RE: File formats for the secure export/import of Verified Credentials? from Michael Herman (Trusted Digital Web) on 2021-02-01 (public-credentials@w3.org from February 2021)

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Date: Mon, 1 Feb 2021 01:25:42 +0000
To: Leonard Rosenthol <lrosenth@adobe.com>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <MWHPR1301MB209469A11CC127448679FC55C3B69@MWHPR1301MB2094.namprd13.prod.outlook.>

These are good questions but it wasn’t where I was coming from originally (but read through to the end of this email for some separate but related activity).

More specifically,  I was thinking of something like the https://en.wikipedia.org/wiki/PKCS_12 file format <https://en.wikipedia.org/wiki/PKCS_12%20file%20format%20for%20X.50s>  for X.509 certs where you can export and secure it with a password, etc. …possibly include key pairs, etc.  I’m at the 10,000 level on this …actually only at about 1045 meters (elevation of Calgary ASL).

Here’s a scenario:

The scenario is Alice User bootstrapping/onboarding herself into an app with a copy of her personal "Member" or "Citizen" VC …onboarding Alice into her local instance of the mobile or desktop app.

The attributes would only be shared within the app on a traditional SSI selective disclosure basis ...so it is the very initial use case where you're claiming an instance of a mobile or desktop as "your own" ...an identity bootstrapping/onboarding process.  (The app is sort of wallet/agent but is also capable of hosting any number of pluggable applets.)

...where you're not beholding to any issuer or service provider once the credential has been issued and persisted into a file (modulo downstream VC verification). You can take your secure “vcred” file and present it to any app you want to onboard into it. It’s related to the SSI Personal Data Usage License problem I wrote about here: https://docs.google.com/document/d/1yP0OgDhq-3TTIien5gsETi4jZdyiKbwE/edit. ….now I’m building it out.

----
Footnote: Leonard, that being said, today, I was fooling around with my Windows 10 laptop to imagine what a fully integrated Windows shell experience might look like for these file types.  I chose .vcred as the File Suffix and application/vcred as the Content Type.  I’ve attached a safe copy of the Windows Regedit script if you’re interested. (You will need to tweak the file system location of the .ico icon file.)  I don’t know if or how Windows uses the Content Type but I have all of the file suffix stuff working (notepad.exe is my dummy Acme VCredReader app).  Here’s a screenshot.

NOTE: This is not the point of my original question …but a parallel line of thinking.  Thank you for the question.

[cid:image004.jpg@01D6F7FE.773871B0]

From: Leonard Rosenthol <lrosenth@adobe.com>
Sent: January 31, 2021 4:29 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>; Credentials Community Group <public-credentials@w3.org>
Subject: Re: File formats for the secure export/import of Verified Credentials?

Michael – forgetting about the file name extensions (which is the part of the article that you linked to) what actual format(s) are you thinking of using and what associated media type?

Aren’t the majority (all?) of the VC’s going to be in JSON?   And would you want `application/json` or something specific to VC?

Leonard

From: "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Date: Sunday, January 31, 2021 at 2:26 PM
To: Credentials Community Group <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: File formats for the secure export/import of Verified Credentials?
Resent-From: <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Resent-Date: Sunday, January 31, 2021 at 2:24 PM

Hopefully, it’s not sacrilege to suggest something like this might be useful: File formats for the secure export/import of Verified Credentials?

…something like the file formats used for exporting/importing X.509 certificates (https://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FX.509%23Certificate_filename_extensions&data=04%7C01%7Clrosenth%40adobe.com%7C0af54d6f44114b01a10008d8c61e19c0%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637477179879803301%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=l1g%2FNveQYKQS7MDKDtAgsG0OAx5OF6OMLQJC0dxW0e4%3D&reserved=0>).

Best regards,
Michael Herman
Self-Sovereign Blockchain Architect
Trusted Digital Web
Hyperonomy Digital Identity Lab
Parallelspace Corporation

[cid:image005.jpg@01D6F7FE.773871B0]

Attachments

image/jpeg attachment: image004.jpg
image/jpeg attachment: image005.jpg
image/x-icon attachment: vcred.ico
application/octet-stream attachment: vcred_Verified.Credential.10_reg_txt

Received on Monday, 1 February 2021 01:25:59 UTC