[MINUTES] W3C CCG Credentials CG Call - 2024-08-13 from CCG Minutes Bot on 2024-08-14 (public-credentials@w3.org from August 2024)

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Wed, 14 Aug 2024 15:26:56 +0000
To: public-credentials@w3.org
Message-ID: <a6fa0297-d0bc-c83f-c142-4bf344b13166@w3c-ccg.org>

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2024-08-13/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2024-08-13/audio.ogg

A video recording is also available at:

https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-08-13.mp4

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2024-08-13

Agenda:
https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Aug&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
Harrison Tang, Kimberly Linson, Will Abramson
Scribe:
Our Robot Overlords
Present:
Harrison Tang, Greg Bernstein, Benjamin Young, Manu Sporny,
TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Kimberly
Linson, Sam Smith, Kerri Lemoie, Vanessa, Nis Jespersen ,
Geun-Hyung Kim, Patrick St-Louis, Simone Onofri (W3C), Gregory
Natran, Mahesh Balan - pocketcred.com, Kaliya Young, Andrea
D'Intino | Forkbomb BV, Erica Connell, Hiroyuki Sano, Japan, Leo,
PL/T3, Mahesh Balan - pocketcred com, Will Abramson, Tim Bouma,
Joe Andrieu, James Chartrand, Kayode Ezike, Stephan Baur, Chandi

<kerri_lemoie> Hello all
Our Robot Overlords are scribing.
Harrison_Tang: All right so welcome everyone to this week's w3c
today we're going to hold uh open uh session uh for the work item
updates as well as open discussions and uh core 3 2024 review so
uh data will open up the floor for everyone to kind of uh speak
uh comment on what we're doing well uh room for improvements and
growth and things like that so that's the main agenda uh before
we.
Harrison_Tang: I just want to quickly do a a reminder on the code
of ethics and professional conduct I just want to make sure that
we continue to uh hold constructive and respectful conversations.
Harrison_Tang: Uh next a quick uh note on the intellectual
property anyone can participate in these calls however all
substantive contributions to any ccg work items must be member of
the ccg with 4 IP agreements signed.
Harrison_Tang: So if you have any questions in regards to uh the
agreements or the w3c account uh please just let any of the
cultures know.
Harrison_Tang: Uh next uh these uh meetings are automatically
recorded and transcribed as people can tell um and uh we will try
to record uh we'll try to publish uh the recordings and the
transcriptions and the video recordings uh in the next uh 1 or 2
days.
Harrison_Tang: We use a DC chat to kill the speakers during the
call uh as well as to take minutes so you can type in Q Plus to
add yourself to the queue or cue minus to remove.
Harrison_Tang: And type in a queue question mark uh to see uh who
is in the queue.
Harrison_Tang: Alright so next uh.
Harrison_Tang: Let's take a quick moment uh for the introductions
and reintroduction so if you're new to the community or you
haven't been active and want to re-engage uh please feel free to
uh you'll need to do a Q Plus thing just.
Harrison_Tang: And introduce yourself.
Harrison_Tang: I think it's mostly familiar faces um.
Harrison_Tang: Uh Amy announcements and reminders.
<simone__onofri_(w3c)> Identity Report
https://www.w3.org/reports/identity-web-impact/
<simone__onofri_(w3c)> FedID Recharter
https://lists.w3.org/Archives/Public/public-new-work/2024Aug/0003.html
<simone__onofri_(w3c)> EU Digital Wallet Feedback
https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives_en?text=European%20Digital%20Identity%20Wallets
Harrison_Tang: Thanks a lot by the way uh just a quick aside like
can you speak a little bit more into the Federated identity
working group proposal like uh it sounds quite relevant and so
what what is that working group supposed to work on.
Harrison_Tang: Sounds good thank you thanks for the clarification
I'll probably want to reach out to you and invite some of those
experts to uh present here at w3c at some point so thanks a lot.
Harrison_Tang: All right Clea.
Kaliya Young: Um hey um I just wanted to share um we have
Internet identity Workshop coming up in October October 29 to 31
bring your best Halloween costumes uh.
Kaliya Young: The last day.
Kaliya Young: It's in Mountain View California.
Kaliya Young: Billie bird pricing is up until I believe the
29th.
Kaliya Young: We're also really committed to accessibility so if
you want to be there um and can't afford tickets please reach out
and we'll work with you.
Kaliya Young: Uh the did unconference Africa is happening in
South Africa.
Kaliya Young: In september september it's primarily going to be
just 2 days of open space the 26th and 27th with like a reception
on the 25th.
Kaliya Young: So if you are.
Kaliya Young: Working with folks in southern Africa and
countries in any way related to this technology please let them
know about the event and um encourage them to join us it's it's
going to be I think really good and.
Kaliya Young: Bonus on my way there I'm going to Taiwan for 2
days so if anybody knows anyone in Taiwan in this space that I
should connect with uh.
Kaliya Young: Let me know I'll be there september 19th and 20th.
Kaliya Young: And that's all from me thank you.
Manu Sporny: Uh thanks Harrison um.
Kaliya Young: https://internetidentityworkshop.com/
Kaliya Young: https://didunconf.africa/
Manu Sporny: We are uh continuing our slow walk towards
verifiable credential 20 uh being done uh we're doing uh
basically the final editorial pass on the specification now um we
have been asked by a number of organizations if uh you know
they're they're planning on using verifiable credential 1 1 and
they're asking us if they should use 2 0 uh I think we're at a
point now where um anyone that is considering the use of 1 1st at
this point so we're gently nudging people to consider using
version 2 0 over version 1 1 um for pilot and production
deployment uh we are expecting it to be a global standard.
<kaliya_identity_woman> My e-mail. Will be in Taiwan September
19-20 and looking for people to meet/ things to do there related
to our community work. kaliya@identitywoman.net
Manu Sporny: The end of.
Manu Sporny: Uh get through the process and all that kind of
stuff um so just a heads up if you know of people like we had the
the government of Spain reach out and ask recently we've had a
number of uh European um countries uh uh reach out and ask um and
we're suggesting that everyone start the process of of upgrading
the 200 uh that's it.
Harrison_Tang: Thank you man.
Harrison_Tang: And now their announcements and reminders.
Andrea_D'Intino_|_Forkbomb_BV: Thank you good uh morning to all
of you in the US uh today uh nist finalized.
<manu_sporny> PQ-woo hoo!
Andrea_D'Intino_|_Forkbomb_BV: The standardization of the 3
alright selected to be post-quantum that corresponds to fips
2003204 205 it was published a few days ago following a report
from the White House about the path to uh towards post-quantum
cryptography.
Harrison_Tang: Thanks for the heads up and update.
Harrison_Tang: Right so 1 1 more thing uh so w3c has sent out the
community survey for 2024 I think this is the first time they
sent it out uh I actually uh.
<harrison_tang> W3C Groups Community Survey 2024
Harrison_Tang: Announcements uh to the public list but I'll uh
paste it here so you got time uh please uh take a few minutes uh
to to just provide some feedback to the w3c in regards to how we
can further uh.
Harrison_Tang: Grow and uh the engagement is in our communities.
Harrison_Tang: Right so last calls for introductions
reintroductions an announcements and reminders.
Harrison_Tang: Right so I will uh share the screen and we will
provide some will ask uh.
Harrison_Tang: Experts to provide uh updates uh to the different
work items of the ccg and then afterwards I will also uh invite
Kim to actually provide some updates in regards to the Tif
decentralized identity Foundation uh relevant to the w3c ccg
work.
Harrison_Tang: Give me a second.
Harrison_Tang: All right so.
Harrison_Tang: Well first of all I just want to uh give a quick
shout out to will uh he actually had the helped put together this
presentation so uh big thank you to Will.
Harrison_Tang: So just uh I was just quickly.
Harrison_Tang: Go down the list uh and then the invite the
different uh experts to different work items to kind of quickly
provide some updates and uh these are the different work items uh
relevant to the ccg so the VC API VC 2.0 Quantum safe di uh
signature Suite uh.
Harrison_Tang: we don't.
Harrison_Tang: Anyone to provide the update on the VCU but if
other people can speak to it that would be great or VC tribe but
we will later have updates on random methods barcodes uh I think
we have uh.
Harrison_Tang: Kind of a dedicated sessions.
Harrison_Tang: uh uh.
Harrison_Tang: Weeks already but we can quickly provide some
updates on that as well and lastly the did I think resources.
<will_abramson> Thanks, I am on the call and able to participate.
Fully networked now!
Harrison_Tang: All right so uh we have 5 more credentials API um.
Harrison_Tang: Money or someone can you provide an update on that
on this particular work item.
https://docs.google.com/presentation/d/1usTxVbq1LmtvVIP1ixK0FB9R4S1Fhq4kgpA0W25W4HQ/edit#slide=id.g27f9e3bc667_3_1
Manu Sporny: Yes I can do that um thanks Harrison uh so uh for
those of you that uh uh haven't heard of what this thing is uh
the verifiable credential API um is a way of like managing the
movement of verifiable credentials around the web and the
internet um so uh it does life cycle management what we call life
cycle management which is uh you know how do you do issuance how
do you move a credential from the issuer to the digital wallet uh
the holder uh how do you move it from the holder to the verifier
how do you present stuff how do you modify status on a credential
that's been issued um so the verifiable credential API uh does
those things um it is an http-based API uh it also has a a query
language uh called verifiable presentation request um as a part
of it um and today it supports um of uh.
Manu Sporny: Is over like open up.
Manu Sporny: Id4 so a lot of people seem to think that oid 4 is
completely competitive with the VC API um even though that's not
the case you can actually run oid for over the VC API um uh the
VC API also does have its own workflows and exchanges uh you know
presentations mechanism um so the VC API is used to do a lot of
like back office management of credentials um in the reason we do
that um is to make sure that um people don't get locked into
vendors like customers don't get locked into vendors there's no
open API for doing life cycle management.
Manu Sporny: Um and it.
Manu Sporny: Can also do.
Manu Sporny: Do kind of.
Manu Sporny: From the front.
Manu Sporny: And credential uh delivery stuff.
Manu Sporny: Um we've got 11 Implement of the API today.
Manu Sporny: That's more than enough to take it through the
standardization process uh but they're varying levels of interop
right so like issue and verify those are pretty solid uh you know
status changing those those are pretty solid in there um uh but
some of the more complex workflow stuff um they're less
implementers of those but well beyond uh to at this point um we
use the VC API extensively in the verifiable credential working
group for all the test Suites uh there's also a can I vc.com
website that shows you how each implementer is doing all of those
implementers implement the VC API um and of course their
production deployments of this today so true age which launched
last year 18 months ago uses the VC API to move all the
verifiable credentials around the ecosystem um in the open cred
platform uh deployed by California DMV in production uh also uses
the verifiable credential API uh both to Rono id4 as well.
Manu Sporny: As well as.
Manu Sporny: Do some uh back-end uh uh management uh of the
credentials that it's uh that they're issuing um we have a uh a
GitHub repo it's got issues in it the working group meets or
sorry the the community group meets um every week uh and we have
been regularly processing issues to the point that we're out of
issues um we have resolutions on the issues but um uh PRS like
pull requests on updating the specification.
Manu Sporny: Are lagging because many of us are just so busy
with the verifiable credential to our work once that work is a
little further along we expect VC API to catch up and uh get all
those uh backlog of uh PRS uh done um we are well enough along
now where we have enough like production experience both running
oid 4 over the VC API and using the VC API to like manage
production deployments where we feel pretty pretty uh uh uh
comfortable with proposing it to go on the standards track soon
um once it goes on standards track we expect it to move pretty
quickly only because we have like 11 Implement already like
normally you have to you have zero when you start but we've got
test Suites we've got implementations you know the thing has been
used for you know 2 to 3 years at this point um and so the plan
is to take it uh standards track.
Manu Sporny: Later this year.
Manu Sporny: And that's it.
Manu Sporny: The update there we we meet every uh every Tuesday
at 3 pm Eastern we're meeting again uh this week um.
Manu Sporny: And that's.
Harrison_Tang: Thank you Patrick I think I have a question.
Patrick St-Louis: Yeah well I just wanted to add uh something to
this um what I'm personally very interested to get feedback from
people and it's something that I'm um sort of exploring at the
moment is the whole process of verifying a credential uh
especially when a credential has many features included you know
features could be something like a status uh maybe terms of use
or any of the feature.
Patrick St-Louis: These checking these features fit and the
process that we called verifying a credential because when
designing tests with this is something that can or.
Patrick St-Louis: Can't be easy to test based on a verification
call and there's different opinions like the VC API is 1 way to
do these operations but the the verifiable credential data mod
model specification as a verification algorithm section which
outlines.
Patrick St-Louis: Process that um implementers should go through
when they verify credential same thing for the data Integrity
specifications got its own verification algorithm bit string
status list so I'm interested in.
Patrick St-Louis: No hearing from people's experience maybe if
they have solution out there how do they handle verifying
credentials um and uh checking all these features all together.
Patrick St-Louis: So if if someone wants to discuss this I'd be
very interested to hear.
Harrison_Tang: Thank you thanks Patrick.
Harrison_Tang: Any other uh questions or comments.
Harrison_Tang: Any uh comments on Patrick's comment.
Harrison_Tang: All right we'll go to uh the next uh work item uh
the test Suite the VC test Suite so Benjamin do you mind
providing an update on that.
Benjamin Young: Yeah happy to.
Benjamin Young: Um hello everybody I'm Benjamin Yuen with
digital bizarre I've been working on the verifiable credentials
working group and ccg test Suites.
Benjamin Young: For about the last year.
Benjamin Young: And um as the working group nears the completion
of its work the specifications are becoming increasingly more
stable which makes uh finishing up the test suite's possibility.
Benjamin Young: The vcd data model specification is you know the
Crown Jewel that specification is as monu mentioned earlier uh
pretty pretty nearly all done and uh so is the test Suite there's
a couple updates that have happened in the last couple weeks
mostly just language changes.
Benjamin Young: Getting in um and then that 1 is already ready
for implementation but we'll have full coverage uh.
Benjamin Young: Hopefully by.
Benjamin Young: By the end of this.
Benjamin Young: Um the rest of the most of the rest of the test
Suites from the working group are related to data integrity and
the related crypto Suites.
Benjamin Young: Those build on some shared libraries to test the
core of the data Integrity uh proof mechanism and.
Benjamin Young: Components of the Json LD there.
Benjamin Young: And then each crypto Suite has its own um test
Suite.
Benjamin Young: Where buy the the proofs themselves are tested
and things like that.
Benjamin Young: Um all of these links are in this deck which I
think Harrison will share later.
Benjamin Young: And in addition to those we also have the bit
string status list which became part of the raft of
specifications um brought over from the ccg just in the last few
months as previously known as status list 2020 and um since been
renamed so that test Suite is is 1 of the newer ones but it's um
it's well on its way.
Benjamin Young: And then the remaining 2 on this list are the
Josie cozy test suite and the VC Json schema test Suite those are
spearheaded uh by Gabe from block and uh Gabe if Gabe is here is
welcome to say more I didn't have time to sync up to get more
details from Gabe.
Benjamin Young: Right now you can click through to those test
Suites to see how those are going and those have their own
implementation uh configuration process.
Benjamin Young: Um I'll go to the next slide and then I I do
have 1 sort of call to action at the end um this is the list of
implementers as of uh Monday that we have.
Benjamin Young: Integrated with the test Suites um we we know of
others um that are working on it um but have yet to send us the
Json that connects their implementation with.
Benjamin Young: Test Suite reporter.
Benjamin Young: The um tests we reporter is Manu mentioned
actually Builds on BC API and is it's a basically a very minimal
version of that that just allows you to wire in your
implementation through an issuance request or a verify request or
whatever so you can um.
Benjamin Young: There are some publicly available open source
minimal implementations of just the required endpoints for the
test Suites and then you can wire that into either your um public
or private implementation or your SDK or whatever uh so the
implementers you see here have all all done that.
Benjamin Young: Um we have great coverage on the vcd and most of
the crypto Suites are are also well covered.
Benjamin Young: 1 Of the.
Benjamin Young: Key things to know is that in the w3c
specification process um implementers per specification is great
but ultimately we're also watching for.
Benjamin Young: All the musts and the specification to know that
each of those must have good coverage and I think with very very
few exceptions all the must statements are are well covered at
this point for the ones um at the top of the list you see bit
string because it's newer only has 2 and then um I was not able
to find any cozy cozy implementations uh.
Benjamin Young: To the public reporter so if you have 1 of those
please reach out to Gabe um Gabe goes by decentralized Gabe on
IRC if you're on there and then the VC Json schema 1 also only
had 1 publicly listed implementer but again there's also a
continued drum beat of please bring your implementations um and
relatedly we've started running a test Suite office hours weekly
headed up to TPAC so if you are in the process of building out
your implementation it'd be great to have you pop into those
their weekly at um 10:00 am Eastern Time on Thursdays.
Benjamin Young: If you come we'll help you get your um
implementation wired up or if you just have.
Benjamin Young: Sort of.
Benjamin Young: Or if you just want to say hi and let us know
that you're working on it and and would love help or camaraderie
that's what these office hours are for so uh we'd love to have
you join and if you have questions please reach out.
Harrison_Tang: Thank you Benjamin.
Harrison_Tang: Questions or comments in regards to the VC test
Suites.
Harrison_Tang: Yes I just uh thanks uh Benjamin for the reminder
I forgot to send the link uh to the presentation I'll do that
after the meeting.
Harrison_Tang: All right next uh we have content save the I
signature Suite so Andrea do you mind providing some updates
thank you.
Andrea_D'Intino_|_Forkbomb_BV: Absolutely uh thank you for being
here everybody uh there is no substantial update from the last
time that it showed is to some of you so I'll just recap uh the
current situation with the post-quantum signatures so just today
the.
Andrea_D'Intino_|_Forkbomb_BV: 2 or 32425 corresponding to uh
fips 203 is a key exchange mechanism.
Andrea_D'Intino_|_Forkbomb_BV: Which we previously discussed that
probably we can't see use in the digital identity in the Republic
credential world but 204 and 205 are 2 signatures 2 signature
schemes uh corresponding to the old the lithium as Sphinx from
the nist post Quantum cryptography competition where standardized
the I linked the.
Andrea_D'Intino_|_Forkbomb_BV: Well uh you shouldn't you
shouldn't clap your hands to me because we don't do much in uh in
that regards uh anyway I posted a link to the white house uh
report about post contract photography and it's it appears that
uh they are accelerating on um on the adoption of this and uh
well there there there is more that will be spent on postcard
cryptography.
Andrea_D'Intino_|_Forkbomb_BV: Uh we have started start working
group a couple of months ago we did we haven't done uh much since
then.
Andrea_D'Intino_|_Forkbomb_BV: From our side we were primarily
waiting for the algorithms to be standardized because it didn't
really make make much sense to work on the cryptography part
until that happened but that happened today so if if anyone is
interested in collaborating on that would be very happy to work
on that together so what we have so far is mlds 44.
Andrea_D'Intino_|_Forkbomb_BV: Uh which is the standardized
version of the lithium 2.
Andrea_D'Intino_|_Forkbomb_BV: In the standard diet we checked
the documents today of the so for the final the final version of
fips 204 and there seemed to be some minor differences with the
version that we implemented so we'll look at in the next days.
Andrea_D'Intino_|_Forkbomb_BV: Uh then also in line with that uh
a while ago we implemented the.
Andrea_D'Intino_|_Forkbomb_BV: Post-quantum public keys in our
method uh we have uh put together prototype of W3 CVC issuer.
Andrea_D'Intino_|_Forkbomb_BV: Um we we also trying to put
together some microservices to to run that for that other people
can try then uh easily.
Andrea_D'Intino_|_Forkbomb_BV: Parts that we're missing for sure
because I'm I'm aware of those are the multi support so we don't
yet encode public Keys uh in a way that uh.
Andrea_D'Intino_|_Forkbomb_BV: Uh well in the in the way that is
indicated in document uh we haven't done any work on that
integrity at all.
Andrea_D'Intino_|_Forkbomb_BV: I think that those are missing
from the testing Suites as well.
Andrea_D'Intino_|_Forkbomb_BV: So yes so long story short not
much moved from last time we spoke but it could be a good moment
to restart the conversation.
Andrea_D'Intino_|_Forkbomb_BV: if there is any.
Andrea_D'Intino_|_Forkbomb_BV: Uh will I'm sorry but your your
voice came through a bit jumpy is then anybody that could.
Andrea_D'Intino_|_Forkbomb_BV: Yes it is.
Manu Sporny: Yeah this is a a great uh thank you Andrea um we
continue digital bizarre continues to be very supportive of this
work um we definitely want to be another implementer uh of the
specification uh we are just underwater with all the vc20 stuff
in the test Suites and the.
Manu Sporny: Um and just getting those specifications out the
door um but we you know it's great news today that um you know
the the ml uh uh DSA algorithms have been standardized by nist
that will give us a very firm um Foundation to build off of um so
yes we're definitely interested I can't I still can't you know
commit to a timeline but um we definitely want to see this work
uh progress that's it.
Andrea_D'Intino_|_Forkbomb_BV: Thank you so uh to-do list for me
I'm gonna turn this missing points into issues uh the multi
supports I guess that's something we can solve ourselves
implementing it in our virtual machine uh that Integrity uh I'll
need some help and API testing Suite as well.
Harrison_Tang: Any other questions uh for India.
Harrison_Tang: All right thanks a lot um next Patrick please.
Patrick St-Louis: Yeah I have a question if you could just go
back to the previous slides so it mentioned that there's a
prototype of WGC VC issuer um sorry is there like a playground or
somewhere we can uh.
Patrick St-Louis: Have this.
Patrick St-Louis: We need to to run at the moment.
Andrea_D'Intino_|_Forkbomb_BV: Uh you're asking if we have a rest
API hosted.
Patrick St-Louis: So something like that yeah.
Andrea_D'Intino_|_Forkbomb_BV: We actually do.
Andrea_D'Intino_|_Forkbomb_BV: We actually do um I'll I'll post
I'll post something in the in the chat here.
Andrea_D'Intino_|_Forkbomb_BV: But you you you're most welcome to
reach out to me if.
Andrea_D'Intino_|_Forkbomb_BV: Want to have a look at that deep
look at that.
Patrick St-Louis: That sounds good I'm interested thank you.
Harrison_Tang: Any other questions in regards to content safe EI
signature Suite.
Harrison_Tang: All right next uh anyone uh can provide an update
on VCU otherwise we can skip this and I'll try to we will we will
try to uh connect with the VCU folks uh to provide us.
Harrison_Tang: Work items uh in the next few weeks.
Harrison_Tang: But anyone can speak to this right now.
Harrison_Tang: Sounds good thanks well.
Harrison_Tang: All right next VC traceability anybody can speak
to this or we can skip this right now.
Patrick St-Louis: I I've been attending these calls for a while
I'm currently warning on on behalf of government of BC to do some
work with the energies and Minds uh supply chain work and we were
looking at the traceability specification.
Patrick St-Louis: Uh I believe their current state so they are
realigning with the uh latest.
Patrick St-Louis: Set of.
Patrick St-Louis: Technical recommendations from the DHS which
is to use the verifiable credential data model 2.0 bitstring
status list.
Patrick St-Louis: Uh the latest work item that was worked on was
to well realign the the sort of test Suites that they have so
they have tests with based on.
Patrick St-Louis: Uh Postman so they have a few collections
which were running really well uh so it's just about um.
Patrick St-Louis: Making them up to date with the latest set of
recommendations.
Patrick St-Louis: And so that's pretty much how how I could
contribute to say on there.
<andrea_d'intino_|_forkbomb_bv> Patrick_ST:
Harrison_Tang: You actually that's a great great update thanks a
lot.
Harrison_Tang: All right next uh VC render method.
Manu Sporny: I can do this 1 um so we've had a number of I think
presentations over the past um.
Manu Sporny: A couple of uh weeks to months on uh different
render methods so government of Singapore has this really uh neat
render method uh we call the open out of station uh render method
um uh we also have uh render method examples now finally built
into the VC playground so if you go to the VC playground today um
a number of the cards come with um a render method so what our
render methods it's basically a way for the issuer to in the
credential itself so when they issue a verifiable credential they
can say this is exactly how I want this credential to be rendered
now the wallet can ignore them and the wallet can provide a bunch
of other different ways to render the credential but at least the
issue gets to say like if you if you if you put this on the
screen this is 1 of the things I would like the um the individual
to see um the other important part about that is that that like
how it shows up.
Manu Sporny: How it's.
Manu Sporny: Displayed is included in the digital signature so
the digital signature protects it so you know that you know when
it's rendered this is exactly how the issuer wanted it to be seen
um uh Harrison I don't know if it's possible to go full screen on
this or not but um I wanted to try to get into um 1 of the uh
some of the there we go great thank you um so you know as you can
see each 1 of these is a is a scalable vector graphics file like
you could blow this up to like a giant 4 foot size you know
driver's license or certificate of naturalization uh or first
responder credential um the data that you see on the card is
taken directly from the digitally signed data um in the
verifiable credential um and as you can see there are all kinds
of different like shapes and sizes that you can make these things
if you wanted a a circular credential you can do that if you want
you know a really long 1 uh you can do that.
Manu Sporny: Uh in in.
Manu Sporny: Um anyway they're like they look really nice uh uh
mad props Benjamin who did a lot of the graphics work uh for this
stuff along with the rest of the team um.
Manu Sporny: James and um uh Tyler and and and the others for
kind of integrating this into the digital Wallet work and the and
the playground um we do have multiple implementations of this
stuff there's not really a whole lot of interoperability yet
we're still kind of experimenting like SVG has its limits and so
we're also looking at PDF and we're also looking at other Tech
space template formats we're probably going to change um we
probably going to generalize the mechanisms so that it is not
specific to SVG or PDF to just make it so that any text based
visual template would work um uh as I mentioned we do have this
stuff deployed to the playground so you can play around with this
today like if you can go get like a a free demo there so wallet
and then go to the playground and pick these things up and then
once the credentials are in your wallet you can like look at them
zoom into them make them like gigantic and full screen view them
on your mobile phone view them on your tablet desktop.
Manu Sporny: You know it works.
Manu Sporny: Form factors um we think we could probably get this
stuff on the standards track in 6 to 12 months we're not really
rushing it all that much um it is something that a lot of people
are interested in uh but we want to make sure that we you know
get it right so there's not a super big rush to push it uh to
standards track uh just yet.
Manu Sporny: That's it for render method.
Patrick St-Louis: Yeah um I just wanted to also put on the radar
another vendor method that uh I'm working on with some other
folks there was also the the the Swiss government that was
interested in that and is overly capture architecture render
methods or overly capture architecture is uh mechanism to provide
these overly bundles that carry information about the credential
um we're currently looking to implement this in bcgov for many
use case um it's not I wouldn't say it's a render method per se
but it will had a lot of information that rendering software
could then use so if you want to if you have a web interface that
want to display the verifiable credential with overlay capture
architecture you can provide a lot of different overly bundles
for um internationalization um adding description labels.
Patrick St-Louis: And so on in a way that's cryptographically
safe and another very interesting byproduct that we found for
this currently is to provide mappings uh based on Json path so
you can provide mappings um if you have a system uh not already
existing system and you want to implement verifiable credential
uh it could provide you a path to map fields and verifiable
credential that your system requires for indexing or searching
verifiable credentials so that's uh a very nice feature that we
found um that we are using right now.
Patrick St-Louis: Um and yeah so overlay capture bundle is
something else I Look to bring to the VC render method
eventually.
Harrison_Tang: Sounds good thank you.
Patrick St-Louis: Sorry I missed my.
Harrison_Tang: Next we have verifiable credential barcodes so uh
I think we already have a presentation uh last week but any other
updates in regards to the VC power codes.
Sam Smith: Uh yeah would you like me to still give a quick
overview today obviously I won't go into depth since we just have
the presentation or nothing sure okay yeah so verifiable
credential barcodes um this is an effort that is a neat
application of the kind of Base VC technology and that is using
VCS to cryptographically secure physical credentials uh things
like driver's licenses or employment authorization documents.
Sam Smith: We do.
Sam Smith: Coding VCS into a barcode that gets printed on the
document.
Sam Smith: Such as a pea 417 which is the barcode you see on the
back of the driver's license or a QR code on the front of the
employment authorization document.
Sam Smith: And what these uh what these VCS do is they digitally
sign not only over the VCS themselves but they also digitally
sign over the other machine readable data that's on the card so
you get cryptographic security for both your VC and the data
that's already on the card to make it tamper resistant uh so
there are multiple implementations of the verifiable credential
barcode spec in progress and that spec now contains test vectors
with step-by-step instructions for how to implement.
Sam Smith: Uh so we encourage if you're somebody that's
interested in this technology please take a look at those test
vectors and maybe um get an implementation going there are
production deployments for the VCB work in progress with
California DMV and Department of Homeland Security uh and the
plan is that we propose this tech for standards track soon.
Harrison_Tang: Thank you that's that's great great summary.
Harrison_Tang: so I'm.
Harrison_Tang: Hurry up a little bit because I want to leave the
last 10 minutes for Kim's uh presentation on the dif and ccg so
uh I'll go over to the next topic.
Harrison_Tang: Yeah I have what issues and verifiers uh anyone
have any updates on this particular work item.
Harrison_Tang: Lastly did link resources uh we have a session
next week uh to go in depth on this particular work item but uh
anyone want to provide an overview in regards to the did link
resources.
Harrison_Tang: All right so we'll go over this uh.
Harrison_Tang: in more.
Harrison_Tang: More details next week.
Harrison_Tang: So any questions on the work items before we get
to the the if updates from Kim.
Harrison_Tang: All right Ken uh the floor is yours do you want me
to share your presentation or you can share.
Geun-Hyung Kim: Uh I can share it thank you.
Geun-Hyung Kim: Let me figure this out okay looks like.
Geun-Hyung Kim: I'm here I see it okay thank you um I'll try to
keep this under time for uh Q&A at the very end um just contacts
at the beginning 1 thing we've clarified in 2024 is this life
cycle so for a long time we've been incubating standards and we
work with other orgs to promote or graduate out draft
specifications reports Etc to other orgs um we don't have to
graduate out uh standards can continue to live and if but the
third leg of this that we're focusing on a lot is this apply and
grow now this has been happening in different for a while but
we're making it more of a first class citizen so um part of this
is clarifying how decentralized identity standards and Tech can
be used in production for real world use cases and a lot of these
discussions have been happening through our special interest
groups like travel and hospitality.
Geun-Hyung Kim: And Regional um uh sigs.
Geun-Hyung Kim: Um the other aspect that we're clarifying this
year is that we don't necessarily have to pull from standards
that exist in just in div we um you know can when people are
Building Solutions They Don't Really Care where the standard
lives they just want to find the best standard combine everything
together and make it work so some most of our upcoming efforts
are really focus on demonstrating that you can use a diff
standard like a identity Hub with a w3c standard Etc and so
you'll see that theme throughout.
Geun-Hyung Kim: Quick updates that we've grouped into sort of
our diff themes community and Outreach is 1 we've been rolling
out things to lemari dip coffee breaks so that's a casual uh
method that we use to describe what's happening at diff or from
our members on Twitter or X and so you can follow our handle to
see updates about that we're um a little bit on hold with that
because we have a lot of other efforts coming on but um we should
be resuming that soon um D hack along so we have our first 1
happening now and it's actually Spanish language hackathon hack
along which were extremely excited about uh you can find the link
here we had our first session there's 5 sessions total um and
we're co-hosting these with the div member extre.
Geun-Hyung Kim: It's a good way to learn the basics of SSI in
Spanish language so um we're really hoping to expand inclusivity
and access to everyone the languages that they're comfortable
with so we have a lot of plans like this in the future um China
Sig is operating in in Chinese is is it probably should be and um
you know so we're expanding out more multi-language efforts.
Geun-Hyung Kim: At very soon we had our first uh diff hosted
hackathon last year and so we're continuing that it will be an
October there's a little more details coming on that.
Geun-Hyung Kim: Um advocacy so we have been working to advocate
for use of decentralized identifiers in um regulatory Frameworks
including the EU digital wallet and we've also been working with
other orgs including the ccg and did working group on an effort
to promote did methods standardization you'll be hearing a lot
more about that coming up soon.
Geun-Hyung Kim: Theme of what we call diff for Developers.
Geun-Hyung Kim: We're continuing to roll out and host
educational and informational infrastructure so not for
production use but Universal resolver is something that we've
hosted for a while thanks to Daniel Tech it is a way of resolving
did methods acids across data methods so you can experiment with
that I didn't include the link it's uni resolver.io and in July
we just announced this uh hosted dwn.
Geun-Hyung Kim: Community service you can look at this link for
how to use it and interact with it we have a little sample here
but that was a result of Google Cloud if and TBD partnering to
offer this.
Geun-Hyung Kim: Coming soon we have diff Labs that is focused on
end user applications protocols and demonstrations you'll be
hearing a lot more about that um it'll be time with the
hackathon.
Geun-Hyung Kim: Uh quick survey of the working group sort of the
core work so we are relaunching the Apex through uh excitement
that came out of some um Africa decentralized identity efforts so
this existed before but there's Renewed Energy for it um so it's
coming off of hold and relaunching we have a credential scheme as
work item that is part of the claims and credentials W uh working
group and that's focused on reusable kyc age verification proof
of humanity and a a range of other efforts um this 1's very
exciting getting a lot of attention it was mentioned in the
recent Gartner report covering decentralized identity as
something that they're following so um that's a good opportunity
to get in on these very interesting use cases uh proof of
humanity you'll be hearing a lot more about in the coming weeks
so stay tuned on that um did traits.
Geun-Hyung Kim: As of this morning so that will be part of the
ID Discovery group you can think of it as a related to did rubric
in um will actually that's worth a whole additional session from
um um from the uh ID Discovery group who's behind that so uh but
you can read more about that through uh the the identity
Discovery group.
Geun-Hyung Kim: Very exciting and relevant um where we will be
launching with the ccg a did method um working group soon so that
comes out of this letter of intent that was uh recently released
so a lot more details coming up on that um I'm going to shut it
down in just a second so uh um recently promoted specs credential
trust establishment and linked VP.
Geun-Hyung Kim: Lastly um we have a our hackathons coming up
we're looking for uh almost at the limit but we're still
accepting sponsorships and if you would like to participate on it
um announcements will be coming out soon the major tracks will be
education which is actually education and Workforce and um this
1's really exciting for this group touching on VC for edu we're
working closely with the folks in VC edu to make sure that it
builds off of the jmf plug Fest work so it's a good way to extend
the great work done there and also allow participants to like get
involved very quickly in reuse that infrastructure that was built
there so that's a great example of diff embracing standards from
a broad range of organizations travel hospitality and reasonable
identity of course are important efforts in our um sigs and and
working groups and to learn more here's our web.
Geun-Hyung Kim: Website or just read.
Geun-Hyung Kim: Out anytime you know.
Geun-Hyung Kim: In order to find.
Geun-Hyung Kim: Uh any questions.
Manu Sporny: Uh yeah can this is all awesome stuff um uh really
need to see like the the different work streams um for the
credential schemas thing are you thinking like or is that
basically like um like you know we've got like a citizenship
vocabulary that we're working on in ccg um there's a driver's
license 1 as well are you thinking it's it's like work that's
kind of a similar to that I mean it it'd be great if that it
would be great if if that's the case because you know we are
spending a lot of time on kind of the fundamental technology and
not necessarily as much on the application layer space like the
business you know level um what what are your thoughts there what
are you what's what's kind of the goal for those um items.
Geun-Hyung Kim: That's a great call out so in in this working
group most of the early effort is getting a very crisp use case
so a lot of this comes from my experience trying to you know sort
of deploy Solutions around reusable kyc reusable identity it's
very important to get the semantics right and to get the business
you know get all of the stakeholders compliance official or
experts all of this in the room and so what we're focusing on in
the early stages is exactly what do we mean by you know like what
use cases will these schemas fit in and so expect to see a lot of
documentation around um how each of these schemas it's used which
which um use cases is appropriate so proof of humanity for
example not.
Geun-Hyung Kim: Not trivial like does it mean proof of unique
personhood you know what does it mean what are its use cases.
Geun-Hyung Kim: So so yes a lot of the work happening in ccg
seems to be coming out more the group of participants have come
to consensus in some manner about how they're using it um so it's
it's really great to get everything um you know like to bootstrap
people who know exactly what they're doing or the use cases quite
crisp so I think a lot of what we're doing is the stuff leading
up to it and so I see a lot of intersection in terms of when we
actually know what we're talking about right so the the mented uh
taxonomies and um schemas and all of that and that will be really
exciting use case to or example to figure out like how we improve
the discoverability um discoverability is a huge problem for
people who are getting started in decentralized identity uh do
you have to just create your own schema so that's something I'd
love to work closely with ccg on as we.
Geun-Hyung Kim: Mature our work.
Harrison_Tang: Any other questions okay.
Harrison_Tang: Bye wait can I I will probably want to reach out
to you later to uh find out who can actually present about proof
of humanity and some of these works like the ID traits at the ccg
because I'm very curious to learn more.
Geun-Hyung Kim: Fantastic yes uh I will we'll we'll get in touch
right after this.
Andrea_D'Intino_|_Forkbomb_BV: Uh I might be slightly off topic
but uh we're interested in uh building a kyc capabilities into
our identity solution.
Andrea_D'Intino_|_Forkbomb_BV: So anybody that has a is working
on that has good hints would be very happy to hear.
Harrison_Tang: I'm just curious when you say kyc capabilities uh
what are you referring to are you referring to using third-party
verification data or are you oh got it okay.
Andrea_D'Intino_|_Forkbomb_BV: No no verification data uh uh I'm
referring to a mobile app.
Andrea_D'Intino_|_Forkbomb_BV: Uh I'm thinking about uh
Biometrics and document OCR.
Harrison_Tang: Ah got it are you looking for.
Andrea_D'Intino_|_Forkbomb_BV: Am I am I am I a topic completely.
Harrison_Tang: No no it's fine I think this is a open discussion
so are you looking for a vendor or are you looking to because if
you're looking for a vendor on Biometrics and OCR I can refer you
and connect you with those vendors.
Andrea_D'Intino_|_Forkbomb_BV: Would have been nice yes.
<tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> "KYC"
expansion? Acronyms are the devil!
Harrison_Tang: Okay all right I I will put that in my calendar I
will I will try to connect you with the vendors like this week or
next week.
Andrea_D'Intino_|_Forkbomb_BV: And this came to mind because I
read a reusable kyc.
Andrea_D'Intino_|_Forkbomb_BV: On the PowerPoint on the
presentation here so.
Harrison_Tang: Got it yeah I know I know those folks quite well
so I will I will uh make some introductions uh.
Andrea_D'Intino_|_Forkbomb_BV: Sounds good thank you.
Harrison_Tang: Uh we are at time but any last thoughts or
comments or.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Just a quick
1 KY is a 3-letter acronym and could mean many things we should
avoid those.
<kerri_lemoie> Excellent work all. Thank you for the updates.
Harrison_Tang: Got it yeah it's a it's a know your customer right
know your customer compliance it's a 1 of the part of the
financial crime compliance uh uh especially uh I think it started
from the bank secrecy act uh in United States back in the early
2000s.
<kim_duffy> Thank you all!
Harrison_Tang: All right so we're at time uh just want to give a
quick shout out again for will for organizing all this and
putting this together and then want to give a big thanks to Kim
Manu Andrea uh Benjamin Patrick for actually giving us a updates
on all these work items uh we will try to do not try to we'll
commit to do this every quarter so the next 1 is scheduled to be
uh the end of October the beginning of November all right.
Harrison_Tang: Thank you thanks a lot have a good 1 bye.

Received on Wednesday, 14 August 2024 15:27:04 UTC