W3C home > Mailing lists > Public > public-credentials@w3.org > December 2022

RE: [PROPOSED WORK ITEM] Verifiable Issuers and Verifiers

From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Date: Fri, 16 Dec 2022 21:30:46 +0000
To: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <MWHPR1301MB20949219F68DDBA77672E933C3E69@MWHPR1301MB2094.namprd13.prod.outlook.com>
Manu, what is your working definition of a Verifier?  

Is it, for example:
a) A Requesting entity to wants to verify the authenticity of a VC (or VP) it has received? ...or...
b) A Verification Services entity that performs verification services at the request of a Requesting entity?
c) Something else

The current VC spec is vague/confusing in this regard (and hence, so is this proposed work item).  Often a Bank is used as an example of a Verifier but it is a poor example because a Bank can belong to either or both of the above roles at the same time.

Best regards,

Also logged as VCDM issue 3 weeks ago: https://github.com/w3c/vc-data-model/issues/984 

-----Original Message-----
From: Manu Sporny <msporny@digitalbazaar.com> 
Sent: Friday, December 16, 2022 2:16 PM
To: W3C Credentials CG <public-credentials@w3.org>
Subject: [PROPOSED WORK ITEM] Verifiable Issuers and Verifiers

Hi all,

A number of us have been collaborating over the past couple of months via Rebooting the Web of Trust, the Internet Identity Workshop, and weekly calls to unify the way anyone can share lists of issuers or verifiers that perform a particular function in an ecosystem. This work item is designed to answer questions like: "How can I trust that this diploma is real?" or "Should I send my digital ID to this person that is claiming to be law enforcement?". A draft version of this industry survey work can be found here:


We'd like to turn that paper into a W3C Credentials CG Work Item. The work item focuses on how a party or its agent can decide whether or not to engage with a counterparty in a transaction (that is: "Can I trust X to do Y?"). The purpose of this work is to enable a party to share a list of Verifiable Issuers and Verifiers in a way that is useful to a particular transaction. The very drafty specification can be found here (and will be migrated to CCG if the group adopts the work item):


Please support the adoption of the work item in CCG by adding your support in a comment here:


Work Item Leads: @hendersonweb and @msporny (CODEOWNERS) Work Item Authors: @tsabolov @Oskar-van-Deventer @shigeya @lineko @RieksJ (expect these folks to also be CODEOWNERS)

> Explain what you are trying to do using no jargon or acronyms.

In the Verifiable Credentials ecosystem, it is currently difficult to know if you can trust the issuer of a Verifiable Credential. It is also difficult to know if you should send a sensitive Verifiable Credential to a Verifier that is asking for sensitive information.
This specification provides a way to share a list of Verifiable Issuers (Universities that are accredited to issue Accounting degrees) or a list of Verifiable Verifiers (National Border Protection Officers that are authorized to ask you for identification documents) to be shared such that entities can make decisions on who to trust during particular transactions involving Verifiable Credentials.

> How is it done today, and what are the limits of the current practice?

Today, Verifiable Credential software needs to be configured by a systems administrator or an individual to specify which parties they trust to issue certain credentials or to receive certain credentials.
Since there can be thousands of issuers and many more verifiers, it would be helpful if there was a standard to create lists of "trusted parties" that people could use as a starting point to understand who they can trust for certain credentials.

> What is new in your approach and why do you think it will be successful?

Our approach started by performing a broad industry analysis of many of the initiatives in the space to gather commonalities among all of the initiatives and then attempted to put the commonalities into a consistent set of use cases, requirements, data model, and serialization formats. We have proponents from many of the initiatives directly involved in the analysis and the work and expect those contributors to continue to provide input into the work ensuring broad alignment among a global set of stakeholders in a variety of industries.

> How are you involving participants from multiple skill sets and global 
> locations in this work item? (Skill sets: technical, design, product, 
> marketing, anthropological, and UX. Global locations: the Americas, 
> APAC, Europe, Middle East.)

We started the work at Rebooting the Web of Trust 11, which included participants from the Americas, Europe, and Japan and included work from a variety of global initiatives. We then circulated the work at the Internet Identity Workshop 35, which included participants from Australia (in addition to the previous regions). We expect to continue to engage at venues around the world as well as venues online with a diverse set of stakeholders (such as the CCG, ToIP, DIF, and other communities).

> What actions are you taking to make this work item accessible to a non-technical audience?

We are attempting to provide a gentle introduction to the topic via a non-technical introduction in the specification as well as non-technical use cases with imagery that is accessible to the general population. The people that contributed to the work come from academia, government, and private industry -- we are actively seeking more diverse inputs via forums such as RWoT, IIW, and the CCG. We plan to create presentation slide decks that outline the work in its conceptual form so that non-technical audiences may engage with the work. We are open to other mechanisms that could be used to improve the input into the document.

We look forward to discussing this potential work item on the mailing list as well as on a future call.

Please support the adoption of the work item in CCG by adding your support in a comment here:


-- manu

Manu Sporny - https://www.linkedin.com/in/manusporny/

Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/

Received on Friday, 16 December 2022 21:31:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 16 December 2022 21:31:02 UTC