Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab from Orie Steele on 2023-01-27 (public-credentials@w3.org from January 2023)

From: Orie Steele <orie@transmute.industries>
Date: Fri, 27 Jan 2023 07:32:10 -0600
To: "John, Anil" <anil.john@hq.dhs.gov>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAN8C-_JSk1tvkKzwHehXGsadACCHhO3Bf95Z6MdQbccQ_EB20w@mail.gmail.com>

See this recent issue on localization, where failed to define terms
correctly and was corrected by an expert.

https://github.com/w3c/vc-data-model/issues/967

@vocab worked as expected, but semantic precision was lost, until the error
was pointed out.

@vocab impacts interoperability at the query and processing layer now
instead at the VC Data Model verify layer.

This means more data, of potentially a lower quality, where verifiers can
rate holders and issuers based on their demonstrated semantic precision.

Regards,

OS

On Thu, Jan 26, 2023, 1:27 PM John, Anil <anil.john@hq.dhs.gov> wrote:

> Hello Everyone,
>
>
>
> I wanted to share broadly some of the considerations that we are currently
> working through regarding data quality (as represented by incoming JSON-LD
> formatted VCs) and its impact on good decision making.
>
>
>
> As a refresher, the following is what the current version of our W3C
> VC/DID Implementation Profile notes:
>
>
>
> Verifiable Credentials and Verifiable Presentations, as defined in [VC
> DATA MODEL], SHALL be serialized as [JSON LD] in compacted document form
>
> ·         A Verifiable Credential SHALL define all terms using @context
>
> ·         A Verifiable Presentation SHALL define all terms using @context
>
> o   [JSON LD] SHALL define all types using @type
>
> o   [JSON LD] SHOULD leverage objects instead of strings to refer to
> Issuers and Holders
>
> o   *[JSON LD] MAY rely on @vocab to automatically define terminology*
>
>
>
> I wanted to focus on the last bit; while this does not apply to DHS
> (either CBP or USCIS) as issuers of credentials, given that we clearly and
> publicly define our vocabulary:
>
>    - W3C CCG Citizenship Vocabulary -
>       https://w3c-ccg.github.io/citizenship-vocab/
>       <https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvW2sqG4H$>
>       - W3C CCG Supply Chain Traceability Vocabulary -
>       https://w3c-ccg.github.io/traceability-vocab/
>       <https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvUxluxD2$>
>
>
>
> However it does have a bearing on us when we consume
> credentials/attestations i.e. act as Verifiers.
>
>
>
> My understanding of the anticipated use of @vocab is that it allows for
> the use of  “private attributes” that are agreed upon by parties in some
> out-of-bound manner rather than being openly and publicly defined.
>
>
>
> To date, much of the conversations that we are tracking [1] [2] looks to
> be very much from the perspective of technologists and developers and not
> really from the perspective of an end customer like Us,  so we wanted to
> make sure that we shared our perspective to ensure that it is reflected and
> considered as folks make implementation choices on how they represent
> attributes in credentials/attestations.
>
>
>
> To that end, from the perspective of a VERIFIER (i.e. CBP or USCIS in
> consumption mode), this looks to be something that is clearly falls in the
> following bucket:
>
>
>
> “How much confidence do we have in this data that just came in the door,
> and what manner of out-of-band work do we need to do, or made a
> non-automated decision on, to  treat this data as equivalent to data
> vocabularies that is clearly and openly agreed upon” i.e.
> Confidence/Assurance Level we can place in the data.
>
>
>
> So, where we have landed on in our deliberation is that
> credentials/attestations that utilize vocabularies that are openly/clearly
> defined will be treated as having higher assurance/confidence level than
> data that is coming in via the @vocab route, which may require additional,
> out-of-band and in many cases non-automated processing by the Verifier to
> determine its validity and quality. (This will be something that we add to
> the Informative section of our Profile going forward)
>
>
>
> [1] https://github.com/w3c/vc-data-model/issues/953
> [2] https://github.com/w3c/vc-data-model/pull/1001
>
> Best Regards,
>
>
>
> Anil
>
>
>
> Anil John
>
> Technical Director, Silicon Valley Innovation Program
>
> Science and Technology Directorate
>
> US Department of Homeland Security
>
> Washington, DC, USA
>
>
>
> Email Response Time – 24 Hours
>
>
>
> [image: A picture containing graphical user interface Description
> automatically generated] <https://www.dhs.gov/science-and-technology>[image:
> /Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]
>

Attachments

image/jpeg attachment: image001.jpg
image/jpeg attachment: image002.jpg
image/jpeg attachment: 03-image001.jpg

Received on Friday, 27 January 2023 13:32:37 UTC