Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab from Mike Prorock on 2023-01-30 (public-credentials@w3.org from January 2023)

From: Mike Prorock <mprorock@mesur.io>
Date: Mon, 30 Jan 2023 05:58:07 -0700
To: Steve Capell <steve.capell@gmail.com>
Cc: Kim Hamilton <kimdhamilton@gmail.com>, "Michael Herman (Trusted Digital Web)" <mwherman@parallelspace.net>, "John, Anil" <anil.john@hq.dhs.gov>, Kaliya Identity Woman <kaliya@identitywoman.net>, public-credentials@w3.org
Message-ID: <CAGJKSNSLTaMx6Mt-8V3pygVsgbMMDT5o98ROMLw8dde1Y8khHQ@mail.gmail.com>
Thank you Steve, Kim, and Kaliya.
I appreciate the professionalism, as well as keeping things on topic.

Mike Prorock
CTO, Founder
https://mesur.io/



On Sat, Jan 28, 2023 at 5:21 PM Steve Capell <steve.capell@gmail.com> wrote:

> We’ll said Kim
>
> For what it’s worth, our work on supply chain & traceability at UN does
> include json-Ld (early vocab that needs some work exists at
> https://vocabulary.uncefact.org/) and SVIP (also Singapore OA v3)
> compatible open source implementation at
> https://github.com/uncefact/project-vckit.
>
> I think that Australian govt, Singapore govt, European Union, US (DHS) and
> Canadian govt are all reasonably well aligned.  Maybe the big vendors will
> go their own way or maybe they’ll follow the lead set by W3C and some major
> governments.
>
> Although it may seem like it’s been ages to get this far for members of
> this group, I’d say that we are only sitting on a little ripple in advance
> of the tidal wave of awareness and uptake that is probably 2 or 3 years
> away
>
> Now is not the time for changing IMHO.  It’s time to paddle faster so we
> can surf the wave that’s coming
>
> Kind regards
>
> Steven Capell
> Mob: 0410 437854
>
> On 29 Jan 2023, at 10:50 am, Kim Hamilton <kimdhamilton@gmail.com> wrote:
>
> 
> It can be frustrating participating in an open forum, where people are
> free to chime in on threads according to their own interests, as opposed to
> one’s own. I myself find it frustrating when people chime into others’
> threads with what I perceive as trolling. I.e, community members demanding
> arbitrary success criteria according to their own pet interest and biases.
> In my view, that runs counter to the spirit of collaborative development.
> Nonetheless here we are. It’s part of the pros and cons of community
> groups. Fortunately the number of constructive contributors outweighs the
> others ❤️
>
> On Sat, Jan 28, 2023 at 3:09 PM Michael Herman (Trusted Digital Web) <
> mwherman@parallelspace.net> wrote:
>
>> Kim, your reply also misses my point.
>>
>> Get Outlook for Android <https://aka.ms/AAb9ysg>
>> ------------------------------
>> *From:* Kim Hamilton <kimdhamilton@gmail.com>
>> *Sent:* Saturday, January 28, 2023 5:01:12 PM
>> *To:* Kaliya Identity Woman <kaliya@identitywoman.net>
>> *Cc:* John, Anil <anil.john@hq.dhs.gov>; Michael Herman (Trusted Digital
>> Web) <mwherman@parallelspace.net>; public-credentials@w3.org <
>> public-credentials@w3.org>
>>
>> *Subject:* Re: DHS Verifier Confidence/Assurance Level
>> Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by
>> using @vocab
>>
>> That’s correct Kaliya. And there are rich sets of schemas allowing
>> mapping of skills, competencies, and so on (e.g. ctdl/ credential engine) —
>> very ripe for reuse in worker/learner VCs, promoting portability + interop
>>
>> On Sat, Jan 28, 2023 at 2:41 PM Kaliya Identity Woman <
>> kaliya@identitywoman.net> wrote:
>>
>> My understanding is that the education credentialing community is quite
>> into JSON-LD and interoperable vocabularies.
>>
>> I also believe there is significant work I this area by European folks -
>> why? They by default have multiple languages and JSON-LD let’s you move
>> between languages - why? Semantics.
>>
>> Having the model do something substantive for businesses and make what is
>> transmitted discernible semantically has value.
>>
>> - Kaliya
>>
>> Sent from my iPhone
>>
>> On Jan 28, 2023, at 2:37 PM, Michael Herman (Trusted Digital Web) <
>> mwherman@parallelspace.net> wrote:
>>
>> 
>>
>> p.s. As a response to Christopher's issue
>> https://github.com/w3c/vc-data-model/issues/1018#issue-1559012080, I'm
>> trying figure out if anyone else besides DHS and its partners is driving
>> the inclusion of the JSON-LD/RDF extensions in the VCDM specification?
>>
>> If the true primary goal was to drive wider, deeper, early adoption of
>> VCs, the strategy should be to make the VCDM simpler and more compact; not
>> more complicated, more niche, and less desirable to use.
>>
>> The current direction is to make the VCDM more complicated and more niche
>> and less desirable to use from the perspective of the silent majority of
>> developers that Christopher is referencing.
>> ...and indirectly what Sam Smith references here:
>> https://github.com/w3c/vc-data-model/issues/982
>> ...and myself here:
>> https://github.com/w3c/vc-data-model/issues/1008#issuecomment-1407376853
>>
>> ...maybe DIF or ToIP is a better home for a better, layered VC
>> specification: https://youtu.be/7LpVR0u18s0
>>
>> It's time for real change.
>>
>> Michael Herman
>> Web 7.0
>>
>>
>>
>> Get Outlook for Android <https://aka.ms/AAb9ysg>
>> ------------------------------
>> *From:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>> *Sent:* Saturday, January 28, 2023 4:01:40 PM
>> *To:* Kim Hamilton <kimdhamilton@gmail.com>
>> *Cc:* John, Anil <anil.john@hq.dhs.gov>; public-credentials@w3.org <
>> public-credentials@w3.org>
>> *Subject:* Re: DHS Verifier Confidence/Assurance Level
>> Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by
>> using @vocab
>>
>>
>> I don't have access to that information and don't evangelize (at this
>> point in the Web 7.0 technology adoption curve) to those audiences.
>>
>> I thought Anil would be the best person to speak about the level of
>> commercial adoption of the DHS VC profile.
>>
>>
>>
>> Get Outlook for Android <https://aka.ms/AAb9ysg>
>> ------------------------------
>> *From:* Kim Hamilton <kimdhamilton@gmail.com>
>> *Sent:* Saturday, January 28, 2023 1:30:29 PM
>> *To:* Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
>> *Cc:* John, Anil <anil.john@hq.dhs.gov>; public-credentials@w3.org <
>> public-credentials@w3.org>
>> *Subject:* Re: DHS Verifier Confidence/Assurance Level
>> Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by
>> using @vocab
>>
>>
>> Reminder that it’s a good thing to promote interoperability enabling
>> competition in a way that smaller vendors can participate.
>>
>> Michael, why don’t you start by providing a list of nasdaq 100 or Fortune
>> 500 companies who participate in standards groups such as this, and we can
>> use that to match against dhs participants.
>>
>>
>> On Sat, Jan 28, 2023 at 2:40 AM Michael Herman (Trusted Digital Web) <
>> mwherman@parallelspace.net> wrote:
>>
>> Anil, aside from the regular group of subcontractors that DHS works with
>> and are obligated to the use the DHS VC profile, to the best of your
>> knowledge, have any other organizations created their own demonstrations of
>> a DHS VC profile-based system? …any organization from the NASDAQ 100 or
>> Fortune 500, for example?
>>
>>
>>
>> Best regards,
>>
>> Michael Herman
>>
>> Web 7.0
>>
>>
>>
>> *From:* John, Anil <anil.john@hq.dhs.gov>
>> *Sent:* Thursday, January 26, 2023 1:27 PM
>> *To:* public-credentials@w3.org
>> *Subject:* DHS Verifier Confidence/Assurance Level Expectation/Treatment
>> of non-publicly defined Vocabulary/Terminology -- by using @vocab
>>
>>
>>
>> Hello Everyone,
>>
>>
>>
>> I wanted to share broadly some of the considerations that we are
>> currently working through regarding data quality (as represented by
>> incoming JSON-LD formatted VCs) and its impact on good decision making.
>>
>>
>>
>> As a refresher, the following is what the current version of our W3C
>> VC/DID Implementation Profile notes:
>>
>>
>>
>> Verifiable Credentials and Verifiable Presentations, as defined in [VC
>> DATA MODEL], SHALL be serialized as [JSON LD] in compacted document form
>>
>> ·       A Verifiable Credential SHALL define all terms using @context
>>
>> ·       A Verifiable Presentation SHALL define all terms using @context
>>
>> o   [JSON LD] SHALL define all types using @type
>>
>> o   [JSON LD] SHOULD leverage objects instead of strings to refer to
>> Issuers and Holders
>>
>> o   *[JSON LD] MAY rely on @vocab to automatically define terminology*
>>
>>
>>
>> I wanted to focus on the last bit; while this does not apply to DHS
>> (either CBP or USCIS) as issuers of credentials, given that we clearly and
>> publicly define our vocabulary:
>>
>>    - W3C CCG Citizenship Vocabulary -
>>       https://w3c-ccg.github.io/citizenship-vocab/
>>       <https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvW2sqG4H$>
>>       - W3C CCG Supply Chain Traceability Vocabulary -
>>       https://w3c-ccg.github.io/traceability-vocab/
>>       <https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvUxluxD2$>
>>
>>
>>
>> However it does have a bearing on us when we consume
>> credentials/attestations i.e. act as Verifiers.
>>
>>
>>
>> My understanding of the anticipated use of @vocab is that it allows for
>> the use of  “private attributes” that are agreed upon by parties in some
>> out-of-bound manner rather than being openly and publicly defined.
>>
>>
>>
>> To date, much of the conversations that we are tracking [1] [2] looks to
>> be very much from the perspective of technologists and developers and not
>> really from the perspective of an end customer like Us,  so we wanted to
>> make sure that we shared our perspective to ensure that it is reflected and
>> considered as folks make implementation choices on how they represent
>> attributes in credentials/attestations.
>>
>>
>>
>> To that end, from the perspective of a VERIFIER (i.e. CBP or USCIS in
>> consumption mode), this looks to be something that is clearly falls in the
>> following bucket:
>>
>>
>>
>> “How much confidence do we have in this data that just came in the door,
>> and what manner of out-of-band work do we need to do, or made a
>> non-automated decision on, to  treat this data as equivalent to data
>> vocabularies that is clearly and openly agreed upon” i.e.
>> Confidence/Assurance Level we can place in the data.
>>
>>
>>
>> So, where we have landed on in our deliberation is that
>> credentials/attestations that utilize vocabularies that are openly/clearly
>> defined will be treated as having higher assurance/confidence level than
>> data that is coming in via the @vocab route, which may require additional,
>> out-of-band and in many cases non-automated processing by the Verifier to
>> determine its validity and quality. (This will be something that we add to
>> the Informative section of our Profile going forward)
>>
>>
>>
>> [1] https://github.com/w3c/vc-data-model/issues/953
>> [2] https://github.com/w3c/vc-data-model/pull/1001
>>
>> Best Regards,
>>
>>
>>
>> Anil
>>
>>
>>
>> Anil John
>>
>> Technical Director, Silicon Valley Innovation Program
>>
>> Science and Technology Directorate
>>
>> US Department of Homeland Security
>>
>> Washington, DC, USA
>>
>>
>>
>> Email Response Time – 24 Hours
>>
>>
>>
>> <https://www.dhs.gov/science-and-technology>
>> <image001.jpg> <https://www.dhs.gov/science-and-technology>
>> <image002.jpg>
>>
>>
Received on Monday, 30 January 2023 12:58:32 UTC