W3C home > Mailing lists > Public > public-credentials@w3.org > August 2021

Re: What are VCs similar to?

From: Adrian Gropper <agropper@healthurl.com>
Date: Mon, 23 Aug 2021 13:27:26 -0400
Message-ID: <CANYRo8j9OodLo1VcA6T+znP0-3D2qF6TWnECaJH7fZ6qU_LOYQ@mail.gmail.com>
To: "Phillip D. Long" <phil@rhzconsulting.com>
Cc: Henry Story <henry.story@gmail.com>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, Steve Capell <steve.capell@gmail.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
Phil,

Your perspective implies that most people will expect digital credentials
to behave like analog ones. For example, when issued a certificate, the
subject will want to see what it says long before it’s presented to a
verifier. There are possibilities for rendering and validation:
- a wallet (this means more than the request-presentation UX because
validation is also needed
- a trusted and neutral verification site (the universal validator :-)
operated by whom?

Moving the VC around to a wallet or verification site will require standard
protocols for request and authorization. In IETF this work is happening in
GNAP [1] and RAR [2]. These are general standards in the sense that they do
not presume VCs or DIDs and they do not presume a browser as opposed to an
app or a server as the user-agent. Other ways people might expect to move
credentials around would be email or SMS message, where authorization is,
in-effect, implied in the addressing and where the request protocol and
format are completely unspecified.

- Adrian

[1] https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/
[2] https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar



On Mon, Aug 23, 2021 at 12:40 PM Phillip D. Long <phil@rhzconsulting.com>
wrote:

> Hi: Adrian: we’re looking as widely as possible at the space. The goal is
> to provide a lay person, at least with respect to the IT domain, an
> understanding of what it takes to issue and move credentials around, and as
> you note, that includes across trust domains. Recommendations on what IETF
> standards are relevant to this space would be very helpful.
>
> Cheers,
>  Phil
>
> *Phillip Long, Ph.D.*
> *RHz Consulting, LLC.*
> Inquire-Listen-Design-Prototype-Analyze-Repeat
> e:phil@rhzconsulting.com
> LinkedIn:http://www.linkedin.com/in/longpd/
> —
> *T3 Innovation Network, LER Pilot Projects Community Manager*
> e: phil@rhzconsulting.com,
> SNS: Twitter/Telegram @RadHertz
> LinkedIn: https://www.linkedin.com/in/longpd
>
> On Aug 23, 2021, at 10:24 AM, Adrian Gropper <agropper@healthurl.com>
> wrote:
>
> Hi Phil,
>
> VCs are a standard data model under control of W3C. Have you considered
> that the external (across a trust boundary) protocols associated with VCs
> (and DIDs) should be standardized independently of W3C, ideally in IETF?
>
> - Adrian
>
> On Mon, Aug 23, 2021 at 10:11 AM Phillip D. Long <phil@rhzconsulting.com>
> wrote:
>
>> Steve et. al. - You’re right that the non-techie audience, who are savvy
>> about many things, just not the tech space, do have trouble seeing the
>> value proposition afforded by VCs. In part that’s because it has never been
>> possible before to have a trustable assertion without doing the background
>> checking. Hence, the costs associated with that process are largely built
>> into existing business models. Change business practices is itself costly,
>> even if it delivers savings after implementation is achieved. And it opens
>> up other possibilities for rethinking the verification process for other
>> practices which will be ’new’ to most.
>>
>> A team lead by the Learning Economy Foundation, of which I’m a part, has
>> some funding to look at the protocol and standards landscape of the VC
>> ecosystem specifically with the intention of building a visual of the
>> landscape and then a layman’s guide to the status of the relevant protocols
>> with, hopefully, some recommendations for the place to start with VCs for
>> basic use cases such as issuing a certificate for completion of a
>> credential (education/training). Or, to create self-asserted skills that
>> can be endorsed through the VC native Open Badge VC that this group heard
>> Kerri Lemoie present a month or so ago.
>>
>> We could use any advice, suggestions and feedback on the emerging
>> protocol landscape for issuing and presenting VCs. We’d be happy to share
>> what we gather for feedback and suggestions after our first phase of data
>> collection (a limited survey) is reviewed and summarized.
>>
>> I like the passport chip analogy, as well!
>>
>> Cheers,
>>  Phil
>>
>> *Phillip Long, Ph.D*.,
>> T3 Innovation Network, LER Pilot Projects Community Manager
>> e:  <phil@rhzconsulting.com>phil@rhzconsulting.com,
>> SNS: Twitter/Telegram @RadHertz
>> LinkedIn: https://www.linkedin.com/in/longpd
>> —
>> *Senior Scholar, Georgetown University*
>> Center for New Designs in Learning & Scholarship (CNDLS)
>> e: pl673@georgetown.edu
>> —
>> *Open Software Fellow*
>> Concentric Sky
>> e: plong@concentricsky.com
>> https://concentricsky.com/  <https://www.concentricsky.com/>
>> —
>>
>> *RHz Consulting, LLC.*Inquire-Listen-Design-Prototype-Analyze-Repeat
>> e:phil@rhzconsulting.com
>> LinkedIn:http://www.linkedin.com/in/longpd/
>> <http://www.linkedin.com/in/longpd/>
>>
>>
>>
>>
>>
>>
>>
>> On Aug 23, 2021, at 7:10 AM, Steve Capell <steve.capell@gmail.com> wrote:
>>
>> Also a good analogy.  Probably depends on your intended audience
>>
>> - a tech audience will most likely understand and appreciate the x.509
>> analogy
>> - but a business / policy audience will give you a blank stare if you say
>> “it’s just like x.509”.  I think the passport chip is a better story for
>> the non tech audience
>>
>> I may venture to suggest that the biggest problem I’ve faced (and
>> probably this group faces) is not convincing tech savvy people - but rather
>> getting business / policy people to understand the benefits to the extent
>> that they will allocate budget to projects so they can realise that benefit
>>
>> I still struggle with this - almost every day
>>
>> Steven Capell
>> Mob: 0410 437854
>>
>> On 23 Aug 2021, at 9:03 pm, Henry Story <henry.story@gmail.com> wrote:
>>
>> 
>>
>> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <
>> mwherman@parallelspace.net> wrote:
>>
>> If you assume a simple definition of a Verifiable Credentials platform as
>> a set of data models and protocols for creating and verifying verifiable
>> data packets and their exchange between 2 or more software agents (don't
>> get hung up on the specific wording), what existing protocols/platform
>> standards, in your mind, are the most similar to VCs (at a top-level)?
>> - DNS?
>> - TCP packets?
>> - SOAP messages?
>> - something else?
>>
>>
>> X509 Certificates (with 40 years of tech improvements added to them).
>>
>> A Verifiable Claim is just a signed content, and the big leap of VC stack
>> is that
>> it is built on well defined, open, extensible logics.
>>
>> Henry
>>
>>
>> Michael Herman
>>
>> Get Outlook for Android
>>
>>
>>
>>
>>
>>
>
Received on Monday, 23 August 2021 17:27:52 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 August 2021 17:27:54 UTC