- From: Reed, Drummond <drummond.reed@avast.com>
- Date: Wed, 21 Sep 2022 12:55:33 +0300
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAD-FoVRrObAE1HPiLG68Meb=hViRxNktnwYwxQCOsyKXfE-JWQ@mail.gmail.com>
Manu, thank you much for this. Since I had to be in Dublin for the Linux Foundation Open Source Summit, ToIP Summit, and Hyperledger Global Forum, I could not attend TPAC, and your notes helped plug a big gap. =Drummond On Tue, Sep 20, 2022 at 6:54 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > What follows is an "information known to the general public" summary > of what happened last week at the W3C Technical Plenary (W3C TPAC - > where many of the global standards that drive the Verifiable > Credentials and Decentralized Identifiers ecosystem are standardized). > > There is more that is member-confidential that went on, and none of > that is covered in this email, though the most important things are > public knowledge due to the fact that W3C's Working Group minutes are > made public within hours/days of the member meetings -- hooray for > transparency! I'm looking at you, ISO (and all the other organizations > that don't make their meeting transcriptions public)! :P > > Apologies for the length, there is a lot to cover. > > ------------------------- > The JSON-LD WG announced that JSON-LD is now published by 43% of all > websites on the Internet (based on Common Crawl statistics data) in > order to achieve better search rankings. To put that in perspective, > Fetch is used by 38% of all websites. WebAuthn is used by 0.19% of all > websites (ouch). More fun browser API stats at: > > https://chromestatus.com/metrics/feature/popularity > > It is worth noting that WebAuthn is typically implemented by the big > identity providers (Google, Microsoft, Facebook) so measuring the > number of domains that use it isn't a good measure of actual usage > because everyone gets funneled through centralized IdP to use WebAuthn > -- actual people impacted is probably be much higher, if only those > large IdPs would share their numbers! :P > ------------------------ > The JSON-LD Working Group will be re-chartered to continue maintaining > the specification, with the ability to add new features. There is work > going into YAML-LD, and interest in taking up the CBOR-LD work as > well. There is parallel work also being proposed on "labeled property > graphs" (called RDF-star), which allow one to annotate properties > themselves (of dubious value to VCs at present). That work might > provide advantages to the path VCs have taken to date, but we won't > know for another 2+ years. It is explicitly not going to be disruptive > to what we've standardized to date at W3C. > ------------------------- > The DID Working Group meeting had significant attendance (40-50 > people). The goal was to settle on the next Working Group Charter. The > plan was to work towards agreeing to standardize a few DID Methods > (like did:key and did:web), and possibly start standardizing DID > Resolution. There were objections to standardizing DID Methods. If we > don't standardize at least a few DID Methods, we know that there will > be objections from some of the big-tech companies. There didn't seem > to be objections to DID Resolution or maintaining DID Core. I was able > to meet with some of the big tech companies and negotiate a potential > path forward via DID Resolution (without standardizing any DID > Methods). I still need to engage with some of the potential objectors > to see if they'd be amenable to the plan. There is a decent chance > they'll be ok with it. > --------------------------- > Support for the Verifiable Credentials Working Group is quite strong > (and growing). We were given significant air time in the all-hands > Advisory Committee meeting. The Working Group meeting hovered between > 42-56 people, which is quite large for a W3C Working Group. > There were no bombshells or any real drama to speak of in the meeting. > The group seems to be on a good trajectory. In general, doing work on > version 2.0 of anything tends to be easier than 1.0 because many of > the guard rails are already established for the work. More on > particular technology discussions that came up below. All slide decks > presented at the meeting can be found here (the ACDC slides take up > 112 slides, the other slide decks average around 10 slides per topic): > > > https://docs.google.com/presentation/d/1hrqozY2EGZ8i8y40abyEuJmIb6hCiRS-37pdj6bhBLY/edit > ------------------------------- > I spent some time with the Accessible Platform Architectures Working > Group (the group that produces accessibility documents like the Web > Content Accessibility Guidelines that the US Government follows to > ensure Section 508 compliance). As a result of the conversation, they > will be working on a Digital Wallet Accessibility Guidelines document > over the next 1-2 years to ensure that digital wallets meet the > requirements of the 60 million people in the US with accessibility > needs. That guide might be integrated (in time) into WCAG, which is > incorporated into Section 508 in the US (and into other accessibility > regulation documents in other countries). They took this as an action > during the VCWG meeting and also provided some good news use cases > that we should be interested in (for example, Verifiable Credentials > for vaccination status of guide dogs crossing borders -- guide dogs > can be kept for days in kennels if the vaccination paperwork isn't up > to date, 'causing stress for both the animal and the individual > needing the aid from the animal). > ------------------------------- > As mentioned above, the Verifiable Credentials WG meeting was fairly > uneventful. Orie did a great job counter-acting some of the explosion > of complexity being suggested for the core data model and keeping > things simple via JSON-LD. The streamlining Data Integrity cryptosuites > conversation didn't blow up into a hot mess and there seems to be a > workable path forward there (though, the details matter and we'll get > to those over the next couple of months). The holder binding > discussion and the JSON Schemas discussion will be interesting, but > non-disruptive. The RDF Dataset Canonicalization WG is under way and > seems to be on a good trajectory. We stayed away from discussing > digital wallet protocols, which was probably a good thing. > ---------------------------------- > The SD-JWT work was introduced to the group as a selective disclosure > scheme for JSON payloads. There was some serious shade thrown at BBS > and AnonCreds during the meeting by the EU Digital Identity initiative > stating that "Our cryptographers have looked at both BBS and AnonCreds > and rejected them for being overly complex". Both Avast and Digital > Bazaar fired back noting the CFRG uptake of BBS at IETF and they > backed off to a "Oh, I mean, it's on an experimental path, but we are > committed to SD-JWT, which is not experimental and > uses NIST-approved cryptography."... people should be worried about > this. It feels rushed. > The JWP stuff is even further behind. There was a suggestion that > VC-JWT will be dropped for SD-JWT, or JWP, or maybe we'll keep all of > them, or something better will come along. This work could have a > negative effect on the greater community around VC interoperability. > Adding two new "securing VC" mechanisms to the existing two mechanisms > seems problematic. We'll have to give that spec more time to breathe > and improve. > ------------------------ > > Those are my notes, I hope they are useful to those that were not able > to attend W3C TPAC. If others have notes on the stuff that's public > knowledge (via transcripts), please share. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > >
Received on Wednesday, 21 September 2022 09:55:58 UTC