- From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
- Date: Sun, 29 Jan 2023 05:24:25 +0000
- To: Steve Capell <steve.capell@gmail.com>, Kim Hamilton <kimdhamilton@gmail.com>
- CC: "John, Anil" <anil.john@hq.dhs.gov>, Kaliya Identity Woman <kaliya@identitywoman.net>, "public-credentials@w3.org" <public-credentials@w3.org>
- Message-ID: <MWHPR1301MB209421C07F08C4B3BB76A135C3D29@MWHPR1301MB2094.namprd13.prod.outlook.>
I think we need a layered Internet Credential architecture reference model (ICredential-ARM) that is desired and used by the broadest range of software architects and developers possible - working for small, medium, and large organizations. ...and not a niche specification that is unnecessarily complicated, difficult to implement, and difficult to program against. Michael Herman Web 7.0 Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Steve Capell <steve.capell@gmail.com> Sent: Saturday, January 28, 2023 6:20:50 PM To: Kim Hamilton <kimdhamilton@gmail.com> Cc: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>; John, Anil <anil.john@hq.dhs.gov>; Kaliya Identity Woman <kaliya@identitywoman.net>; public-credentials@w3.org <public-credentials@w3.org> Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab We’ll said Kim For what it’s worth, our work on supply chain & traceability at UN does include json-Ld (early vocab that needs some work exists at https://vocabulary.uncefact.org/) and SVIP (also Singapore OA v3) compatible open source implementation at https://github.com/uncefact/project-vckit. I think that Australian govt, Singapore govt, European Union, US (DHS) and Canadian govt are all reasonably well aligned. Maybe the big vendors will go their own way or maybe they’ll follow the lead set by W3C and some major governments. Although it may seem like it’s been ages to get this far for members of this group, I’d say that we are only sitting on a little ripple in advance of the tidal wave of awareness and uptake that is probably 2 or 3 years away Now is not the time for changing IMHO. It’s time to paddle faster so we can surf the wave that’s coming Kind regards Steven Capell Mob: 0410 437854 On 29 Jan 2023, at 10:50 am, Kim Hamilton <kimdhamilton@gmail.com> wrote: It can be frustrating participating in an open forum, where people are free to chime in on threads according to their own interests, as opposed to one’s own. I myself find it frustrating when people chime into others’ threads with what I perceive as trolling. I.e, community members demanding arbitrary success criteria according to their own pet interest and biases. In my view, that runs counter to the spirit of collaborative development. Nonetheless here we are. It’s part of the pros and cons of community groups. Fortunately the number of constructive contributors outweighs the others ❤️ On Sat, Jan 28, 2023 at 3:09 PM Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote: Kim, your reply also misses my point. Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Kim Hamilton <kimdhamilton@gmail.com<mailto:kimdhamilton@gmail.com>> Sent: Saturday, January 28, 2023 5:01:12 PM To: Kaliya Identity Woman <kaliya@identitywoman.net<mailto:kaliya@identitywoman.net>> Cc: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>; Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>> Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab That’s correct Kaliya. And there are rich sets of schemas allowing mapping of skills, competencies, and so on (e.g. ctdl/ credential engine) — very ripe for reuse in worker/learner VCs, promoting portability + interop On Sat, Jan 28, 2023 at 2:41 PM Kaliya Identity Woman <kaliya@identitywoman.net<mailto:kaliya@identitywoman.net>> wrote: My understanding is that the education credentialing community is quite into JSON-LD and interoperable vocabularies. I also believe there is significant work I this area by European folks - why? They by default have multiple languages and JSON-LD let’s you move between languages - why? Semantics. Having the model do something substantive for businesses and make what is transmitted discernible semantically has value. - Kaliya Sent from my iPhone On Jan 28, 2023, at 2:37 PM, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote: p.s. As a response to Christopher's issue https://github.com/w3c/vc-data-model/issues/1018#issue-1559012080, I'm trying figure out if anyone else besides DHS and its partners is driving the inclusion of the JSON-LD/RDF extensions in the VCDM specification? If the true primary goal was to drive wider, deeper, early adoption of VCs, the strategy should be to make the VCDM simpler and more compact; not more complicated, more niche, and less desirable to use. The current direction is to make the VCDM more complicated and more niche and less desirable to use from the perspective of the silent majority of developers that Christopher is referencing. ...and indirectly what Sam Smith references here: https://github.com/w3c/vc-data-model/issues/982 ...and myself here: https://github.com/w3c/vc-data-model/issues/1008#issuecomment-1407376853 ...maybe DIF or ToIP is a better home for a better, layered VC specification: https://youtu.be/7LpVR0u18s0 It's time for real change. Michael Herman Web 7.0 Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> Sent: Saturday, January 28, 2023 4:01:40 PM To: Kim Hamilton <kimdhamilton@gmail.com<mailto:kimdhamilton@gmail.com>> Cc: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>> Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab I don't have access to that information and don't evangelize (at this point in the Web 7.0 technology adoption curve) to those audiences. I thought Anil would be the best person to speak about the level of commercial adoption of the DHS VC profile. Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Kim Hamilton <kimdhamilton@gmail.com<mailto:kimdhamilton@gmail.com>> Sent: Saturday, January 28, 2023 1:30:29 PM To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> Cc: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>; public-credentials@w3.org<mailto:public-credentials@w3.org> <public-credentials@w3.org<mailto:public-credentials@w3.org>> Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab Reminder that it’s a good thing to promote interoperability enabling competition in a way that smaller vendors can participate. Michael, why don’t you start by providing a list of nasdaq 100 or Fortune 500 companies who participate in standards groups such as this, and we can use that to match against dhs participants. On Sat, Jan 28, 2023 at 2:40 AM Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote: Anil, aside from the regular group of subcontractors that DHS works with and are obligated to the use the DHS VC profile, to the best of your knowledge, have any other organizations created their own demonstrations of a DHS VC profile-based system? …any organization from the NASDAQ 100 or Fortune 500, for example? Best regards, Michael Herman Web 7.0 From: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>> Sent: Thursday, January 26, 2023 1:27 PM To: public-credentials@w3.org<mailto:public-credentials@w3.org> Subject: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab Hello Everyone, I wanted to share broadly some of the considerations that we are currently working through regarding data quality (as represented by incoming JSON-LD formatted VCs) and its impact on good decision making. As a refresher, the following is what the current version of our W3C VC/DID Implementation Profile notes: Verifiable Credentials and Verifiable Presentations, as defined in [VC DATA MODEL], SHALL be serialized as [JSON LD] in compacted document form • A Verifiable Credential SHALL define all terms using @context • A Verifiable Presentation SHALL define all terms using @context o [JSON LD] SHALL define all types using @type o [JSON LD] SHOULD leverage objects instead of strings to refer to Issuers and Holders o [JSON LD] MAY rely on @vocab to automatically define terminology I wanted to focus on the last bit; while this does not apply to DHS (either CBP or USCIS) as issuers of credentials, given that we clearly and publicly define our vocabulary: * W3C CCG Citizenship Vocabulary - https://w3c-ccg.github.io/citizenship-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvW2sqG4H$> * W3C CCG Supply Chain Traceability Vocabulary - https://w3c-ccg.github.io/traceability-vocab/<https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvUxluxD2$> However it does have a bearing on us when we consume credentials/attestations i.e. act as Verifiers. My understanding of the anticipated use of @vocab is that it allows for the use of “private attributes” that are agreed upon by parties in some out-of-bound manner rather than being openly and publicly defined. To date, much of the conversations that we are tracking [1] [2] looks to be very much from the perspective of technologists and developers and not really from the perspective of an end customer like Us, so we wanted to make sure that we shared our perspective to ensure that it is reflected and considered as folks make implementation choices on how they represent attributes in credentials/attestations. To that end, from the perspective of a VERIFIER (i.e. CBP or USCIS in consumption mode), this looks to be something that is clearly falls in the following bucket: “How much confidence do we have in this data that just came in the door, and what manner of out-of-band work do we need to do, or made a non-automated decision on, to treat this data as equivalent to data vocabularies that is clearly and openly agreed upon” i.e. Confidence/Assurance Level we can place in the data. So, where we have landed on in our deliberation is that credentials/attestations that utilize vocabularies that are openly/clearly defined will be treated as having higher assurance/confidence level than data that is coming in via the @vocab route, which may require additional, out-of-band and in many cases non-automated processing by the Verifier to determine its validity and quality. (This will be something that we add to the Informative section of our Profile going forward) [1] https://github.com/w3c/vc-data-model/issues/953 [2] https://github.com/w3c/vc-data-model/pull/1001 Best Regards, Anil Anil John Technical Director, Silicon Valley Innovation Program Science and Technology Directorate US Department of Homeland Security Washington, DC, USA Email Response Time – 24 Hours <https://www.dhs.gov/science-and-technology> <image001.jpg> <image002.jpg>
Received on Sunday, 29 January 2023 05:24:46 UTC