- From: Oliver Terbu <o.terbu@gmail.com>
- Date: Tue, 27 Jun 2023 13:14:43 +0200
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAJdc_Gm=1dLs4P_8SvRujictXHjRF2z21tpWuMUXM_3etgSdKg@mail.gmail.com>
Hi everyone, Sorry for receiving this potentially twice. I had some problems with my first email and I couldn't find my email in the archive, so I'm sending this again. I'm seeking feedback on a new CCG Work Item proposal regarding Confidence Method (previously known as Confirmation Method). Please leave your support or concerns here: - https://github.com/w3c-ccg/community/issues/245 There was a lot of interest in the W3C VCDM WG on this new extension mechanism as you can see here: https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+label%3Aholder-binding . However, we would be looking for new owners of this work. If you are interested in becoming an owner, please indicate that in your comment as well. # New Work Item Proposal The proposal is about defining a new property for the W3C VCDM that acts as an extension point that allows an issuer to include one or more Confidence Methods in a verifiable credential to inform verifiers of mechanisms they could use to increase their confidence in the truth of a variety of things, including the following: - a particular identifier in the verifiable credential refers to the same entity the issuer intended it to refer to - an entity, such as the presenter of a verifiable credential, is the same entity that the issuer made claims about - an entity controls, or has been designated to use, one or more mechanisms for demonstrating proof-of-possession or proof-of-use of cryptographic key material - an entity identified in the verifiable credential can be checked against a biometric See the following ... - https://github.com/spruceid/confidence-method-spec - https://spruceid.github.io/confidence-method-spec/ NOTE: The idea was originally to define and add the new property to W3C VCDM 2.0 but the group decided that it would be good to incubate the property in W3C CCG first (in case there is interest). More context information about the latest discussions can be found here: - https://github.com/w3c/vc-data-model/pull/1054 - https://github.com/w3c/vc-data-model/issues?q=is%3Aopen+is%3Aissue+label%3Aholder-binding @awoie also presented the idea on a W3C CCG Call. Back then the proposal was still called "confirmation method": https://docs.google.com/presentation/d/1-uPVyl3S-vPvy4HqL6BcjN0xTu9AvqxFfwowqwzcXpo . ## Include Link to Abstract or Draft - https://github.com/spruceid/confidence-method-spec - https://spruceid.github.io/confidence-method-spec/ ## List Owners I hope that we find people in the W3C CCG community to own this. ## Work Item Questions > Answer the following questions in order to document how you are meeting the requirements for a new work item at the W3C Credentials Community Group. Please note if this work item supports the Silicon Valley Innovation program or another government or private sector project. 1. Explain what you are trying to do using no jargon or acronyms. How can the verifier trust that the entity, the one the issuer issued the verifiable credentials to, presented the verifiable presentation and the entity did not simply get a copy of the included verifiable credentials. 3. How is it done today, and what are the limits of the current practice? There is no standardized way of how this can be done. Implementers are using Verifiable Presentations but there are a few issues with this approach: - "holder" is non-normative and optional, - unclear who is "holder" when omitted, - "credentialSubject.id" is optional, - issues with no DIDs or in general no identifiers are used, - not implementable in a uniform way Implementers are using something like the following to achieve this goal but note that this would only work for naive cases where the holder and the subject have identifiers that allow to the verifier to obtain cryptographic material such as DIDs or public keys in general: ``` IF (holder.id == credentialSubject.id AND hasAuthnMethod(resolve(holder.id), vp.proof.verificationMethod) AND isValid(vp.proof)) THEN Print “Holder Binding validated” ``` 5. What is new in your approach and why do you think it will be successful? This is the first attempt to standardize this approach in form of a framework. It will be successful because it is an extension mechanism that can act as a big tent for all such methods that are used in the wild today, e.g., DID-Auth, Anoncreds, etc. 7. How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: the Americas, APAC, Europe, Middle East.) This is the result of work started at the last Rebooting the Web of Trust in The Hague, which brought together a number of people from various countries: Austria, Germany, Netherlands, Spain, Norway, Greece, Canada, Italy, and more: https://github.com/WebOfTrustInfo/rwot11-the-hague/blob/master/final-documents/identifier-binding.md We hope to gather more feedback from the diverse community in the CCG. 8. What actions are you taking to make this work item accessible to a non-technical audience? The specification should attempt to provide a gentle introduction to the topic via a non-technical introduction as well as non-technical use cases with imagery that is accessible to the general population. Since the specification is technical in nature, I'd be curious to learn more about other mechanisms that could be used to make the specification more accessible to a non-technical audience. Thanks! Oliver Terbu
Received on Tuesday, 27 June 2023 11:15:01 UTC