W3C home > Mailing lists > Public > public-credentials@w3.org > September 2017

Re: Schemas or Models of Credentials and Issuers

From: Adam Sobieski <adamsobieski@hotmail.com>
Date: Sat, 2 Sep 2017 05:40:42 +0000
To: Jim Goodell <jgoodell2@yahoo.com>, Mike Lodder <mike.lodder@evernym.com>, David Chadwick <D.W.Chadwick@kent.ac.uk>
CC: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <BN6PR01MB326658BD1867E859CCD2EB54C5930@BN6PR01MB3266.prod.exchangelabs.com>
We could look at expanding upon issuer categorization:

http://credreg.net/ctdl/terms/industryType

http://credreg.net/ctdl/terms/naics

<http://credreg.net/ctdl/terms/naics>

to include searchable enumerated text literals or URI for:

“issuer sector”: e.g. bank, com, edu, gov, org (etc. resembles DNS topics)
“issuer subsector”
…

and:

“issuer country”: https://en.wikipedia.org/wiki/Country_code (also resembles DNS topics)
“issuer state or region”
…

towards more searchable credentials, where users have a set of credentials that are queried against. I envision that queries can be utilized by the user interfaces of digital wallets as users compose the data to be returned to websites. Describing valid or acceptable credentials allows for user interfaces to filter superfluous credentials, for example, so that users might more efficiently compose valid or acceptable data. A user might have dozens or more credentials in a digital wallet.

I hope for digital wallet querying as expressive as natural language descriptions of account verification policies.


Best regards,
Adam

From: Jim Goodell<mailto:jgoodell2@yahoo.com>
Sent: ‎Friday‎, ‎September‎ ‎1‎, ‎2017 ‎8‎:‎58‎ ‎PM
To: Adam Sobieski<mailto:adamsobieski@hotmail.com>, Mike Lodder<mailto:mike.lodder@evernym.com>, David Chadwick<mailto:D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org<mailto:public-credentials@w3.org>

Thank you Adam. Yes, describing credentials requires different profiles of information based upon category of credential or issuer organization type.

The use case for identity credentials (e.g. banks, governments) goes beyond the scope of the credentials transparency description language. The CTDL is for metadata about credentials that might be offered by an institution (such as a college degree) but it doesn't get the assertions about any individual earning or receiving a credential. Open badges gets closer to your use case in that is has to do with assertions (verifiable claims) about qualification, achievement, personal or organizational quality, or aspect of an identity for an individual or organization.

The W3C credential has a broader scope than the education-centric standards I referenced. Credential Engine (CTDL), CEDS, IMS, etc. are in the education domain not about identity credentials for things like personal finance.

Core verifiable claims concepts of Claim, Issuer, Credential all might need additional domain-specific standard vocabulary to work in those domains.  e.g. a claims as free text might not be interpretable without a standard vocabulary....people may use different words to say the same thing. Sometimes additional information is needed to interpret the type of claim.

My suggestion was mainly about cases where domain-specific info is needed.  So if the W3C credential needs to include metadata about an organization that issued an education credential then existing data vocabulary for education can be used, if needing to include metadata for a financial organization then a metadata standard in the financial domain could be used.

Best regards,
Jim

________________________________
From: Adam Sobieski <adamsobieski@hotmail.com>
To: Jim Goodell <jgoodell2@yahoo.com>; Mike Lodder <mike.lodder@evernym.com>; David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org <public-credentials@w3.org>
Sent: Friday, September 1, 2017, 5:54:10 PM EDT
Subject: Re: Schemas or Models of Credentials and Issuers

Jim,

With regard to querying digital wallets and describing acceptable identifying credentials, I do notice some complexity with regard to describing identifying credentials based upon issuer categories or issuer organization types (e.g. operating system vendors, banks, universities, governments, etc.).

https://w3c.github.io/vc-data-model/#issuer

http://credreg.net/ctdl/terms/CredentialOrganization

http://credreg.net/ctdl/terms/industryType

http://credreg.net/ctdl/terms/IndustryClassification



Best regards,
Adam

From: Adam Sobieski<mailto:adamsobieski@hotmail.com>
Sent: ‎Thursday‎, ‎August‎ ‎31‎, ‎2017 ‎9‎:‎20‎ ‎PM
To: Jim Goodell<mailto:jgoodell2@yahoo.com>, Mike Lodder<mailto:mike.lodder@evernym.com>, David Chadwick<mailto:D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org<mailto:public-credentials@w3.org>

Jim,

In the ontologies that you provided, I found these:

http://credreg.net/ctdl/terms/CredentialPerson

http://credreg.net/ctdl/terms/CredentialOrganization

https://www.imsglobal.org/sites/default/files/Badges/OBv2p0/index.html#Profile



Best regards,
Adam

From: Adam Sobieski<mailto:adamsobieski@hotmail.com>
Sent: ‎Thursday‎, ‎August‎ ‎31‎, ‎2017 ‎7‎:‎01‎ ‎PM
To: Jim Goodell<mailto:jgoodell2@yahoo.com>, Mike Lodder<mailto:mike.lodder@evernym.com>, David Chadwick<mailto:D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org<mailto:public-credentials@w3.org>

Jim,

Thank you for the examples of pre-existing ontologies and for raising awareness about the opportunity to build on the work of others and for cross-standards interoperability.

With regard to identifying credentials which make sense to utilize to obtain at least users’ real names, and with regard to the verification of accounts, e.g. on Wikipedia or Facebook, and with regard to the querying of such credentials from digital wallets, a verifier might want to express which identifying credentials and issuers are acceptable, per a policy. Account verification policies are described as dynamic on the scale of emerging issuers and categories of issuers. Due to the concurrent emergence of issuers, account verification is described as occurring on multiple occasions, e.g. as operating system vendors, banks and governments emerge as issuers of identifying credentials.

In terms of the verifiable claims data model, I observe that issuers are URI’s and that “it is recommended that dereferencing the URI results in a document containing machine-readable information about the issuer that may be used to verify the information expressed in the credential.” (https://w3c.github.io/vc-data-model/#issuer)


Best regards,
Adam

From: Jim Goodell<mailto:jgoodell2@yahoo.com>
Sent: ‎Thursday‎, ‎August‎ ‎31‎, ‎2017 ‎11‎:‎20‎ ‎AM
To: Adam Sobieski<mailto:adamsobieski@hotmail.com>, Mike Lodder<mailto:mike.lodder@evernym.com>, David Chadwick<mailto:D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org<mailto:public-credentials@w3.org>

I read the original post in this thread and the subject line as being about schemas or models of attributes for credentials. I think I saw something about creating a new ontology for attributes that are part of a verifiable claim request/response.

To that I'd suggest using existing standards whenever possible rather than inventing new data definitions/vocabulary that might inadvertently conflict with those existing standards or defacto standards. There are already formal definitions of the types, properties, and interrelationships of the entities that fundamentally exist for many kinds of credentials and claims/assertions. I'd suggest as much as possible use pre-existing definitions from places like http://credreg.net/ctdl/terms/#Credential, http://www.imsglobal.org/Badges/OBv2p0/index.html, https://ceds.ed.gov/domainEntitySchema.aspx  and others for identity claims.  These other organizations have been working together recently to align so the data from varying use cases they each address are interoperable.

W3C Credentials is charting new territory with innovative trust/verification and encryption for verifiable claims, e.g. recent digital wallet conversations. That won't replace other needs for the same kind of data addressed by the other standards like the credentials metadata registry and standard models for data-at-rest within systems and common definitions for users of data.

I know there are some people from other groups tracking with this group, I just wanted to raise awareness about the opportunity to build on the work of others and for cross-standards interoperability, e.g.  the W3C group could draw data element definitions from others and then inform other standards of any gaps found related to the new use cases. Then other organizations can fill those gaps so the new W3C spec and tech using standards for other applications of the same kinds of data can work together.

Best Regards,
Jim Goodell


________________________________
From: Adam Sobieski <adamsobieski@hotmail.com>
To: Mike Lodder <mike.lodder@evernym.com>; David Chadwick <D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org <public-credentials@w3.org>
Sent: Wednesday, August 30, 2017, 6:53:28 PM EDT
Subject: Re: Schemas or Models of Credentials and Issuers

Updating:

“While querying digital wallets is still a pioneer topic and a work in progress, we can envision that a verifiable profile is composed by a user, utilizing a set of credentials, in response to a query or request. We can envision that a set of attributes may be requested; each attribute may be optional or required for a request; for each attribute, one or more credentials may be required; for each attribute, data and metadata about pertinent credentials and issuers may be specified or described, defining acceptable credentials per attribute.”

I'm also thinking about account verification concurrent to the emergence of issuers. Early issuers might include operating systems (in particular those with app stores) and banks. We can envision that, at some point, governments will be issuers. I'm thinking about the processes of versioning account verification processes as issuers and as entire categories of issuers emerge. Summarily, account verification needn't be a one time thing, it may occur a few times as issuers emerge.


Best regards,
Adam

From: Mike Lodder<mailto:mike.lodder@evernym.com>
Sent: ‎Wednesday‎, ‎August‎ ‎30‎, ‎2017 ‎10‎:‎25‎ ‎AM
To: David Chadwick<mailto:D.W.Chadwick@kent.ac.uk>
Cc: public-credentials@w3.org<mailto:public-credentials@w3.org>

Digital Wallets are a very fascinating subject for me too.
It may also be necessary to describe recommendations for the various types of digital wallets and how they are accessed.
Web, file, browser, hardware each could have their own recommendations for authentication and authorization.  As the risk of exposure of the contents increases we should recommend increasing layers of authentication.  A claim that is from the government is far more valuable to me than self issued claims so I will want to   require at least 2 or more forms of authentication.  A US social security number claim might require passive forms of authentication like where the user is accessing it from, which program or browser is used.

The idea of self-issued claims is needed.  I claim that I use a particular bank could later be verified by the bank issuing me a follow up claim or signing my self issued claim.

On Wed, Aug 30, 2017 at 5:40 AM, David Chadwick <D.W.Chadwick@kent.ac.uk<mailto:D.W.Chadwick@kent.ac.uk>> wrote:
The issue is not so much about who can issue VCs, because in fact anyone
can. The issue is more about verifier trust in the issuer. How does a
verifier determine who should be trusted to issue credential X,
regardless of whether X is self issued or a reputation type of
credentials.

On 29/08/2017 19:32, Steven Rowat wrote:
> On 2017-08-29 1:28 AM, Adam Sobieski wrote:
>> Credentials Community Group,
>>
>> In a decentralized identity model, various issuers can provide
>> identifying credentials (nations, states, cities, universities, banks,
>> companies, etc.).
>
> This is perhaps an unnecessary aside, but would this list also include:
> self-issued
> reputation issued
>
> credentials?
>
> For the first, I believe it's been discussed in the past in this group
> that there are situations where a person, or entity, would like to issue
> their own credential.
>
> But perhaps the reputation one is more important. I mean both the small
> scale -- two people with Passports identify person X as being known --
> as well as large-scale: 4,000 reviewers on a music site decide to bestow
> "Best of category" on work Y, and issue it as a credential.
>
> Steven
>
>
>
>
>>
>> While querying digital wallets is still a pioneer topic and a work in
>> progress, we can envision that a verifiable profile is composed by a
>> user, utilizing a set of credentials, in response to a query or
>> request. We can envision that a set of attributes may be requested,
>> each attribute may be optional or required for a request, and, for
>> each attribute, data and metadata about pertinent credentials and
>> issuers may be specified or described, defining acceptable credentials
>> per attribute.
>>
>> Topical is describing credentials’ and issuers’ data and metadata so
>> that a verifier can ensure that a verifiable profile is composed from
>> a set of acceptable credentials. I would like to ask about schemas or
>> models of credentials and issuers.
>>
>>
>> Best regards,
>> Adam Sobieski
>>
>
>




--
Mike Lodder
Senior Crypto Engineer

[X]
Received on Saturday, 2 September 2017 05:41:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:13 UTC