RE: FYI >> DHS W3C VC/DID Implementation Profile: Credential Data Model Representation Syntax & Proof Format

Hello Kristina,

My apologies for the late response; I was on leave for the last 2 weeks and disconnected from anything resembling work.

>What are the scenarios and customers who will support this profile? that also drove decisions in this profile?

They are who they have always been ... Referencing >> https://lists.w3.org/Archives/Public/public-credentials/2022Jul/att-0027/DHS.SVIP-Scaling.W3C.VC.DID.Interoperability-SHARE_20220712.pdf<https://urldefense.us/v3/__https:/lists.w3.org/Archives/Public/public-credentials/2022Jul/att-0027/DHS.SVIP-Scaling.W3C.VC.DID.Interoperability-SHARE_20220712.pdf__;!!BClRuOV5cvtbuNI!XTUw2g_i0CPNJA_7Ifv3yTqHIllQ6utz7yendzcAdgrTvlG7M2esZOsT0RBy8ay273Ia$>


  1.  U.S. Citizenship and Immigration Services (Slides 8-9) - The entity within the U.S. Government that is responsible for the benefits adjudication and issuance of some of the highest value credentials issued by the US federal government including the U.S. Permanent Resident Card, U.S. Employment Authorization Document, U.S. Certificates of Naturalization/Citizenship that are in turn consumed by the public sector and the private sector for border control, employment eligibility, residency eligibility, KYC and more. USCIS will be utilizing this profile to issue digital representations of immigration credentials while continuing to support the existing paper based issuance process.
Syntax/Semantics/Vocabulary @ https://w3c-ccg.github.io/citizenship-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!XTUw2g_i0CPNJA_7Ifv3yTqHIllQ6utz7yendzcAdgrTvlG7M2esZOsT0RBy8UkmwaxV$>


  1.  U.S. Customs and Border Protection (Slides 10-11) - The largest customs organization in the world and responsible for facilitating global trade with the USA.  CBP will be using this profile to digitize the trade documents that needs to be provided to CBP to ensure traceability and visibility of the supply chain of those goods before its import into the U.S. CBP's starting point on DID/VC based trade documents/credentials/attestations are related to the cross-border movement of Agriculture/Food, Steel, Oil, Natural Gas and E-Commerce products.
Syntax/Semantics/Vocabulary @ https://w3c-ccg.github.io/traceability-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!XTUw2g_i0CPNJA_7Ifv3yTqHIllQ6utz7yendzcAdgrTvlG7M2esZOsT0RBy8WV1DCZV$>


  1.  DHS Privacy Office (Slide 12) - Using W3C Decentralized Identifiers as a replacement for the Social Security Number (SSN) in DHS systems.
See the “DHS Privacy Office FY21 Annual Report to the U.S. Congress” linked to from here (https://www.linkedin.com/posts/aniljohn_privacy-office-annual-reports-activity-6986730003061186561-OcCp)

This DHS Implementation Profile is supported and driven by the needs of the above entities and will be required by any technical/solution/service providers they use for the above operational uses.

Needless to say, if an external entity needs to interact with these systems in order to verify DID/VC based credentials/attestations issued by them or conversely have them consume DID/VC based attestations/credentials, those external entities will need to support this profile as well to ensure that the connections operate on a common baseline of security, privacy and interoperability.

Our ongoing work in this area, over the last number of years, has also resulted in active engagement and collaboration with international government partners, state government entities (DMVs etc.) as well as retail and financial sector entities to move this forward.

>Are there any plan to extend this profile to include transport protocols, DID methods (if DIDs are used), revocation methods, crypto suites, etc. that is required for the full interoperability?

Of course! This is only one section of a complete profile that is needed for fully verified interoperability.

We are refining the pieces needed to support FIPS compliant cryptography, revocation mechanisms that prevent/mitigate phone home architectures, protocols for credential delivery and presentation to support both personal credentials under the control of individuals and trade credentials used by organizations, unlinkability, selective disclosure, credential refresh that does not introduce back-channel interactions, digital wallet and DID security/privacy/interoperability baselines, and so much more -- all of it based on lessons from running code that demonstrates and ensures verifiable interoperability across multiple technology stacks and organizational implementations as demonstrated by our own plug-fests as well as the work being done by like minded folks (Shout out to Sharon Leu and the JFF interop work) with whom we collaborate and learn from on an ongoing basis.

Best regards,

Anil


---------- message ---------
From: Kristina Yasuda <Kristina.Yasuda@microsoft.com<mailto:Kristina.Yasuda@microsoft.com>>
Date: Wed, Oct 12, 2022 at 5:28 PM
Subject: RE: FYI >> DHS W3C VC/DID Implementation Profile: Credential Data Model Representation Syntax & Proof Format
To: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>, public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>

Thank you, Anil.
What are the scenarios and customers who will support this profile? that also drove decisions in this profile?
Are there any plan to extend this profile to include transport protocols, DID methods (if DIDs are used), revocation methods, crypto suites, etc. that is required for the full interoperability?
Cheers,
Kristina

From: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>
Sent: Thursday, September 29, 2022 11:24 AM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: FYI >> DHS W3C VC/DID Implementation Profile: Credential Data Model Representation Syntax & Proof Format

Dear DID/VC Community,

Encouraging and supporting a plurality of independent, interoperable, standards-based implementations to counter vendor/technology lock-in and perverse incentives that accrue market power to entities that can result in a gatekeeper functionality between the Government and its customers has been, and continues to be, a core aspect of our work in the W3C VC/DID ecosystem.

We believe that in order to truly scale interoperability, an implementation profile that makes clear choices is critical AND that the way to create such an implementation profile is by bringing together Implementation Principles (https://lists.w3.org/Archives/Public/public-credentials/2022Jul/att-0027/DHS.SVIP-Scaling.W3C.VC.DID.Interoperability-SHARE_20220712.pdf<https://urldefense.us/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Flists.w3.org*2FArchives*2FPublic*2Fpublic-credentials*2F2022Jul*2Fatt-0027*2FDHS.SVIP-Scaling.W3C.VC.DID.Interoperability-SHARE_20220712.pdf&data=05*7C01*7Ckristina.yasuda*40microsoft.com*7C725e03419f4742349a2508daa248a9a6*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638000730278809626*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=joydOCULJZsb4Qz1BiNwkOeW6wYZfKzYXhIsE6Aco8A*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!BClRuOV5cvtbuNI!XTUw2g_i0CPNJA_7Ifv3yTqHIllQ6utz7yendzcAdgrTvlG7M2esZOsT0RBy8boDlL4l$>) with results and lessons learned from multi-platform, multi-vendor interoperability plug-fests to document choices that work in the real world -- as demonstrated by running code/implementations that demonstrate interoperability, and supporting test suites and other mechanisms that allow for verifying conformance to the profile.

We are walking this path step-by-step by documenting the results and lessons from the DHS sponsored multi-platform, multi-vendor interoperability plug-fests and other rigorous plug-fests with similar goals to develop a “DHS Implementation Profile of W3C Verifiable Credentials and W3C Decentralized Identifiers” to ensure the use of Security, Privacy and Interoperability implementation choices that are acceptable to the USG such that these capabilities can be deployed on and connect to USG networks and infrastructure.

There are many moving pieces to any such implementation, and as we make specific standards profiling choices within the scope of our use of open, global standards and specifications, we will continue our commitment to global transparency in our work by sharing those choices with the DID/VC community on an ongoing basis.

To start, please find attached the DHS Implementation Profile of W3C VCs and W3C DIDs normative guidance on:

•       Credential Data Model Representation Syntax

•       Credential Data Model Proof Format

Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Email Response Time – 24 Hours

[A picture containing graphical user interface    Description automatically generated]<https://urldefense.us/v3/__https:/nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.dhs.gov*2Fscience-and-technology&data=05*7C01*7Ckristina.yasuda*40microsoft.com*7C725e03419f4742349a2508daa248a9a6*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638000730278809626*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=uHvWIobmx*2FmgIV8DkakT69X8TkSKNK90MeL8np3kb6s*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUl!!BClRuOV5cvtbuNI!XTUw2g_i0CPNJA_7Ifv3yTqHIllQ6utz7yendzcAdgrTvlG7M2esZOsT0RBy8X-gmzBr$>[/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]