Re: Summary of last week's W3C Technical Plenary (W3C TPAC)

Thank you Manu

cc AI KR CG, FYI

On Tue, Sep 20, 2022 at 8:55 AM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> What follows is an "information known to the general public" summary
> of what happened last week at the W3C Technical Plenary (W3C TPAC -
> where many of the global standards that drive the Verifiable
> Credentials and Decentralized Identifiers ecosystem are standardized).
>
> There is more that is member-confidential that went on, and none of
> that is covered in this email, though the most important things are
> public knowledge due to the fact that W3C's Working Group minutes are
> made public within hours/days of the member meetings -- hooray for
> transparency! I'm looking at you, ISO (and all the other organizations
> that don't make their meeting transcriptions public)! :P
>
> Apologies for the length, there is a lot to cover.
>
> -------------------------
> The JSON-LD WG announced that JSON-LD is now published by 43% of all
> websites on the Internet (based on Common Crawl statistics data) in
> order to achieve better search rankings. To put that in perspective,
> Fetch is used by 38% of all websites. WebAuthn is used by 0.19% of all
> websites (ouch). More fun browser API stats at:
>
> https://chromestatus.com/metrics/feature/popularity
>
> It is worth noting that WebAuthn is typically implemented by the big
> identity providers (Google, Microsoft, Facebook) so measuring the
> number of domains that use it isn't a good measure of actual usage
> because everyone gets funneled through centralized IdP to use WebAuthn
> -- actual people impacted is probably be much higher, if only those
> large IdPs would share their numbers! :P
> ------------------------
> The JSON-LD Working Group will be re-chartered to continue maintaining
> the specification, with the ability to add new features. There is work
> going into YAML-LD, and interest in taking up the CBOR-LD work as
> well. There is parallel work also being proposed on "labeled property
> graphs" (called RDF-star), which allow one to annotate properties
> themselves (of dubious value to VCs at present). That work might
> provide advantages to the path VCs have taken to date, but we won't
> know for another 2+ years. It is explicitly not going to be disruptive
> to what we've standardized to date at W3C.
> -------------------------
> The DID Working Group meeting had significant attendance (40-50
> people). The goal was to settle on the next Working Group Charter. The
> plan was to work towards agreeing to standardize a few DID Methods
> (like did:key and did:web), and possibly start standardizing DID
> Resolution. There were objections to standardizing DID Methods. If we
> don't standardize at least a few DID Methods, we know that there will
> be objections from some of the big-tech companies. There didn't seem
> to be objections to DID Resolution or maintaining DID Core. I was able
> to meet with some of the big tech companies and negotiate a potential
> path forward via DID Resolution (without standardizing any DID
> Methods). I still need to engage with some of the potential objectors
> to see if they'd be amenable to the plan. There is a decent chance
> they'll be ok with it.
> ---------------------------
> Support for the Verifiable Credentials Working Group is quite strong
> (and growing). We were given significant air time in the all-hands
> Advisory Committee meeting. The Working Group meeting hovered between
> 42-56 people, which is quite large for a W3C Working Group.
> There were no bombshells or any real drama to speak of in the meeting.
> The group seems to be on a good trajectory. In general, doing work on
> version 2.0 of anything tends to be easier than 1.0 because many of
> the guard rails are already established for the work. More on
> particular technology discussions that came up below. All slide decks
> presented at the meeting can be found here (the ACDC slides take up
> 112 slides, the other slide decks average around 10 slides per topic):
>
>
> https://docs.google.com/presentation/d/1hrqozY2EGZ8i8y40abyEuJmIb6hCiRS-37pdj6bhBLY/edit
> -------------------------------
> I spent some time with the Accessible Platform Architectures Working
> Group (the group that produces accessibility documents like the Web
> Content Accessibility Guidelines that the US Government follows to
> ensure Section 508 compliance). As a result of the conversation, they
> will be working on a Digital Wallet Accessibility Guidelines document
> over the next 1-2 years to ensure that digital wallets meet the
> requirements of the 60 million people in the US with accessibility
> needs. That guide might be integrated (in time) into WCAG, which is
> incorporated into Section 508 in the US (and into other accessibility
> regulation documents in other countries). They took this as an action
> during the VCWG meeting and also provided some good news use cases
> that we should be interested in (for example, Verifiable Credentials
> for vaccination status of guide dogs crossing borders -- guide dogs
> can be kept for days in kennels if the vaccination paperwork isn't up
> to date, 'causing stress for both the animal and the individual
> needing the aid from the animal).
> -------------------------------
> As mentioned above, the Verifiable Credentials WG meeting was fairly
> uneventful. Orie did a great job counter-acting some of the explosion
> of complexity being suggested for the core data model and keeping
> things simple via JSON-LD. The streamlining Data Integrity cryptosuites
> conversation didn't blow up into a hot mess and there seems to be a
> workable path forward there (though, the details matter and we'll get
> to those over the next couple of months). The holder binding
> discussion and the JSON Schemas discussion will be interesting, but
> non-disruptive. The RDF Dataset Canonicalization WG is under way and
> seems to be on a good trajectory. We stayed away from discussing
> digital wallet protocols, which was probably a good thing.
> ----------------------------------
> The SD-JWT work was introduced to the group as a selective disclosure
> scheme for JSON payloads. There was some serious shade thrown at BBS
> and AnonCreds during the meeting by the EU Digital Identity initiative
> stating that "Our cryptographers have looked at both BBS and AnonCreds
> and rejected them for being overly complex". Both Avast and Digital
> Bazaar fired back noting the CFRG uptake of BBS at IETF and they
> backed off to a "Oh, I mean, it's on an experimental path, but we are
> committed to SD-JWT, which is not experimental and
> uses NIST-approved cryptography."... people should be worried about
> this. It feels rushed.
> The JWP stuff is even further behind. There was a suggestion that
> VC-JWT will be dropped for SD-JWT, or JWP, or maybe we'll keep all of
> them, or something better will come along. This work could have a
> negative effect on the greater community around VC interoperability.
> Adding two new "securing VC" mechanisms to the existing two mechanisms
> seems problematic. We'll have to give that spec more time to breathe
> and improve.
> ------------------------
>
> Those are my notes, I hope they are useful to those that were not able
> to attend W3C TPAC. If others have notes on the stuff that's public
> knowledge (via transcripts), please share.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>

Received on Tuesday, 20 September 2022 23:23:07 UTC