[MINUTES] W3C CCG Verifiable Credentials for Education Task Force Call - 2020-05-11 12pm ET

• From: W3C CCG Chairs <w3c.ccg@gmail.com>
• Date: Fri, 15 May 2020 19:42:54 -0700 (PDT)
• Message-ID: <5ebf532e.1c69fb81.2d9ab.0b4c@mx.google.com>

Thanks to Chris Winczewski for scribing this week! The minutes
for this week's CCG Verifiable Credentials for Education Task Force telecon are now available:

https://w3c-ccg.github.io/meetings/2020-05-11/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
CCG Verifiable Credentials for Education Task Force Telecon Minutes for 2020-05-11

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2020May/0058.html
Topics:
  1. Introductions & Reintroductions
  2. Europass Digital Credential Infrastructure.
Organizer:
  Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
Scribe:
  Chris Winczewski
Present:
  Simone Ravaoli, Lluís Alfons Ariño, Kim Hamilton Duffy, Alexander 
  Mikroyannidis, Adrian Gropper, David Ward, Adam Lemmon, Nate 
  Otto, Blaž Podgorelec, Rick Barfoot, Stuart Freeman, Jim Kelly, 
  Phil_Barker, Anthony Camilleri, Taylor Kendall, James Chartrand, 
  Tore Hoel, Joshua Marks, Chris Winczewski, Balázs Némethi, Hans 
  Pongratz
Audio:
  https://w3c-ccg.github.io/meetings/2020-05-11/audio.ogg

Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
  https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
Chris Winczewski is scribing.

Topic: Introductions & Reintroductions

Kim Hamilton Duffy:  Introductions and reintroductions
Joshua Marks
Kim Hamilton Duffy: Alexander Mikroyannidis
Anthony Camilleri: 
  https://us6-broadcast.officeapps.live.com/m/Broadcast.aspx?Fi=671603092353d17f%5F97ed66d7%2D75cf%2D45de%2Da6d4%2Dbbc465fb3848%2Dasync%2Epptx
Kim Hamilton Duffy:  Anthonycamilleri presenting

Topic: Europass Digital Credential Infrastructure.

Anthony Camilleri:  Work for education consultancy company who 
  works with the EU but Anthony does not represent the EU 
  Commission
  ... Agenda slide, six topics
Kim Hamilton Duffy: Is everyone able to access the slides?
Yes works for me (firefox/ mac os)
Kim Hamilton Duffy: I was able to get it but had some issues at 
  first and had to retry, then download
Adam Lemmon: Could you please reshare the link? Sorry got booted 
  off of the chat
  ... Kick off in January of 2018 - Framework for 
  digitally-signed credentials
Kim Hamilton Duffy: Ok good. let me know if you have challenges
Kim Hamilton Duffy: Adam, I'll reshare
Adam Lemmon: Thanks!
Kim Hamilton Duffy: 
  https://us6-broadcast.officeapps.live.com/m/Broadcast.aspx?Fi=671603092353d17f%5F97ed66d7%2D75cf%2D45de%2Da6d4%2Dbbc465fb3848%2Dasync%2Epptx
  ... Like a publicly owned LinkedIn, one of the most used 
  services ~2M users per month
  ... Overview of components of Europass
Kim Hamilton Duffy: Slide 7 fyi
  ... eIDAS EU directive is relevant for Europass due to legal 
  standing
Kim Hamilton Duffy: Sorry, slide 6
Kim Hamilton Duffy: Slide 7
  ... GDPR is also relevant legislation with regards to privacy 
  controls
Kim Hamilton Duffy: Slide 8
  ... third part of relevant legislation is education standards
  ... final piece is member state legislation
Kim Hamilton Duffy: Slide 9
  ... some member states consider student records public while 
  other consider this extremely private
Kim Hamilton Duffy: Slide 10
  ... Nine design considerations
Hans Pongratz: Sorry, was late, could you send link to slides, 
  again? Thx!
Anthony Camilleri: 
  https://us6-broadcast.officeapps.live.com/m/Broadcast.aspx?Fi=671603092353d17f%5F97ed66d7%2D75cf%2D45de%2Da6d4%2Dbbc465fb3848%2Dasync%2Epptx
  ... Member States are primary stakeholders, must be valid 
  across EU, 40 year lifetime, privacy protecting but not 
  self-sovereign, interoperable, no changes to existing 
  legislation, diploma-mill proof
  ... components of framework are open standards, services, and 
  software based on eIDAS, Europass, and W3C VC
  ... issues identified - VCs have a preference for JSON, eIDAS 
  provides implementations for XML and PDF but not JSON
  ... challenge to express VCs as XML by using XADES-LTA 
  enveloped proof
  ... example of XML verifiable credential on slide 13
  ... IDs and URIs are expressed as attributes
  ... Can a VC XSD be adopted? Suggestion provided on slide 16 
  for discussion.
  ... Europass Learning Model as new VC data model on slide 17
  ... Specifications, opportunities, and credentials make up the 
  Learning Model
  ... Learning Credential contains Metadata about issuer and 
  credential type; claim about the person, achievement, assessment, 
  activity, and entitlement; and proof containing eIDAS eSeal and 
  other proofs
  ... other proofs are accepted but not legally admissible
  ... Example of an XML Verifiable Presentation on slide 19
  ... Designed to be easy for verification
  ... results in slightly different workflow
  ... Issuance, storage in repository, verification by 
  repository, and two more steps
  ... verification check steps on slide 21
  ... integrations are required for all of these, therefore a 
  verification check is offered within the presentation
  ... summary - Europass is the only framework for legally valid 
  digital learning credentials across the EU, fully free and mainly 
  open source, 27 languages
  ... Overview of implementation foundations
  ... Additional information links on slide 24
  ... timing has been moved forward
  ... open questions - How might we engage with W3C for an 
  official XML spec
Nate Otto:  Thank you for the clear presentation
Joshua Marks: WIll the deck be available?
Kim Hamilton Duffy: It has a "download" link
Adam Lemmon: 
  https://us6-broadcast.officeapps.live.com/m/Broadcast.aspx?Fi=671603092353d17f%5F97ed66d7%2D75cf%2D45de%2Da6d4%2Dbbc465fb3848%2Dasync%2Epptx
  ... how long should the verification within the presentation be 
  trusted, subject to revocation?
Anthony Camilleri:  Validity of credential 2-3 years based on 
  certificate. Presentation is valid for as long as the person 
  wants to share it - tied to expiry date they set.
Nate Otto:  How does this work over the 40 year goal?
Anthony Camilleri:  There is a maximum of 7 year validity, this 
  requires XML. They would like recipients to be able to download 
  and store for 40 years.
  ... eIDAS constrains the length but this is being worked on as 
  well
Kim Hamilton Duffy: 
  https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/
Qualified?
Substantial?
These are the terms used most commonly for the eIDAS levels of 
  assurance
Kim Hamilton Duffy:  Applying SSI to eIDAS link above
Error: (IRC nickname 'by_caballero' not 
  recognized)[2020-05-11T15:46:29.927Z] <by_caballero> also signed 
  versus sealed :D
  ... what implications does this have on credential 
  repositories? Pass-through or long-term storage?
Anthony Camilleri:  Very active research into SSI within eIDAS, 
  would be surprised if this came in a binding way within 5 years.
<Breaks out into tears at the estimate of having to wait 5 years 
  for eIDAS updates>
  ... EDCI viewer can only be used online now, looking into 
  offline usage
Kim Hamilton Duffy:  Agree with the SSI eDIAS time estimate.
By_caballero: inaudible
Nate Otto: By_caballero's connection was very good right up until 
  the beginning of the question. Alas!
Blarg
I just wanted to hear more about the revocation infrastructure-- 
  1 per issuer? 1 for all of europe? something in between? any 
  specifics?
Kim Hamilton Duffy:  I like that you started with the Data Model. 
  Maybe we can start with Data Models that include XML. What are 
  your highest priority items?
Anthony Camilleri:  Data Model is high priority, would appreciate 
  namespace for VCs that are XML
Kim Hamilton Duffy:  Please clarify "namespace"
Anthony Camilleri:  Clarification that XML is an official VC
  ... would be helpful
Question from by_caballero
  ... revocation above
You're in good company when it comes to that particular 
  embarassment!
Anthony Camilleri:  Will launch revocation structure this summer. 
  EU will maintain its own revocation list for Europass, will also 
  allow member states to have their own revocation lists
  ... for example, a court could publish a revocation list
  ... issuers can themselves point to a revocation list within 
  the credential
Kim Hamilton Duffy:  Within VC data model, the URI is being used 
  as an identifier. How are you approaching identity with this 
  implementation? DID-web...
Anthony Camilleri:  Current version - eIDAS provides a scheme for 
  identifiers for legal and natural persons
  ... relevant data for each person type published in URI (not 
  dereferencable)
  ... would like to be able to offer DIDs that are linked to 
  eIDAS
Kim Hamilton Duffy:  Outreach is compelling though this approach
Thank you so much!
Lluís Alfons Ariño: Hi Kim (and all) - relevant link on how to 
  link SSI-VC with the eIdas trust framework is available at 
  https://joinup.ec.europa.eu/collection/ssi-eidas-bridge
Joshua Marks: Thank you
  ... Will follow up on the possible work item. Thank you 
  Anthony!
Simone Ravaoli: Thx @anthonycamilleri !

Received on Saturday, 16 May 2020 02:43:09 UTC