Stream: smart/health-cards
Topic: Replace issuer URL by name
Matthieu Lux (Sep 23 2021 at 14:43):
Hi everyone, I have a question about displaying the issuer of a SHC. In the Commons Verifier, in Health, the issuer URL is displayed by default as the field. Can anyone share an example that would display "Government of Utopia" instead of "https://shc.health.gov.ut/issuer" please?
Paul Denning (Sep 23 2021 at 14:54):
Isn't that why https://github.com/the-commons-project/vci-directory/blob/main/vci-issuers.json has a "name"?
Josh Mandel (Sep 23 2021 at 14:54):
Issuer URL is important because it can be used to directly retrieve cryptographic keys bound to a domain. If you want to have a safe/vetted name to display for an issuer, you will need to get them from a trust framework for directory of some kind. This is by design because we don't want any random person to be able to stand up and issue where that gets displayed as "Some Real Issuer".
Josh Mandel (Sep 23 2021 at 14:54):
Just as Paul says, this is the pattern we recommend
Grahame Grieve (Sep 23 2021 at 14:55):
the process for getting in there is a little unclear.
Josh Mandel (Sep 23 2021 at 14:56):
There is no one official directory for smart Health cards; the scope for the current VCI directory is pretty limited; the readme explains the intended participants.
Grahame Grieve (Sep 23 2021 at 14:57):
i'm telling you what the intended participants are telling me
Josh Mandel (Sep 23 2021 at 14:57):
There is no magic to scale a trust framework; for the moment we have focused the directory in a way to promote specificity over sensitivity -- in other words, we want to have high confidence in anything we include, with limited resources for manually verifying attestations.
Josh Mandel (Sep 23 2021 at 14:58):
Would be great to engage with anyone who wants to be included; the process today may not accommodate everyone who wants to be included, but this will expand over time.
Grahame Grieve (Sep 23 2021 at 15:01):
I'm not saying it does or not, it's just unclear
Grahame Grieve (Sep 23 2021 at 15:01):
do you agree with this summary of the process: https://chat.fhir.org/#narrow/stream/179173-australia/topic/Smart.20health.20Cards ?
Josh Mandel (Sep 23 2021 at 18:30):
Reading https://chat.fhir.org/#narrow/stream/179173-australia/topic/Smart.20health.20Cards/near/254489689 specifically -- yes, but also review https://github.com/the-commons-project/vci-directory/#requirements-for-issuers which defines the scope of issuers VCI is currently considering for inclusion.
Grahame Grieve (Sep 23 2021 at 19:23):
so I got that list by reading around. It would be reassuring for consumers to see that in a single list
Josh Mandel (Sep 23 2021 at 20:06):
@JP Pollak I don't think we've previously advertised the form URL publicly, but it's obviously no secret. Are you comfortable incorporating Grahame's bullet list into the public README?
JP Pollak (Sep 23 2021 at 20:37):
we hadn't initially published the request form on the README to avoid being inundated with requests from issuers who don't fit the narrow VCI Directory issuer definition... but to your point about it not being a secret, i don't see why it can't be listed at this point.
Last updated: Apr 12 2022 at 19:14 UTC
