--- Title: Holder-bound SMART Health Cards --- :::warning Note: this is a ***draft**-specification* for discussion purposes. ::: Proposal (DRAFT): # Holder-bound SMART Health Cards > [time=August 1, 2024] [name=Stephan Baur] [name= with contributors] SMART Health Cards (SHC) is a data framework that in essence defines an envelope object to hold HL7 FHIR data. The format is IETF's JOSE --JSON Object Signing and Encryption: Signing (JWS) to create tamper-evidence and authenticity of the data source and in the second part of the HL7 spec, Encrytption (JWE) for "SMART Health Links" (SHL) to keep them private when stored at a link hosting provider. This envelope allows to cryptographically verify authenticity of the data contained in it and creates a strong assertion to the provenance of the data. The first wide spread use case for this has been the Covid-19 vaccination credentials in the US. Knowing who the authoritative source is (with a [Trust Registry](https://github.com/the-commons-project/vci-directory/tree/main)) establishes the confidence in the assertions made by the data. But it does not authenticate the identity of the person who is subject to the data when presenting the SHC. As demonstrated with mobile Driver's Licenses (mDL) and in many use cases with W3C Verifiable Credentials (VC) binding a cryptogrphic authenticator (public signature verification key) to the signed data and combining it with a presentation protocol that proofs possession of the matiching private signing key achieves the above. This is very valuable for the type of health data (FHIR data) that is required to provide proof of health (vaccination, negative test) or proof of health insurance coverage: it brings confidence that the proofs are valid (un-tampered and from authoritiative source) ***and*** the presenter is authentic (the person subject to the assertions). The latter brings sufficient means to automatically create verified loging accounts based on the proofs conveyed. The goal of this proposal is to specifiy modifications to the SMART Health Card framework to support the above by these 3 directives: 1. Make the SMART Health Card JWT conforming to the W3C Verifiable Credential Data Model's (VCDM) JOSE-based securing envelope 2. Use W3C's Decentralized Identitifer core model to identify the data's source ***and*** subject 3. Use a mutually authenticating data exchange protocol between issuer and subject The main intent behind this proposal is to accelerate interoperability with emerging mobile identity wallets, like the DMV wallet by the state of California and pioneering software vendors and consumer platforms. :::warning Expecting changes with crypto-suites (PQC) and evolutionary progressing of the respective W3C specifications, implementers MUST ensure crypto agility with their roll-outs. ::: The standards mentioned are listed below: :::spoiler References to relevant Standards **HL7:** * [SMART Health Cards and Links FHIR IG](https://hl7.org/fhir/uv/smart-health-cards-and-links/2024SEP/toc.html) * [Carin Digital Insurance Card (CDIC)-the broader data model](https://hl7.org/fhir/us/insurance-card/STU1.1/index.html) * [SMART Health Digital Insurance Card (SHDIC)](https://hl7.org/fhir/us/insurance-card/STU1.1/General_Guidance.html#a-payer-to-provide-members-with-smart-health-digital-insurance-cards) **SMART:** * [SMART Health Cards Framework (SHC)](https://spec.smarthealth.cards/) **W3C:** * [Verifiable Credential Data Model (VCDM) v2.0](https://www.w3.org/TR/vc-data-model-2.0) * [Decentralized Identifiers (DID)](https://w3c.github.io/did-core/) ::: ## Overview The principal concept for both W3C Verifiable Credential Data Model (VCDM with JWT) and SHC is: 1. A standardized 'wrapper' around a standardized "data payload" is cryptographically signed by the "data source" referred to as issuer/originator. 3. The standard for the 'wrapper' is IETF JOSE. 4. The standard for the payload is domain specific. For SHC, it is HL7 FHIR. Others like mDL are ISO. To make SHCs W3C conforming, this proposal aims to bring the SHC inline with the JWT variant for Verifiable Credential as specified by the W3C VCDM. Additionally, it also aims to align the PKI aspects with W3C Decentralized Identifiers (DID), that is, issuers and subject will be represented with DIDs (CA DMV wallet uses did:jwk). This will allow reusability of already existing digital identity wallets and their algorithms to verify authenticity of SHCs as well as their holders. The domain specific data payload standard for this proposal is HL7 Carin Digital Insurance Card narrowly referred to as SMART Health Digital Insurance Card. :::info Note: This proposal is about conformance to W3C. For a future revision, ISO/IEC 18013 and 23220 SHOULD be considered. Presumably, since 18013-7 defines an OID4VP profile for presentation, it is likely that mdocs can be exchanged that way (issuance and verification). Making SHCs conforming with mdoc is a significantly bigger lift --thus the initial focus on W3C since it allows to stay the JOSE route. ::: ## The role of Decentralized Identifiers (DID) As major software vendors and foundations have been adopting selected DID methods, conforming to the W3C DID standard ensures reusability of a growing new Internet infrastructure. However, given the long list of registered methods, this proposal will need to vet out the most opportune methods to be selected initially. At this point in time (August 2024), this proposal sets a guideline to use a private DID for individual users, and a public DID for organizational entities. This guideline will get more specificity once it becomes clearer what the most opportune choices are by considering early adoption use cases. :::info Note: This proposal acknowledges that indivdual users may have multiple DIDs. For sure when different wallets are used, but even with the same wallet when different methods are used. Since ISO does not support DIDs, an important convention will need to be formed in the case of the CA DMV app with **``did:jwk``**. For example, the extend to which that DID can be used as an identifier for the person when they are not portable across new devices. ::: ## The role of identity wallets In order to achieve interoperable authenticity of the card holders, members must use identity wallet apps so that the issuer can bind a holder's cyptographic signature verification key to the VC. This is why the SHCs cannot be downloaded to a consumer app via a FHIR API! It MUST use standardized exchange protocols, such as OID4VCI/VP or ISO/IEC (18013 and 23220). This proposal will initially focus on the former because if has broader early adoption (Microsoft, PingIdentity, CA DMV, eEIDAS). :::warning This is paramount. Without it we lose the ability to verify that at the other end of a VC exchange flow is the actual holder to which the VC has been issued. ::: ## POC to validate The State of California DMV offers a digital identity wallet app for its mobile Driver License. Additionally, an OSS-licensed verifier server has also been released. The DMV continues the sponsoring of access to the synthetic mDLs and some infrastructure made available for the October 1, 2024 hackathon. At the time of the hackathon, issuance was not available. This has since been revised and expected to be made available in this open test environment by January 2025. It presents a great opportunity for early implementers of this proposal to gather for interoperability testing and vetting of iterations to this proposal. # Proposal ## SMART Health Card as VC In essence, the [HL7 SMART Health Digital Insurance Card](https://build.fhir.org/ig/HL7/carin-digital-insurance-card/General_Guidance.html#a-payer-to-provide-members-with-smart-health-digital-insurance-cards) will be wrapped by a slightly modified SMART Health Card JWS so that it becomes conformant with the W3C Verifiable Credential [security wrapper](https://www.w3.org/TR/vc-data-model/#jwt-encoding) and uses a Decentralized Identifier for the issuer and subject. :::spoiler SMART Health Digital Insurance Card as W3C Verifiable Credential ```javascript= { /* JWS header: */ "alg": "ES256", "typ": "JWT", "kid": "did:<method-for-issuers>:<d-identifier>#<key-identifier>" // add }, { /* JWS payload: */ "vc": { "@context": "[https://www.w3.org/ns/credentials/v2]", "type": [ "https://smarthealth.cards#health-card", "VerifiableCredential", // add "HealthPlanCoverageProof", // add -may require more conext "HealthPlanEnrollmentRequest" // add -may require more context ], /* SMART Health Digital Insurance Card data model (HL7) */ "credentialSubject": {...} }, "iss": "did:<method-for-issuers>:<d-identifier>", // change "jti": "http://<issuer's-domain>/credentials/<cred-id>", // add -managed by issuer "sub": "did:<method-for-users>:<d-identifier>", // add -is generated by the wallet "nbf": "1722363939", "exp": "1816974451" // add // "aud" MUST be present when presented (in Verifiable Presentations) -will be the DID of the verifier }, { /* JWS signature: */ "yB0o52V6QpmgMhU_m1IYa7aaxTPZbATkrXj9LxTCDzx2RM49Msbv458ZUpc TI_JjQwinxf8-MS_IX2urG1SMgA" } ``` ::: :::spoiler SMART Health Card payload "{}{...}" example for SMART Health Digital Insurance Card: ```javascript= "credentialSubject": { "fhirVersion": "4.0.1", "fhirBundle": { "resourceType": "Bundle", "type": "collection", "entry": [ { "fullUrl": "resource:0", "resource": { "resourceType": "Coverage", "id": "Example-Coverage1", "meta": { "versionId": "1", "lastUpdated": "2021-04-06T10:49:02.473+00:00", "profile": [ "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-Coverage" ] }, "text": { "status": "generated", "div": "<div xmlns='http://www.w3.org/1999/xhtml'>Acme Gold Plus</div>'" }, "extension": [ { "extension": [ { "url": "memberId", "valueId": "102345672-01" }, { "url": "name", "valueHumanName": { "family": "Doe", "given": [ "John" ] } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-PlanBeneficiaries-extension" }, { "extension": [ { "url": "memberId", "valueId": "102345672-02" }, { "url": "name", "valueHumanName": { "family": "Doe", "given": [ "Jane" ] } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-PlanBeneficiaries-extension" }, { "extension": [ { "url": "memberId", "valueId": "102345672-03" }, { "url": "name", "valueHumanName": { "family": "Doe", "given": [ "Jimmy" ] } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-PlanBeneficiaries-extension" }, { "extension": [ { "url": "memberId", "valueId": "102345672-04" }, { "url": "name", "valueHumanName": { "family": "Doe", "given": [ "Ginny" ] } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-PlanBeneficiaries-extension" }, { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-AdditionalCardInformation-extension", "valueAnnotation": { "text": "If you use a TTY, call 711.\nYou may be asked to present this card when you receive care or fill a perscription. This card does not gaurentee coverage. Intentionally misusing this card may be considered fraud or a violation of the law.\nWe encourage you to use a primary care physician as a valuable resource and personal health advocate." } }, { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-CardIssueDate-extension", "valueDate": "2020-12-15" }, { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-BackgroundColor-extension", "valueCodeableConcept": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/IECColourManagement", "code": "#00bfff" } ] } }, { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-HighlightColor-extension", "valueCodeableConcept": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/IECColourManagement", "code": "#ceebf5" } ] } }, { "extension": [ { "url": "label", "valueString": "ACME Inc." }, { "url": "description", "valueString": "Company logo" }, { "url": "image", "valueAttachment": { "contentType": "image/png", "data": "iVBORw0KGgoAAAANSUhEUgAAABAAAAAkCAQAAAAqEXJRAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQflCBoOCChye9NTAAAAsklEQVQ4y+WSsQrCMBCGv9ZCUdwUBEcfR+c+kVPewHdxdxEcBQW1FBTpkFoQ6iJxiSHaRCdB9L/l5+6/kP/uAHpMOKCeYoegDdBlUyveY06zwZghPvQpYe3tVyhmARdi/DhGVvnEVLMRLc1irOcWRpqanAx5g98QRI6WhI6dsAcVkrB82IW0BTmr2rJkgHr5heIzNgsqv+CMYEDutlkh9ARSt81/PpjvONqt4XvDMq6alTdjhHqxFxxRQAAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMS0wOC0yNlQxNDowODo0MCswMDowMF+TI3oAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjEtMDgtMjZUMTQ6MDg6NDArMDA6MDAuzpvGAAAAAElFTkSuQmCC" } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-Logo-extension" }, { "extension": [ { "url": "label", "valueString": "Some lable for this QR code" }, { "url": "description", "valueString": "Usage text for this QR code for the end user" }, { "url": "image", "valueAttachment": { "contentType": "image/png", "data": "iVBORw0KGgoAAAANSUhEUgAAABAAAAAkCAQAAAAqEXJRAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQflCBoOCChye9NTAAAAsklEQVQ4y+WSsQrCMBCGv9ZCUdwUBEcfR+c+kVPewHdxdxEcBQW1FBTpkFoQ6iJxiSHaRCdB9L/l5+6/kP/uAHpMOKCeYoegDdBlUyveY06zwZghPvQpYe3tVyhmARdi/DhGVvnEVLMRLc1irOcWRpqanAx5g98QRI6WhI6dsAcVkrB82IW0BTmr2rJkgHr5heIzNgsqv+CMYEDutlkh9ARSt81/PpjvONqt4XvDMq6alTdjhHqxFxxRQAAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMS0wOC0yNlQxNDowODo0MCswMDowMF+TI3oAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjEtMDgtMjZUMTQ6MDg6NDArMDA6MDAuzpvGAAAAAElFTkSuQmCC" } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-QRCode-extension" }, { "extension": [ { "url": "label", "valueString": "Some label for this Barcode" }, { "url": "description", "valueString": "Usage text for this Barcode for the end user" }, { "url": "image", "valueAttachment": { "contentType": "image/png", "data": "iVBORw0KGgoAAAANSUhEUgAAABAAAAAkCAQAAAAqEXJRAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQflCBoOCChye9NTAAAAsklEQVQ4y+WSsQrCMBCGv9ZCUdwUBEcfR+c+kVPewHdxdxEcBQW1FBTpkFoQ6iJxiSHaRCdB9L/l5+6/kP/uAHpMOKCeYoegDdBlUyveY06zwZghPvQpYe3tVyhmARdi/DhGVvnEVLMRLc1irOcWRpqanAx5g98QRI6WhI6dsAcVkrB82IW0BTmr2rJkgHr5heIzNgsqv+CMYEDutlkh9ARSt81/PpjvONqt4XvDMq6alTdjhHqxFxxRQAAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMS0wOC0yNlQxNDowODo0MCswMDowMF+TI3oAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjEtMDgtMjZUMTQ6MDg6NDArMDA6MDAuzpvGAAAAAElFTkSuQmCC" } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-Barcode-extension" }, { "extension": [ { "url": "label", "valueString": "Some label text" }, { "url": "description", "valueString": "Some text for the end user about the usage/meaning of this image" }, { "url": "image", "valueAttachment": { "contentType": "image/png", "data": "iVBORw0KGgoAAAANSUhEUgAAABAAAAAkCAQAAAAqEXJRAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQflCBoOCChye9NTAAAAsklEQVQ4y+WSsQrCMBCGv9ZCUdwUBEcfR+c+kVPewHdxdxEcBQW1FBTpkFoQ6iJxiSHaRCdB9L/l5+6/kP/uAHpMOKCeYoegDdBlUyveY06zwZghPvQpYe3tVyhmARdi/DhGVvnEVLMRLc1irOcWRpqanAx5g98QRI6WhI6dsAcVkrB82IW0BTmr2rJkgHr5heIzNgsqv+CMYEDutlkh9ARSt81/PpjvONqt4XvDMq6alTdjhHqxFxxRQAAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMS0wOC0yNlQxNDowODo0MCswMDowMF+TI3oAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjEtMDgtMjZUMTQ6MDg6NDArMDA6MDAuzpvGAAAAAElFTkSuQmCC" } } ], "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-SupportingImage-extension" } ], "identifier": [ { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v2-0203", "code": "MB", "display": "Member Number" } ] }, "system": "https://www.acmeinsurance.com/glossary/memberid", "value": "102345672-02", "assigner": { "display": "Acme Insurance Co" } } ], "status": "active", "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "HIP", "display": "health insurance plan policy" } ], "text": "health insurance plan policy" }, "subscriber": { "reference": "Patient/Example-Patient1", "display": "John Doe" }, "subscriberId": "102345672-01", // this is the member identifier associated with the VC holder (whose DID is referenced in the "sub" key of the JWT) "beneficiary": { "reference": "Patient/Example-Patient2", "display": "Jane Doe" }, "dependent": "02", "relationship": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/subscriber-relationship", "code": "spouse", "display": "Spouse" } ], "text": "Spouse" }, "period": { "start": "2021-01-01" }, "payor": [ { "reference": "Organization/Example-PayerOrganization1", "display": "Acme Insurance Co" } ], "class": [ { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-class", "code": "group" } ] }, "value": "993355", "name": "Stars Inc" }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-class", "code": "plan" } ] }, "value": "11461128", "name": "Acme Gold Plus" }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCoverageClassCS", "code": "division" } ] }, "value": "11" }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCoverageClassCS", "code": "network" } ] }, "value": "561490", "name": "Acme Gold Plus South" }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-class", "code": "rxbin" } ] }, "value": "100045" }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-class", "code": "rxpcn" } ] }, "value": "1234000" } ], "costToBeneficiary": [ { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamOutDed", "display": "Family Out of Network Deductible" } ] }, "valueMoney": { "value": 10000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamInDed", "display": "Family In Network Deductible" } ] }, "valueMoney": { "value": 8000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamRxOutDed", "display": "Family Pharmacy Out of Network Deductible" } ] }, "valueMoney": { "value": 2000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamRxInDed", "display": "Family Pharmacy In Network Deductible" } ] }, "valueMoney": { "value": 1500, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamOutMax", "display": "Family Out of Network Out of Pocket Maximum" } ] }, "valueMoney": { "value": 12000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamInMax", "display": "Family In Network Out of Pocket Maximum" } ] }, "valueMoney": { "value": 10000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamRxOutMax", "display": "Family Pharmacy Out of Network Out of Pocket Maximum" } ] }, "valueMoney": { "value": 3000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "FamRxInMax", "display": "Family Pharmacy In Network Out of Pocket Maximum" } ] }, "valueMoney": { "value": 2000, "currency": "USD" } }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-copay-type", "code": "gpvisit" } ] }, "valueMoney": { "extension": [ { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-BeneficiaryCostString-extension", "valueString": "N/A" } ] } }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-copay-type", "code": "spvisit" } ] }, "valueMoney": { "extension": [ { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-BeneficiaryCostString-extension", "valueString": "N/A" } ] } }, { "type": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/coverage-copay-type", "code": "emergency" } ] }, "valueMoney": { "extension": [ { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-BeneficiaryCostString-extension", "valueString": "N/A" } ] } }, { "type": { "coding": [ { "system": "http://hl7.org/fhir/us/insurance-card/CodeSystem/C4DICExtendedCopayTypeCS", "code": "rx" } ] }, "valueMoney": { "extension": [ { "url": "http://hl7.org/fhir/us/insurance-card/StructureDefinition/C4DIC-BeneficiaryCostString-extension", "valueString": "DED THEN $10/$40/$70/25%" } ] } } ] } } ] } } ``` ::: ## Enrollment Request as VC A healthcare related end-to-end, multi-actor acceptance pipeline is described in the [Rapid Member Pass](https://hackmd.io/@steba/RMP) proposal. In there it adds a new VC called the **`Enrollment Request`** which does not have an HL7 specification. It is issued by an Employer or its benefit manager service provider to enable person-mediated exchange of the request to enroll the employee to the benefit plan with the payer. This proposal will specify this payload object in a later version and pressumably model it based on the X12 EDI (5010 834) standard for Enrollment Request. :::spoiler Minimalistic payload ```javascript= "credentialSubject": { /* specifics TBD, notionally this: "Sponsor/Group Data": "TIN, name", "Plan information": "identifier", "Subscriber": "Names, DOB, employee-id, ssn, mDL-identifier, mDL-DID", [{"Dependent": "Names, DOB, ssn, relationship, mDL#, idcard#"}], "Effective Data": <date> */ } ::: :::info Deeper analysis surfaced a likely impediment to the usefulness of the enrollment request as a VC issued the enrollee. It appears to suffice when simply using an employee-id VC (as proposed by Microsoft and others) for authenticating the enrollee at the insurer's portal to process registration. Presumably, the employee-id VC will hold sufficent attribution to recognize the enrollee in the previously exchanged enrollment request sent by the employer's benfit manager. In a similar vain, it may even suffice to use the same mDL that the benefit manager verified during the selection process. What counters this approach is that new employees hesitate to present their mDL repetitively. An employee-id VC or Enrollment Request VC would avoid that. ::: ## Interoperability Profiles To simplify the VC JWS payload for the digital card this proposal will define its own profile. This is motivated by the fact that data autenticity only needs to include the coverage relevant information and not the card's visual design like color, logos, etc. :::info Card design attributes can be made available via a URL to download the design template to render specifically to the issuer's choice. For example, a CSS. ::: # Technology Shifts 1. W3C Verifiable Credential Data Model (VCDM) 1. W3C Decentralized Identifiers (DID) 1. Open Identity Foundation: OID4VCI 1. Mobile Driver License: ISO 18023, 23220 <style> .markdown-body blockquote { margin: 0; margin-top: 0; margin-bottom: 16px; padding: 0 1em; color: #00000; background: #fafafa; border-left: .25em solid #dfe2e5; } .markdown-body blockquote>:first-child { margin-top: 0; } .markdown-body blockquote>:last-child { margin-bottom: 0; } .markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 { margin-top: 24px; margin-bottom: 16px; font-weight: 600; line-height: 1.25; } .markdown-body h1 { font-size: 2em; } .markdown-body h1 { padding-bottom: .1em; border-bottom: 2.5px solid #eaecef; border-top: 2.5px solid #eaecef; } .markdown-body h2 { padding-bottom: .1em; border-bottom: 2px solid #eaecef; } .markdown-body h2 { font-size: 1.5em; } .markdown-body h3 { font-size: 1.25em; } .markdown-body h4 { font-size: 1em; } .markdown-body h5 { font-size: .875em; } .markdown-body h6 { font-size: .85em; color: #6a737d; } </style>