RE: RE: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

>> Inline:

From: Herraiz, Victor (SanTech) <>
Sent: Thursday, July 16, 2020 8:03 AM
To: Daniel Buchner <>; Pulido Moyano, Alberto <>; Kristina Yasuda <>; Wayne Chang <>; W3C Credentials CG <>; Brent Zundel <>; Dave Longley <>; Tobias Looker <>; Boothby, Roderick <>; Anthony Nadalin <>; Mark Haine <>
Subject: Re: RE: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

Hi, Daniel.

Sorry, I will try to be more verbose this time.

  *   Extensible: phone_number not only require a format and constrain but all the rules that have to follow to fulfil equality. In the implementation, before any comparation we execute a normalization. This normalization is associated to the type of the data evaluated in this specific predicate. Decimal  (text representation of an arbitrary precision number) is another example, before executing a “gt” the type requires a transformation that support this kind of comparation, it is not compare as a String but as a number. As you could see the scope of the language differ a little. The assertion (I really do not like this name…) language is the body of a predicate, and the types expose not only format and constrains but operations as well.

>>> But where are these specific types, and their value processing rules, defined? Is the spec defining these types, or is it a framework that implies a userland definition of the types will happen ad hoc between participants?

  *   Safe: At the point of we made our minds,  we want the relaying parties (the ones that code the assertion) to  have a flexible language, but we were afraid of what kind of contraptions they could build, some people could have an incredible mind. We could further discuss this point, we appreciate as much feedback as possible as you do.

>>> If the types are codified (along with their processing, regexes, and other evaluatory bits), then I don’t understand why you would need to fear someone creating a document with some string/number value of a given type. If this is not codifying the actual types, and that is something defined ad hoc in the code of every userland exchange, that could be an issue.

  *   Natural language: When the user has to “consent” a request from the RP, the UI has to present an “easy to understand” sentence about what the relaying party is asking. The possible outcomes of the consent in case of an assertion claim are: True, False or Missing/User rejects disclosure. (Error too…). Therefore the expression is “translated” to natural language. Example: assertion for the claim “age” { “gte”: 16 }, is translated to  “User is at least 16 old”.

>>> So what you’re saying here is that you want to ensure that any type/value system used can have known properties and that you can give verbose word equivalences to for composition of UI representation? That makes sense, but I am trying to understand why that’s uniquely produced by this particular construction, vs others that may exist.

As you could see, I did not understand well the question about the type system, could you help me with that?  This “assertion claims” are not related to proof, even ZKP.

From: Daniel Buchner <<>>
Date: Thursday, 16 July 2020 at 15:29
To: "Herraiz, Victor (SanTech)" <<>>, "Pulido Moyano, Alberto" <<>>, Kristina Yasuda <<>>, Wayne Chang <<>>, W3C Credentials CG <<>>, Brent Zundel <<>>, Dave Longley <<>>, Tobias Looker <<>>, "Boothby, Roderick" <<>>, Anthony Nadalin <<>>, Mark Haine <<>>
Subject: #External Sender# RE: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

I am not sure I fully understand the issues in the bullet points you listed below for “Extensible”, “Safe”, and “Easy to translate to natural language”. Can you help clarify why something like a phone number would not work as an addition to the set of built-in formats (<>) for something like JSON Schema? I understand that regex eval can be a vector for certain processing/perf issues when evaluating regexes from untrusted userland parties, but given a set of types for common ZKP circuits would need to be standardized, and their type/value parsing logic strictly codified, why would such an issue exist for the standard type system and those using libraries coded to evaluate that type system? I am not really clear on the last bullet, but an example that shows how one would ‘not know what is going on’ vs ‘know what is going on’, might help.

- Daniel

From: Herraiz, Victor (SanTech) <<>>
Sent: Thursday, July 16, 2020 4:22 AM
To: Pulido Moyano, Alberto <<>>; Kristina Yasuda <<>>; Wayne Chang <<>>; Daniel Buchner <<>>; W3C Credentials CG <<>>; Brent Zundel <<>>; Dave Longley <<>>; Tobias Looker <<>>; Boothby, Roderick <<>>; Anthony Nadalin <<>>; Mark Haine <<>>
Subject: Re: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

Hello everyone,

We considered many alternatives for the design of the assertion language, but first of all the name. Predicate is indeed a better name, false or true are both valid outcomes. On the other hand Assertions could be interrelated as the only valid option is true and false is a failure.

About the expression language, we consider different approaches:

  *   MongoDB “where” language
  *   JSON Schema types and constrains.
  *   A Expression language like Spring EL

At the end we choose something like the mongodb query syntax but without the problem of mixing operands and literals that gave them so many problems.

Some of the requirements were:

  *   Extensible: Adding types like phone_number that require a normalization before execution without including this massive dependencies.
  *   Safe: For example, regular expression are forbidden to avoid ReDoS.
  *   Easy to translate to natural language: The owner of the data must know what is going on… 😃

JSON Schema was discarded for those reasons and because the scope of the language is validation not a simple predicate. The current implementations are bind to that rule.

From: "Pulido Moyano, Alberto" <<>>
Date: Thursday, 16 July 2020 at 11:45
To: Kristina Yasuda <<>>, Wayne Chang <<>>, Daniel Buchner <<>>, W3C Credentials CG <<>>, Brent Zundel <<>>, Dave Longley <<>>, Tobias Looker <<>>, "Herraiz, Victor (SanTech)" <<>>, "Boothby, Roderick" <<>>, Anthony Nadalin <<>>, Mark Haine <<>>
Subject: Re: #External Sender# Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

Hi Kristina and all,

Thanks for looping me in, also adding Victor and Rod to the thread.

I include as well Anthony and Mark, since they are helping moving forward this issue under eyk-ida WG.

We did this specification with the intention to create an extension to OpenId, where a new type of claims (assertions/predicates)  is in place, so that user privacy is enhanced.

It is part of a wider set of specs we´ve been working as a research project and based on actual use cases we have identified that could work for us. However, we are trying to contribute and reach to a wider community to see if some of those ideas help providing standards for solving similar problems that W3C VC solves. Actually, we always though somehow we could provide the transport layer for Verifiable Credentials in a form of proof or evidence in case the RP demands it, always associated with the request for a particular verified claim/set of claims. Our aim is as well to influence the great work done by the ekyc-ida WG, were we are actively contributing.

The overall Santander project public documentation can be found here:<>

Regarding assertions (maybe derivative predicates it´s even a better name for what we did!), we defined the specs to be extensible so that each OP defines their own claim types and supported operands, and leaving the implementation of the spec with their own rules. For instance, when implementing the phone_number operand for “eq”, we did plugin a library from google (google-libphonenumber) to normalize the data before comparing the data.

Happy to jump into a call and provide more info if needed, I do see great opportunity now that we are connected thanks to Kristina and Mark!

Kind regards

Alberto Pulido
Technical Expert
Innovation Hub
+44 (0)7710 380 464
Milton Keynes, UK

From: Kristina Yasuda <<>>
Date: Thursday, 16 July 2020 at 09:56
To: Wayne Chang <<>>, Daniel Buchner <<>>, W3C Credentials CG <<>>, Brent Zundel <<>>, Dave Longley <<>>, Tobias Looker <<>>, Alberto Pulido Moyano <<>>
Subject: #External Sender# Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

+ Alberto who wrote the expression language spec.

If derivative predicates and expression language are trying to achieve the same (looks like they are, correct me if I am wrong), can derivative predicates also be achieved via modifications to JSON Schema?

差出人: Wayne Chang <<>>
送信日時: 2020年7月16日 12:43
宛先: Daniel Buchner <<>>; Kristina Yasuda <<>>; W3C Credentials CG <<>>; Brent Zundel <<>>; Dave Longley <<>>; Tobias Looker <<>>
件名: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and "Expression Language" of OIDF ekyc-ida WG

That's an interesting proposal to extend JSON Schema. If one day it gets promoted to an IETF standard from its draft status, that might get easier to do. I'm curious about the direction of supporting things like references to ISO currency codes (;;sdata=b3t5XY%2FHT0zaSV%2B0oO8VPreNTKC1wu96SrwHkIHH2HY%3D&amp;reserved=0<>) in some kind of claims request language, and URI-referenced validation operations on top of that. JSON Schema is focused on validating JSON Document structures only, so this direction might be out of scope for it (and admittedly I'm pretty ignorant around JSON Hyper-Schema for which I haven't been able to find many well-supported libraries, and also not sure about its possible relationship to JSON-LD for that matter).

Furthermore, if the validation operators have special rules around processing typed values (for example, "the given HTTPS URL must be CA root cert-valid and resolve to 200 OK"), then it would probably have to live in a separate use case-specific extension to JSON Schema or other form of operator definition.

I think a similar conversation in Presentation Exchange involves the specification of trust frameworks hosted somewhere else:;;sdata=i6KZbndzraspRu9zs05drOfQuBtdg%2Bqu384JihBcgd0%3D&amp;reserved=0<>

On Wed, Jul 15, 2020, at 10:22 PM, Daniel Buchner wrote:
> Wow, if that's the case, it's super unfortunate, because they can do
> literally every other type/value evaluation with JSON Schema. Have they
> consider working to add a stringified numeric type to JSON Schema?
> Seems like such a good opportunity to add value to an existing thing
> that does 90% of what they want.
> - Daniel
> -----Original Message-----
> From: Wayne Chang <<>>
> Sent: Wednesday, July 15, 2020 7:04 PM
> To: Daniel Buchner <<>>; Kristina Yasuda
> <<>>; W3C Credentials CG
> <<>>; Brent Zundel <<>>;
> Dave Longley <<>>; Tobias Looker
> <<>>
> Subject: Re: [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and
> "Expression Language" of OIDF ekyc-ida WG
> Hey Dan, just some initial thoughts here after a brief review of the spec.
> In the following example, it seems that the spec allows for certain
> semantic/industry-specific comparison using the "gt" operator on
> strings, which would be not possible in JSON Schema:
> It's pretty common in the financial sector to represent currencies as
> strings as prevent unintentional IEEE 754 mantissa-bending from getting
> settlements wrong and sending everyone to jail. There is also a
> capabilities negotiation section with
> "assertion_claims_query_language_supported" that may benefit from
> universal identifiers like
> ";;sdata=ECb4KnJl%2Bf1Ci9t%2B8d45mZsNDv%2BeKK%2FQzPxssEWBUIc%3D&amp;reserved=0<>". These semantics might be different enough to target a goal other than recreating JSON Schema.
> On Wed, Jul 15, 2020, at 9:53 PM, Daniel Buchner wrote:
> > I guess my first question would be: why are the folks who created this Open ID proposal trying to recreate JSON Schema, when we already have JSON Schema?
> >
> > *From:* Wayne Chang <<>>
> > *Sent:* Wednesday, July 15, 2020 6:05 PM
> > *To:* Kristina Yasuda <<>>; W3C Credentials
> > CG <<>>; Brent Zundel
> > <<>>; Daniel Buchner
> > <<>>; Dave Longley
> > <<>>; Tobias Looker
> > <<>>
> > *Subject:* [EXTERNAL] Re: "Derivative predicate" of W3C VC WG and
> > "Expression Language" of OIDF ekyc-ida WG
> >
> > Thanks for your message, Kristina! Directly adding Brent + Dan + Dave + Tobias here, whom I believe have been working on related efforts in this problem space across Aries, DIF, and CCG. I hope there's an opportunity consolidate efforts.
> >
> >

> >;data=02%7C01%7CDaniel.Buchner%4
> >
> > ab2d7cd011db47%7C1%7C0%7C637304618921838596&amp;sdata=64kakuLf5f3F%2Bo
> > L39cjYY05nIRZZGN8dOHuBZXNPWGU%3D&amp;reserved=0
> > <

<>> >;data=02%7C01%7CDaniel.Buchner%
> >
> > 1ab2d7cd011db47%7C1%7C0%7C637304618921838596&amp;sdata=64kakuLf5f3F%2B
> > oL39cjYY05nIRZZGN8dOHuBZXNPWGU%3D&amp;reserved=0>
> >

> >;data=02%7C01%7CDaniel.B
> >
> > f141af91ab2d7cd011db47%7C1%7C0%7C637304618921848592&amp;sdata=wAVCy3Nd
> > VrdTBykEW373ATo%2FxOj2sUs1FdarG7QJlws%3D&amp;reserved=0
> > <

<>> >;data=02%7C01%7CDaniel.
> >
> > 6f141af91ab2d7cd011db47%7C1%7C0%7C637304618921848592&amp;sdata=wAVCy3N
> > dVrdTBykEW373ATo%2FxOj2sUs1FdarG7QJlws%3D&amp;reserved=0>
> >

> >;data=02%7
> >
> > c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304618921848592&amp;
> > sdata=UGG%2Fw4IWYH7oieOqoMV9G9Moj0QYv0QYxE24SAXKdBg%3D&amp;reserved=0
> > <

<>> >;data=02%
> >
> > 9c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304618921848592&amp
> > ;sdata=UGG%2Fw4IWYH7oieOqoMV9G9Moj0QYv0QYxE24SAXKdBg%3D&amp;reserved=0
> > >
> >
> > Best,
> > - Wayne
> >
> > On Wed, Jul 15, 2020, at 7:58 PM, Kristina Yasuda wrote:
> >> Hi,
> >>
> >> I am reaching out since there seems to be synergy with 'derived predicate' concept <;;sdata=nZVai%2Fi6Wuo4HGs16Tkd3kCWds%2BEKk0ABUS5WXahJoo%3D&amp;reserved=0<>> of W3C VC spec and  expression language <;;sdata=Yvp6zn%2BmURxHU7V%2FHn8zWf9kubReS16kCbnAu9MjMok%3D&amp;reserved=0<>> concept being discussed in OpenID Foundation(OIDF)'s  ekyc-ida (identity assurance) WG <;;sdata=FVBjsdspaVTfHfecJXDvTlsE%2FVFKESQpC4VYM1I4wcQ%3D&amp;reserved=0<>>  in the context of selective disclosure.
> >>
> >> This part
> >> <

<>> >>;data=02%7C01%7CDaniel.
> >>
> >> 86f141af91ab2d7cd011db47%7C1%7C0%7C637304618921848592&amp;sdata=Qtt8u
> >> tmjeG2PJgr8VVjhU094KQppi7eS7ZgvgcgIHQ8%3D&amp;reserved=0> in the
> >> vc-imp-guide is the most detailed implementation of derived predicate
> >> that I have seen. Do you know if
> >>  * there is more specific proposal for how to express the derived
> >> predicates
> >>  * there is anyone actually implementing this feature OIDF is
> >> discussing the concept of  expression language <;;sdata=Yvp6zn%2BmURxHU7V%2FHn8zWf9kubReS16kCbnAu9MjMok%3D&amp;reserved=0<>> which could be more generic than "ageOver18" property in VC imp-guide and ekyc-ida wg has been wondering if we could work together on this important topic.
> >> OIDF's current proposal is outlined here <>. For example for the alcohol purchase age, in the US it is ageOver18, but in Japan it is ageOver20. The concept of expression language would allow to express this as {"age" : { "gt" : "18", "lt" : "20" } } where gt is 'greater than' and 'lt' is less than..
> >>
> >> Best,
> >> Kristina
> >> *Identity Standards Team, Microsoft Corp.*
> >>
> >>
> >>
> >
Emails aren't always secure, and they may be intercepted or changed after they've been sent. Santander doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way. This message doesn't create or change any contract. Santander doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments. Emails may be monitored. If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents.

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales.<>. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website<>. Santander and the flame logo are registered trademarks.


Received on Thursday, 16 July 2020 15:26:46 UTC