Hi Reina, Thanks for getting in touch. The exact method for how the verifiable credential is requested is on the verifier and the holder has the option to either accept or refuse their request. The available options also vary depending on the type of credential used. For web credentials, there is a concept of selective-disclosure that allows the verifier to define which information exactly is requested from the credential of the holder. You can find more information here: learn.mattr.global/tutorials/verify/web-credentials/presentation-template/selective-disclosure. If you want to talk in more detail please email [email protected] and one of the team will reach out. Thanks, MATTR

Thanks Waylon ☺

Hi Jaime, Thanks for getting in touch. The app we're demonstrating in our video is designed to scan My Covid Pass QR codes. This is a different app from NZ COVID Tracer, which you can learn about on the Ministry of Health website: www.health.govt.nz/our-work/diseases-and-conditions/covid-19-novel-coronavirus/covid-19-resources-and-tools/nz-covid-tracer-app.

how they state it doesnt store your data and information. IT does

Hi BenjipNZ, Thanks for getting in touch. We are really excited about our work in this space. To stay updated, keep an eye out on our website at mattr.global.

@@MATTRglobal don't thank BenjipNZ . Answer his Question

Yes BBS+ signatures as a cryptographic scheme does support range proof

Hey Paul -- this solution is not ACA-py based, what you see here is a prototype that shares the same backend as our MATTR VII platform and leverages a browser-based solution for credential exchange known as "CHAPI" -- the Credential Handler API over at W3C. The decision to use CHAPI (which was a consensus amongst DHS SVIP cohort members) was largely due to the fact that CHAPI was a relatively easy way to have multiple vendors interoperate with independent technical stacks. To facilitate CHAPI we're using what's known as a polyfill which allows implementers to build and use in-browser functionality prior to browsers deciding to natively support those features. We are hoping to achieve more direct interoperability with projects like ACA-py in the future as part of the upcoming interop targets for AIP 2.0. You can read more about CHAPI here: w3c-ccg.github.io/credential-handler-api/ And you can find the polyfill here: github.com/digitalbazaar/credential-handler-polyfill

For privacy reasons you will want to keep the data in the QR/NFC to the absolute minimum, or, if possible derived (e.g. Are you tested/vaccinated: Yes/No, or 21 years or older: yes/No). You also want this because of the max size of the QR/NFC.

As Maarten mentions above, the issuer should limit the claims contained in the credential within the QR code to those absolutely necessary to the subject/holder - both to limit the exposure of personal information but also so as to more easily permit the credential to be represented within the limited data available in the QR code. The issuer should implement secure physical transport mechanisms to transmit the credential to the holder (e.g. by post or physical issuance). The holder must then treat the physical presentation of the QR code as they would their responses to presentation requests received via a digital wallet. You are correct that a selective disclosure is not possible when relying on a physical medium such as a printed QR code to convey the data.

I think one fundamental feature of verifiable credentials is that they're cryptographically signed by a (known and trusted) issuer party. Credential holder shouldn't be able to tamper with the credential without altering the signature. In this case, the party who is scanning and relying on this type of credential should already know and trust the identifier of the medical lab, doctor, etc. issuing the certificate.

@@CarlosBruguera I guess I might be thinking too much of an edge case. I get the trust of the medical lab side of things, it's how do I know that the holder of the paper based credential is the real John Smith. It's just a single factor. If someone would be prepared to fake the medical lab side of things (which I agree this solves) surely it's not too much of a step to consider they would fake the paper credential by using someone elses real details/QR code but different pic.

here: kzfaq.info/get/bejne/nr6ohNSCsai6imw.html

Thanks a lot !!!

One more thing, is the BBS+ Signature Proof of Knowledge a "non-interactive" proof?

@@darksteam999 Yes it is