- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Thu, 21 Apr 2022 17:53:36 +0000
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2022-04-18-vc-education/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2022-04-18-vc-education/audio.ogg ---------------------------------------------------------------- VC for Education Task Force Transcript for 2022-04-18 Agenda: https://lists.w3.org/Archives/Public/public-vc-edu/2022Apr/0020.html Topics: 1. IP Note 2. Call Notes 3. Introductions & Reintroductions 4. Announcements & Reminders 5. VC Governance 6. PDFS as VCs with James Chartrand from McMaster University 7. Credential Display in Wallets Discussion Organizer: Kerri Lemoie Scribe: Our Robot Overlords Present: Kerri Lemoie, James Chartrand, Stuart Freeman, Deb Everhart, Brandon Muramatsu, JeffO Real-IT, Geun-Hyung, Simone Ravaoli, Marty Reed, Dmitri Zagidulin, John Kuo, Andy Miller, Keith, Phil L (P1), Nikos Fotiou, Yashwardhan, Leon, yashwardhan, G, Alan Davies, Colin (LEF), Kayode Ezike, David Chadwick, Jim Goodell, Kaliya, Timothy Summers Our Robot Overlords are scribing. Kerri Lemoie: Hello welcome to the VC edu task force call on Monday April 18th I'm today we are going to be discussing credential display in the wallets including PDFs and also a quick touch base on VC and VC Edu governance. Topic: IP Note Kerri Lemoie: I'm for we get started let's start with the IP note anyone can participate in these calls everyone is welcome however any substitutive contributors to any of the ccg work items including this task force must be done by members of the ccg with full IP our agreement signed in you can learn more about this at this link that I'm going to put in the chat right now. Kerri Lemoie: https://www.w3.org/community/credentials/join Topic: Call Notes Kerri Lemoie: Hey for call notes these minutes well this isn't that these meetings are recorded an audio recording done for every call as much as we can do this but they're also transcribed by the robot overlords and you will see in the chat the job that they are doing as we speak if you see that there is anything that could be corrected that's being transcribed improperly please do us a favor and. Kerri Lemoie: You see it do a. Kerri Lemoie: Substitution and the chat and you can do that by typing s /i'm phrased to fix or word and then fix phrase I'll put that in the chat as an example. Kerri Lemoie: Example: s/phrase to fix/fixed phrase/ Kerri Lemoie: I'm sure that as I speak robot overlords and I don't always get along well so I'm sure we will see lots of examples of that please note that we do use a cue system and these calls so if you have something to say or question to say please type Q the letter Q & A plus sign farewell adieu to the Q and if you feel as though your kids your mind you can type Q - and I will remove you from the queue by doing. Kerri Lemoie: I'm this we will. Kerri Lemoie: At the Q and then call on you in order. Topic: Introductions & Reintroductions Kerri Lemoie: Okay why don't we see first is there anyone here who's new to the call or who like to make an introduction of themselves today or anyone who's been in the call for a while and would like to reintroduce themselves or have some news to share Dimitri you're in the cube. Dmitri Zagidulin: Hi can you hear me okay. Dmitri Zagidulin: So yeah I thought I'd do a quick reintroduction only because one of my hats has changed so I have recently reduced my work with digital bizarre do I'm still in close collaboration with Angela's our team and have stepped up my involvement in virtual reality and augmented reality so I'm still doing the same things verifiable credential. Dmitri Zagidulin: Decentralized identifiers Secure Storage just bringing that toolbox to the AR and VR world still also involved in digital credentials Consortium and the learner wallet there that's it. Kerri Lemoie: Thanks Dimitri that sounds incredibly exciting that's awesome. Kerri Lemoie: Anybody else have would like to make an introduction or update us on your current work. Topic: Announcements & Reminders Kerri Lemoie: So next we have announcements and reminders keep in mind that every Tuesday at noon Eastern is the ccg call and that is always worth checking out if you have time to do so to stay up to date on what is going on overall in this community. Kerri Lemoie: I'm also next week is the internet identity workshop and that starts on Tuesday this Tuesday through Wednesday or is this Tuesday Wednesday I think but it's next week and that means that we will not have a call next week so next Monday there will be no VC I'd you call I'll send an email reminder out but I just want to let you know they were going to skip next week because some of us will be at that meeting and we'll be able to do this as well are we traveling that day. <jeffo_real-it> IIW is Tues, Wed Thurs - Sodl out apparently. Kerri Lemoie: Just check the queue here see if we have. Kerri Lemoie: I'm sorry I let sold out incredible thank you. <jeffo_real-it> 250 cap Topic: VC Governance Kerri Lemoie: So before we get started with James we have Jim chartered in here who's been doing some interesting work on PDFs as we seize I was here from McMaster University and I'm just going to fill us in on that work you may have seen some descriptions of this and the mailing list and we thought it would make a lot of sense to ask him to come tell us and every CH you you know what how they've gone about doing this PDFs is something that open badges has discussed for a long time it also has come up quite a bit in this community. Kerri Lemoie: You before there's a whole lot of reasons to use PDFs in education. <jeffo_real-it> If anyone wants IIW ticket check in any case just in case. Kerri Lemoie: I'm there there are well understood format and you know and can be secured and have embedded data in such as James will tell you and then we're going to talk more about a credential display and wallets and then I'm gonna have to meet you just helped lead that discussion to you because he has some things in mind but before we get started if you don't mind I just I wanted to ask you all to take a look. Kerri Lemoie: At this mirror board. Kerri Lemoie: https://miro.com/app/board/uXjVO8bG_9s=/ Kerri Lemoie: The chat and I will share my screen when one thing that we have been talking about or thinking about a lot is what is governance right what is governance in this space. Kerri Lemoie: A lot of misconceptions and a lot of questions and I really hope to be able to push on this topic more at internet at the iaw next week and so I'm hoping that I could do some research with folks in this community before we go to see what kind of assumptions and questions and understandings that you have about about what governance is so although I'm not a huge fan of Mero I feel like this is a good place to do this because. Kerri Lemoie: You can bring it whatever you'd like whenever you want if. Kerri Lemoie: We need another section other than assumptions and questions go ahead and create that you could do what you want with this board and then we'll take a look at it at the end of the week or early next week and and see what we're learning in here and what you know of questions and assumptions we should be addressing. Kerri Lemoie: And before I move on I sort of want to check in to see if anybody would like to talk about that now if they have anyone has any questions about this or any sort of like it's up to some questions you'd like to bring up right now before we even get into our main topic. Kerri Lemoie: You I will start an email thread on this later today and then feel free to respond to that and add whatever you'd like to this board also feel free to reach out to me directly if you'd like to just talk about it some more I am I don't have a lot of understanding of what governance is I've seen it implemented in various ways and I've heard of some really interesting ideas for Registries Registries and things of that nature I've also heard a lot of. Kerri Lemoie: Fusion between what accreditation is and what VC governance is and so I thought it would be a good idea for us to really gather as many questions that assumptions as we could so we can start tackling this over the next couple of months. Kerri Lemoie: Critic you some tea so James like to write you to participate and and present what you have for us I will stop sharing my screen so you can do that like you. Topic: PDFS as VCs with James Chartrand from McMaster University Kerri Lemoie: How you doing James nice to see you. James Chartrand: Okay thank you I'm good yeah. Kerri Lemoie: One thing you might want to do James's turn off your video because we've been having some problems with memory issues the jitsi and I'd love to record as much of this as possible so. Kerri Lemoie: Awesome yes thank you. James Chartrand: Yeah I just turned it on for a sec so people can see what I look like here we go sure so share my screen. James Chartrand: Sorry I'm looks like I'm having to go through and. James Chartrand: So it's I'm going to have to restart but I will be right back. Kerri Lemoie: Okay Dimitri while we're waiting for James to come back to you want to sort of approach to subjective credentials displays and wallets. Dmitri Zagidulin: Sure yeah so with invisi edu here we've got two pressing problems that we need to solve we've got to pain points one is so we have these verifiable credentials that are going to be displayed in wallets but we also would like. Dmitri Zagidulin: To bind them to more traditional display artifacts such as PDFs and that's what James is going to be talking about and then the second one is also on the subject of display slightly different somewhat related we want issuers to be able to specify exactly or at least advised to wallets verifiers and other software how to display the credential because at the moment every single wallet everything would be so. Dmitri Zagidulin: A soft fire. Dmitri Zagidulin: On in the DC world is some way out now there have been precedents in for example open Badges and and some other VC projects that have used things like embedded images to specify how the credential should be displayed and that's that's the other topic that would like to touch on today but James is back so over to you. James Chartrand: Okay so maybe I'll just get a very quick bit of background so this is a project at McMaster University and it's a joint project between the faculty of engineering and the office of the registrar there they got into SSI a couple of years ago and started out with lock certs so kind of one of the precursors to I guess verifiable credentials and we at the time started out with a very. James Chartrand: It's a relatively small pilot. James Chartrand: Like like 50 students where we issued certificates so not degrees and they were issued to the students as a batch and went into the block search wallet and that's where the student held the certificate and they would share it from there and it was all Json that went very well we then went and decided to do degrees so issued for very small cohort of students maybe 50 students in the faculty of engineering their actual degrees again they. James Chartrand: They lived in the block search wallet and the students shared their. James Chartrand: That also went very well and then when covid hit the registrar thought and so when covid hit there were a lot of problems Distributing will they were alone all sorts of problems but among them was Distributing the degrees the paper copies of degrees to students so rather than mail out all of the copies the university decided to also offer the option to get the digital copy of the block. James Chartrand: Shorts and they open that up to. James Chartrand: And remarkably that went very well as well and there was massive uptake it was 80 something percent of students chose to download a copy of their degree everybody was super happy with it blocks Arts was great but at that time as a result of our work we kind of got introduced to the DCC and eventually joined the DCC and from there we're introduced a verifiable credentials and. James Chartrand: Centralized identifiers so wanted to move. James Chartrand: Our prior blocks our system to verify with pensions and decentralized identifiers we also wanted to move off of the Bitcoin blockchain which is where we've been just where our blocks our system anchored hashes of the credentials and we wanted to move off for a couple of reasons one is gdpr and similar kinds of privacy laws where it seems It's not entirely clear but it seems at times as though even hashes aren't allowed on a blockchain. James Chartrand: For us with the degrees it was fine. James Chartrand: As the degree information is public information and so the fact that somebody got a degree from McMasters public information and so you know we thought it was decided that that was okay to put that up permanently on the Bitcoin blockchain even even though it was just a hash anyhow also wanted to get off the Bitcoin blockchain because we wanted to move from a batch issuance which is what we're doing with blocks hurts where you know the entire cohort at graduation time so thousand. James Chartrand: It's whatever would all get their degrees at once. James Chartrand: It was all a Merkel took all the credentials were hashed together into a Merkel and the Merkel was put up on the Bitcoin blockchain and so that made it you know affordable but with Rising transaction costs on blockchains like Bitcoin and fact that we wanted to move to an on-demand issuance system where a student could request and get their credential or degree immediately but if we were to Anchor every one of those on the Bitcoin blockchain. James Chartrand: The cost would become likely. James Chartrand: Exorbitant so anyhow we wanted to move to verify the credentials decentralized identifiers talked to the registrar thought maybe we should start with a pilot again she suggested this is Melissa pool is the Registrar of McMaster very forward-thinking registrar she suggested that we take a look at letters that the registrar's office issues to students to confirm basically student status in different ways so like the letter that you see up there on the left which control confirms the enrollment details. James Chartrand: Or student so these are letters that students use say when they're applying. James Chartrand: Job if the letter say says that they've earned their degree they are also used but things like getting a better student bank account freeing up money from your student savings plan or incoming foreign students might use one of these letters when they're applying for a Visa coming into the country. James Chartrand: And so we thought great and initially we thought okay we'll just do it the same way will issue Json copies so you know the actual verifiable credential as Json to the student and it will live in a wallet but we in talking to some of the people in the registrar's office realized that just wasn't feasible because these letters are often they pretty much need to be PDFs because of how they're used so. James Chartrand: In some cases they're uploaded as. James Chartrand: Application process say if you are applying for a Visa and you need to upload a letter confirming your status the system will only take you know an image or a PDF and that's later reviewed by somebody who looks at it so if it had been Json they wouldn't you know it would be nonsensical to them and they wouldn't know what to do with it also sometimes the letters do need to be printed off and handed to somebody like say when a foreign student is riding in the country and the way it works in Canada is you. James Chartrand: To process your visa application as you as you step off the airplane. James Chartrand: Typically you've got all your papers you know you know folder and you present them to the agent the agent goes through them and reviews from them decides yay or nay so it had to be printable as a paper copy okay so I will take you very quickly through what we've built here this is totally integrated into the Microsoft Azure authentication system on campus and draws data from a back-end PeopleSoft system. James Chartrand: Go to this web browser on the right this is where the student would write this again is just a pilot nothing here is in production and the dire warnings there are because rightfully so the registrar is concerned that we don't want anybody to think that this is the system that's being used at McMaster University because then you could imagine scenarios like the student arrived a student arriving at. James Chartrand: The border agent of the. James Chartrand: Thanks this is what they should thinks that they should be getting a copy of a letter like this with a QR you know and then doesn't accept one without a QR so we're being extra careful not to make anyone think that this is a production system okay yeah so I am here I'm a student I will login. James Chartrand: I will request a letter we've got the red star chose four different letters I'll choose confirmation of status so that kicked off a dynamic process in the background it pulls the information from the PeopleSoft system based on the student login ID assembles the PDF letter I'm using I think Jace PDF some kind of JavaScript PDF library to construct it on the Fly insert the information at the same time. James Chartrand: I turn the information into. James Chartrand: The information into a verifiable credential then into a verifiable presentation then use digital bazaars amazing libraries and be pqr to produce the QR code which I then insert into the PDF which you can see down in the bottom right hand corner of the letter on the left hand side and then return it to the student so it's been downloaded and it's in my downloads there I will show you a and so anyhow it corresponds exactly to the letter that you see on the left here. James Chartrand: Now the student can of course take. James Chartrand: In email it to somebody that can text message it to somebody they can do whatever they want to with it they can use it as many times as they want to so say they emailed it to me and I'm an employer I can come to this website potential Sonic Master don't see a pretty much have to know in advance that that's the website to which I should go and of course you know I'm sure people rightfully point out here that there are significant problems with this among them are that. James Chartrand: Um somebody can fake the verification website but I think that's a general problem in any case assuming I know to go to credentials dot McMaster C.C a I arrived there I choose verify letter I will choose to upload a letter file I choose the file upload and it does its verification on you know the usual way of extracting the BC from the qur an and then doing the verification one kind of interesting thing that happened there is that. James Chartrand: What I did what the code did and first of all. James Chartrand: That code is running entirely in the web browser there's there was no call back to the server there so it took the it was another JavaScript library that took the PDF opened it up found the QR image inside the PDF and then from there and vote the digital bizarre libraries to extract the VC and run the normal verification okay so that was one kind of verification now I will show you. James Chartrand: Printed copy of that letter the sitting on my desk here and I've got my phone hooked up which you can see on the left so I will choose sorry so I'm going to go over here to my phone and it's the same webpage this time I will choose her if I let her again and I will choose scan QR on letter L. James Chartrand: And again at 35 exactly the same way and that's it that's it's a super simple system which you know we kind of figures one of the appealing parts of it there's it's dead simple so extremely easy to use some of the challenges that we still face or that I guess we Face our somebody could fake the PDF so they could change some of the details that are within the PDF we kind. James Chartrand: Dove deal with that a little. James Chartrand: By virtue of the fact that the entire that sorry what's in the BC that's in that QR code contains the critical information that somebody would want to verify so up there on the left and my phone you can see that the down below it says undefined undefined because we're blanking out student information for this and it says is registered at McMaster University is a full-time undergraduate student for the 2028 term so it. James Chartrand: I was there what was inside the veritable verifiable credential So what had been signed and you know doesn't show. James Chartrand: What was in the PDF nessus I mean it is what's in the PF but it's only what was in the verifiable credentialing confirmed but of course somebody could take the entire PDF and they could put a fake QR code on there and they could provide a fake link and if somebody didn't know to go to the McMaster web page to verify this they would they could very easily be fooled the other thing that we would very much like to do is to start to move. James Chartrand: From these letters. James Chartrand: Towards something more like a student ID because what we've got here is effectively a student ID I mean it declares the student status but we'd like to take a you know a little step further and start to use it within a wallet like the DCCC wallet as a replacement for the plastic student card in which case we would have to put more information into it and in particular would have to put a student photo into it and at that point. James Chartrand: Point the verifiable credential would be. James Chartrand: It inside a QR code so this is where I think Dimitri was talking about this a little bit before I got started that we need to start to think about how we can transfer some of that information and one way is maybe to create a kind of ephemeral storage for the full DC and the QR code simply points to that storage and it might be encrypted as well and we passed the key to the verifier so anyhow different kinds of things to start to look at after that and that works out well because I'm done no I. James Chartrand: I know it's great you're going to restart it but. Kerri Lemoie: Sorry about that I'm not going to start the recording but the transcriber we'll keep going so we'll take it from there thanks. James Chartrand: So I am is so any questions that anybody has feel free. Kerri Lemoie: Don't see any questions in the queue right now James what are some common questions that you've gotten besides say the QR code issues and the faking of PD PDFs. Kerri Lemoie: Or have you already covered those terms of what you told us excuse me. James Chartrand: Yeah I think I covered them. Kerri Lemoie: Okay I do see Phil Long in the queue so I'm gonna call in fill her. <yashwardhan> what was the acceptance level of administration? <keith> I think its a great solution bridging the legacy world with the new digital world. Kerri Lemoie: Phil Long you have a give the floor if you can hear us. Dmitri Zagidulin: And you're speaking you're muted. Kerri Lemoie: Yes okay why don't I call on Marty Marty you have the floor and can come back we'll add them back to the queue. Marty Reed: Sure thanks James for this question a couple questions one you know how do you how do you handle revocation or. Marty Reed: Or how do you handle versioning or do you is that part of this. <kerri_lemoie> @yashwardhan - I'll ask your question next James Chartrand: The simple answer is it's not part of it the idea with these legs and this is one of the reasons that we chose the letters as kind of a starting point is that they in a sense it expire then the other way where are they. James Chartrand: Dated letters and so--. James Chartrand: Are no longer useful after a given day so exactly the same way the paper letter would have you know become dated at some point it would be very nice to be able to revoke them and at some point I mean once we have a relocation system in place we would do that and I think at that point it would just work like any other room relocation system for credentials. Kerri Lemoie: I feel before you go I'm sorry I'm going to call and I yes I'm going to ask you a short answer question what was the acceptance level of administration. James Chartrand: It probably depends with part of the administration the registrar has been incredibly supportive and as I said before is very very forward-thinking I don't know that at other universities registrar's would look at it quite the same way however generally we found that whenever we've shown this to anybody within the administration you know they pretty quickly. James Chartrand: We see the benefits of it. James Chartrand: And the fact that it's extremely easy to use you get instant verification so I would say it's almost it's almost always the case that we get very very positive feedback from everybody within Administration and I suppose another way of looking at it is they've continued to fund this so that's a pretty good indication that people can see the value of it. Kerri Lemoie: Yeah totally alright Phil on you have the floor. Phil_L_(P1): Yeah apologies can you hear me. Phil_L_(P1): Okay I was curious that you mentioned that you did internally decided that the need to use sort of existing processes and systems which were PDF depend if you will lead you at this stage to focus on encompassing the verifiable credential as an attachment to the PDF through the QR code but I was wondering is. Phil_L_(P1): And some sense looking at the rendering of the data in a Json file into something that could be more approximating a fully rendered text document of the sort to PDFs generate as a second phase so that you didn't have to deal with that particular problem that I suspect Dimitri's going to be talking about in later in the session or was there some other reason beyond that other than the not wanting to have to. Phil_L_(P1): Icon building a renderer that could make it look pretty for. James Chartrand: Yes so initially we thought that we would send these credentials down into our what a digital wallet you know on somebody's phone and then from there they would share it and you know possibly even at that point PDF could be automatically generated from the wallet directly but. James Chartrand: Talking to the registrar's office they made it pretty clear that students expect at the moment a PDF and that's almost always how they use this thing and so kind of introducing a wallet into it just overcomplicate it they basically just need to go to this website Download a pdf and then use the PDF if it went into a wallet and then they had to do something from the wallet then they'd have to install the wallet app today. James Chartrand: Deal with what was in the wallet so. James Chartrand: Only just that for this pilot it's what made the most sense I don't know if that answers your question. <deb_everhart> but isn't the wallet the way the person controls the record? James Chartrand: Yes yes exactly. Phil_L_(P1): No it does it I think that you're making a very Salient point that there's only so much transition you can make in one jump and at and the bigger problem isn't the technology so in so much as it is the humans that need to be able to feel comfortable with it so I think that's a very good observation thank you. James Chartrand: Yeah and it was also very very easy well it was relatively easy to do what we did you know the amazing libraries that digital bizarre provides and they you know the amazing all of the amazing libraries that are in mpm just made it pretty easy to put this thing together and produce something that's actually is immediately usable. Phil_L_(P1): Got it understood. Topic: Credential Display in Wallets Discussion Dmitri Zagidulin: Thanks so I wanted to respond to Phil's question real quick and then touch on the two points that Marty brought up in terms of your question Phil. Dmitri Zagidulin: And why the approach of the PDF rather than being able to embed the display logic in the VC we need both we definitely need both will be talking about the display logic part are shortly but I wanted to highlight that one very important point. Dmitri Zagidulin: In a way. Dmitri Zagidulin: Producing a PDF or rather binding. Dmitri Zagidulin: From a PDF to a credential shortcuts the need for a widely deployed verifier architecture and widely deployed wallet and display architecture because everybody from students too. Dmitri Zagidulin: Admission counselors to border guards knows what to do with either PDFs or paper. Dmitri Zagidulin: A binding from PDF to credential your you doing sort of progressive layering your you bootstrapping the whole ecosystem oh Natasha real quick on the two points that Marty brought up which is about revocation and about versioning. Dmitri Zagidulin: Put lipstick revocation first one thing that I want to highlight is and James touched on this already. Dmitri Zagidulin: Separation is an alternative mechanism to versioning so Ian a couple of use cases such as when you have a printed piece of paper or a generated PDF with the student hens over. Dmitri Zagidulin: There's no way to do revocation there or if there is it's very crude like putting a footer down down at the bottom that says before accepting this please pick up the phone and call this admission officer to make sure that's still valid right that's that has both privacy implications and is incredibly awkward usability wise so what what that project does is use expiration. Dmitri Zagidulin: As a risk mitigation mechanism. Dmitri Zagidulin: Same way that replication is used so just wanted to highlight in those cases where you can't do revocation the forget that exploration plays the same. <kerri_lemoie> I've been working on an LER interoperablity spectrum that is open for input/opinions: https://docs.google.com/document/d/1fwMNbrFL78bVWnZ0BmObFBJnj0uGnFHhR00frybUiTA/edit Dmitri Zagidulin: Same method the other thing that I wanted to talk John or a rather ask a clarifying question about is versioning can you tell us a little more what are what do you mean by versioning of of credentials what are some use cases where you would immersion it thanks. Marty Reed: That a question for me. Dmitri Zagidulin: Yes if you don't mind. Marty Reed: Oh yeah sure so well at least in the open credential publisher project we have the idea that transcripts can be issued as verifiable credentials to a student however they may change until the official transcript is released and so we're just thinking about you know versioning. Marty Reed: As far. <john_kuo> Wouldn't that be more of a lineage of revocation and re-issuance? Marty Reed: You know as that transcript is updated do we need to replace the existing credential in the wallet do we need to call home and and check for a new version of that credential so into your to your expiration point you know that is one one thing that we've definitely you know looked at. Marty Reed: From a from a verification standpoint but that's that's the use cases like the the transcript may be issued to a wallet prior to its being quote unquote official and so in that case you know the desired functionality would be that you know a student would go in look at their credential and it would say hey there's a new version of your credential would you like to download that now. Marty Reed: And also. <dmitri_zagidulin> @John - revocation (of previous versions) might not be needed or appropriate. Because each VC says "at this point in time the following is true" <dmitri_zagidulin> revoking such a VC says "actually, that VC WASN'T valid at that point in time" Marty Reed: For like a teacher teacher license a teacher could have a license with multiple endorsements attached to it that license can be updated over time to add and subtract endorsements and so for professional licenses there's this idea of you know versioning and updating endorsements within the existing credential. Dmitri Zagidulin: Got it I think if I can jump the queue real quick so that makes a lot of sense and this sounds like a great topic for a future call the particular question of versioning of long-run credentials such as a medical history employment record or transcript sounds like there's a lot that we want to discuss their. Dmitri Zagidulin: I do want to touch on. Dmitri Zagidulin: Something that was brought up a question by John and Chad of would you be able to implement versioning as a series of revocation and reissuance and as I pointed out in chat that. Dmitri Zagidulin: Visions yes revocation might not be required or even even allowed there because essentially each one of those success of their fiber credentials are snapshots of something that is true at that point in time so much by the way our paper existing paper credentials already have this notion of versioning intuitively such as a bank statement that says this is what we know to be true as of this point in time. Dmitri Zagidulin: And then later if. Dmitri Zagidulin: If another transaction comes in or if the bank changes something. Dmitri Zagidulin: The bank statement looks different but at that point in time that was the views similarly what we're saying with the transcript is at this point in time this was the snapshot and by revoking such a verifiable credential we're essentially saying no that wasn't true of that time right revocation doesn't mean there is a newer version available it means whatever was said then is not true thanks. Kerri Lemoie: Thank you Phil you have the floor. Phil_L_(P1): Thank you I didn't that I think Dimitri is what I was asked about in the versioning system that Marty was describing which is if let's say that a new version is available when the individual opens their wallet to look at a particular credential presumably the credential the wallet has been has been informed that there is a new version available to prompt them to do that if the individual. Phil_L_(P1): chose not to I'm. <marty_reed> On the revocation discussion, I'd love to hear/see any demonstrations of revocation. Dmitri Zagidulin: Wicked can you ask that again about the Third. <marty_reed> currently validation fails if there is a new version in the parent system Phil_L_(P1): Assuming that you would you're saying that the validation would fail when if they decided to send it to a third party and I just wanted to verify that that's what the intent in the current thinking would be and I guess sure yes that you know the way in which the question was posed to the person holding the wall at the holder is that there's a new version the credential available. Phil_L_(P1): I presume you. Phil_L_(P1): Declined to accept that and just send the existing one you have because it is signed and the like the question is is the presumption that the verifier knows the new exhibit new version is available somehow and therefore would decline verification of the one that was sent to a an employer or some other entity and they then chose to verify try to verify that one. Kerri Lemoie: Feels bad I'm question who is that question directed Up. Phil_L_(P1): Well it to put to full 12 Marty because he talked about it in the ocp but I'm also interested in McMaster case because it sounds like the way it's currently designed the coming back to the Mother Ship so to speak as part of the current designs of the system which would potentially allow them to be able to decline a credential that's been updated and the individual has failed to download the newest version so I just want to verify that too. Kerri Lemoie: Okay to be introduced by and holding in the queue for one moment so James and Marty could reply. Dmitri Zagidulin: Not at all sure though I do want to reply to that as well. Kerri Lemoie: Okay great tips. James Chartrand: Um so this is actually something that we've talked about a lot of Ink Master in the context the context of transcripts which is something that we would like to issue this way but my suspicion is that different registrars will have different policies and some might be fine with the kind of the snapshot in time and having a whole load of those circulating around and it's up to whoever's you know verifying the transcript to make sure they've got the latest and greatest. James Chartrand: You know as they would. James Chartrand: Copies before but I suspect in some cases the registrar would like to have more control over that and make sure that people are getting the latest copy fill you asked if at McMaster we might exert some control at verification time over what's available what's you know considered the latest and greatest and I mean we're not anywhere near there this is the pilot that I showed is pretty much what we've got for this. James Chartrand: So we. James Chartrand: Have anything beyond that however my guess is that at McMaster. James Chartrand: They would want to indicate in some way that a newer version was available so you know so which is another way that it could work is simply that when you come to verify a check is made against a relocation list which might also show not just that something had been you know there might be different levels of relocation or different types of relocations so. James Chartrand: You know as Dimitri said you. James Chartrand: Means that the credential is no longer valid but you could imagine having a different type that's Ed's the credential is old and there's a newer version so that's a possibility and that I also wanted to just say quickly that yes the verification does come back to McMaster at the moment but only in the sense that you load the web page the actual verification is happening entirely within the web browser within the JavaScript so there's no phone home going on there. James Chartrand: We could so any kind of you know check on the validity of a transcript would have to check a re vocation or status list of some sort hopefully that answers your question. Kerri Lemoie: Thanks James Marty. Marty Reed: So I kind of have a layered answer one is that in the simplest form that verification fails if the issuer decides that that credential is no longer valid so it's a call home to the publishing service that that request that verification now I will say publishing to Sovereign base wallet. Marty Reed: Lisa the VC. Marty Reed: It's you know again not elegant I'm not known for Elegance but the VC that is issued to the wallet is verifiable and then the payload itself must be verified to the issuer as it's basically a self-published or self issued VC at that point so there's there's two layers to the approach but we're exploring different different methods but that's how it works right now. <deb_everhart> don't registrars already submit "in progress" student data, such as NSC PDP data reporting and current enrollment requests from students and others, such as the enrollment letter shown? Kerri Lemoie: Thanks Marty Dimitri you have the floor. <deb_everhart> I thought in progress reporting was a common use case Dmitri Zagidulin: Thanks so I wanted to add to the discussion that so one I think versioning is a really useful mechanism we should an issue on it on the PC you do you repo and discuss it continue the discussion in depth on a future call I just want to say we already use something like this. Dmitri Zagidulin: SeaWorld but in the w3c spec World each draft of the spec says here's the snapshot as of this date but go check over here here's the canonical location of the spec please check to see if it's it's been updated so it might make sense for us to explicitly able to specify this is a version where fiber credential and this is not a version where fiber credential the example of non version verify. Dmitri Zagidulin: Credentials for example. Dmitri Zagidulin: Here's an age verification credential that somebody is over 21. Dmitri Zagidulin: That statement is never going to change the thing that can change is that it could be revoked. Dmitri Zagidulin: They used fake ID or whatever however there's no there's not going to be an updated version like they're always going to be over 21 until they die is ETC but that's a different problem so let's open an issue this might be a really useful item for this group to work on. Kerri Lemoie: Yeah I agree let's definitely do that does anyone else have any other questions for James or James you have anything else you'd like to add. James Chartrand: No I think I'll take a look at this time so I'm good thanks thank you very much for having me. <phil_l_(p1)> Thank you James. Great work! Kerri Lemoie: Now we appreciate it we appreciate it thank you very much doing chairman and hand things over to you so you can talk to us more about the while it display just continue on that discussion. Dmitri Zagidulin: Thanks Kerri okay so let's look at thank you again very much James and let's look at late logic short of it is. <deb_everhart> thank you James! Kerri Lemoie: +1 Great work! Dmitri Zagidulin: Pretty much all the while the projects are up against this this use case this need we need to be able to specify how to display the credential either HUD specify to the pixel or give some suggestions. Dmitri Zagidulin: https://github.com/w3c-ccg/vc-ed/issues/16 Dmitri Zagidulin: So this is perfect group to make a recommendation test it out and then make a proposal to Upstream to the ccg and to the verifiable credential working group so I'm going to have issued number 16 on our repo talking about this I add a couple of notes of use cases. Dmitri Zagidulin: And so I'd like to ask people disease did he sound reasonable are there. Dmitri Zagidulin: Either use cases to this display specifying the display logic that we should add and then we can propose a mechanism in the next calls and get dry so essentially. Dmitri Zagidulin: I was not able to pull up the credentials the GitHub issue. Dmitri Zagidulin: We need to specify or advise. Dmitri Zagidulin: Any sort of VC consuming software how to display that VC. Dmitri Zagidulin: We need to support both cases. Dmitri Zagidulin: Display logic is completely embedded in the credential or. Dmitri Zagidulin: Display logical if somewhere else so you we're linking to an image file or an SVG file or an HTML template somewhere else and we just linking to it from the credential so that when it comes time to display it display software go use that template. Dmitri Zagidulin: Obviously when we're embedding the display its Integrity texted by the verifiable credential signature itself. Dmitri Zagidulin: Always we're using linking we definitely want to recommend using a digest hash like the anchored resource mechanism. Dmitri Zagidulin: We probably should be able to specify the content type of the logic but this link or this embedded logic is PDF and HTML and so on. <phil_l_(p1)> The anchored resource mechanism has greater applicability to other cases where the size of the "thing" is too big to be included within the credential itself. Dmitri Zagidulin: And we should talk about the preference of the credential display being cross-platform right if we're going to we're going to have a template if we're going to have an image you'd be great if we could just specify one and it would work across all platforms mobile desktop and so on but is anybody who works in web design knows that is an almost on achievable dream so given that as a second step we should provide mechanisms. Dmitri Zagidulin: That say okay if you're using this. Dmitri Zagidulin: Of device use this Logic for using a much more constrained device or a much bigger screen then use this logic fortunately we have prior art for both images and stylesheets in general so lot of HTML world has the technology that says if you're viewing this page on a mobile phone display this way to using it on desktop display this way if you printing it then use this way so we should we should be mindful of that. Dmitri Zagidulin: Let's see we got six minutes. Dmitri Zagidulin: Love to hear from from the group are there other considerations are there other input requirements for this item. Dmitri Zagidulin: Keith go ahead. Keith: I think maybe I can just dig deeper on display because I think that there can be differences in how well it's display information like what's it take Atticus talk about what kind of information like typically I mean other while it's that I've been involved in you just say things like issue or info like contact support info and then the contents of the VC itself and maybe images so like I've often thought that while it vendors can independently choose how to show that information but I do I mean I totally agree with you. Keith: a point that when you want to display things like issuer logo. Keith: This PDF image then you need ways that wallets you know you don't want to get a crop properly you want to be able to get it sized properly as you can display it properly is that what you mean by this because is that what you mean by display a my capturing it correctly or are you mean other things as well. Dmitri Zagidulin: Yes yes no that's it and you're absolutely right that it should be optional. Keith: And I just like it's up to wallet that I mean that's kind of the beauty of the market is that the the wallet with the best presentation kind of will you know be preferred be preferred by consumers is that rather than some sort of like trying to do static what is it often like display will be one of the key areas of differentiation between wallets how well they do display. Dmitri Zagidulin: So you're absolutely right though I do want to say that they're still in need to be able to do this optionally as well James go ahead Joe. James Chartrand: Yeah so I mean just one of those needs to do it statically is as I mentioned before one of the things we'd like to do at McMaster is how the student basically. James Chartrand: Create the plastic student card inside a wallet and we want to try to make it initially you know as kind of a progressive introduction of this to make it backwards compatible and so therefore we want to include the barcode that's on the plastic student card and possibly also a QR code that somebody could use to similarly scan their student ID so you know it's unlikely that a wallet will know how to. James Chartrand: A show those kinds of things or even know to show. James Chartrand: So if we could instead just provide a single image that's shown in the wallet or a student card or for a student ID it could be pre you know pretty constructed with the barcode down at the bottom with the student image on it with the logo of the University so basically again recreating the pretty much the same image image that's printed on the plastic card. Dmitri Zagidulin: Thanks James you've got a couple minutes left Andy go ahead. <kaliya> QR codes that are static with VC s dangerous Andy Miller: I was wondering your thoughts about the use case of where the VC is actually embedded in the image or PDF that's centrally how open badges that's it now I'm baked badges is a PNG or SVG that has the credential in baked into it using the structured data. Dmitri Zagidulin: Great question that that should not should be another item of discussion Phil go ahead. Phil_L_(P1): Yes I guess what I wanted to say that it seems to me that the hash link approach that you described is actually a broadly applicable to any kind of circumstance where the content of an object is bigger than is reasonable to include in the in the VC itself and so by you know focusing on how you would apply that to different circumstances such as the image on a card and what's presented when it's displayed. <kaliya> Very dangerous because the can be super easily copied and replyed Phil_L_(P1): then is the composite of the polled image from wherever the Third. <dmitri_zagidulin> @Kaliya - great point <dmitri_zagidulin> which suggests the need for templating (rather than static image) Phil_L_(P1): And the rendering of the thing of the way it's done traditionally on the plastic would be indistinguishable from the plastic itself so I think that's the probably the most productive approach and the one I would urge us to consider the biggest problem that that and UND just described is the the same problem of payload size you can do that for small DC's but you can't do it for VCS that contain much like evidence and things like that. Phil_L_(P1): that thanks. Dmitri Zagidulin: Thank you two minutees left James go ahead. James Chartrand: So just about the of the idea of using a hash link for I think there might be privacy concerns there so we might not want to have the student information so and in particular say their photo at a URL you know available add URL we would want to keep an entirely embedded within the credential the so that's just one concern possible concern. Dmitri Zagidulin: Thanks James and Kalia. <phil_l_(p1)> are there privacy concerns there if the destination is itself encrypted? Kaliya: I'll just say what I said in chat stata QR codes. Kaliya: And I guess the same is true for barcodes but you know static QR codes with verifiable credentials within them that are signed are very very very dangerous the reason being is that they are entirely copyable and replayable. <phil_l_(p1)> Excellent point Kaliya Kaliya: Is this not true of verifiable presentations that are you can't copy and replace because their presentations not the original credential so I have an unfinished but readable paper about this largely written by John Jordan that I think I'll try and send a list I'm sick right now otherwise I'd send it to chat right now but. Dmitri Zagidulin: https://github.com/w3c-ccg/vc-ed/issues/16 <kerri_lemoie> Thank you! Dmitri Zagidulin: Thank you so much Kelly and we hope you feel better soon alright so everyone please let's continue the discussion on issue 16. Dmitri Zagidulin: And a quick questions before we adjourn go ahead. Dmitri Zagidulin: Thank you everyone. Kerri Lemoie: It sounds good nope I would just say and that's good that's take a look at that issue and keep it going we can revisit this in the near future thank you so much James and Dimitri appreciate it all thank you. <phil_l_(p1)> Thanks!
Received on Thursday, 21 April 2022 17:53:36 UTC