[MINUTES] W3C CCG Credentials CG Call - 2024-08-13

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2024-08-13/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2024-08-13/audio.ogg

A video recording is also available at:

https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-08-13.mp4

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2024-08-13

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Aug&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
  Harrison Tang, Kimberly Linson, Will Abramson
Scribe:
  Our Robot Overlords
Present:
  Harrison Tang, Greg Bernstein, Benjamin Young, Manu Sporny, 
  TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Kimberly 
  Linson, Sam Smith, Kerri Lemoie, Vanessa, Nis Jespersen , 
  Geun-Hyung Kim, Patrick St-Louis, Simone  Onofri (W3C), Gregory 
  Natran, Mahesh Balan - pocketcred.com, Kaliya Young, Andrea 
  D'Intino | Forkbomb BV, Erica Connell, Hiroyuki Sano, Japan, Leo, 
  PL/T3, Mahesh Balan - pocketcred com, Will Abramson, Tim Bouma, 
  Joe Andrieu, James Chartrand, Kayode Ezike, Stephan Baur, Chandi

<kerri_lemoie> Hello all
Our Robot Overlords are scribing.
Harrison_Tang: All right so welcome everyone to this week's w3c 
  today we're going to hold uh open uh session uh for the work item 
  updates as well as open discussions and uh core 3 2024 review so 
  uh data will open up the floor for everyone to kind of uh speak 
  uh comment on what we're doing well uh room for improvements and 
  growth and things like that so that's the main agenda uh before 
  we.
Harrison_Tang: I just want to quickly do a a reminder on the code 
  of ethics and professional conduct I just want to make sure that 
  we continue to uh hold constructive and respectful conversations.
Harrison_Tang: Uh next a quick uh note on the intellectual 
  property anyone can participate in these calls however all 
  substantive contributions to any ccg work items must be member of 
  the ccg with 4 IP agreements signed.
Harrison_Tang: So if you have any questions in regards to uh the 
  agreements or the w3c account uh please just let any of the 
  cultures know.
Harrison_Tang: Uh next uh these uh meetings are automatically 
  recorded and transcribed as people can tell um and uh we will try 
  to record uh we'll try to publish uh the recordings and the 
  transcriptions and the video recordings uh in the next uh 1 or 2 
  days.
Harrison_Tang: We use a DC chat to kill the speakers during the 
  call uh as well as to take minutes so you can type in Q Plus to 
  add yourself to the queue or cue minus to remove.
Harrison_Tang: And type in a queue question mark uh to see uh who 
  is in the queue.
Harrison_Tang: Alright so next uh.
Harrison_Tang: Let's take a quick moment uh for the introductions 
  and reintroduction so if you're new to the community or you 
  haven't been active and want to re-engage uh please feel free to 
  uh you'll need to do a Q Plus thing just.
Harrison_Tang: And introduce yourself.
Harrison_Tang: I think it's mostly familiar faces um.
Harrison_Tang: Uh Amy announcements and reminders.
<simone__onofri_(w3c)> Identity Report 
  https://www.w3.org/reports/identity-web-impact/
<simone__onofri_(w3c)> FedID Recharter 
  https://lists.w3.org/Archives/Public/public-new-work/2024Aug/0003.html
<simone__onofri_(w3c)> EU Digital Wallet Feedback 
  https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives_en?text=European%20Digital%20Identity%20Wallets
Harrison_Tang: Thanks a lot by the way uh just a quick aside like 
  can you speak a little bit more into the Federated identity 
  working group proposal like uh it sounds quite relevant and so 
  what what is that working group supposed to work on.
Harrison_Tang: Sounds good thank you thanks for the clarification 
  I'll probably want to reach out to you and invite some of those 
  experts to uh present here at w3c at some point so thanks a lot.
Harrison_Tang: All right Clea.
Kaliya Young:  Um hey um I just wanted to share um we have 
  Internet identity Workshop coming up in October October 29 to 31 
  bring your best Halloween costumes uh.
Kaliya Young:  The last day.
Kaliya Young:  It's in Mountain View California.
Kaliya Young:  Billie bird pricing is up until I believe the 
  29th.
Kaliya Young:  We're also really committed to accessibility so if 
  you want to be there um and can't afford tickets please reach out 
  and we'll work with you.
Kaliya Young:  Uh the did unconference Africa is happening in 
  South Africa.
Kaliya Young:  In september september it's primarily going to be 
  just 2 days of open space the 26th and 27th with like a reception 
  on the 25th.
Kaliya Young:  So if you are.
Kaliya Young:  Working with folks in southern Africa and 
  countries in any way related to this technology please let them 
  know about the event and um encourage them to join us it's it's 
  going to be I think really good and.
Kaliya Young:  Bonus on my way there I'm going to Taiwan for 2 
  days so if anybody knows anyone in Taiwan in this space that I 
  should connect with uh.
Kaliya Young:  Let me know I'll be there september 19th and 20th.
Kaliya Young:  And that's all from me thank you.
Manu Sporny:  Uh thanks Harrison um.
Kaliya Young: https://internetidentityworkshop.com/
Kaliya Young: https://didunconf.africa/
Manu Sporny:  We are uh continuing our slow walk towards 
  verifiable credential 20 uh being done uh we're doing uh 
  basically the final editorial pass on the specification now um we 
  have been asked by a number of organizations if uh you know 
  they're they're planning on using verifiable credential 1 1 and 
  they're asking us if they should use 2 0 uh I think we're at a 
  point now where um anyone that is considering the use of 1 1st at 
  this point so we're gently nudging people to consider using 
  version 2 0 over version 1 1 um for pilot and production 
  deployment uh we are expecting it to be a global standard.
<kaliya_identity_woman> My e-mail. Will be in Taiwan September 
  19-20 and looking for people to meet/ things to do there related 
  to our community work. kaliya@identitywoman.net
Manu Sporny:  The end of.
Manu Sporny:  Uh get through the process and all that kind of 
  stuff um so just a heads up if you know of people like we had the 
  the government of Spain reach out and ask recently we've had a 
  number of uh European um countries uh uh reach out and ask um and 
  we're suggesting that everyone start the process of of upgrading 
  the 200 uh that's it.
Harrison_Tang: Thank you man.
Harrison_Tang: And now their announcements and reminders.
Andrea_D'Intino_|_Forkbomb_BV: Thank you good uh morning to all 
  of you in the US uh today uh nist finalized.
<manu_sporny> PQ-woo hoo!
Andrea_D'Intino_|_Forkbomb_BV: The standardization of the 3 
  alright selected to be post-quantum that corresponds to fips 
  2003204 205 it was published a few days ago following a report 
  from the White House about the path to uh towards post-quantum 
  cryptography.
Harrison_Tang: Thanks for the heads up and update.
Harrison_Tang: Right so 1 1 more thing uh so w3c has sent out the 
  community survey for 2024 I think this is the first time they 
  sent it out uh I actually uh.
<harrison_tang> W3C Groups Community Survey 2024
Harrison_Tang: Announcements uh to the public list but I'll uh 
  paste it here so you got time uh please uh take a few minutes uh 
  to to just provide some feedback to the w3c in regards to how we 
  can further uh.
Harrison_Tang: Grow and uh the engagement is in our communities.
Harrison_Tang: Right so last calls for introductions 
  reintroductions an announcements and reminders.
Harrison_Tang: Right so I will uh share the screen and we will 
  provide some will ask uh.
Harrison_Tang: Experts to provide uh updates uh to the different 
  work items of the ccg and then afterwards I will also uh invite 
  Kim to actually provide some updates in regards to the Tif 
  decentralized identity Foundation uh relevant to the w3c ccg 
  work.
Harrison_Tang: Give me a second.
Harrison_Tang: All right so.
Harrison_Tang: Well first of all I just want to uh give a quick 
  shout out to will uh he actually had the helped put together this 
  presentation so uh big thank you to Will.
Harrison_Tang: So just uh I was just quickly.
Harrison_Tang: Go down the list uh and then the invite the 
  different uh experts to different work items to kind of quickly 
  provide some updates and uh these are the different work items uh 
  relevant to the ccg so the VC API VC 2.0 Quantum safe di uh 
  signature Suite uh.
Harrison_Tang:  we don't.
Harrison_Tang: Anyone to provide the update on the VCU but if 
  other people can speak to it that would be great or VC tribe but 
  we will later have updates on random methods barcodes uh I think 
  we have uh.
Harrison_Tang: Kind of a dedicated sessions.
Harrison_Tang:  uh uh.
Harrison_Tang: Weeks already but we can quickly provide some 
  updates on that as well and lastly the did I think resources.
<will_abramson> Thanks, I am on the call and able to participate. 
  Fully networked now!
Harrison_Tang: All right so uh we have 5 more credentials API um.
Harrison_Tang: Money or someone can you provide an update on that 
  on this particular work item.
https://docs.google.com/presentation/d/1usTxVbq1LmtvVIP1ixK0FB9R4S1Fhq4kgpA0W25W4HQ/edit#slide=id.g27f9e3bc667_3_1
Manu Sporny:  Yes I can do that um thanks Harrison uh so uh for 
  those of you that uh uh haven't heard of what this thing is uh 
  the verifiable credential API um is a way of like managing the 
  movement of verifiable credentials around the web and the 
  internet um so uh it does life cycle management what we call life 
  cycle management which is uh you know how do you do issuance how 
  do you move a credential from the issuer to the digital wallet uh 
  the holder uh how do you move it from the holder to the verifier 
  how do you present stuff how do you modify status on a credential 
  that's been issued um so the verifiable credential API uh does 
  those things um it is an http-based API uh it also has a a query 
  language uh called verifiable presentation request um as a part 
  of it um and today it supports um of uh.
Manu Sporny:  Is over like open up.
Manu Sporny:  Id4 so a lot of people seem to think that oid 4 is 
  completely competitive with the VC API um even though that's not 
  the case you can actually run oid for over the VC API um uh the 
  VC API also does have its own workflows and exchanges uh you know 
  presentations mechanism um so the VC API is used to do a lot of 
  like back office management of credentials um in the reason we do 
  that um is to make sure that um people don't get locked into 
  vendors like customers don't get locked into vendors there's no 
  open API for doing life cycle management.
Manu Sporny:   Um and it.
Manu Sporny:  Can also do.
Manu Sporny:  Do kind of.
Manu Sporny:  From the front.
Manu Sporny:  And credential uh delivery stuff.
Manu Sporny:  Um we've got 11 Implement of the API today.
Manu Sporny:  That's more than enough to take it through the 
  standardization process uh but they're varying levels of interop 
  right so like issue and verify those are pretty solid uh you know 
  status changing those those are pretty solid in there um uh but 
  some of the more complex workflow stuff um they're less 
  implementers of those but well beyond uh to at this point um we 
  use the VC API extensively in the verifiable credential working 
  group for all the test Suites uh there's also a can I vc.com 
  website that shows you how each implementer is doing all of those 
  implementers implement the VC API um and of course their 
  production deployments of this today so true age which launched 
  last year 18 months ago uses the VC API to move all the 
  verifiable credentials around the ecosystem um in the open cred 
  platform uh deployed by California DMV in production uh also uses 
  the verifiable credential API uh both to Rono id4 as well.
Manu Sporny:   As well as.
Manu Sporny:  Do some uh back-end uh uh management uh of the 
  credentials that it's uh that they're issuing um we have a uh a 
  GitHub repo it's got issues in it the working group meets or 
  sorry the the community group meets um every week uh and we have 
  been regularly processing issues to the point that we're out of 
  issues um we have resolutions on the issues but um uh PRS like 
  pull requests on updating the specification.
Manu Sporny:  Are lagging because many of us are just so busy 
  with the verifiable credential to our work once that work is a 
  little further along we expect VC API to catch up and uh get all 
  those uh backlog of uh PRS uh done um we are well enough along 
  now where we have enough like production experience both running 
  oid 4 over the VC API and using the VC API to like manage 
  production deployments where we feel pretty pretty uh uh uh 
  comfortable with proposing it to go on the standards track soon 
  um once it goes on standards track we expect it to move pretty 
  quickly only because we have like 11 Implement already like 
  normally you have to you have zero when you start but we've got 
  test Suites we've got implementations you know the thing has been 
  used for you know 2 to 3 years at this point um and so the plan 
  is to take it uh standards track.
Manu Sporny:   Later this year.
Manu Sporny:  And that's it.
Manu Sporny:  The update there we we meet every uh every Tuesday 
  at 3 pm Eastern we're meeting again uh this week um.
Manu Sporny:   And that's.
Harrison_Tang: Thank you Patrick I think I have a question.
Patrick St-Louis:  Yeah well I just wanted to add uh something to 
  this um what I'm personally very interested to get feedback from 
  people and it's something that I'm um sort of exploring at the 
  moment is the whole process of verifying a credential uh 
  especially when a credential has many features included you know 
  features could be something like a status uh maybe terms of use 
  or any of the feature.
Patrick St-Louis:  These checking these features fit and the 
  process that we called verifying a credential because when 
  designing tests with this is something that can or.
Patrick St-Louis:  Can't be easy to test based on a verification 
  call and there's different opinions like the VC API is 1 way to 
  do these operations but the the verifiable credential data mod 
  model specification as a verification algorithm section which 
  outlines.
Patrick St-Louis:  Process that um implementers should go through 
  when they verify credential same thing for the data Integrity 
  specifications got its own verification algorithm bit string 
  status list so I'm interested in.
Patrick St-Louis:  No hearing from people's experience maybe if 
  they have solution out there how do they handle verifying 
  credentials um and uh checking all these features all together.
Patrick St-Louis:  So if if someone wants to discuss this I'd be 
  very interested to hear.
Harrison_Tang: Thank you thanks Patrick.
Harrison_Tang: Any other uh questions or comments.
Harrison_Tang: Any uh comments on Patrick's comment.
Harrison_Tang: All right we'll go to uh the next uh work item uh 
  the test Suite the VC test Suite so Benjamin do you mind 
  providing an update on that.
Benjamin Young:  Yeah happy to.
Benjamin Young:  Um hello everybody I'm Benjamin Yuen with 
  digital bizarre I've been working on the verifiable credentials 
  working group and ccg test Suites.
Benjamin Young:  For about the last year.
Benjamin Young:  And um as the working group nears the completion 
  of its work the specifications are becoming increasingly more 
  stable which makes uh finishing up the test suite's possibility.
Benjamin Young:  The vcd data model specification is you know the 
  Crown Jewel that specification is as monu mentioned earlier uh 
  pretty pretty nearly all done and uh so is the test Suite there's 
  a couple updates that have happened in the last couple weeks 
  mostly just language changes.
Benjamin Young:  Getting in um and then that 1 is already ready 
  for implementation but we'll have full coverage uh.
Benjamin Young:   Hopefully by.
Benjamin Young:  By the end of this.
Benjamin Young:  Um the rest of the most of the rest of the test 
  Suites from the working group are related to data integrity and 
  the related crypto Suites.
Benjamin Young:  Those build on some shared libraries to test the 
  core of the data Integrity uh proof mechanism and.
Benjamin Young:  Components of the Json LD there.
Benjamin Young:  And then each crypto Suite has its own um test 
  Suite.
Benjamin Young:  Where buy the the proofs themselves are tested 
  and things like that.
Benjamin Young:  Um all of these links are in this deck which I 
  think Harrison will share later.
Benjamin Young:  And in addition to those we also have the bit 
  string status list which became part of the raft of 
  specifications um brought over from the ccg just in the last few 
  months as previously known as status list 2020 and um since been 
  renamed so that test Suite is is 1 of the newer ones but it's um 
  it's well on its way.
Benjamin Young:  And then the remaining 2 on this list are the 
  Josie cozy test suite and the VC Json schema test Suite those are 
  spearheaded uh by Gabe from block and uh Gabe if Gabe is here is 
  welcome to say more I didn't have time to sync up to get more 
  details from Gabe.
Benjamin Young:  Right now you can click through to those test 
  Suites to see how those are going and those have their own 
  implementation uh configuration process.
Benjamin Young:  Um I'll go to the next slide and then I I do 
  have 1 sort of call to action at the end um this is the list of 
  implementers as of uh Monday that we have.
Benjamin Young:  Integrated with the test Suites um we we know of 
  others um that are working on it um but have yet to send us the 
  Json that connects their implementation with.
Benjamin Young:  Test Suite reporter.
Benjamin Young:  The um tests we reporter is Manu mentioned 
  actually Builds on BC API and is it's a basically a very minimal 
  version of that that just allows you to wire in your 
  implementation through an issuance request or a verify request or 
  whatever so you can um.
Benjamin Young:  There are some publicly available open source 
  minimal implementations of just the required endpoints for the 
  test Suites and then you can wire that into either your um public 
  or private implementation or your SDK or whatever uh so the 
  implementers you see here have all all done that.
Benjamin Young:  Um we have great coverage on the vcd and most of 
  the crypto Suites are are also well covered.
Benjamin Young:   1 Of the.
Benjamin Young:  Key things to know is that in the w3c 
  specification process um implementers per specification is great 
  but ultimately we're also watching for.
Benjamin Young:  All the musts and the specification to know that 
  each of those must have good coverage and I think with very very 
  few exceptions all the must statements are are well covered at 
  this point for the ones um at the top of the list you see bit 
  string because it's newer only has 2 and then um I was not able 
  to find any cozy cozy implementations uh.
Benjamin Young:  To the public reporter so if you have 1 of those 
  please reach out to Gabe um Gabe goes by decentralized Gabe on 
  IRC if you're on there and then the VC Json schema 1 also only 
  had 1 publicly listed implementer but again there's also a 
  continued drum beat of please bring your implementations um and 
  relatedly we've started running a test Suite office hours weekly 
  headed up to TPAC so if you are in the process of building out 
  your implementation it'd be great to have you pop into those 
  their weekly at um 10:00 am Eastern Time on Thursdays.
Benjamin Young:  If you come we'll help you get your um 
  implementation wired up or if you just have.
Benjamin Young:   Sort of.
Benjamin Young:  Or if you just want to say hi and let us know 
  that you're working on it and and would love help or camaraderie 
  that's what these office hours are for so uh we'd love to have 
  you join and if you have questions please reach out.
Harrison_Tang: Thank you Benjamin.
Harrison_Tang: Questions or comments in regards to the VC test 
  Suites.
Harrison_Tang: Yes I just uh thanks uh Benjamin for the reminder 
  I forgot to send the link uh to the presentation I'll do that 
  after the meeting.
Harrison_Tang: All right next uh we have content save the I 
  signature Suite so Andrea do you mind providing some updates 
  thank you.
Andrea_D'Intino_|_Forkbomb_BV: Absolutely uh thank you for being 
  here everybody uh there is no substantial update from the last 
  time that it showed is to some of you so I'll just recap uh the 
  current situation with the post-quantum signatures so just today 
  the.
Andrea_D'Intino_|_Forkbomb_BV: 2 or 32425 corresponding to uh 
  fips 203 is a key exchange mechanism.
Andrea_D'Intino_|_Forkbomb_BV: Which we previously discussed that 
  probably we can't see use in the digital identity in the Republic 
  credential world but 204 and 205 are 2 signatures 2 signature 
  schemes uh corresponding to the old the lithium as Sphinx from 
  the nist post Quantum cryptography competition where standardized 
  the I linked the.
Andrea_D'Intino_|_Forkbomb_BV: Well uh you shouldn't you 
  shouldn't clap your hands to me because we don't do much in uh in 
  that regards uh anyway I posted a link to the white house uh 
  report about post contract photography and it's it appears that 
  uh they are accelerating on um on the adoption of this and uh 
  well there there there is more that will be spent on postcard 
  cryptography.
Andrea_D'Intino_|_Forkbomb_BV: Uh we have started start working 
  group a couple of months ago we did we haven't done uh much since 
  then.
Andrea_D'Intino_|_Forkbomb_BV: From our side we were primarily 
  waiting for the algorithms to be standardized because it didn't 
  really make make much sense to work on the cryptography part 
  until that happened but that happened today so if if anyone is 
  interested in collaborating on that would be very happy to work 
  on that together so what we have so far is mlds 44.
Andrea_D'Intino_|_Forkbomb_BV: Uh which is the standardized 
  version of the lithium 2.
Andrea_D'Intino_|_Forkbomb_BV: In the standard diet we checked 
  the documents today of the so for the final the final version of 
  fips 204 and there seemed to be some minor differences with the 
  version that we implemented so we'll look at in the next days.
Andrea_D'Intino_|_Forkbomb_BV: Uh then also in line with that uh 
  a while ago we implemented the.
Andrea_D'Intino_|_Forkbomb_BV: Post-quantum public keys in our 
  method uh we have uh put together prototype of W3 CVC issuer.
Andrea_D'Intino_|_Forkbomb_BV: Um we we also trying to put 
  together some microservices to to run that for that other people 
  can try then uh easily.
Andrea_D'Intino_|_Forkbomb_BV: Parts that we're missing for sure 
  because I'm I'm aware of those are the multi support so we don't 
  yet encode public Keys uh in a way that uh.
Andrea_D'Intino_|_Forkbomb_BV: Uh well in the in the way that is 
  indicated in document uh we haven't done any work on that 
  integrity at all.
Andrea_D'Intino_|_Forkbomb_BV: I think that those are missing 
  from the testing Suites as well.
Andrea_D'Intino_|_Forkbomb_BV: So yes so long story short not 
  much moved from last time we spoke but it could be a good moment 
  to restart the conversation.
Andrea_D'Intino_|_Forkbomb_BV:  if there is any.
Andrea_D'Intino_|_Forkbomb_BV: Uh will I'm sorry but your your 
  voice came through a bit jumpy is then anybody that could.
Andrea_D'Intino_|_Forkbomb_BV: Yes it is.
Manu Sporny:  Yeah this is a a great uh thank you Andrea um we 
  continue digital bizarre continues to be very supportive of this 
  work um we definitely want to be another implementer uh of the 
  specification uh we are just underwater with all the vc20 stuff 
  in the test Suites and the.
Manu Sporny:  Um and just getting those specifications out the 
  door um but we you know it's great news today that um you know 
  the the ml uh uh DSA algorithms have been standardized by nist 
  that will give us a very firm um Foundation to build off of um so 
  yes we're definitely interested I can't I still can't you know 
  commit to a timeline but um we definitely want to see this work 
  uh progress that's it.
Andrea_D'Intino_|_Forkbomb_BV: Thank you so uh to-do list for me 
  I'm gonna turn this missing points into issues uh the multi 
  supports I guess that's something we can solve ourselves 
  implementing it in our virtual machine uh that Integrity uh I'll 
  need some help and API testing Suite as well.
Harrison_Tang: Any other questions uh for India.
Harrison_Tang: All right thanks a lot um next Patrick please.
Patrick St-Louis:  Yeah I have a question if you could just go 
  back to the previous slides so it mentioned that there's a 
  prototype of WGC VC issuer um sorry is there like a playground or 
  somewhere we can uh.
Patrick St-Louis:   Have this.
Patrick St-Louis:  We need to to run at the moment.
Andrea_D'Intino_|_Forkbomb_BV: Uh you're asking if we have a rest 
  API hosted.
Patrick St-Louis:  So something like that yeah.
Andrea_D'Intino_|_Forkbomb_BV: We actually do.
Andrea_D'Intino_|_Forkbomb_BV: We actually do um I'll I'll post 
  I'll post something in the in the chat here.
Andrea_D'Intino_|_Forkbomb_BV: But you you you're most welcome to 
  reach out to me if.
Andrea_D'Intino_|_Forkbomb_BV: Want to have a look at that deep 
  look at that.
Patrick St-Louis:  That sounds good I'm interested thank you.
Harrison_Tang: Any other questions in regards to content safe EI 
  signature Suite.
Harrison_Tang: All right next uh anyone uh can provide an update 
  on VCU otherwise we can skip this and I'll try to we will we will 
  try to uh connect with the VCU folks uh to provide us.
Harrison_Tang: Work items uh in the next few weeks.
Harrison_Tang: But anyone can speak to this right now.
Harrison_Tang: Sounds good thanks well.
Harrison_Tang: All right next VC traceability anybody can speak 
  to this or we can skip this right now.
Patrick St-Louis:  I I've been attending these calls for a while 
  I'm currently warning on on behalf of government of BC to do some 
  work with the energies and Minds uh supply chain work and we were 
  looking at the traceability specification.
Patrick St-Louis:  Uh I believe their current state so they are 
  realigning with the uh latest.
Patrick St-Louis:   Set of.
Patrick St-Louis:  Technical recommendations from the DHS which 
  is to use the verifiable credential data model 2.0 bitstring 
  status list.
Patrick St-Louis:  Uh the latest work item that was worked on was 
  to well realign the the sort of test Suites that they have so 
  they have tests with based on.
Patrick St-Louis:  Uh Postman so they have a few collections 
  which were running really well uh so it's just about um.
Patrick St-Louis:  Making them up to date with the latest set of 
  recommendations.
Patrick St-Louis:  And so that's pretty much how how I could 
  contribute to say on there.
<andrea_d'intino_|_forkbomb_bv> Patrick_ST:
Harrison_Tang: You actually that's a great great update thanks a 
  lot.
Harrison_Tang: All right next uh VC render method.
Manu Sporny:  I can do this 1 um so we've had a number of I think 
  presentations over the past um.
Manu Sporny:  A couple of uh weeks to months on uh different 
  render methods so government of Singapore has this really uh neat 
  render method uh we call the open out of station uh render method 
  um uh we also have uh render method examples now finally built 
  into the VC playground so if you go to the VC playground today um 
  a number of the cards come with um a render method so what our 
  render methods it's basically a way for the issuer to in the 
  credential itself so when they issue a verifiable credential they 
  can say this is exactly how I want this credential to be rendered 
  now the wallet can ignore them and the wallet can provide a bunch 
  of other different ways to render the credential but at least the 
  issue gets to say like if you if you if you put this on the 
  screen this is 1 of the things I would like the um the individual 
  to see um the other important part about that is that that like 
  how it shows up.
Manu Sporny:   How it's.
Manu Sporny:  Displayed is included in the digital signature so 
  the digital signature protects it so you know that you know when 
  it's rendered this is exactly how the issuer wanted it to be seen 
  um uh Harrison I don't know if it's possible to go full screen on 
  this or not but um I wanted to try to get into um 1 of the uh 
  some of the there we go great thank you um so you know as you can 
  see each 1 of these is a is a scalable vector graphics file like 
  you could blow this up to like a giant 4 foot size you know 
  driver's license or certificate of naturalization uh or first 
  responder credential um the data that you see on the card is 
  taken directly from the digitally signed data um in the 
  verifiable credential um and as you can see there are all kinds 
  of different like shapes and sizes that you can make these things 
  if you wanted a a circular credential you can do that if you want 
  you know a really long 1 uh you can do that.
Manu Sporny:  Uh in in.
Manu Sporny:  Um anyway they're like they look really nice uh uh 
  mad props Benjamin who did a lot of the graphics work uh for this 
  stuff along with the rest of the team um.
Manu Sporny:  James and um uh Tyler and and and the others for 
  kind of integrating this into the digital Wallet work and the and 
  the playground um we do have multiple implementations of this 
  stuff there's not really a whole lot of interoperability yet 
  we're still kind of experimenting like SVG has its limits and so 
  we're also looking at PDF and we're also looking at other Tech 
  space template formats we're probably going to change um we 
  probably going to generalize the mechanisms so that it is not 
  specific to SVG or PDF to just make it so that any text based 
  visual template would work um uh as I mentioned we do have this 
  stuff deployed to the playground so you can play around with this 
  today like if you can go get like a a free demo there so wallet 
  and then go to the playground and pick these things up and then 
  once the credentials are in your wallet you can like look at them 
  zoom into them make them like gigantic and full screen view them 
  on your mobile phone view them on your tablet desktop.
Manu Sporny:   You know it works.
Manu Sporny:  Form factors um we think we could probably get this 
  stuff on the standards track in 6 to 12 months we're not really 
  rushing it all that much um it is something that a lot of people 
  are interested in uh but we want to make sure that we you know 
  get it right so there's not a super big rush to push it uh to 
  standards track uh just yet.
Manu Sporny:  That's it for render method.
Patrick St-Louis:  Yeah um I just wanted to also put on the radar 
  another vendor method that uh I'm working on with some other 
  folks there was also the the the Swiss government that was 
  interested in that and is overly capture architecture render 
  methods or overly capture architecture is uh mechanism to provide 
  these overly bundles that carry information about the credential 
  um we're currently looking to implement this in bcgov for many 
  use case um it's not I wouldn't say it's a render method per se 
  but it will had a lot of information that rendering software 
  could then use so if you want to if you have a web interface that 
  want to display the verifiable credential with overlay capture 
  architecture you can provide a lot of different overly bundles 
  for um internationalization um adding description labels.
Patrick St-Louis:  And so on in a way that's cryptographically 
  safe and another very interesting byproduct that we found for 
  this currently is to provide mappings uh based on Json path so 
  you can provide mappings um if you have a system uh not already 
  existing system and you want to implement verifiable credential 
  uh it could provide you a path to map fields and verifiable 
  credential that your system requires for indexing or searching 
  verifiable credentials so that's uh a very nice feature that we 
  found um that we are using right now.
Patrick St-Louis:  Um and yeah so overlay capture bundle is 
  something else I Look to bring to the VC render method 
  eventually.
Harrison_Tang: Sounds good thank you.
Patrick St-Louis:  Sorry I missed my.
Harrison_Tang: Next we have verifiable credential barcodes so uh 
  I think we already have a presentation uh last week but any other 
  updates in regards to the VC power codes.
Sam Smith:  Uh yeah would you like me to still give a quick 
  overview today obviously I won't go into depth since we just have 
  the presentation or nothing sure okay yeah so verifiable 
  credential barcodes um this is an effort that is a neat 
  application of the kind of Base VC technology and that is using 
  VCS to cryptographically secure physical credentials uh things 
  like driver's licenses or employment authorization documents.
Sam Smith:   We do.
Sam Smith:  Coding VCS into a barcode that gets printed on the 
  document.
Sam Smith:  Such as a pea 417 which is the barcode you see on the 
  back of the driver's license or a QR code on the front of the 
  employment authorization document.
Sam Smith:  And what these uh what these VCS do is they digitally 
  sign not only over the VCS themselves but they also digitally 
  sign over the other machine readable data that's on the card so 
  you get cryptographic security for both your VC and the data 
  that's already on the card to make it tamper resistant uh so 
  there are multiple implementations of the verifiable credential 
  barcode spec in progress and that spec now contains test vectors 
  with step-by-step instructions for how to implement.
Sam Smith:  Uh so we encourage if you're somebody that's 
  interested in this technology please take a look at those test 
  vectors and maybe um get an implementation going there are 
  production deployments for the VCB work in progress with 
  California DMV and Department of Homeland Security uh and the 
  plan is that we propose this tech for standards track soon.
Harrison_Tang: Thank you that's that's great great summary.
Harrison_Tang:  so I'm.
Harrison_Tang: Hurry up a little bit because I want to leave the 
  last 10 minutes for Kim's uh presentation on the dif and ccg so 
  uh I'll go over to the next topic.
Harrison_Tang: Yeah I have what issues and verifiers uh anyone 
  have any updates on this particular work item.
Harrison_Tang: Lastly did link resources uh we have a session 
  next week uh to go in depth on this particular work item but uh 
  anyone want to provide an overview in regards to the did link 
  resources.
Harrison_Tang: All right so we'll go over this uh.
Harrison_Tang:  in more.
Harrison_Tang: More details next week.
Harrison_Tang: So any questions on the work items before we get 
  to the the if updates from Kim.
Harrison_Tang: All right Ken uh the floor is yours do you want me 
  to share your presentation or you can share.
Geun-Hyung Kim:  Uh I can share it thank you.
Geun-Hyung Kim:  Let me figure this out okay looks like.
Geun-Hyung Kim:  I'm here I see it okay thank you um I'll try to 
  keep this under time for uh Q&A at the very end um just contacts 
  at the beginning 1 thing we've clarified in 2024 is this life 
  cycle so for a long time we've been incubating standards and we 
  work with other orgs to promote or graduate out draft 
  specifications reports Etc to other orgs um we don't have to 
  graduate out uh standards can continue to live and if but the 
  third leg of this that we're focusing on a lot is this apply and 
  grow now this has been happening in different for a while but 
  we're making it more of a first class citizen so um part of this 
  is clarifying how decentralized identity standards and Tech can 
  be used in production for real world use cases and a lot of these 
  discussions have been happening through our special interest 
  groups like travel and hospitality.
Geun-Hyung Kim:  And Regional um uh sigs.
Geun-Hyung Kim:  Um the other aspect that we're clarifying this 
  year is that we don't necessarily have to pull from standards 
  that exist in just in div we um you know can when people are 
  Building Solutions They Don't Really Care where the standard 
  lives they just want to find the best standard combine everything 
  together and make it work so some most of our upcoming efforts 
  are really focus on demonstrating that you can use a diff 
  standard like a identity Hub with a w3c standard Etc and so 
  you'll see that theme throughout.
Geun-Hyung Kim:  Quick updates that we've grouped into sort of 
  our diff themes community and Outreach is 1 we've been rolling 
  out things to lemari dip coffee breaks so that's a casual uh 
  method that we use to describe what's happening at diff or from 
  our members on Twitter or X and so you can follow our handle to 
  see updates about that we're um a little bit on hold with that 
  because we have a lot of other efforts coming on but um we should 
  be resuming that soon um D hack along so we have our first 1 
  happening now and it's actually Spanish language hackathon hack 
  along which were extremely excited about uh you can find the link 
  here we had our first session there's 5 sessions total um and 
  we're co-hosting these with the div member extre.
Geun-Hyung Kim:  It's a good way to learn the basics of SSI in 
  Spanish language so um we're really hoping to expand inclusivity 
  and access to everyone the languages that they're comfortable 
  with so we have a lot of plans like this in the future um China 
  Sig is operating in in Chinese is is it probably should be and um 
  you know so we're expanding out more multi-language efforts.
Geun-Hyung Kim:  At very soon we had our first uh diff hosted 
  hackathon last year and so we're continuing that it will be an 
  October there's a little more details coming on that.
Geun-Hyung Kim:  Um advocacy so we have been working to advocate 
  for use of decentralized identifiers in um regulatory Frameworks 
  including the EU digital wallet and we've also been working with 
  other orgs including the ccg and did working group on an effort 
  to promote did methods standardization you'll be hearing a lot 
  more about that coming up soon.
Geun-Hyung Kim:  Theme of what we call diff for Developers.
Geun-Hyung Kim:  We're continuing to roll out and host 
  educational and informational infrastructure so not for 
  production use but Universal resolver is something that we've 
  hosted for a while thanks to Daniel Tech it is a way of resolving 
  did methods acids across data methods so you can experiment with 
  that I didn't include the link it's uni resolver.io and in July 
  we just announced this uh hosted dwn.
Geun-Hyung Kim:  Community service you can look at this link for 
  how to use it and interact with it we have a little sample here 
  but that was a result of Google Cloud if and TBD partnering to 
  offer this.
Geun-Hyung Kim:  Coming soon we have diff Labs that is focused on 
  end user applications protocols and demonstrations you'll be 
  hearing a lot more about that um it'll be time with the 
  hackathon.
Geun-Hyung Kim:  Uh quick survey of the working group sort of the 
  core work so we are relaunching the Apex through uh excitement 
  that came out of some um Africa decentralized identity efforts so 
  this existed before but there's Renewed Energy for it um so it's 
  coming off of hold and relaunching we have a credential scheme as 
  work item that is part of the claims and credentials W uh working 
  group and that's focused on reusable kyc age verification proof 
  of humanity and a a range of other efforts um this 1's very 
  exciting getting a lot of attention it was mentioned in the 
  recent Gartner report covering decentralized identity as 
  something that they're following so um that's a good opportunity 
  to get in on these very interesting use cases uh proof of 
  humanity you'll be hearing a lot more about in the coming weeks 
  so stay tuned on that um did traits.
Geun-Hyung Kim:  As of this morning so that will be part of the 
  ID Discovery group you can think of it as a related to did rubric 
  in um will actually that's worth a whole additional session from 
  um um from the uh ID Discovery group who's behind that so uh but 
  you can read more about that through uh the the identity 
  Discovery group.
Geun-Hyung Kim:  Very exciting and relevant um where we will be 
  launching with the ccg a did method um working group soon so that 
  comes out of this letter of intent that was uh recently released 
  so a lot more details coming up on that um I'm going to shut it 
  down in just a second so uh um recently promoted specs credential 
  trust establishment and linked VP.
Geun-Hyung Kim:  Lastly um we have a our hackathons coming up 
  we're looking for uh almost at the limit but we're still 
  accepting sponsorships and if you would like to participate on it 
  um announcements will be coming out soon the major tracks will be 
  education which is actually education and Workforce and um this 
  1's really exciting for this group touching on VC for edu we're 
  working closely with the folks in VC edu to make sure that it 
  builds off of the jmf plug Fest work so it's a good way to extend 
  the great work done there and also allow participants to like get 
  involved very quickly in reuse that infrastructure that was built 
  there so that's a great example of diff embracing standards from 
  a broad range of organizations travel hospitality and reasonable 
  identity of course are important efforts in our um sigs and and 
  working groups and to learn more here's our web.
Geun-Hyung Kim:   Website or just read.
Geun-Hyung Kim:  Out anytime you know.
Geun-Hyung Kim:  In order to find.
Geun-Hyung Kim:  Uh any questions.
Manu Sporny:  Uh yeah can this is all awesome stuff um uh really 
  need to see like the the different work streams um for the 
  credential schemas thing are you thinking like or is that 
  basically like um like you know we've got like a citizenship 
  vocabulary that we're working on in ccg um there's a driver's 
  license 1 as well are you thinking it's it's like work that's 
  kind of a similar to that I mean it it'd be great if that it 
  would be great if if that's the case because you know we are 
  spending a lot of time on kind of the fundamental technology and 
  not necessarily as much on the application layer space like the 
  business you know level um what what are your thoughts there what 
  are you what's what's kind of the goal for those um items.
Geun-Hyung Kim:  That's a great call out so in in this working 
  group most of the early effort is getting a very crisp use case 
  so a lot of this comes from my experience trying to you know sort 
  of deploy Solutions around reusable kyc reusable identity it's 
  very important to get the semantics right and to get the business 
  you know get all of the stakeholders compliance official or 
  experts all of this in the room and so what we're focusing on in 
  the early stages is exactly what do we mean by you know like what 
  use cases will these schemas fit in and so expect to see a lot of 
  documentation around um how each of these schemas it's used which 
  which um use cases is appropriate so proof of humanity for 
  example not.
Geun-Hyung Kim:  Not trivial like does it mean proof of unique 
  personhood you know what does it mean what are its use cases.
Geun-Hyung Kim:  So so yes a lot of the work happening in ccg 
  seems to be coming out more the group of participants have come 
  to consensus in some manner about how they're using it um so it's 
  it's really great to get everything um you know like to bootstrap 
  people who know exactly what they're doing or the use cases quite 
  crisp so I think a lot of what we're doing is the stuff leading 
  up to it and so I see a lot of intersection in terms of when we 
  actually know what we're talking about right so the the mented uh 
  taxonomies and um schemas and all of that and that will be really 
  exciting use case to or example to figure out like how we improve 
  the discoverability um discoverability is a huge problem for 
  people who are getting started in decentralized identity uh do 
  you have to just create your own schema so that's something I'd 
  love to work closely with ccg on as we.
Geun-Hyung Kim:  Mature our work.
Harrison_Tang: Any other questions okay.
Harrison_Tang: Bye wait can I I will probably want to reach out 
  to you later to uh find out who can actually present about proof 
  of humanity and some of these works like the ID traits at the ccg 
  because I'm very curious to learn more.
Geun-Hyung Kim:  Fantastic yes uh I will we'll we'll get in touch 
  right after this.
Andrea_D'Intino_|_Forkbomb_BV: Uh I might be slightly off topic 
  but uh we're interested in uh building a kyc capabilities into 
  our identity solution.
Andrea_D'Intino_|_Forkbomb_BV: So anybody that has a is working 
  on that has good hints would be very happy to hear.
Harrison_Tang: I'm just curious when you say kyc capabilities uh 
  what are you referring to are you referring to using third-party 
  verification data or are you oh got it okay.
Andrea_D'Intino_|_Forkbomb_BV: No no verification data uh uh I'm 
  referring to a mobile app.
Andrea_D'Intino_|_Forkbomb_BV: Uh I'm thinking about uh 
  Biometrics and document OCR.
Harrison_Tang: Ah got it are you looking for.
Andrea_D'Intino_|_Forkbomb_BV: Am I am I am I a topic completely.
Harrison_Tang: No no it's fine I think this is a open discussion 
  so are you looking for a vendor or are you looking to because if 
  you're looking for a vendor on Biometrics and OCR I can refer you 
  and connect you with those vendors.
Andrea_D'Intino_|_Forkbomb_BV: Would have been nice yes.
<tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> "KYC" 
  expansion? Acronyms are the devil!
Harrison_Tang: Okay all right I I will put that in my calendar I 
  will I will try to connect you with the vendors like this week or 
  next week.
Andrea_D'Intino_|_Forkbomb_BV: And this came to mind because I 
  read a reusable kyc.
Andrea_D'Intino_|_Forkbomb_BV: On the PowerPoint on the 
  presentation here so.
Harrison_Tang: Got it yeah I know I know those folks quite well 
  so I will I will uh make some introductions uh.
Andrea_D'Intino_|_Forkbomb_BV: Sounds good thank you.
Harrison_Tang: Uh we are at time but any last thoughts or 
  comments or.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Just a quick 
  1 KY is a 3-letter acronym and could mean many things we should 
  avoid those.
<kerri_lemoie> Excellent work all. Thank you for the updates.
Harrison_Tang: Got it yeah it's a it's a know your customer right 
  know your customer compliance it's a 1 of the part of the 
  financial crime compliance uh uh especially uh I think it started 
  from the bank secrecy act uh in United States back in the early 
  2000s.
<kim_duffy> Thank you all!
Harrison_Tang: All right so we're at time uh just want to give a 
  quick shout out again for will for organizing all this and 
  putting this together and then want to give a big thanks to Kim 
  Manu Andrea uh Benjamin Patrick for actually giving us a updates 
  on all these work items uh we will try to do not try to we'll 
  commit to do this every quarter so the next 1 is scheduled to be 
  uh the end of October the beginning of November all right.
Harrison_Tang: Thank you thanks a lot have a good 1 bye.

Received on Wednesday, 14 August 2024 15:27:04 UTC