W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

GitHub DIDs & VCs for Supply Chain Traceability

From: Orie Steele <orie@transmute.industries>
Date: Mon, 7 Mar 2022 12:50:38 -0600
Message-ID: <CAN8C-_KsUEW351ufHPF_sE71ExwsvLTFJGy-wX65iPSkGbUQgw@mail.gmail.com>
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>

I wanted to share some very recent (experimental and unstable) work we've
done to enable Decentralized Identifiers
 and Verifiable Credentials
assist with the software supply chain.

Here are the links:

- https://github.com/transmute-industries/verifiable-actions

The key idea is to enable github actions to sign and verify credentials
that conform to the W3C Verifiable Credentials standard (which in turn
supports various envelope formats including JOSE, COSE and PGP).

The issuers are identified with W3C Decentralized Identifiers, which
provide a layer of interoperability for public key identifier registries.
The key value of this standard is the ability to support both traditional
public key based identifiers, web resource based identifiers and
blockchain based identifiers in the same data model.

The examples in the repository links above demonstrate support for these
standards using did:key
 and did:web
however I am one of the editors of the Sidetree Protocol
is what powers did:ion
is being developed by Microsoft and other DIF members...
The GitHub examples I provided will also work with did:ion.

Feel free to raise issues on any of the repositories linked, or ask me
questions directly by email if you are not comfortable commenting on a
public repo.


Chief Technical Officer

Received on Monday, 7 March 2022 18:52:03 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC