Built a digital credentials system for public health settings, for ██████████████████████████████. The platform issues and verifies health credentials using multiple international standards.
Public health credentials during COVID became a mess of competing standards. SMART Health Cards (US), DIVOC (India/WHO), EU-DCC (Europe)—all different, all supposedly “the standard.”
We built a system that handles all of them. Issue in one format, verify any of them. Interoperability where the standards themselves failed to provide it.
Each credential format has its own quirks. SMART Health Cards use FHIR bundles and JWS signatures. EU-DCC uses CBOR encoding and COSE signatures with different trust frameworks. DIVOC uses W3C Verifiable Credentials and JSON-LD with different key infrastructure.
Getting them to play nice together required building a flexible verification engine that could handle the structural differences while providing a consistent interface.
Turns out standards are political. The technical differences between these formats are less about capability and more about who controls the trust infrastructure. Building bridges between them is as much diplomacy as engineering.