Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

Kaliya: you’re correct that the education community is very interested and engaged in the JSON-LD and interoperable vocabularies space. The number of commercial and educational orgs that participated in the well designed and run Plugfest2 under the auspices of JFF with support from the VC-EDU task force is one indication of that. The Canadian efforts around establishing a national credential network, Canadian MyCred ARUCC project is the one that is using MATTR's wallet (and perhaps others) has embraced VCs as the credential format of choice. It is also a core design tenant of the Learning and Employment Record (LER) to embrace and support JSON-LD and its semantics through the Skills-based Hiring and Advancement (SBHA) initiative, as was will as the collaboration between HR Open and the US Chamber of Commerce Fdn T3 Innovation network, to extend their JSON schema to leverage LER/VCs for the Human Resource management vendor community. They are also working on a new Learning and Employment Resume Standard that supports LER/VCs as well as other JSON based data models for an emerging resume format.

I think its fair to say the education and skills-based hiring communities are very interested in and engaged with the work in the W3C VCDM standards work and support its development.

Phil


I also believe there is significant work I this area by European folks - why? They by default have multiple languages and JSON-LD let’s you move between languages - why? Semantics.

Having the model do something substantive for businesses and make what is transmitted discernible semantically has value.

- Kaliya

Sent from my iPhone

On Jan 28, 2023, at 2:37 PM, Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net> wrote:


p.s. As a response to Christopher's issue https://github.com/w3c/vc-data-model/issues/1018#issue-1559012080<https://urldefense.com/v3/__https://github.com/w3c/vc-data-model/issues/1018*issue-1559012080__;Iw!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzAAxaM2e$>, I'm trying figure out if anyone else besides DHS and its partners is driving the inclusion of the JSON-LD/RDF extensions in the VCDM specification?

If the true primary goal was to drive wider, deeper, early adoption of VCs, the strategy should be to make the VCDM simpler and more compact; not more complicated, more niche, and less desirable to use.

The current direction is to make the VCDM more complicated and more niche and less desirable to use from the perspective of the silent majority of developers that Christopher is referencing.
...and indirectly what Sam Smith references here: https://github.com/w3c/vc-data-model/issues/982<https://urldefense.com/v3/__https://github.com/w3c/vc-data-model/issues/982__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzDE70hIF$>
...and myself here: https://github.com/w3c/vc-data-model/issues/1008#issuecomment-1407376853<https://urldefense.com/v3/__https://github.com/w3c/vc-data-model/issues/1008*issuecomment-1407376853__;Iw!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzCesAWWP$>

...maybe DIF or ToIP is a better home for a better, layered VC specification: https://youtu.be/7LpVR0u18s0<https://urldefense.com/v3/__https://youtu.be/7LpVR0u18s0__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzF8FST_E$>

It's time for real change.

Michael Herman
Web 7.0



Get Outlook for Android<https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzDeX-vUf$>
________________________________
From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Sent: Saturday, January 28, 2023 4:01:40 PM
To: Kim Hamilton <kimdhamilton@gmail.com>
Cc: John, Anil <anil.john@hq.dhs.gov>; public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

I don't have access to that information and don't evangelize (at this point in the Web 7.0 technology adoption curve) to those audiences.

I thought Anil would be the best person to speak about the level of commercial adoption of the DHS VC profile.



Get Outlook for Android<https://urldefense.com/v3/__https://aka.ms/AAb9ysg__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzDeX-vUf$>
________________________________
From: Kim Hamilton <kimdhamilton@gmail.com>
Sent: Saturday, January 28, 2023 1:30:29 PM
To: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
Cc: John, Anil <anil.john@hq.dhs.gov>; public-credentials@w3.org <public-credentials@w3.org>
Subject: Re: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab

Reminder that it’s a good thing to promote interoperability enabling competition in a way that smaller vendors can participate.

Michael, why don’t you start by providing a list of nasdaq 100 or Fortune 500 companies who participate in standards groups such as this, and we can use that to match against dhs participants.

On Sat, Jan 28, 2023 at 2:40 AM Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net<mailto:mwherman@parallelspace.net>> wrote:

Anil, aside from the regular group of subcontractors that DHS works with and are obligated to the use the DHS VC profile, to the best of your knowledge, have any other organizations created their own demonstrations of a DHS VC profile-based system? …any organization from the NASDAQ 100 or Fortune 500, for example?



Best regards,

Michael Herman

Web 7.0



From: John, Anil <anil.john@hq.dhs.gov<mailto:anil.john@hq.dhs.gov>>
Sent: Thursday, January 26, 2023 1:27 PM
To: public-credentials@w3.org<mailto:public-credentials@w3.org>
Subject: DHS Verifier Confidence/Assurance Level Expectation/Treatment of non-publicly defined Vocabulary/Terminology -- by using @vocab



Hello Everyone,



I wanted to share broadly some of the considerations that we are currently working through regarding data quality (as represented by incoming JSON-LD formatted VCs) and its impact on good decision making.



As a refresher, the following is what the current version of our W3C VC/DID Implementation Profile notes:



Verifiable Credentials and Verifiable Presentations, as defined in [VC DATA MODEL], SHALL be serialized as [JSON LD] in compacted document form

•       A Verifiable Credential SHALL define all terms using @context

•       A Verifiable Presentation SHALL define all terms using @context

o   [JSON LD] SHALL define all types using @type

o   [JSON LD] SHOULD leverage objects instead of strings to refer to Issuers and Holders

o   [JSON LD] MAY rely on @vocab to automatically define terminology



I wanted to focus on the last bit; while this does not apply to DHS (either CBP or USCIS) as issuers of credentials, given that we clearly and publicly define our vocabulary:

     *   W3C CCG Citizenship Vocabulary - https://w3c-ccg.github.io/citizenship-vocab/<https://urldefense.com/v3/__https://urldefense.us/v3/__https:/w3c-ccg.github.io/citizenship-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvW2sqG4H$__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzKrfO5p7$>
     *   W3C CCG Supply Chain Traceability Vocabulary - https://w3c-ccg.github.io/traceability-vocab/<https://urldefense.com/v3/__https://urldefense.us/v3/__https:/w3c-ccg.github.io/traceability-vocab/__;!!BClRuOV5cvtbuNI!Te6WC0mssBfU3y2-E6vZVPp8nwrFzFh6D4yPWUljTq5owSbuMs_NyqfeD24CvUxluxD2$__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzFoSNjWI$>



However it does have a bearing on us when we consume credentials/attestations i.e. act as Verifiers.



My understanding of the anticipated use of @vocab is that it allows for the use of  “private attributes” that are agreed upon by parties in some out-of-bound manner rather than being openly and publicly defined.



To date, much of the conversations that we are tracking [1] [2] looks to be very much from the perspective of technologists and developers and not really from the perspective of an end customer like Us,  so we wanted to make sure that we shared our perspective to ensure that it is reflected and considered as folks make implementation choices on how they represent attributes in credentials/attestations.



To that end, from the perspective of a VERIFIER (i.e. CBP or USCIS in consumption mode), this looks to be something that is clearly falls in the following bucket:



“How much confidence do we have in this data that just came in the door, and what manner of out-of-band work do we need to do, or made a non-automated decision on, to  treat this data as equivalent to data vocabularies that is clearly and openly agreed upon” i.e. Confidence/Assurance Level we can place in the data.



So, where we have landed on in our deliberation is that credentials/attestations that utilize vocabularies that are openly/clearly defined will be treated as having higher assurance/confidence level than data that is coming in via the @vocab route, which may require additional, out-of-band and in many cases non-automated processing by the Verifier to determine its validity and quality. (This will be something that we add to the Informative section of our Profile going forward)



[1] https://github.com/w3c/vc-data-model/issues/953<https://urldefense.com/v3/__https://github.com/w3c/vc-data-model/issues/953__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzJbVeZYk$>
[2] https://github.com/w3c/vc-data-model/pull/1001<https://urldefense.com/v3/__https://github.com/w3c/vc-data-model/pull/1001__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzMCPy6kX$>

Best Regards,



Anil



Anil John

Technical Director, Silicon Valley Innovation Program

Science and Technology Directorate

US Department of Homeland Security

Washington, DC, USA



Email Response Time – 24 Hours



<image001.jpg><https://urldefense.com/v3/__https://www.dhs.gov/science-and-technology__;!!IKRxdwAv5BmarQ!aC8kLKg4Isfo7_11se3NzpQMbQhR7kDgVBdhZXO6ZkL_10i3mDM_eyJIvhzgwIHnBGt3OuGNJyNUzMm8v3aa$><image002.jpg>