Re: More questions about the VC Document 2.0 (part 2) from Nate Otto on 2023-10-31 (public-credentials@w3.org from October 2023)

From: Nate Otto <nate@ottonomy.net>
Date: Tue, 31 Oct 2023 07:36:32 -0700
To: ステファニータン（SBIホールディングス） <tstefan@sbigroup.co.jp>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAPk0ugksQU6ODWBaToknZhR2K9pRt0WZdziZ8498Nu28Die5tQ@mail.gmail.com>

>
>
>
>
>    1. In the document, there is this line about multiple issuers in a VP:
>    "The data in a presentation
>    <https://www.w3.org/TR/vc-data-model-2.0/#dfn-presentation> is often
>    about the same subject
>    <https://www.w3.org/TR/vc-data-model-2.0/#dfn-subjects>, but might
>    have been issued by multiple issuers
>    <https://www.w3.org/TR/vc-data-model-2.0/#dfn-issuers>. The
>    aggregation of this information typically expresses an aspect of a person,
>    organization, or entity
>    <https://www.w3.org/TR/vc-data-model-2.0/#dfn-entities>. "
>    Has anyone here experimented with it before?
>
> This part of the document is saying that a single Verifiable Presentation
can contain multiple Verifiable Credentials, and the VCs might come from
different issuers. The VP itself and each VC within it comes from exactly
one issuer. Yes, this feature is supported by many wallet applications that
produce VPs. We just saw a number of them demonstrate this capability via
the JFF Plugfest. They're is certainly some ecosystem growth around this
left to do, but it is tested and working in a number of products.

>
>    1.
>    2. Is it correct to understand that it is generally possible to
>    convert JSON data with definitions as JSON-LD to JWT (SD-JWT) format?
>    Since the use cases for implementation using JSON-LD and BBS are not
>    common enough to be able to consider standards like ISO/W3C,
>    we must realistically consider using SD-JWT, but we would like to
>    confirm whether this is feasible with the VC2.0 Data model (using JSON-LD).
>
> As Orie said, it is indeed possible to translate between JWT and Linked
Data proof-secured VC claims. It looks like significant groups of
implementers are choosing each option, so being able to read them both
might be important to building a general purpose consumer/verifier app. If
I understand correctly, you've identified two specific methods of securing
a VC, each within one of the groups (JOSE and Linked Data Proofs) focused
on selective disclosure when you contrast SD-JWT with BBS+. There are other
options under each of these tents too, and there is a variety of levels of
tool and technology support in different programming languages and cloud
services.

Nate Otto
nate@ottonomy.net
Founder, Skybridge Skills
he/him/his

>

Received on Tuesday, 31 October 2023 14:36:49 UTC