W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

RE: Open Wallet Foundation (and how it might fail)

From: John, Anil <anil.john@hq.dhs.gov>
Date: Fri, 23 Sep 2022 00:54:51 +0000
To: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <PH0PR09MB7977D593B67FA09EE601F107C5519@PH0PR09MB7977.namprd09.prod.outlook.com>
Hi Torsten,

>The sub table „Credential Formats“ at line 15 has a columns for the standards body and the respective specification.
>Regarding protocols: I’m aware of work under way at w3c, OpenID Foundation, DIF, and ISO.

Your forgot Hyperledger, Trust-over-IP, the Ethereum Foundation and a host of others …

I am aware and each time I see this, I am reminded that irrelevance is built on a foundation of infighting and that empires only fear barbarians who can think beyond their tribes.


>A clear articulation of what features/capabilities should be within a core, normative, baseline of a digital wallet

>that is expected to store and manage high value credentials, and what should be optional / value add
>>>That’s a good question. Do you have a proposal?

Not yet.

We have been having this discussion internally and even with the people ‘in the room’ who are thoughtful, competent, implement/ship products and are vested in reaching agreements, it has been a lengthy and sometimes frustrating set of discussions – and that is with people who actually respect and like each other IRL! I think we are at a stage where we actually have agreement on a common set of facts, instead of positioning/posturing.

When that is refined to something that is usable, semi-testable and can meet our needs, we intend to share it and see how it lands with the community.


>How those features can be detected by issuers and verifiers
>> To me that sounds more like a regulatory framework than a technical standard. The upcoming eIDAS 2 regulation, as one example, will cover those aspects.

If you don’t want to go down the path of product detection, you need feature/capability detection and the longer folks put it off, the easier the product detection path will look to folks who don’t want to think about or don’t want to care about its long term implications.


>>How wallets can signal intent and capability to an Issuer and Verifier such that they can make a risk-based decision to interact with that wallet
>>I would like to better understand what you mean. Is this about metadata (capabilties) or risk signals?

Wallet to Issuer

  *   I support FIPS compliant cryptography
  *   I support storage of data in a hardware element
  *   I can dance under the pale moonlight but not in sunlight

Wallet to Verifier

  *   I support selective disclosure capability Y
  *   I support credential aggregation capabilities
  *   And so on …

Best Regards,

Anil

Received on Friday, 23 September 2022 00:55:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 23 September 2022 00:55:22 UTC