- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 26 Jul 2023 09:28:48 +0000
Thanks to Our Robot Overlords and Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2023-07-25/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2023-07-25/audio.ogg ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2023-07-25 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jul&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Topics: 1. Introductions / Re-introductions Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords and Our Robot Overlords Present: Harrison Tang, Nis Jespersen , Ed Eykholt, Jeff O - HumanOS, Erica Connell, Mike Xu, Stephen Curran, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Dmitri Zagidulin, Phil L (P1), James Chartrand, Joe Andrieu, Hiroyuki Sano, Japan, Wendy Seltzer, Will, Greg Bernstein, Manu Sporny, Leo, Phil Long, Andres Uribe, Kayode Ezike, Kaliya Young, David I. Lehn Our Robot Overlords are scribing. Harrison_Tang: Came on you thanks for joining. Manu Sporny: Hey Harrison how you doing. Harrison_Tang: Great cool so let's start this week's wtcg meeting I think some of us at our at the ietf San Francisco so they couldn't make it today but I think we have corn now so today's agenda is that will talk about verifiable credentials rendering method thanks though thanks money and Dimitri for joining but before we get to the main agenda just want to quickly go over. Harrison_Tang: some of the elements. Harrison_Tang: We'll just a quick reminder on the code of ethics and professional conducts just want to make sure everyone is respectful to each others opinions next quick I denote anyone can participate in these calls Hardware all substantive contributions to any CG work items must be members of the ccg with for IP our agreement signed I make sure you have a w3c account and you have encounter any problems just let any of their cultures now. Harrison_Tang: at least meeting. Harrison_Tang: Something went wrong with the recording and we restarted right now on a second. Our Robot Overlords are scribing. Harrison_Tang: All right I think the recordings on now so the meetings are being recorded and it's automatically transcribed we will publish the meetings and recordings and the transcription in the day or two after this meeting we used to teach at to Q speakers doing the call so you can type in Q Plus 2i yourself to the queue or q- to remove and you can do Q question mark to see who is in the queue. Harrison_Tang: all right. Harrison_Tang: Actions were introductions you're new to the community where you are just recently re-engaging with the community please feel free to on you. Topic: Introductions / Re-introductions Ed Eykholt: Oh I thought I'd say hi this is Ed I called I haven't been on this call for quite a while been part of the VC Community generally and using did Saint the cardano blockchain in building a identity wallet for that chain. <manu_sporny> Welcome, Ed! Harrison_Tang: Welcome back at. <manu_sporny> (Welcome back, that is!) :) Harrison_Tang: Next we have announcements and reminders any announcement. Harrison_Tang: Hey money please. Manu Sporny: Yeah just a couple the first one is the selective disclosure cryptography sweet we sorry let me collect my thoughts we had asked for a demonstration of support from the community for the ecb's a crypto sweet we got. <manu_sporny> Demonstration of Support for NIST-Compliant Selective Disclosure for Data Integrity Cryptosuites in VCWG: https://lists.w3.org/Archives/Public/public-vc-wg/2023Jul/0015.html Manu Sporny: Not really. Manu Sporny: Out for that we have multiple Global standards organizations also supporting the ecdsa for Selective disclosure crypto Suite including gs1 Connexus which does global retail standards us one that does global supply chain standards and one edtech that does global education standards all using verifiable credentials in json-ld and that sort of thing. Manu Sporny: So that's. Manu Sporny: As a result of that we have put out new features in the ecdsa crypto sweet that the verifiable credentials working group is developing so those links to those kind of pull requests went out last Friday as well so that's just a heads up that that's going on there a lot of that stuff is going to help. Manu Sporny: Help me. Manu Sporny: As well the the BBS crypto sweet their number of selective disclosure Primitives in there that are just generally useful to a variety of selective disclosure next so that's item one the second item which is also good news is the rdf data set canonicalization working group at the w3c is at a point where their feature complete with the rdf data set canonicalization work which means that we're pretty much. Manu Sporny: Much ready to go. Manu Sporny: In the can. Manu Sporny: Nation with that specification if folks remember that is a specification that this community incubated for many years before handing it over to a working group so they're going into Canada Trek which basically means feature complete done we have no major issues open on the spec so that's also good news. Manu Sporny: Good news is that the HTTP signature specification that was incubated in this community for almost a decade probably seven years is in working group last call at ITF so this is work that Justin richer and Annabelle Bachmann have been doing they've been doing fantastic work getting the specification through the ITF process and we're. Manu Sporny: Going forward. Manu Sporny: No that's tough being an official ITF RFC soon we use this community uses that specification for doing things like invoking authorization capabilities and single shot access to http endpoints that use dids as the authentication mechanism and so and so forth so that's good news good news number 4 is that the multi formats working group a tight. Manu Sporny: ETF looks like it's going to. Manu Sporny: Community the ccg has incubated multi hash multi key multi base and both multi base and multi cash or in a charter that is going to be proposed to the internet engineering Steering group in two weeks time we are expecting it to be adopted and that will start that works official standardization Journey. Manu Sporny: The ITF standards track so that's all super great news right I mean those are all things that were incubated in this community going to ITF going to w3c and you know getting getting their way through the the process okay that's it for updates from me here soon. Harrison_Tang: Well thanks money a lot of great new so I'll reach out to you and then coordinate with you on getting some of these topics to our future agenda if you don't mind. Harrison_Tang: Cool alright next we got. Erica Connell: Hi Harrison can you hear me. Erica Connell: Happy Tuesday I just wanted to make the announcement that rebooting the web of trust 12 will be coming up here in September will be convening in Cologne Germany from September 18th to the 22nd tickets are available on Eventbrite I'll drop the link in the chat that's it thank you. Harrison_Tang: Great thanks a lot. <econnell> rwot12.eventbrite.com Dmitri Zagidulin: https://dwebcamp.coolab.org/ Dmitri Zagidulin: Thanks Dad to what Erika said the week before rebooting web of trust we have the w3c T back which is the yearly the most recent conference in that's going to be in Seville Spain and then the week before that is going to be the first instance of the D webcam conference in Brazil and I'll paste the link in chat so three conferences back to back. Dmitri Zagidulin: And Brazil and Europe. Harrison_Tang: Thank you any other announcements working binders. Harrison_Tang: Any update on the work items. Manu Sporny: Yes there is a request in to the chairs of the ccg to approve the confidence method specification so I think it's kind of hanging out there and we're blocked at VC W G4 the adoption of that item we have three people that have volunteered to lead that item at this point I believe it's met all of them and so we just need the chairs to take an action so that we can move. Manu Sporny: Move that specification over 2. Manu Sporny: The ccg so that the URLs resolved so that we can put some specification text into the VC data model spec. Manu Sporny: You have a. Manu Sporny: Ta I just need to tell the VC working group when that's going to be done do you have an ETA on when that approval might happen. Harrison_Tang: I will sync up with Mike and Kimberly today or this week and then we'll get a result. Manu Sporny: Excellent thank you. Harrison_Tang: Updates on the work items. Harrison_Tang: All right so let's get to the mint agenda so I think earlier in April or May we actually approve wanted to the work item verifiable credentials rendering message so the you know today just very excited to have Manu and Dimitri here to present and lead a discussion on this topic so money imagery the floor is yours. Manu Sporny: Absolutely thank you so much to me. Dmitri Zagidulin: Alright thank you so much so welcome everyone we can talk about a really exciting and timely because I think a lot of us VC emblem enters are hitting up against this pain point right now topic which is how do you display verifiable credentials so mono if it's okay with you I can go over the slide deck and you feel free to jump in at any point yeah. Dmitri Zagidulin: All right. Dmitri Zagidulin: Real quick let's let's add some context why are we even talking about this why do we need general-purpose VC display methods as you can probably guess or have already encountered some issuers like universities and governments really care about how their VC's look they really want them to be displayed consistency consistently in wallets now. Dmitri Zagidulin: In the VC community in a decentralized and there is a sovereign sort of mindset we recognize that there's no way that the issuer's can enforce or guarantee but it would be nice if we had a mechanism where they could at least hint politely ask hey if you don't if you don't care and you can be displaying these credentials here's a template you can use and the thing is for. Dmitri Zagidulin: That sort of helped that sort of I don't have to figure out how to lay out a diploma a student idea government credential all that stuff as an implementer I'll welcome any help I can get because displaying the verifiable credentials is one of the most common. Dmitri Zagidulin: Actions that we do with them even more common than issuing in verifying the other reason that it's a really relevant sort of pain point right now is of course going from paper to digital and back so it a lot of use cases for example James Chartrand from McMaster University who I think is here on the call Hazard already ran into the this his Pilots with University. Dmitri Zagidulin: The musing verifiable. Dmitri Zagidulin: For diplomas and so on students are crossing the borders and the Border guards don't know anything about VCS they don't have any special purpose VC verifying software they at best have a phone with a camera and they can scan QR codes and so it's really important for student to be able to present their credential in a way that's possible understandable to regular people ah printed out on paper with. Dmitri Zagidulin: A qr-code that can work. Dmitri Zagidulin: A general person general-purpose way without specialized software. Dmitri Zagidulin: And then of course the other reason is we want VC's to be able to be translated into different modes from visual to audio to tactile to constrained visual environments such as fed cm in the browsers. Dmitri Zagidulin: So so what do we have like given that we need to display verifiable credentials and there are just a million different verifiable credentials there's a potential Infinity of different types what is an implementer to do so we have a couple of options Option 1 that has been popular in the pre verifiable credentials world in the open badges world is to essentially bake. Dmitri Zagidulin: A badge. Dmitri Zagidulin: Into a static image to PNG for example and embed that PNG in the badge itself right and so. Dmitri Zagidulin: It's great in terms of you can get a Pixel Perfect exactly how the issuer wants this thing to be speak to be displayed but of course once you start displaying on different screens you get into the Iran to the same challenges that browsers run into with variously sized images and there's no Universal standard aside from the individual standards like open badges version 2 was doing or. Dmitri Zagidulin: Or some of the other projects. Dmitri Zagidulin: The other next two options is are the most common this is 2 & 3 is what 99.9% of the wallets are doing right now so any wallet that you're going to encounter they're doing either 2 or 3 so 2 is you have a lot of if then statements or more likely case statements that says if I encounter a credential and I look and it's type field and I recognize the type of their such as student ID credential. Dmitri Zagidulin: I'm going to display this. Dmitri Zagidulin: Specialized component that I put together that my graphic designers sat down and wrote the react or vue.js or whatever templating language you use. Dmitri Zagidulin: Somebody at the implementer sat down and made a layout and the wallet the verifier all the other software is just switching off of the type do we know how to handle this thing yes okay let's handle it in that way. Dmitri Zagidulin: What happens in the most common. Dmitri Zagidulin: You don't know how to handle a special-purpose credential right we want our walls to be Universal and so chances are guaranteed that you're going to encounter a credential with a new type that you don't know how to layout and so far the only real option that we have is to Loop through all the verifiable potential properties and just list them out right think think of a on ordered ordered list of keys and values. Dmitri Zagidulin: Of course it helps if the condenser is flat but the moment you have any kind of multiple levels of depth becomes awkward do you. Dmitri Zagidulin: Do you laid out visually with indents do you use dot notation that sort of thing so different implementers do different stuff of course there is hope to be able to augment this notion of just listing all of the fields by guessing at the field types right that this is a string this is a date Etc by other looking at the Json schema if it's specified in a verifiable credential or sometimes looking at the context. Dmitri Zagidulin: Be amazing the options that we really want to be able to display credentials is again if the issue itself can give us a hint could provide either a pre-baked image or better yet a template a flexible template that works on different screen sizes and so on that we could use. Dmitri Zagidulin: We've got that going. Dmitri Zagidulin: We can do all sorts of interesting things like we can compile directories of common templates we can have Community templates for very common verifiable credential display types and. Dmitri Zagidulin: In combination with other ccg work item which is known issuer and verifier lists we could add to that a third thing which is no known template lists or something. Dmitri Zagidulin: In its current Incarnation began at our W everybody web trust 11 where a number of us on this call came together to to write a paper on rendering verifiable credentials and there's a demo video of how it works in the browser because Charles little Charles laner was very kind to in the blink of an eye put together a demo based on the in progress paper. Dmitri Zagidulin: And the paper Incorporated. Dmitri Zagidulin: In it some of the existing credential rendering proposals such as the to diff proposals while it rendering and credential manifest. Dmitri Zagidulin: And then we also looked at the traceability vocab again work item of this group template work right so we as much as possible we try to unify and support all these existing. Dmitri Zagidulin: Ice packs and proposals and also just provide a general purpose method that is flexible in the future and so just recently the VC render method was adopted as a ccg work item so we're very excited about that okay so what does this look like. Dmitri Zagidulin: Here's of our farm credential familiar to all of us this is the data model V1 but it would look exactly the same in V2 we're adding an optional field called render method and what is it it's an array of method hints so here's a very simple one it says wallet look in the render methods and one of your options is you can display this credential as an SVG. Dmitri Zagidulin: Sure conveniently put together an SVG. Dmitri Zagidulin: Either fully rendered or a template that you can fill out using. Dmitri Zagidulin: Data from the verified credential and so it's just the type the location of where you fetch it from the web or better yet from your local cache. Dmitri Zagidulin: A media type so that the wall it knows what to display when and how to actually lay it out and HTML and react in whatever it's using. Dmitri Zagidulin: So that's the general types all of the examples your you that you're going to be seeing will have these. Dmitri Zagidulin: These two or more Fields so they required the ID and the type so the wall knows what to do with it and then a number of optional Fields such as media type although personally I do think bigger type should be required this part of the future discussion so render method another top level field in the verifiable credential it's optional it provides hints from the issuer on how to display stuff. Dmitri Zagidulin: Here's a. Dmitri Zagidulin: A little more complicated method taken from the render method spec itself the current work item which is it's got the type it's got the ID where to fetch it you've got a name in case the wallets wants to present several choices to the user it's got a CSS media query so that it knows how to orient it. Dmitri Zagidulin: And then it's got the last field at the bottom got a essentially digest hash to secure two Integrity protect the contents of the credential and we're going to get into the various options available there right so it's just a demonstrates that the render method objects themselves the hints are fairly extensible and you can get as detailed or as Bare Bones with them as you would like. Dmitri Zagidulin: Here's another example. Dmitri Zagidulin: Which is near and dear. Dmitri Zagidulin: To our hearts over on the VC edu side which is of course PDFs as I mentioned it's a credibly common pain point and use case we have a digital credential we have this Json object we need to turn it into a PDF how do we do that well so one easy way to do that is again for the issuer to provide a PDF template and templating is a common operation in the PDF World Adobe writes about it and has all sorts of tools. Dmitri Zagidulin: Tools there's. Dmitri Zagidulin: Various programming languages on how to take a PDF use it as a template and fill it out with Fields right so again similar pattern as before you've got an ID which of where to fetch it we've got the type media type and of course the securing digest and so. Dmitri Zagidulin: Implementing wallet and I want print button on a credential I look to see. Dmitri Zagidulin: If I already have a hard-coded template then I look to see if there's one in the render method. Dmitri Zagidulin: And of course if I don't encounter one we're back to guessing and what the layout should be we're back to essentially. Dmitri Zagidulin: Hang out a flat list of all of the fields in the Json object which I think we can all agree is suboptimal experience print wise. Dmitri Zagidulin: Okay so we mentioned the digest hash so of course the one of the most common questions we hear is so how do we trust the template provider because it's a provider has a lot of power if the wall is helpfully use the templates use the rendering hints how do we trust them well. Dmitri Zagidulin: Four methods included in the verifiable credential itself. Dmitri Zagidulin: You're relying on the same trust bottle as the issuer. Dmitri Zagidulin: If you if their signature verifies and optionally the issuer is a known issue or list for you as a verifier you have no reason not to also trust this other field from the from the issue which is the render method right in the future for Community templates we could the question of trust is a little bit harder so we can reuse the exact same mechanism that we do with known verifiers in issuers and then of course we should always keep in mind that. Dmitri Zagidulin: The displaying application so the wall at the. Dmitri Zagidulin: Can should always feel free to override or ignore the suggested rather render method because we want the user to be in control we want the software developer to be in control also. Dmitri Zagidulin: So yeah so we have all of the usual mechanisms for ensuring template integrity. Dmitri Zagidulin: If you're storing the template externally your you can use quote unquote trust Registries or known issue or lists or you can use hash based linking you can use the already mentioned digest multi based or recently the verifiable credential 2.0 working group added a section to the spec called Integrity of related resources which does the same thing it's a it adds. Dmitri Zagidulin: A section to the verifiable credential that. Dmitri Zagidulin: Links to resources and provides a digest hash of them. Dmitri Zagidulin: Course the common question is so what's the difference between these two methods digest multi-piece the smaller so it makes for a more compact credentials but the Integrity of related resources back is included in the base data model verify the credential data model itself so it's going to hopefully see a lot of implementation so those are the two trade-off one smaller but less known other ones more verbose and. Dmitri Zagidulin: A more standard in that it's part of the specification. Dmitri Zagidulin: And then of course you can always instead of using external Integrity or known lists you can just stuff the entire content the entire template into the verifiable credential itself just like using embedded images for example which is simpler allows you to reuse the credentials own signature for integrity protection but of course substantially increases the size of the credential just like. Dmitri Zagidulin: Same trade-off. Dmitri Zagidulin: Images in the BC you either hash linking or you're embedding in which case it's going to be huge and sometimes that's okay. Dmitri Zagidulin: And then as I mentioned before for advanced reviews cases week just like with cascading style sheets this is the same sort of principle we can apply a cascading series of overrides where the wallet you can imagine the wallet going down this list each time it wants to figure out how to render it right is there a render method from the issuer or a brand owner. Dmitri Zagidulin: We're not going to get into. Dmitri Zagidulin: That here it's a. Dmitri Zagidulin: Publisher and brand owner is a common topic of conversation and education space. Dmitri Zagidulin: You either use the render method from the issuer or overriding it with wallet specific preferences you can use trusted directories of templates and who knows maybe we'll get into same thing same way that we have ringtone marketplaces we could have credential display Market places although that sounds nightmarish so I hope you don't get there another Advanced topic that has been brought up. Dmitri Zagidulin: Up is. Dmitri Zagidulin: Hey if we have this way of rendering credentials could we. Dmitri Zagidulin: Could we use. Dmitri Zagidulin: The same technique to. Dmitri Zagidulin: To express a different brand identity for for the issuer so if it's an international company and it's known by this name in the u.s. region and it's known by a different legal name for in the European region you could conceivably render it as with different letterhead with different logos Etc through your render method template. Dmitri Zagidulin: The same. Dmitri Zagidulin: We use in internationalizing and localizing verifiable credentials so again we're running into that in our pilots in the edge of space where we have a Mexican University that wants to issued multilingual credentials in Spanish and English and as always the there's the option of do they just. Dmitri Zagidulin: Issue two copies of the same credential one in English and then the exact same potential in Spanish that is a valid option and then the you hand both to the user and have the user be able to present in whatever appropriate case whichever one they want so that is always an option but for a lot of use cases it's really convenient for the issue or to have one credential that contains. Dmitri Zagidulin: Galatians 4. Dmitri Zagidulin: Multiple languages and fortunately the verifiable credential data model has that mechanism built in you can pull up the their fabric Essentials back and look at the internationalisation localization section where you can see that you can specify default languages you can specify you can override languages per individual claim all sorts of things and of course if you overdo it if you. Dmitri Zagidulin: You offer the same potential in 20 different languages. Dmitri Zagidulin: It increases the size and similarly if you are on top of translation are doing different render methods based on regions that can come in at or really interact with translation and just make for a really huge Reese's so it's an advanced topic but I just wanted to add it and this is just an example a mock exam. Dmitri Zagidulin: I love that what that would look like. Dmitri Zagidulin: This one uses the disc credential manifest rendering hint based on the disc back but adds the language and the region jurisdiction tag. Dmitri Zagidulin: So that while I could select. Dmitri Zagidulin: Which render method to display based on that. Dmitri Zagidulin: Quick side note in the v-spec directory of course it since it's a item. Dmitri Zagidulin: I'm going to say it's the ccg item but it's not it's the VC working group item well okay so for those who may not be familiar. Dmitri Zagidulin: Aside from the main VC data model 2.0 spec the new DC working group also has this extension mechanism list of sub specifications and proposals from the community that involve verifiable credentials so there are separate specs for different proof methods there are specs for their detailed specifications for existing VC Fields like status like. Dmitri Zagidulin: Ants and of course. Dmitri Zagidulin: Channel their fiber credential properties such as the render method so the render method is a perfect example of an item that lives in the VC specification directory again these are just some of the examples of what lives in their side from the proof methods we've got this render method based on the paper and and further work with Community we've got this notion of composable credential using digest multi based and then we have. Dmitri Zagidulin: The verifiable issuers and verifier. Dmitri Zagidulin: That is also a really exciting development in the community and we're going to pause here for funds and money if you want to add anything. Manu Sporny: Oh you did such a wonderful job to me treat I have next to nothing to add that was that was fantastic I guess one thing that I wanted to go back to that you had mentioned was kind of accessibility needs so as many of you in the education space or you know if you work with governments know their requirements to make the things you create. Manu Sporny: Compliant with people's accessibility means so if people have sight accessibilities or hearing accessibility needs our. Manu Sporny: Most useful you know verifiable credential that only has a visual depiction is problematic for someone that can't see and so that's where you would want something like a render method that would render to audio so that if they were to use you know an accessible device to get such a verifiable credential that it would be read out loud to them instead of them just not being able to you know interact with the system. Manu Sporny: Bottom so there's. Manu Sporny: A lot of Hope and promise I think in the accessibility community that the work that we're doing here in the verifiable credentials Community will one Empower you know people with accessibility needs with with digital credentials that also you know cater to the needs that they have so all that to say governments have requirements around accessibility if. Manu Sporny: The issue. Manu Sporny: Until they have to be able to say that they're doing it in a way that does not marginalize you know communities in render method is is one of the mechanisms that can be used to kind of achieve that but other than that Dimitri that was fantastic you hit on every major Point associated with this work thanks. Dmitri Zagidulin: Harrison I think you're up next. Harrison_Tang: Yeah I would imagine a lot of issuers with Brands like they want to have some kind of assurance that you know their credentials and you know basically our display in a consistent manner where a manner that they approve right so like for example I would imagine a hypothetical situations like DMVs don't want like California DMV is don't want their driver license to display in different ways by different. Harrison_Tang: my wallet or different presenters. Harrison_Tang: Is there a way to for the issuers to have that kind of assurance that the presenters and walnuts are displaying these you know verifiable credentials were badges in a consistent manner. Dmitri Zagidulin: Great question great question I and it sounds like I'm on also wants to give an answer but I'll answer real quick that this is a social and legal problem and not a technical one because there's no technical way to enforce even in theory consistent display because that's essentially a form of DRM there's no way to absolutely guarantee it but there are much like with DRM there are certainly legal. Dmitri Zagidulin: Highly encouraged on the one end and punished on the other and so then it becomes a notion of the issuer's regulate or convince software providers to. Dmitri Zagidulin: When you encounter a credential from me and maybe we can add different types or watermarks to the render method property when you encounter this credential you better display it as such right so when when doing the negotiation of which wallet too. Dmitri Zagidulin: Issue the credential to and requiring the various wallet data stations because we certainly don't want to issue based on. Dmitri Zagidulin: While provider companies know we want while it's to be able to give generica at a stations so that's one mechanism that issuers could use to. Dmitri Zagidulin: To enforce that Manu where you have a leaky to answer the question go ahead. Manu Sporny: Yeah yeah I mean yes but +12 everything you said Dimitri there's a really interesting Dynamic that's happening here in render method is kind of that the one of the it's kind of like the tip of the iceberg right it's the easiest to kind of try and in tackled so what Dimitri was saying we are company engages with state and federal governments. Manu Sporny: It's in. Manu Sporny: Very concerned about their citizen credentials being displayed in a way that they do not approve of the other thing that they're concerned about is that when their credential is displayed they're concerned that the person looking at the display is not actually going to be believed it's a valid credential right so so one they're very very concerned about the brand and image of you know the state being upheld when the. Manu Sporny: NG is displayed and they're also concerned that when the. Manu Sporny: Blade is the person looking at it going to believe it if it's a legitimate ID right so those are I mean that is very much going into like the current thinking of you know States and governments in large organizations issuing credentials they they're you know they're their marketing and branding teams want strong control over how the thing is rendered but at the same time in this is this is kind of the thing that fights counter to it. Manu Sporny: It they want open the ecosystems they want like open wall. Manu Sporny: Them's and so you know the conversation like it kind of goes like this it's like you know the government says hey we want an open Wallet ecosystem and we're like great you know the VC you know ecosystem is an open can be an open Wallet ecosystem but then the next statement is but we really want to make sure that when somebody renders our credential it looks exactly like this and then we're kind of like well you and have an open Wallet ecosystem but you can't simultaneously. Manu Sporny: Obviously also. Manu Sporny: And then and then you know the large organizations are like oh well then we're going to vet our writers and only allow certain wallet providers to hold our credentials and at that point we were like okay well you're not quite an open Wallet ecosystem of that point right if you if you lock it down to only a few you know wallet providers now the counter did that is exactly what Dimitri said it's make it so that the wallets can provide at a station's General out of stations not like. Manu Sporny: Like I am you know a wallet from giant big. Manu Sporny: X and therefore you can trust you no trust me that I'm going to do the right thing with the credential so render method is like right in the middle of that there's this push and pull on open Wallet ecosystems but still being able to you know render things in a certain way that same push and pull has to do with like key management and Security in when you're allowed to like share the credential and so on so forth so this is all. Manu Sporny: Like kind of tip of the. Manu Sporny: That we're dealing with in the in the digital community so that's it you know it's a it's a great you know question Harrison I think we're all still trying to figure out you know what the right balance is I think many of us do not want to sacrifice and open Wallet ecosystem you know that's the primary you know we're talking about self so I'm an identity we're talking about individuals having the right to own their data once you start imposing limits on that individual about which wallets. Manu Sporny: That they can use your now down a slippery slope to. Manu Sporny: Big Tech providers potentially nudging people towards their solution which is not you know as open as the as the an open Wallet ecosystem that's it. Dmitri Zagidulin: Thanks Mondo and just to add to that real quick so we're the other thing to keep in mind is that we already live in this world in a lot of aspects information look at the browser the user always can change the CSS of any website even if it's a government website even if it's a if it's Coca-Cola or some other brand that really cares about their branding I can as a user pull up their site change the color scheme. Dmitri Zagidulin: Has the fonts to Papyrus I know. Dmitri Zagidulin: I think I. Dmitri Zagidulin: Yeah there's no. Dmitri Zagidulin: There's no technological way to prevent me from doing that unless you get into horrible DRM territory but of course in real credentials this becomes a lot more relevant and so yeah that's what it stations are for. Harrison_Tang: Thanks Phil you're next. Phil_L_(P1): Yeah thanks to great presentation mono and and Dimitri this is kind of following on your your section of more advanced topics and I'm curious about the use cases where the display actually wants to combine information from different credentials into a common display of some sort I know that you know adobe's working on that and and there are other approaches to considering how to do that but I wonder if you given that. <manu_sporny> "Great presentation" was definitely all Dmitri :) -- I'm just a semi-useless appendage attempting to support Dmitri here. Phil_L_(P1): She can talk a little bit about what is what is being done out there either by Adobe or others who do you think would be relevant thanks. Dmitri Zagidulin: Oh what a great question so I'll touch on Adobe separately Mana do you think it makes sense to provide an example from the a drip irrigation world. Manu Sporny: Sure and if so in what way maybe you could start off Dimitri and then I could I can pull up. Dmitri Zagidulin: Yeah yeah so so so we have an example of exactly this fill in a traffic in true age credentials where the credentials are composable that there is a there's an outer container credential that hash links to smaller different credentials that there's an overall container that links to a person's picture. Dmitri Zagidulin: To their age category. Dmitri Zagidulin: And so essentially if the triage system wanted a consistent way of here is how you take these three credentials and compose them together visually that's that's definitely something that they could put in a template. Dmitri Zagidulin: Staple that template to zoo container credential and use that now like you said it's definitely a advanced usage Mana go ahead. Manu Sporny: Yeah that's exactly right Dimitri I think Phil you know one of the one of the challenges here with like mult rendering of multi credentials is that if you're pulling the data from outside of the credential like like for example as Dimitri said if you hash linked to stuff that rendering language will be more complex right I mean it it will need to understand how to pull in all these. Manu Sporny: He's different credentials and. Manu Sporny: I'm kind of form it is it is absolutely doable like that is that it's a doable thing but it is technically complicated so if you were to look at something that for too kind of as to provide it easier example to implement if you were looking for something that had a had like a top-level credential subject and then a whole bunch of other credentials embedded in that credential where all of the data was local you know it was signed you know hash like but it was all. Manu Sporny: Local that type of rendering is much easier to accomplish. Manu Sporny: I think we're very much early days when it comes to like rendering of complex compound credentials in you know there's there's quite a bit of work that that needs to be done there I think probably the first set of like quick wins is going to be in the some of the simpler use cases so foreign to give you an example Dmitry was talking about you know the true age program the true age program utilizes a compound credential so it's. Manu Sporny: Got this outermost. Manu Sporny: For that's got you know an individual's picture but that individuals picture it never it never leaves their wallet the true age program never sees like the the you know the photo of the person the only thing the true age program you know gets is like a driver's license number which is then immediately tokenized in like ee encrypted and locked away and what you're left with is are these random numbers the the tokens the true age tokens which are. Manu Sporny: Rendered as cue. Manu Sporny: Right so the oh that the individual has you know in their digital wallet is this compound can credential that contains a bunch of different things that can be a bunch of different random numbers 90 B random numbers that can be rendered as a QR code which is a verifiable credential so one of the one of the big challenges with version 1 of true age that's that's out there today is that we told the wallets that they have to render the QR code like. Manu Sporny: They have to take the binary and converting. Manu Sporny: You see bore LD and then as a QR code and that was before render method existed you know today if we had to do it again we would have just used render method and say hey here's a peers of PNG that you need to show on the screen so when they go to display it the wallet doesn't have to have all this complicated logic about you know how to how to transform to see more LD and how to take that to a QR code instead just say oh I've got a render method here I'm just going to render this as an image. Manu Sporny: Each right so that's an example of like the way we used to kind of address this problem. <dmitri_zagidulin> link to the slides: https://docs.google.com/presentation/d/1O3nOA1K8HcwJAKVdqO0AVF1hOkL1xPJOiWuxeoVrJlk Manu Sporny: And if render method you know gets traction and and you know people start using it we would have a much simpler way to try and address the problem but going back to your compound credential problem I think that's still a hard problem like we're very early days and trying to figure out how that could work. Phil_L_(P1): Dimitri do you want to expand on what is going on elsewhere there. Dmitri Zagidulin: Oh yeah so I think the only other thing that I would add to that is this notion of compound credentials is so it's it's deployed into age and it's an item of great interest in the education space because we have these CLR V2 we have this comprehensive learner record which is a kitchen sink for laundry list of all your achievements as a student in one big compound there. Dmitri Zagidulin: Bible credentials it doesn't use hash links it embeds all the. Dmitri Zagidulin: Rolls into one outer one and again that's a lot of the wallets are going to be wrestling with how do we display that. Phil_L_(P1): And in the forecast for the possibilities for using something from the PDF world to accomplish some of this. Dmitri Zagidulin: Oh okay yeah so let's say we've got we've got a few minutes let's talk about the big EF world but ma no go ahead we got the cue. Manu Sporny: I was I was gonna say you know render method the way it's the way that it's it's contemplated right now is kind of like attached to the verifiable credential right but Dimitri also highlighted some really interesting that we could maybe decouple it from the verifiable credential like have rendering templates for presentations or have a rendering like a rendering template for a CL R V2 would. Manu Sporny: Be simultaneously. Manu Sporny: The easy and difficult to do because because rendering you know like if we took like an SVG thing like it's not programmatic like you know a CLR has like a bunch of different classes in it and you know if you wanted some kind of generalized rendering mechanism I don't I don't think it would be easy to do for for cl are in kind of like a generative way right but if we take a step back and look at render method as like this is. Manu Sporny: Is a design pattern. Manu Sporny: In maybe what we can do is just in time render templates that would take in a CL R V2 in create programmatically create an SVG that could be used to render a CL R V2 or render a presentation like let's say somebody shows up with like you know they're they're getting a job and they show up with like driver's license and utility bill to demonstrate that there are person that exists that's recognized by you know government and. Manu Sporny: Leti companies in they show up with a couple of open badges. Manu Sporny: Create a render template that takes all of that information and then renders it to the screen like if that is a common set of things that people provide your organization your software developers and designers might say oh we're going to create a render template for this particular type of presentation again early days who knows you know where that's going to go but it's certainly a possibility. Dmitri Zagidulin: Harrison go go ahead you're on the queue. Harrison_Tang: Yeah quick question on this cl cl are like is it does this compound presentation just show a bunch of credentials like as it is or it doesn't attempt to kind of merge all the different like elements you know so for example is the elements for of age like shows I mean different credentials is it trying to merge and do conflict resolutions. Dmitri Zagidulin: Great question well so yeah nobody knows because literally that question a bunch of developers are in board rooms right now arguing about how to do that so how did there's no standard yet it's every wallet implementers is trying to figure out how to do this. Harrison_Tang: Got it thanks. Dmitri Zagidulin: Okay so let's say a few words about PDFs so does the general pattern verifiable credentials. Dmitri Zagidulin: On how do you secure external binaries so we know how to secure with a Json object and having found XML objects but what about how do I secure a PDF or a PNG or I don't know word doc. Dmitri Zagidulin: Ways to do that I can either. Dmitri Zagidulin: Is your regular verifiable credential familiar Json object and hash linked to the binary resource that's fundamental option one and then fundamental option two is. Dmitri Zagidulin: If the binary file has a separate metadata option I can. Dmitri Zagidulin: I can hash link the contents of the of the PDF and put it in the separate PDF metadata. Dmitri Zagidulin: That everybody a file has and so Adobe has a way of doing that it's called C2 PA it's something something content protection Alliance and it's a way to say here's how you hash the contents of a PDF here are the metadata fields that you can use for this so could you theoretically. Dmitri Zagidulin: Embed a verifiable credential in the metadata of the PDF yes I don't think anybody's done that yet Adobe themselves is building in the tooling for the cgpa into PDF viewer Photoshop all these different things I don't think they're using verifiable credentials that I think they're they're using their own digital signatures. Phil_L_(P1): They actually have a verifiable credential subsection for how to do it that way and I'll put it in the technical specs are taking the technical spec Doc in the chat. <phil_l_(p1)> c2pa technical spec https://c2pa.org/specifications/specifications/1.1/specs/C2PA_Specification.html Dmitri Zagidulin: Excellent yeah but that's a that's a slightly different problem it's not a different problem it's just a complementary way of doing it so you can either issue a standalone verifiable credential and use the render method 2 points to a PDF which is the printed version of that or you can do the opposite which is if your PDF and then embed a verifiable credential into its metadata so those are the yin and yang. Dmitri Zagidulin: I'm dealing with PDFs and other binary objects any other quick questions I've got two minutes till the top of the hour. Harrison_Tang: No I think we're good so thanks Dimitri thanks money for a great presentation today. Dmitri Zagidulin: https://docs.google.com/presentation/d/1O3nOA1K8HcwJAKVdqO0AVF1hOkL1xPJOiWuxeoVrJlk Dmitri Zagidulin: Thanks everyone cheers Harrison here's the here's the link to the slides if you want to mail it out. Harrison_Tang: I would do that. Dmitri Zagidulin: On the agenda or whatever okay cool. Harrison_Tang: Great I will do that thanks then the tree and yeah I think this concludes this week's GG meaning so thanks for it thanks everyone for attending.
Received on Wednesday, 26 July 2023 09:28:48 UTC