DTC Anoncred Issuance Workflow User installs Mobile App User uses Mobile App to scan passport using OCR and NFC and authenticate with a liveness check Mobile App establishes connection with SITA DTC Issuer Agent SITA DTC Issuer Agent requests self-attested presentation from Mobile App Mobile App sends ICAO DTC to SITA DTC Issuer Agent via self-attested presentation DTC Issuer Agent checks validity of ICAO DTC using an ICAO DTC PKD service (Auctorizium) ICAO DTC PKD service responds with validity result SITA DTC Issuer Agent offers a DTC Anoncred credential to the Mobile App Mobile App presents the credential offer to the User

DTC Anoncred Issuance Workflow User installs Mobile App User uses Mobile App to scan passport using OCR and NFC and authenticate with a liveness check Mobile App establishes connection with DTC Issuer Agent Mobile App sends ICAO DTC to DTC Issuer Agent via self-attested presentation DTC Issuer Agent requests check of validity of ICAO DTC from ICAO DTC PKD service ICAO DTC PKD service responds with validity result DTC Issuer Agent offers a DTC Anoncred credential to the Mobile App Mobile App presents the offer to the User User accepts the credential offer on the Mobile App

DTC Anoncred Issuance Workflow User installs Mobile App User uses Mobile App to scan passport using OCR and NFC Mobile App encodes passport data into an ICAO DTC credential stored on the phone Mobile App establishes connection with DTC Issuer Agent Mobile App sends ICAO DTC to DTC Issuer Agent via self-attested presentation DTC Issuer Agent requests check of validity of ICAO DTC from ICAO DTC PKD service ICAO DTC PKD service responds with validity result DTC Issuer Agent offers a DTC Anoncred credential to the Mobile App Mobile App presents the offer to the User

g = governance.load("mygovernancefile.json") // this will return true, as bob is approved for someschema result = g.isApprovedIssuer(issuer="did:example:bob", schema="someschema") console.log(result, ' because...') // this will return false, as bob is not approved for otherschema g.isApprovedIssuer(issuer="did:example:bob", schema="otherschema") // this will return false, as lameschema is not listed in our governance file

Aruba ED Card Website The first diagram portrays the process of using the Aruba ED Card Website. It assumes the traveler has already received a DTC credential. skinparam backgroundColor #fff skinparam handwritten false skinparam BoxPadding 10 skinparam ParticipantPadding 10

Aries Interopathon Recap and Takeaways Mike Ebert What is an Interopathon? A meeting of organizations and individuals focused on the interoperability of software, systems, and processes. What is an Interopathon? A interopathon is an event similar to a hackathon, but focused on interoperability. What is an Interopathon?

Health Credential Issuance Workflow User receives a link via email or some other means User opens the link in their browser The page will display a QR code User scans the QR code User's Cardea Mobile Agent connects to the Cardea Health Issuer Agent Collect patient demographic information Verify user identity, e.g. verify user control of phone number or email address Look up patient in system

Navigating a Series of Tubes Mike Ebert Personal web development journey began in 1992 Dad was a software developer Had a computer, let me play Castles II, and challenged me to learn Pascal All types of schooling, including home school Took AP Computer Science on my own

Machine-Readable Governance Theory, Code, and the Future Mike Ebert and Simon Nazarenko Intro We needed to build something and couldn't wait for a trust registry or other industry-wide system or standard Very much a work in progress! Aren't Protocols Good Enough?

Goals: Support multiple types of rules Each rule needs to operate by itself Rules can also link together Rules should be linked to roles A Real Workflow: Holder connects to health_issuer {

Bronx RHIO Health Credentials skinparam backgroundColor #fff skinparam handwritten false skinparam BoxPadding 10 skinparam ParticipantPadding 10 skinparam NoteFontSize 24 skinparam NoteBorderColor #f80 skinparam NoteBackgroundColor #fea

Email+Organization Credential-Based Login skinparam backgroundColor #fff skinparam handwritten false skinparam BoxPadding 10 skinparam ParticipantPadding 10 skinparam NoteFontSize 24 skinparam NoteBorderColor #f80 skinparam NoteBackgroundColor #fea

Assets (Nouns) Actions (Verbs) Authorization (Linkages) Discovery Assets List of schemas in use and the requirements for issuing and verifying them List of participants

Table of Contents: Set up the Toolbox and Try Things Out Install the Cardea Docker Environment Test Drive the Cardea Credential Ecosystem Analyze an Enterprise Agent List the Attributes of Your Schema Create Your Schema on the Ledger Modify Agent Code to Use Your Schema Discuss How to Adapt the Cardea Agent(s) for OEF's Purposes

The government/travel enterprise agent is a system that allows an organization to connect to users, verify health credentials and travel information, and issue travel credentials. It is comprised of three main components: ACA-Py Controller UI Aries Cloud Agent Python (ACA-Py) As the name states, the Aries agent that utilizes Indy and Aries standards is ACA-Py. Cardea/Indicio code interacts with ACA-Py, but we almost never have to work directly with the Python code. The Indicio Python team and the Aries community make upgrades and updates to ACA-Py that we can take advantage of. Because of our close involvement with the community, we have been able to regularly make feature requests and prioritize our development needs.

Summary Who to trust Rules Workflows Trust discovery Who to trust List of schemas in use

Present Implementation Email credential issuance and verification Goals of the Present Implementation for Machine Readable Governance List roles of participating parties Organization contact information List issuers (approved issuers that provide the correct verifiable credentials) List validated verifiers (can be trusted to verify credentials according to the governance framework) Schemas in use