- From: Adrian Gropper <agropper@healthurl.com>
- Date: Mon, 23 Aug 2021 13:27:26 -0400
- To: "Phillip D. Long" <phil@rhzconsulting.com>
- Cc: Henry Story <henry.story@gmail.com>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, Steve Capell <steve.capell@gmail.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CANYRo8j9OodLo1VcA6T+znP0-3D2qF6TWnECaJH7fZ6qU_LOYQ@mail.gmail.com>
Phil, Your perspective implies that most people will expect digital credentials to behave like analog ones. For example, when issued a certificate, the subject will want to see what it says long before it’s presented to a verifier. There are possibilities for rendering and validation: - a wallet (this means more than the request-presentation UX because validation is also needed - a trusted and neutral verification site (the universal validator :-) operated by whom? Moving the VC around to a wallet or verification site will require standard protocols for request and authorization. In IETF this work is happening in GNAP [1] and RAR [2]. These are general standards in the sense that they do not presume VCs or DIDs and they do not presume a browser as opposed to an app or a server as the user-agent. Other ways people might expect to move credentials around would be email or SMS message, where authorization is, in-effect, implied in the addressing and where the request protocol and format are completely unspecified. - Adrian [1] https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/ [2] https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar On Mon, Aug 23, 2021 at 12:40 PM Phillip D. Long <phil@rhzconsulting.com> wrote: > Hi: Adrian: we’re looking as widely as possible at the space. The goal is > to provide a lay person, at least with respect to the IT domain, an > understanding of what it takes to issue and move credentials around, and as > you note, that includes across trust domains. Recommendations on what IETF > standards are relevant to this space would be very helpful. > > Cheers, > Phil > > *Phillip Long, Ph.D.* > *RHz Consulting, LLC.* > Inquire-Listen-Design-Prototype-Analyze-Repeat > e:phil@rhzconsulting.com > LinkedIn:http://www.linkedin.com/in/longpd/ > — > *T3 Innovation Network, LER Pilot Projects Community Manager* > e: phil@rhzconsulting.com, > SNS: Twitter/Telegram @RadHertz > LinkedIn: https://www.linkedin.com/in/longpd > > On Aug 23, 2021, at 10:24 AM, Adrian Gropper <agropper@healthurl.com> > wrote: > > Hi Phil, > > VCs are a standard data model under control of W3C. Have you considered > that the external (across a trust boundary) protocols associated with VCs > (and DIDs) should be standardized independently of W3C, ideally in IETF? > > - Adrian > > On Mon, Aug 23, 2021 at 10:11 AM Phillip D. Long <phil@rhzconsulting.com> > wrote: > >> Steve et. al. - You’re right that the non-techie audience, who are savvy >> about many things, just not the tech space, do have trouble seeing the >> value proposition afforded by VCs. In part that’s because it has never been >> possible before to have a trustable assertion without doing the background >> checking. Hence, the costs associated with that process are largely built >> into existing business models. Change business practices is itself costly, >> even if it delivers savings after implementation is achieved. And it opens >> up other possibilities for rethinking the verification process for other >> practices which will be ’new’ to most. >> >> A team lead by the Learning Economy Foundation, of which I’m a part, has >> some funding to look at the protocol and standards landscape of the VC >> ecosystem specifically with the intention of building a visual of the >> landscape and then a layman’s guide to the status of the relevant protocols >> with, hopefully, some recommendations for the place to start with VCs for >> basic use cases such as issuing a certificate for completion of a >> credential (education/training). Or, to create self-asserted skills that >> can be endorsed through the VC native Open Badge VC that this group heard >> Kerri Lemoie present a month or so ago. >> >> We could use any advice, suggestions and feedback on the emerging >> protocol landscape for issuing and presenting VCs. We’d be happy to share >> what we gather for feedback and suggestions after our first phase of data >> collection (a limited survey) is reviewed and summarized. >> >> I like the passport chip analogy, as well! >> >> Cheers, >> Phil >> >> *Phillip Long, Ph.D*., >> T3 Innovation Network, LER Pilot Projects Community Manager >> e: <phil@rhzconsulting.com>phil@rhzconsulting.com, >> SNS: Twitter/Telegram @RadHertz >> LinkedIn: https://www.linkedin.com/in/longpd >> — >> *Senior Scholar, Georgetown University* >> Center for New Designs in Learning & Scholarship (CNDLS) >> e: pl673@georgetown.edu >> — >> *Open Software Fellow* >> Concentric Sky >> e: plong@concentricsky.com >> https://concentricsky.com/ <https://www.concentricsky.com/> >> — >> >> *RHz Consulting, LLC.*Inquire-Listen-Design-Prototype-Analyze-Repeat >> e:phil@rhzconsulting.com >> LinkedIn:http://www.linkedin.com/in/longpd/ >> <http://www.linkedin.com/in/longpd/> >> >> >> >> >> >> >> >> On Aug 23, 2021, at 7:10 AM, Steve Capell <steve.capell@gmail.com> wrote: >> >> Also a good analogy. Probably depends on your intended audience >> >> - a tech audience will most likely understand and appreciate the x.509 >> analogy >> - but a business / policy audience will give you a blank stare if you say >> “it’s just like x.509”. I think the passport chip is a better story for >> the non tech audience >> >> I may venture to suggest that the biggest problem I’ve faced (and >> probably this group faces) is not convincing tech savvy people - but rather >> getting business / policy people to understand the benefits to the extent >> that they will allocate budget to projects so they can realise that benefit >> >> I still struggle with this - almost every day >> >> Steven Capell >> Mob: 0410 437854 >> >> On 23 Aug 2021, at 9:03 pm, Henry Story <henry.story@gmail.com> wrote: >> >> >> >> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) < >> mwherman@parallelspace.net> wrote: >> >> If you assume a simple definition of a Verifiable Credentials platform as >> a set of data models and protocols for creating and verifying verifiable >> data packets and their exchange between 2 or more software agents (don't >> get hung up on the specific wording), what existing protocols/platform >> standards, in your mind, are the most similar to VCs (at a top-level)? >> - DNS? >> - TCP packets? >> - SOAP messages? >> - something else? >> >> >> X509 Certificates (with 40 years of tech improvements added to them). >> >> A Verifiable Claim is just a signed content, and the big leap of VC stack >> is that >> it is built on well defined, open, extensible logics. >> >> Henry >> >> >> Michael Herman >> >> Get Outlook for Android >> >> >> >> >> >> >
Received on Monday, 23 August 2021 17:27:52 UTC