W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

Re: Human readable credentials?

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Mon, 8 Jun 2020 18:49:32 +0000
To: Jeremy Townson <jeremy.townson@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <12C68C0E-2FC4-43D5-84E2-EAB3EA2CE77D@adobe.com>
The assumption here is that the JSON representation is the “container” for all aspects of the credential.   I will put forth, as I did on the call today, that using a rich (open standard) container format such as PDF for the container would be a better solution when *both* PDF + JSON are required.

PDF provides you a single binary container for both the human-consumable presentation + the JSON-LD (or XML, as we noted on the call today) for machine consumption.  All of which can be certified/sealed according to eIDAS standards (ie. PAdES) for compliance with relevant laws/regulations.  It’s also fully compatible with device & cloud-based search engines, to ensure that the content can/will be indexed.

And this isn’t a new idea.  Governments such as the US, the EU and Brazil have been doing this for decades!   For example, each copy of the US Census from the US GPO is distributed as a certified PDF with the data embedded. So you can read it as a human, extract machine readable information – all while ensuring that the information has not been tampered with.

Leonard

From: Jeremy Townson <jeremy.townson@gmail.com>
Date: Monday, June 8, 2020 at 12:48 PM
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Subject: Human readable credentials?
Resent-From: <public-credentials@w3.org>
Resent-Date: Monday, June 8, 2020 at 12:47 PM

I have a question for the group about displaying credentials to humans. Credentials, being JSON, are machine readable, okay, but when the machine is told to display the credential on screen, what does the machine do?

Does this matter? It would appear so.. A holder may wish to make a visual check of a credential he holds. An issuer may wish their credentials to display their logo, etc. In fact, one can imagine it being useful to display virtually any credential, except possibly login credentials and that kind of thing.

Since credentials have emerged from linked data on the web, one idea would be to continue to do what the web does generally and have a web page render a credential. But the integrity of that web page and of the credential are guaranteed in different ways. How then would the view and the credential be tied to the same issuer?

It seems you could address this question in two ways. One would be to embed the view data into the credential itself. For example, a credential could contain a field like "view": "some mime message or whatever". Another would be to use a content-addressable link, such as a hashlink, where the content contains the same info.

The problem here is neither of those approaches are standard in the data model. Seemingly, it would be useful if they were standard because an arbitrary wallet, given an arbitrary credential would know how to display it.

So finally, my question. What ways are people using to display credentials, are they robust and is there any best approach that might be worthy enough to standardise?

Many thanks,
Jeremy Townson

ps: I've enjoyed watching the CG list file through my inbox. It seems a very coherent group, which hopefully gives as good a chance of success in this world.

pps: To introduce myself, I have been working on a Scala implementation of the VC data model.


Received on Monday, 8 June 2020 18:49:48 UTC

This archive was generated by hypermail 2.4.0 : Monday, 8 June 2020 18:49:49 UTC