Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

Kim, your reply also misses my point.

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Kim Hamilton <kimdhamilton@gmail.com>
Sent: Saturday, January 28, 2023 5:01:12 PM
To: Kaliya Identity Woman <kaliya@identitywoman.net>
Cc: John, Anil <anil.john@hq.dhs.gov>; Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>; public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

That’s correct Kaliya. And there are rich sets of schemas allowing mapping of skills, competencies, and so on (e.g. ctdl/ credential engine) — very ripe for reuse in worker/learner VCs, promoting portability + interop

On Sat, Jan 28, 2023 at 2:41 PM Kaliya Identity Woman <kaliya@identitywoman.net<mailto:kaliya@identitywoman.net>> wrote:
My understanding is that the education credentialing community is quite into JSON-LD and interoperable vocabularies.

I also believe there is significant work I this area by European folks - why? They by default have multiple languages and JSON-LD let’s you move between languages - why? Semantics.

Having the model do something substantive for businesses and make what is transmitted discernible semantically has value.

- Kaliya

Sent from my iPhone

On Jan 28, 2023, at 2:37 PM, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:


p.s. As a response to Christopher's issue https://github.com/w3c/vc-data-model/issues/1018#issue-1559012080, I'm trying figure out if anyone else besides DHS and its partners is driving the inclusion of the JSON-LD/RDF extensions in the VCDM specification?

If the true primary goal was to drive wider, deeper, early adoption of VCs, the strategy should be to make the VCDM simpler and more compact; not more complicated, more niche, and less desirable to use.

The current direction is to make the VCDM more complicated and more niche and less desirable to use from the perspective of the silent majority of developers that Christopher is referencing.
...and indirectly what Sam Smith references here: https://github.com/w3c/vc-data-model/issues/982

...and myself here: https://github.com/w3c/vc-data-model/issues/1008#issuecomment-1407376853


...maybe DIF or ToIP is a better home for a better, layered VC specification: https://youtu.be/7LpVR0u18s0


It's time for real change.

Michael Herman
Web 7.0



Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Sent: Saturday, January 28, 2023 4:01:40 PM
To: Kim Hamilton <kimdhamilton@gmail.com<mailto:kimdhamilton@gmail.com>>
Cc: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

I don't have access to that information and don't evangelize (at this point in the Web 7.0 technology adoption curve) to those audiences.

I thought Anil would be the best person to speak about the level of commercial adoption of the DHS VC profile.



Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Kim Hamilton <kimdhamilton@gmail.com<mailto:kimdhamilton@gmail.com>>
Sent: Saturday, January 28, 2023 1:30:29 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>
Cc: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>>
Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

Reminder that it’s a good thing to promote interoperability enabling competition in a way that smaller vendors can participate.

Michael, why don’t you start by providing a list of nasdaq 100 or Fortune 500 companies who participate in standards groups such as this, and we can use that to match against dhs participants.

On Sat, Jan 28, 2023 at 2:40 AM Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:

Anil, aside from the regular group of subcontractors that DHS works with and are obligated to the use the DHS VC profile, to the best of your knowledge, have any other organizations created their own demonstrations of a DHS VC profile-based system? …any organization from the NASDAQ 100 or Fortune 500, for example?



Best regards,

Michael Herman

Web 7.0



From: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>
Sent: Thursday, January 26, 2023 1:27 PM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab



Hello Everyone,



I wanted to share broadly some of the considerations that we are currently working through regarding data quality (as represented by incoming JSON-LD formatted VCs) and its impact on good decision making.



As a refresher, the following is what the current version of our W3C VC/DID Implementation Profile notes:



Verifiable Credentials and Verifiable Presentations, as defined in [VC DATA MODEL], SHALL be serialized as [JSON LD] in compacted document form

•       A Verifiable Credential SHALL define all terms using @context

•       A Verifiable Presentation SHALL define all terms using @context

o   [JSON LD] SHALL define all types using @type

o   [JSON LD] SHOULD leverage objects instead of strings to refer to Issuers and Holders

o   [JSON LD] MAY rely on @vocab to automatically define terminology



I wanted to focus on the last bit; while this does not apply to DHS (either CBP or USCIS) as issuers of credentials, given that we clearly and publicly define our vocabulary:

     *   W3C CCG Citizenship Vocabulary - https://w3c-ccg.github.io/citizenship-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvW2sqG4H$>
     *   W3C CCG Supply Chain Traceability Vocabulary - https://w3c-ccg.github.io/traceability-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvUxluxD2$>



However it does have a bearing on us when we consume credentials/attestations i.e. act as Verifiers.



My understanding of the anticipated use of @vocab is that it allows for the use of  “private attributes” that are agreed upon by parties in some out-of-bound manner rather than being openly and publicly defined.



To date, much of the conversations that we are tracking [1] [2] looks to be very much from the perspective of technologists and developers and not really from the perspective of an end customer like Us,  so we wanted to make sure that we shared our perspective to ensure that it is reflected and considered as folks make implementation choices on how they represent attributes in credentials/attestations.



To that end, from the perspective of a VERIFIER (i.e. CBP or USCIS in consumption mode), this looks to be something that is clearly falls in the following bucket:



“How much confidence do we have in this data that just came in the door, and what manner of out-of-band work do we need to do, or made a non-automated decision on, to  treat this data as equivalent to data vocabularies that is clearly and openly agreed upon” i.e. Confidence/Assurance Level we can place in the data.



So, where we have landed on in our deliberation is that credentials/attestations that utilize vocabularies that are openly/clearly defined will be treated as having higher assurance/confidence level than data that is coming in via the @vocab route, which may require additional, out-of-band and in many cases non-automated processing by the Verifier to determine its validity and quality. (This will be something that we add to the Informative section of our Profile going forward)



[1] https://github.com/w3c/vc-data-model/issues/953

[2] https://github.com/w3c/vc-data-model/pull/1001


Best Regards,



Anil



Anil John

Technical Director, Silicon Valley Innovation Program

Science and Technology Directorate

US Department of Homeland Security

Washington, DC, USA



Email Response Time – 24 Hours



[image001.jpg]<https://www.dhs.gov/science-and-technology>[image002.jpg]

Received on Saturday, 28 January 2023 23:09:23 UTC