Lots of meetups, orgs, and businesses don't know when they should restart in-person events and gatherings. When they do re-open, many would like to restrict attendance to those who have their Covid-19 vaccine. Unfortunately, there doesn't seem to be an easy way of confirming if someone has received their vaccine shots.
This project is to create a free, easy-to-use tool that organizations can use to check to see if someone has received the Covid-19 vaccine.
Who will benefit (directly and indirectly) from your project?
Meetups like Open Austin, small events like concerts, and personal gatherings like weddings.
What other resources/tools are currently serving the same need? How does your project set itself apart?
Digital vaccine verification platforms for employers.
Proprietary SaaS products that cost money.
This Project:
The current default seems to be that people will need to carry around their vaccine record card and show it to attend an event that requires vaccinations. However, this card is easily counterfeited, so anti-vaxxers who want to go to a concert can easily make a fake one and show it at the door. So while the CDC card is simple and great for the healthcare system, it's not great for use in vaccine-restricted events.
It seems that the VCI could solve the easy-to-fake problem (since it's based on smart-card cryptography), but it seems like the initiative is focused on highly regulated situations where very strong verification is needed (international travel, customs, visas, etc.). It's likely that VCI will require significant resources from individuals (buying a card and going through a lengthy verification process) and organizations (purchasing a card reader and signing up as a registered business).
So there doesn't seem to be an initiative focused on making vaccine-restricted events possible for small businesses and groups.
Where can we find any research/data available/articles?
Brainstorming how the system will work and figuring out the scope of work for an MVP.
Initial Brainstorm:
For event organizers:
Can go to homepage, scan a QR code, and see who verified the vaccination (e.g. the "issuer").
No registration needed, no setup needed, no app needed
Can use any QR scanner app or their smart phone browser + camera permission
Has an API for issuer public keys so apps can build verification into their apps instead of using the website.
Data in the verification is easy to check against an attendee's ID
For vaccinated attendees:
Get emailed/printed QR code from issuer to show event organizers.
No registration needed, no app/smartphone needed
Only needs printout or image of QR code to get verified
For QR code issuers:
Can generate a keypair for signing QR codes
Can submit public keys to be listed in the public issuer API (used by the scanner tool)
Can sign QR codes and generate printouts for vaccine recipients
Provide instructions for keypair and QR code generation on local systems (if don't trust the in-browser tool)
Constraints:
This project MUST NEVER retain any record of generated QR codes or issuer private keys. All private actions MUST be done in javascript client-side (i.e. verifying and scanning QR codes). We want to stay as far away from HIPAA-protected information as possible, while still allowing for easy, free, accessible vaccine verification.
This project MUST be hosted statically to minimize attack surface. Any issuer API changes MUST be done manually via commits and pull requests from project admins. That way it's much less likely that the issuer API can be maliciously manipulated.
The ultimate goal for this project is to get taken over by a larger, more legitimate health/governmental organization. This project is just trying to get something simple working that can be used ad-hoc by local communities looking to do improvised vaccine verifications.
What are the next steps (validation, research, coding, design)?
Hey, you're official! You're now part of the growing civic hacking community in Austin. Here's a few things to get started (a couple you've probably already done).
[x] Create this idea issue
[x] Flesh out the who, where, and what questions above
[x] Start the conversation about this idea on Slack Replace this link to the #general channel with your project's preferred channel.
Checklist for ACTIVE projects :fire:
Let's get this project started! When this idea starts taking off, the Projects Core Team will start helping this project's lead(s) out with project management and connecting you to resources you may need. To get there, please complete and check off the following:
[x] Post an update at least once a month to this issue. Use BASEDEF for ideas, but it's ok even if your update is just "nothing new happened this month" or "we saw a small increase in traffic to our app this month". If there's no activity for two months, that's no problem, life happens. We'll just label this as backlog so others know you'll get back to it when you have the time. If nobody hears from you at all in more than two months, we may mark it as abandoned so that others can pick up this idea and run with it.
[x] Create a README file in your project repository. This file should help newcomers understand what your project is, why it's important, and kinds of help you're looking for.
[ ] Create issues to describe each task that you plan to do or need help with and how a contributor can get started on that task. You might start and stop a lot, so consider issues as your to-do list.
This will make it easier for you to manage your github repo access. People on a team have the same level of access. Admin access will allow your trusted contributors to make changes as needed.
You can remove and add people to your team as needed.
Note: You can also allow collaborators outside of your team and give them more limited access.
[ ] Create a user group in Slack so you can "@" your core contributors all at once, without bothering other people who use the Slack channel. You'll need permission from a Slack admin, so just mention @leadership on Slack to get this set up.
[ ] Create a Google Drive, Dropbox, or other cloud storage to share larger files. Github and Data.World are good for code and data, respectively, especially when you need version control. But they're not good for very large files, documentation, articles, etc. A cloud storage option will allow you to easily share, create, and collaborate on documents with your team and help organize ideas and thoughts.
Doing this early on can help your team stay organized and to onboard new contributors who wouldn't have access to files you all have shared over email.
Checklist for FEATURED Projects :tada:
To have your project FEATURED on Open-Austin.org, complete the following documentation. In past projects, well-documented featured projects have more contributions than other projects.
[ ] Create an issue on the open-austin.github.io repo with the title Add [my project] to projects page. An Open Austin leader will review this issue and post your project :balloon:
[ ] Tell the City of Austin. If your idea is in a shareable format and can benefit people around the city, go to that site and follow the instructions on the bottom of the page to showcase your work there.
If you get stuck at any point, feel free to reach out to the leadership team on Slack by adding @leadership to your message. We're here to help you make real changes to our city.
What problem are you trying to solve?
Lots of meetups, orgs, and businesses don't know when they should restart in-person events and gatherings. When they do re-open, many would like to restrict attendance to those who have their Covid-19 vaccine. Unfortunately, there doesn't seem to be an easy way of confirming if someone has received their vaccine shots.
This project is to create a free, easy-to-use tool that organizations can use to check to see if someone has received the Covid-19 vaccine.
Who will benefit (directly and indirectly) from your project?
Meetups like Open Austin, small events like concerts, and personal gatherings like weddings.
What other resources/tools are currently serving the same need? How does your project set itself apart?
Other Resources:
CDC's COVID-19 Vaccination Record Card
CDC's V-Safe
Vaccination Credential Initiative (VCI)
VaxAtlas, MyVaxPass, and others
This Project:
The current default seems to be that people will need to carry around their vaccine record card and show it to attend an event that requires vaccinations. However, this card is easily counterfeited, so anti-vaxxers who want to go to a concert can easily make a fake one and show it at the door. So while the CDC card is simple and great for the healthcare system, it's not great for use in vaccine-restricted events.
It seems that the VCI could solve the easy-to-fake problem (since it's based on smart-card cryptography), but it seems like the initiative is focused on highly regulated situations where very strong verification is needed (international travel, customs, visas, etc.). It's likely that VCI will require significant resources from individuals (buying a card and going through a lengthy verification process) and organizations (purchasing a card reader and signing up as a registered business).
So there doesn't seem to be an initiative focused on making vaccine-restricted events possible for small businesses and groups.
Where can we find any research/data available/articles?
What help do you need now?
Brainstorming how the system will work and figuring out the scope of work for an MVP.
Initial Brainstorm:
Constraints:
Website Overview:
/(homepage)/scan), "Request a QR code" (/issuers), and other links/issuersand/groups/scan/scan?groups=demoor/scan?api=https...)postMessagerequests from parent frame (so can be embedded in other apps)/admin/issuers/admin/create-qr-code)/admin/issuers/create-qr-code/admin/groups/api/v1/issuers/{issuer_id}.json/scanpage to verify a signature from a scanned code/api/v1/issuers.json/api/v1/groups/{group_id}.json/scanpage to show who as approved the signer/api/v1/groups.jsonQR Code Format:
Format:
https://vax.codes/scan#{version}/{signer_id}/{urlsafe_base64_encoded_signature}/{data}Example:
https://vax.codes/scan#v1/test_arc/GC4aq0LmhEs_mcSrzRvB2bQoYYjbm2IxmojG0ryZdLTiF-0VVzjv7imWVvvvzxQ2zWhvku0sztFAF-SUv1d1Cw/birthday=2020-01-01&name=Some%20Name%20HereEnd Goals:
The ultimate goal for this project is to get taken over by a larger, more legitimate health/governmental organization. This project is just trying to get something simple working that can be used ad-hoc by local communities looking to do improvised vaccine verifications.
What are the next steps (validation, research, coding, design)?
See project repo for github issues and project status: https://github.com/open-austin/vax-codes
How can we contact you outside of Github(list social media or places you're present)?
@danielroesler on the OA slack
Slack channel: https://app.slack.com/client/T036FLMDN/C01KX6LRWBF
Project repo: https://github.com/open-austin/vax-codes
Project management
Checklist for NEW ideas :baby:
Hey, you're official! You're now part of the growing civic hacking community in Austin. Here's a few things to get started (a couple you've probably already done).
Checklist for ACTIVE projects :fire:
Let's get this project started! When this idea starts taking off, the Projects Core Team will start helping this project's lead(s) out with project management and connecting you to resources you may need. To get there, please complete and check off the following:
backlogso others know you'll get back to it when you have the time. If nobody hears from you at all in more than two months, we may mark it asabandonedso that others can pick up this idea and run with it.Checklist for FEATURED Projects :tada:
To have your project FEATURED on Open-Austin.org, complete the following documentation. In past projects, well-documented featured projects have more contributions than other projects.
Add [my project] to projects page. An Open Austin leader will review this issue and post your project :balloon:If you get stuck at any point, feel free to reach out to the leadership team on Slack by adding @leadership to your message. We're here to help you make real changes to our city.