.

Currently it is difficult to express education qualifications, healthcare data, financial account details, and other sorts of third-party verified machine-readable personal information on the Web. The difficulty of expressing digital credentials on the Web makes it challenging to receive the same benefits through the Web that physical credentials provide us in the physical world.

This specification provides a standard way to express credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.

A verifiable credential can represent all of the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.

Holders of verifiable credentials can generate verifiable presentations and then share these verifiable presentations with verifiers to prove they possess verifiable credentials with certain characteristics.

A set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

A presentation is: Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier. A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification.

JSON Web Token is an Internet proposed standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

A QR code (abbreviated from Quick Response code) is a type of matrix barcode invented in 1994 by the Japanese automotive company Denso Wave. A barcode is a machine-readable optical label that contains information about the item to which it is attached. In practice, QR codes often contain data for a locator, identifier, or tracker that points to a website or application.