This is actually a decent use of JWTs (and generally I'm in the JWT=='bad' camp). These things don't ever need to be revoked and issuing a JWT means they don't have to store it in their own database. Also 3rd parties checking that passport don't have to implement any kind of database lookup/integration with state APIs. Pretty solid architectural choice IMO.
This is really nice way of putting this. Logging in/out is authorization (and authn) so generally if you want to revoke access (log people out), JWTs are possibly the wrong choice (the thing people use JWTs for 99% of the time)
Makes it really easy to scatter low budget devices across the state that require no Internet connection, and gives a red light/green light on whether you're allowed to go shopping or be out in public that day.
All the infrastructure is right there in place. Didn't get that far.
Businesses have the right to refuse service for any reason that is non-discriminatory. That's a good thing even if you don't agree with their reasons. I know some people do, but I don't count "you can't come in here if you can't prove you aren't going to kill me by negligently infecting me and my customers with covid" as discriminatory. Anyway covid is over so let's all move on.
And you don't need all this tech for a police state anyway. Police states have been around for a long long time. Doomsday worries about hypothetical uses of tech seem yeah very hypothetical. I agree we should fight govt encroachment on our rights, but if you do that with too paranoid of a lens, then we won't have nice things (USA 2022 in a nutshell). How about, let's fight govt oppression when/where they are actually oppressing us.
