W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

[IMPORTANT] Verifiable Claims Task Force Proposal for Monday

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 21 Nov 2015 16:57:29 -0500
Message-ID: <5650E8C9.40301@digitalbazaar.com>
To: Credentials Community Group <public-credentials@w3.org>
Hi all,

After LOTS of socializing the proposal this week, we seem to have
general alignment among the various groups involved. Here's the proposal
as it stands right now:

https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce

The full text is included below for those that would like to respond
in-line.
--------------------------------------------------------------------

Verifiable Claims Task Force PROPOSAL

Goals

   Determine if a W3C Working Group should be created to standardize
   technology around a verifiable claims ecosystem (aka: credentials,
   attestations).

   The Task Force will invite a diverse set of participants**1
   into a neutral group to discuss use cases (such as enrollment) and
   the problem area in general. The group will document and analyze
   concerns raised in various fora around the value-add that W3C
   could provide around verifiable claims that are user-centric.

   **1 Participants are expected to be invited from organizations like
   W3C, IETF, IMS Global, claims issuers, identity providers, claims
   consumers, the Credentials CG, the general public, and a variety
   of other organizations and individuals that have shown interest in
   the space.

Definitions

     * verifiable claim - a cryptographically non-repudiable set of
       statements made by an entity about another entity.
     * user-centric - a system that places people and organizations
       in the center of an ecosystem. To understand more about this
       design choice, read about its ramifications in the section
       titled "User-Centric vs. Service-Centric Architecture".
     * service-centric - a system that places services in the center
       of an ecosystem. To understand more about this
       design choice, read about its ramifications in the section
       titled "User-Centric vs. Service-Centric Architecture".

Problem Statement

   There is currently no widely used user-centric standard for
   expressing and transacting verifiable claims (aka: credentials,
   attestations) via the Web. Data has been gathered demonstrating a
   desire to create such an interoperable ecosystem around the
   expression and transmission of verifiable claims.

   These problems exist today:
     * In existing service-centric architectures, identity services
       inject themselves into every relationship in the ecosystem.
       This means users can't easily change their service provider
       without losing their digital identity. This leads to vendor
       lock-in, identity fragility, reduced competition in the
       marketplace, and reduced privacy.
     * There is no interoperable standard capable of expressing and
       transmitting rich verifiable claims that cuts across
       industries (e.g. finance, retail, education, and healthcare).
       This leads to industry-specific solutions that are costly,
       inefficient, proprietary, and inhibits users' ability to
       manage their digital identities in a coherent way.
     * There is no standard that makes it easy for users to assert
       their qualifications to a service provider (e.g. I am a
       citizen of the USA, I am a board-certified doctor, etc.).

Out of Scope

   The following items have been identified as out of scope for the
   Task Force.
     * Making any decisions on the "correct" set of technologies to
       use to solve the problem. However, discussion about
       technologies that exist and how they could be applied to the
       problem are in scope.

Stakeholders

     * Issuers - ETS, Pearson, Walmart, Verisys, Target, NACS, New
       Zealand Government, Bloomberg, IMS Global member companies
     * Identity Providers / Identity Vaults - Accreditrust, Verisys,
       Bill and Melinda Gates Foundation, Deutche Telekom,
     * Consumers - Walmart, Target, NACS, Bloomberg, New Zealand
       Government, Education Institutions (IMS Global member
       companies), Financial Institutions, (customers of Issuers
       today)

Task Force Operation

   If formed, the WPIG Verifiable Claims Task Force will:
     * be composed of representatives from the Financial, Education,
       Healthcare, NGO, and Government sectors
     * have individual recorded interview calls at times that work
       for the interviewees
     * have weekly calls starting on Tuesdays at 11am ET (but could
       be rescheduled for other times that work better for
       participants) on a to-be-determined teleconference bridge
     * work on completing the identified deliverables
     * will report its findings to the WPIG by early February

Success criteria

   Either
     * Clear documentation demonstrating that W3C cannot add value in
       this area, or
     * A well-socialized W3C Credentials Working Group charter (and
       supporting documentation) that would go to a W3C AC vote.

User-Centric vs. Service-Centric Architecture

     * A verifiable claims ecosystem that is [26]user-centric has the
       following attributes:
          + Users are positioned in the middle between issuers and
            consumers.
          + Users receive and store verifiable claims from issuers
            through an agent that the issuer does not need to trust.
          + Users provide verifiable claims to consumers through an
            agent that consumers needn't trust; they only need to
            trust issuers.
          + Verifiable claims are associated with users, not
            particular services; users can decide how to aggregate
            claims and manage their own digital identities.
          + Users can control and own their own identifiers.
          + Users can control which verifiable claims to use and
            when.
          + Users may freely choose and swap out the agents they
            employ to help them manage and share their verifiable
            claims.
          + Does not require users that share verifiable claims to
            reveal the identity of the consumer to their agent or to
            issuers.

     * A verifiable claims ecosystem that is [27]service-centric has
       the following attributes:
          + Services are positioned in the middle between issuers,
            users, and consumers.
          + Users receive and store verifiable claims from issuers
            through an agent that the issuer must trust, or they must
            be the same entity.
          + Users provide verifiable claims to consumers through an
            agent that consumers must trust.
          + Verifiable claims must be associated with services,
            fracturing a user's digital identity potentially against
            their desire.
          + Services control and own their user's identifiers.
          + User's verifiable claims are locked in agent silos.
          + Requires users that share verifiable claims to reveal the
            identity of the consumer to their agent and issuers.
          + Consumers may have to register with user's agents to
            consume verifiable claims.

Deliverables

     * Recorded interviews around the problem statement with at
       least: Brad Hill, Dick Hardt, Jeff Hodges, Karen O'Donahue,
       Harry Halpin
     * Technology comparisons between at least these existing
       technologies: OpenID Connect, SAML, Identity Credentials
     * A Verifiable Claims Use Cases document
     * A Verifiable Claims Vision document (optional)

   If W3C can add value in the space, the WPIG will produce:
     * A widely socialized Verifiable Claims WG charter
     * A Verifiable Claims Roadmap document (optional)

Milestones / Timelines

     * 2015-11 - WPIG - Discussion of Verifiable Claims Task Force
       Proposal and if all goes well, the creation of the Task Force
     * 2015-12 - VCTF - Perform background research listed in
       deliverables
     * 2016-01 - WPIG - Start drafting charter for feedback, start
       finalizing input documents to future WG
     * 2016-02 - WPIG - Publish background research findings,
       finalize draft charter, finalize input documents
     * 2016-03 - VCTF/WPIG/CCG - Co-locate face-to-face meeting to
       discuss path forward (AC review, WG creation, etc.)

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Web Payments: The Architect, the Sage, and the Moral Voice
https://manu.sporny.org/2015/payments-collaboration/
Received on Saturday, 21 November 2015 21:57:55 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC