W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

Re: decentralised VC renderer question

From: Leonard Rosenthol <lrosenth@adobe.com>
Date: Thu, 1 Jul 2021 13:45:38 +0000
To: Steve Capell <steve.capell@gmail.com>, Juan Caballero <caballerojuan@pm.me>
CC: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <MN2PR02MB69923AE34927A917DEF40719CD009@MN2PR02MB6992.namprd02.prod.outlook.com>
Happy to share, Steve.  I put my presentation up at https://www.dropbox.com/s/u7mvfgvups34pid/PDF%20as%20a%20Container%20for%20VCs.pdf?dl=0 for you (or anyone) that would like to see what I proposed at the time.

As you note (and I also talk about in the presentation), the most common approach is the “separate blob of data”.  This is most problematic when there is no connection between the two elements and it’s just a “free floating blob”.  One of the areas that I focus on in the presentation is how to directly connect the data in VC to the content (image, text, etc.).  It doesn’t address the duplication problem – there are still two copies - *BUT* it does make it so that things are connected and that fraud checking becomes trivial since the two representations are no longer completely distinct.

> issuer signed tendering template
If you want to go that route, then you can sign the PDF and treat it as the “issuer signed tendering template”.  In fact, it’s actually best that way because not only do you have the human representation signed *but* as the signature would also cover the combination of human+machine, you can be assured that the two go hand in hand.

There are other approaches that could be applied as well, such as the use of PDF Forms as I am working with the MISMO community on in their quest for a updated “SmartDoc” in the mortgage industry (https://www.mismo.org/standards-and-resources/emortgage-specifications/smart-doc%C2%AE-components).


From: Steve Capell <steve.capell@gmail.com>
Date: Wednesday, June 30, 2021 at 2:39 PM
To: Juan Caballero <caballerojuan@pm.me>
Cc: Leonard Rosenthol <lrosenth@adobe.com>, Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: decentralised VC renderer question
Thank you all for your responses

Juan or Leonard - do you have a link to the presentation on the “proper way” to embed a VC into a PDF?  my (limited) understanding of the way structured data is embedded into PDF such at under the EU e-invoicing model is that it’s basically a separate blob of data and it’s up to the issuer to ensure that the values in the XML are the same as the values in the PDF - leaving a fraud vector where the machine readable and human readable data are quite different ?

I instinctively prefer an approach where the VC data is the only source of truth and where human readability is achieved using an issuer signed tendering template and not some kind of separate binary version of the data

Kind regards
Steven Capell
Mob: 0410 437854

On 30 Jun 2021, at 10:40 pm, Juan Caballero <caballerojuan@pm.me> wrote:

For what it's worth, I've submitted grant proposals over here in Europaland trying to find govt sponsorship to develop an open-source library for embedding VCs into PDFs the proper way (based on a detailed presentation by Leonard to the VC-EDU) group with, as yet, no success.  Third time's a charm?
On 6/30/2021 1:27 PM, Leonard Rosenthol wrote:
Also worth noting that in the VC-EDU space, where the primary focus is on the human readable scenarios, they’ve explored embedding the VC into a PDF as well.


From: Manu Sporny <msporny@digitalbazaar.com><mailto:msporny@digitalbazaar.com>
Date: Tuesday, June 29, 2021 at 9:44 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org><mailto:public-credentials@w3.org>
Subject: Re: decentralised VC renderer question
On 6/28/21 10:23 PM, steve capell wrote:
> if it hasn't been a topic for the group then maybe it's something to add
> somewhere on the long list of future to-do's?

It's been discussed over the years, and yes, the solution is something along
the lines of what you suggest. The following technologies have been explored,
but with no firm resolution yet... we're all still very much experimenting
with all of this now:

* A static image embedded as a data: URL in the VC. This
  includes SVGs.

* A content-protected link to an external image in the VC.
  This also includes SVGs.

* HTML iframe to HTML-rendered credential that is
  specified in the VC.

* Fully encapsulated HTML+CSS embedded in the VC.

* Web Component[1] referred to in the VC.

All of the solutions have non-trivial privacy, payload size, and security
implications. It's certainly a solvable problem... but the ecosystem seems to
be focused on getting the foundation right at present and not rushing ahead to
address the rendering problem.

If you take a look at wallet today, they seem to be plucking values like
"image", "title", and "description" and doing generic rendering for the other
fields in the VC. Note that this is possible because the semantic meaning of
each claim is globally known.

It's all a work in progress... yes, people are working on it... but not in any
coordination CCG fashion, yet.

-- manu

[1] https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FWeb_Components&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cf8333d366f4d48f45a0b08d93b03fe07%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637605710616971474%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=jdSGP%2B7MRYGDdczJksC8jfaJbCcdt4MPt%2FvfV7ye7Fg%3D&amp;reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FWeb_Components&data=04%7C01%7Clrosenth%40adobe.com%7C61e3f8534d4d4d603eb808d93bf675fe%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637606751997077740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=npuMZK8awm4lrtkEYTZJ0N3e7ObTJa3F9SHpk%2FN%2B9BM%3D&reserved=0>

Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cf8333d366f4d48f45a0b08d93b03fe07%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637605710616981425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=AmV4teKlxUumRcitn5XMqHCF53hUABGU9u4IYF12M2I%3D&amp;reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&data=04%7C01%7Clrosenth%40adobe.com%7C61e3f8534d4d4d603eb808d93bf675fe%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637606751997087695%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FRb0tZIEg2KlUO1RD9Fw2R8CHMKrnwpiVtH1UMMDhj0%3D&reserved=0>
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)

Juan Caballero, PhD. Freelance<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearningproof.xyz%2F&data=04%7C01%7Clrosenth%40adobe.com%7C61e3f8534d4d4d603eb808d93bf675fe%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637606751997097655%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=33awOs7Dx%2FcNWJzT0GY79uYlh%2FFxBqls5KCxsfv18rQ%3D&reserved=0> Identity Researcher & Community Manager Signal/whatsapp: +1 415-3101351 Berlin-based: +49 1573 5994525
Received on Thursday, 1 July 2021 13:46:01 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC