W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation (and how it might fail)

From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Thu, 22 Sep 2022 18:10:47 +0200
Message-Id: <8D84A7EE-F99A-4C41-A839-EFB9624C180F@lodderstedt.net>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
To: "John, Anil" <anil.john@hq.dhs.gov>
Hi Anil,

> Am 22.09.2022 um 14:15 schrieb John, Anil <anil.john@hq.dhs.gov>:
> Manu > … dilutes focus in the technical specification work ...
> I would be curious to understand where the “technical specification work”, as it relates to digital wallets, is taking place currently in a manner that:
> Is open and visible to the global community
> Has a mechanism in place to move it into formal standardization pathways
> The output of the work is open, royalty free, patent free and free to use by anyone globally

There are plenty of communities around working on such standards. Not all of them match all of your requirements. 

At the last IIW, we have started a survey for credential formats (and surrounding components, like signature algorithms, revocation mechanisms, key management mechanisms). 

The intermediary results can be found at:

It’s still incomplete but at least might give you an idea of the different options in that space. 

The sub table „Credential Formats“ at line 15 has a columns for the standards body and the respective specification. 

Regarding protocols: I’m aware of work under way at w3c, OpenID Foundation, DIF, and ISO.

> I consider digital wallets to be both critically important to the DID/VC ecosystem AND simultaneously the most hand-waved over piece of implementation infrastructure!
> The gaps that I can see existing include:
> A clear articulation of what features/capabilities should be within a core, normative, baseline of a digital wallet that is expected to store and manage high value credentials, and what should be optional / value add

That’s a good question. Do you have a proposal?

> How those features can be detected by issuers and verifiers
> Independent testing / evaluation
> Cryptographic Challenge/Response
> Formal Certification / Accreditation by some entity after an in-depth technical and business model review

To me that sounds more like a regulatory framework than a technical standard. The upcoming eIDAS 2 regulation, as one example, will cover those aspects. 

> How wallets can signal intent and capability to an Issuer and Verifier such that they can make a risk-based decision to interact with that wallet

I would like to better understand what you mean. Is this about metadata (capabilties) or risk signals?

best regards,

> … and so much more!
> Best Regards,
> Anil
> Anil John
> Technical Director, Silicon Valley Innovation Program 
> Science and Technology Directorate 
> US Department of Homeland Security 
> Washington, DC, USA 
> Email Response Time – 24 Hours
> <image001.jpg> <https://www.dhs.gov/science-and-technology><image002.jpg>

Received on Thursday, 22 September 2022 16:11:05 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 22 September 2022 16:11:06 UTC