[MINUTES] W3C CCG Credentials CG Call - 2024-01-02

Thanks to Our Robot Overlords and Our Robot Overlords and Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2024-01-02/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2024-01-02/audio.ogg

A video recording is also available at:

https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-01-02.mp4

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2024-01-02

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jan&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords and Our Robot Overlords and Our Robot Overlords
Present:
  Harrison Tang, Dmitri Zagidulin, David I. Lehn, pauld gs1, Dmitri 
  Z. (pres.), GregB, Brandi Delancey, Jing Chao, Susan Stroud, 
  Kimberly Linson, Leo, James Chartrand, Kerri Lemoie, Will, Manu 
  Sporny, Mike Xu, Marianna Milkis, ASU Pocket, Benjamin Young, Nis 
  Jespersen , Adrian Gropper, Brian, PL/T3, Rashmi Siravara, Kaliya 
  Young, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), James 
  Easter, Bob Wyman, Kayode Ezike

Our Robot Overlords are scribing.
<kerri_lemoie> Happy New Year!
Harrison_Tang: Hello let me check the recording right now.
Harrison_Tang: All right it seems to be working happy New Year 
  everyone so welcome to the first meeting of the w3c she gee I 
  hope everyone had a great holiday and as well as hope everyone 
  have a great 2024 and head alright so today very excited to kick 
  off the first meeting of 2024 with the ministry talking about and 
  leading the discussion on credentials rendering the topic that.
Harrison_Tang:  I'm quite interested to hear but if you before we 
  get to.
Harrison_Tang: I just want to quickly go through some 
  administrative stuff first of all just a quick reminder on the 
  code of ethics and professional conduct just want to make sure 
  that we hold fruitful constructive conversation make sure that we 
  respect each others opinions and perspectives.
Harrison_Tang: Property know anyone can participate in these 
  calls however all substantial contributions to any CCTV work 
  items must be member of the ccg with a for IPR agreements time 
  all right I think there's an issue through recording give me a 
  second.
Our Robot Overlords are scribing.
Our Robot Overlords are scribing.
Harrison_Tang: All right I think it's should be working right now 
  let me check the transcriber.
Harrison_Tang: All right sounds good so yeah just I was on the 
  intellectual property know just make sure that you have the w3c 
  account and you have encounter any issues feel free to reach out 
  to any of the cultures myself Kimberly and will.
Harrison_Tang: Meetings are being automatically recorded and also 
  transcribe.
Harrison_Tang: We used to teach at to Q speakers during the call 
  and take minutes I if you want to add yourself to the queue 
  please enter Q Plus and that you want to remove just enter Q - it 
  was see who's in the queue just to Q question mark.
Harrison_Tang: All right introductions and reintroductions if you 
  are new to the community or you haven't been engaged with the 
  community and want to re-engage please just feel free to unmute 
  and introduce yourself.
Harrison_Tang: Don't be shy this is the very first meeting of 
  2024 so.
Harrison_Tang: Right at any time toward the end of meaning or 
  next Tuesday if you want to introduce or reintroduce yourself 
  feel free to just argue at any time.
Harrison_Tang:  all right.
Harrison_Tang: Elements and reminders any announcements and 
  reminders for the upcoming events or papers.
Harrison_Tang: Any updates on the work item oh Manu please.
<manu_sporny> VC v2.0 Test Suite: 
  https://lists.w3.org/Archives/Public/public-credentials/2023Dec/0057.html
Manu Sporny:  Hey hey Harrison hey everyone happy New Year three 
  announcements in case folks missed it last year I'll put these 
  links into the chat channel the first one is that Benjamin and 
  team have been working on the test Suites for verifiable 
  credentials version 20 in made a big release late.
Manu Sporny:  Earth so that there's the link there for the 
  verifiable credentials 20 test Suites this includes a large 
  number of data Integrity test Suites the verifiable credentials 
  v20 data model tests in in that sort of thing we are looking for 
  implementers at this point we already have a number of people 
  that kind of worked throughout the year and in late December to 
  add their implementations to the test Suite.
Manu Sporny:  A really important for getting to the final 
  standard stage at w3c we have to demonstrate that they're 
  multiple interoperable implementations right now there are for 
  many things but the more implementers the better the 
  specifications end up being because of all the testing and eyes 
  on the specification from an implementation standpoint they are 
  so that's the first announcement there if you have.
Manu Sporny:   Actions or working on implementation.
Manu Sporny: https://github.com/w3c/vc-data-model/pulls
Manu Sporny:  As for a verifiable credentials in the next two to 
  three months please get those implementations in and done so that 
  we can move quickly to global standard the other kind of heads-up 
  is simultaneously the verifiable credentials version 20 
  specification is more or less ready to go into the candidate 
  recommendation stage so that basically means.
Manu Sporny:   We are.
Manu Sporny:  Your complete and we believe we're done with the 
  technical aspects of the specification in we are going into the 
  phase called candidate recommendation which basically says we 
  think we're done what do implementers think and that's when you 
  know people Implement and all that kind of stuff so I just put in 
  a link to the verifiable credentials data model the very last set 
  of changes to the specification before the group goes into 
  candidate recommendation we're expecting to potentially try to.
Manu Sporny:   Do that this.
<manu_sporny> Bitstring Status List specification: 
  https://github.com/w3c/vc-bitstring-status-list/pulls
Manu Sporny:  Tweaked so heads up on that the other thing that 
  happened over the last month is that the B string right the side 
  B string status list specification has had upwards of 20 new pull 
  requests that effectively address every last issue that we needed 
  to address before we go into candidate recommendation.
Manu Sporny:   And so a heads-up.
Manu Sporny:  Books that if you have if you were working on 
  status list 2021 it is now called B string status list in the B 
  string status list specification is getting ready to go into the 
  candidate recommendation phase so please take a look at that we 
  are hoping to maybe transition that into candidate recommendation 
  at the end of this month or early February that's it for all the 
  updates thanks Harrison.
Harrison_Tang: Oh thank you thanks Mommy and happy New Year to 
  you as well.
Harrison_Tang: All right any other announcements or reminders.
Harrison_Tang: Any update on the work I'm hey Greg.
GregB: Hey I just wanted to let folks know that BBS which 
  provides extra privacy and and cements has gone into it's been 
  updated at the ietf and it's going to be asking for last call for 
  cryptographic review of we've updated the BBS w3c verifiable 
  credential BBS spec so that.
GregB:  that has.
GregB: Information about how to use that and preserve the Privacy 
  please take a read we've updated that and all the data Integrity 
  specs are going in for CR2 so please take a look and if people 
  have any questions about BBS don't hesitate to reach out to me 
  I've been working with the diff group the ietf group and of 
  course I'm a co-editor own R-Spec here at the w3c.
Harrison_Tang: Thank you Greg.
Manu Sporny:  Sorry I forgot well one last thing yes Greg's been 
  doing fantastic work on the the privacy-preserving signatures the 
  BBS stuff or the unthinkable signature stuff there one other 
  thing that lets see I think Benjamin also mentioned in the 
  announcement in December that we're going to start holding office 
  hours for implementers so you know now that.
Manu Sporny:   That we're transitioning into like this.
Manu Sporny:  Implementation of the final specification phase for 
  verifiable credentials 20 in all the data Integrity stuff in the 
  status list stuff we thought it would be helpful to try and 
  support the community by holding regular office hours so that 
  implementers can come to the office hours and get any questions 
  that they have about the specifications or the test Suites 
  answered that's in the in the hope of getting you know more 
  implementations implementing and that sort of.
Manu Sporny:   Thing and I see Benjamin's on the queue for that 
  so I'm going to be.
Benjamin Young:  Yeah thanks man.
<benjamin_young> Poll 
  https://doodle.com/meeting/participate/id/ejv7NM4e
Benjamin Young:  Yeah the there's a poll that we're running four 
  times for next week's office hours Monday and Wednesday are 
  looking like the best days but I'll share the poll for that I'd 
  love to get feedback from folks will probably run it on a every 
  other week basis through hopefully getting us all to tr but in 
  the meantime we'll do this for a while.
Benjamin Young:  Is on the list and the test Suites more stable 
  please feel free to reach out to me directly if you have 
  questions or want to participate at all.
Harrison_Tang: Thanks and by the way I just want to say a big 
  thanks to Benjamin for helping write the script to publish the 
  video recordings online so we'll start seeing the video recording 
  links are in our weekly minutes so thank you.
Harrison_Tang: By any other updates updates on work items 
  announcements were reminders.
Harrison_Tang: All right and then in the next few weeks I'll 
  reach out to folks to start creating the agenda and content 
  calendar for the ccg for 2024 I wasn't able to do as much work in 
  the last month or two so just just want to give everyone a quick 
  heads up we'll start building out the common calendar and if you 
  have any questions or actually suggestions on what topics like.
Harrison_Tang:  like we want to discuss.
Harrison_Tang: Each other reach out to any of the cultures 
  thanks.
Harrison_Tang: All right let's get to them in gender so today I'm 
  very excited to have the imagery here to lead a discussion on 
  credential rendering so Dimitri before it's yours.
Dmitri Zagidulin:  Alright thank you so much hair so I'm excited 
  to be here all right so let me share my screen.
Dmitri Zagidulin:  And as usual if you have questions as a 
  present please get on the Q raised your hand and this should be 
  time afterwards for questions as well alright so.
Dmitri Zagidulin:  There we go.
Dmitri Zagidulin:  So those of you have been following.
Dmitri Zagidulin:  Under methods discussion here on the ccg or on 
  the VC Edge you task force calls or the past several IW 
  conferences so there's been a lot of good good conversation 
  discussion on this method and I'm going to go into what it's 
  about just sort of setting the context so this tag has been 
  around it and discussion for a while there is a specification 
  being incubated at this ECG.
Dmitri Zagidulin:   And now we finally.
Dmitri Zagidulin:  To actually implement it at MIT is digital 
  credential Consortium so I wanted to update people on where the 
  conversation has gone and what we've learned from trying it out 
  in our wallet apps and another software so let's get into it.
Dmitri Zagidulin:  So the upshot here is that it is crucial for 
  the verifiable credential Community to be able to display 
  consistently.
Dmitri Zagidulin:  Systems and applications meaning whether 
  you're an implementer of an issuer of a wallet a verifier 
  software a various Downstream post verification right so if 
  you're if you're an implementer of HR software promotion software 
  applicant tracking.
Dmitri Zagidulin:  You're going to need to display credentials.
Dmitri Zagidulin:  And so how to display it how to reduce the 
  implementation development costs and integration costs is partly 
  what the stack is about so render method is a is a CG work item 
  that was accepted I think last year or the year before that and 
  it's also a reserved.
Dmitri Zagidulin:  The VC data model 2.0 context and it's linked 
  to off of the VC specifications directory which if you're not 
  familiar with should be it's a great listing of extension points 
  and other related specifications to verify the credentials so at 
  I like to use digital credential Consortium which is exactly it 
  sounds like Consortium of.
Dmitri Zagidulin:  A bunch of universities in United States 
  Europe Japan all over the world.
Dmitri Zagidulin:  We've had a chance to implement this render 
  method in our open source wallet earn a credential wallet and 
  we're in progress sort of reusing that code in other other 
  components of our ecosystem so our opens those issuer verifier 
  software and so on so I want to share a couple of lessons I 
  learned from it.
Dmitri Zagidulin:  A lot of the discussion around this technology 
  has been.
Dmitri Zagidulin:  Has turned out to be around PDFs we found that 
  both in terms of sharing.
Dmitri Zagidulin:  The credential recipients being able to share 
  credentials with other parties and in terms of the verification 
  process PDFs have turned out to be way more important than we 
  suspected or hoped I think in the beginning of the verifiable 
  credentials community so let's let's dive into it oh and let me 
  let me share the link to the slide deck that I'm using for people 
  to follow along.
Dmitri Zagidulin:  I hear it is one second.
Dmitri Zagidulin: 
  https://docs.google.com/presentation/d/1BSaUKoxOArH_OA5ILTXV5USDLU_ug0Rl12iyQhNmWAA
Dmitri Zagidulin:  Here's a slide back.
Dmitri Zagidulin:  Okay so brief summary a lot of you may be 
  familiar with this so why do we need something like render 
  method.
Dmitri Zagidulin:  Well a lot of issuers deeply care about 
  consistent visual styles.
Dmitri Zagidulin:  A lot of them I suspect would be would be 
  happy to be able to enforce legally or technologically exactly 
  how their credentials appear but much like with HTML and web 
  sites regardless of.
Dmitri Zagidulin:  What a company does to their web design you as 
  the user in control of your web browser can override that design 
  right so that's the main thing that we should all keep in mind 
  all of the really valuable mainstream web Technologies in their 
  deal allow.
Dmitri Zagidulin:  The users to override the author's authorial 
  intention but in any case so however giving issuers the ability 
  to have some input into the conversation of what their feces show 
  up as is incredibly valuable so this has been highly demanded 
  item on the implementer side.
Dmitri Zagidulin:  Displaying the D.C.'s you're going to be doing 
  it a lot right it's something that you'll be doing even more 
  commonly than issuing them or verifying them.
Dmitri Zagidulin:  Those things need a lot of times they need 
  user interface and so.
Dmitri Zagidulin:  They'll be great advantage to reducing the 
  integration development costs for this very common operation.
Dmitri Zagidulin:  As I mentioned before.
Dmitri Zagidulin:  Especially from wallets but this displays into 
  other pillars of the ecosystem as well.
Dmitri Zagidulin:  There's a lot of advantage and demand to being 
  able to conquer print out the variable credential into a PDF to 
  render a credential as a PDF and we'll get into some of the use 
  cases that that our member universities have run into and of 
  course looking ahead we need for verifiable credentials to be 
  accessible.
Dmitri Zagidulin:  Being able to switch to different modalities 
  about whether audio or Braille or so on but even more commonly 
  this needs to appear on different sized screens different form 
  factors not to mention getting into design details of okay here's 
  how credentials should look in detail view but here's how it 
  looks on a list right in if you have a list of verifiable 
  credentials you.
Dmitri Zagidulin:   You're probably not going to be.
Dmitri Zagidulin:  Displaying the full details on the last right 
  it's going to be a subside and then emerging Technologies such as 
  weak geez.
Dmitri Zagidulin:  VC selector credential selector the thing that 
  is that is in the process of being built into operating systems 
  and browsers.
Dmitri Zagidulin:  The disability to do not just wallet selection 
  but credential selection so it's it's something that's controlled 
  by the operating system but again wouldn't it be great if the 
  issuer.
Dmitri Zagidulin:  I hadn't put in this that says Chrome when 
  presenting a list of credentials.
Dmitri Zagidulin:  I requesters asking for here's how you should 
  render mine and realistically what we're talking about is here's 
  what the title is here's what the little icon is and so on but 
  still it's really important for issues to be able to customize 
  this.
Dmitri Zagidulin:  The main problem that we're all facing as 
  implementers is at the moment all of the sort of implementations 
  and Pilots tend to be of credentials that were familiar with.
Dmitri Zagidulin:  Typically you're an issuer wallet or verifier 
  you do a pilot and you know what credential you're going to be 
  dealing with it's gonna be a diploma or it's going to be a 
  student ID or it's going to be a permanent citizen card or a 
  achievement credential that you've trained on this food safety 
  course.
Dmitri Zagidulin:  And that's understandable right so you so far 
  we have the community have been focused on familiar credentials 
  to us so that we know exactly how they're going to display.
Dmitri Zagidulin:  But if if this is her to succeed the vast 
  majority of credentials.
Dmitri Zagidulin:  Unknown to you as a wallet implementer right 
  your we need to account for the fact that most credentials that 
  are verifier or wallet will ever encounter are going to be 
  unfamiliar to them are not going to be ones that our designers 
  knew about and created specific display logic.
Dmitri Zagidulin:  So pay your wallet or verify or any kind of BC 
  app implementer and your app encounters a new VC just literally 
  how do you display it for the moment vast majority of DC 
  applications.
Dmitri Zagidulin:  You have a long if-then statement you have a 
  long switch statement where.
Dmitri Zagidulin:  Something about a credential typically its 
  type or sometimes it's a sure but usually it's type.
Dmitri Zagidulin:  And then route your application code to 
  specific display components that your graphic designers that your 
  web designers.
Dmitri Zagidulin:  Lovingly put together right so if some wallet 
  and I encounter a credential of type student ID I say aha okay I 
  have this code prepared that lays out specifically the student ID 
  fields.
Dmitri Zagidulin:  But as you can probably guess this is not 
  scalable we need to be able to handle VCS that we didn't prepare 
  for so what are the options what are the basic tools that we have 
  in order to do this well we have the time and true tried and true 
  technology of pre-rendering by five credentials into static 
  images right so the issuer usually at issuing time.
Dmitri Zagidulin:  Have full control over what the image looks 
  like can render it either as you know I fancy diploma with a big 
  seal or a driver's license card with rounded Corners that looks 
  like a real-world skill more fake driver's license and fill out 
  all the fields right so we can pre-render them.
Dmitri Zagidulin:  Where that goes is the issuer host the pre 
  rendered image on their website and puts a link to it in the 
  verifiable credential although it's also possible to embed the 
  full image into the PC itself right so we have some experience 
  into doing this from the open badges version 2 and previously 
  community.
Dmitri Zagidulin:  As I mentioned of course the most popular 
  current method is to provide custom Logic for each PC and then 
  for unfamiliar Pisa VC's to sort of fall back to the most 
  commonly recognized Fields meaning every VC is going to have an 
  issuer and sometimes an expiration date.
Dmitri Zagidulin:  And sometimes issuance date and so on but 
  beyond that it becomes dicey we hope that our fabric credential 
  has a name field we can display right we hope that it has a 
  description field but here we are unfamiliar territory.
Dmitri Zagidulin:  To create a friend verify the credentials are 
  going to have different fields in them.
Dmitri Zagidulin:  For the third option is and we've seen a 
  number of wallets that I have taken this approach.
Dmitri Zagidulin:  Really Loop through all of the properties all 
  of the attributes in a verifiable credential and just display 
  them on the screen like.
Dmitri Zagidulin:  Issue were expiration date issuance date and 
  then I have everything the entire contents of credentials object 
  just put them out there in a bulleted list essentially we can 
  talk about the drawbacks and benefits of each one of these 
  approaches.
Dmitri Zagidulin:  Option is of course to look for rendering 
  directions in the VC itself in a number of specifications 
  including render method that we're talking about today have taken 
  this approach.
Dmitri Zagidulin:  Put some kind of rendering hint either fully 
  rendered or template or some structured data.
Dmitri Zagidulin:  That says here the fields that are important 
  here's what you should display and how here's the font size and 
  so on and so forth right so any sort of rendering Direction 
  either stuffed into the VC itself or hosted elsewhere and linked 
  to from the BC but the important part is you got to be see you 
  can discover how to display it.
Dmitri Zagidulin:   And of.
Dmitri Zagidulin:  If he future desired option once these for get 
  get well understood and settle down and implement it in the 
  community we were of course would love to see is.
Dmitri Zagidulin:  For commonly used credentials for there to be 
  trusted directories either from the implementers community or 
  governments trade Association so any sort of trusted party that 
  we have in them.
Dmitri Zagidulin:  You know communities and of course once those 
  directories emerge you can use any of the previous four options 
  to put into them including the render method rotation okay so 
  let's talk about pre-rendering real quick this is images right so 
  this is a tried-and-true approach using this for a number of 
  years I think up to a decade already eyes open badges the benefit 
  of course is you have Pixel Perfect control by the issue.
Dmitri Zagidulin:  Really how the image appears you're 
  essentially looking at a JPEG or PNG.
Dmitri Zagidulin:  Of the rendered image and typically it's 
  hosted on the issue or website you can of course posted on a 
  generic.
Dmitri Zagidulin:  Web host an Amazon S3 buckets a cloudflare 
  Content Network on GitHub Pages whatever.
Dmitri Zagidulin:  The drawbacks especially with open badges.
Dmitri Zagidulin:  Posting the image directly on the issuer.
Dmitri Zagidulin:  And of course the our favorite topic the call 
  home the tracking Vector meaning.
Dmitri Zagidulin:  That's worst-case the issuer knows.
Dmitri Zagidulin:  Exactly how many times then when and from what 
  IP address.
Dmitri Zagidulin:  Given credential is verified and more 
  importantly open badges version 2 and and previous did not carry 
  digital signatures in and of themselves the root of trust was the 
  fact that it was hosted on.
Dmitri Zagidulin:  The issuer's website right so so literally in 
  the verification your verifier logic would say okay the issuer is 
  a mighty then the host that image must be at mit.edu.
Dmitri Zagidulin:  We have a bit more options in that regard now 
  that we have digital signatures in verifiable credentials but 
  it's still.
Dmitri Zagidulin:  It's still an important topic that the hosted 
  images are both a root of Trust on the loot of vulnerability but 
  even say if you embed the full image in the verifiable credential 
  itself aside from the fact that it's the size is going to get 
  huge and we've already encountered some problems with that where 
  some mobile devices just run out of bar sir and compiler memory.
Dmitri Zagidulin:   I'll leave for.
Dmitri Zagidulin:  Those that are not that huge right like for 
  diploma size essentially rendered credentials so.
Dmitri Zagidulin:  Fight from from thighs the challenge with 
  static images is.
Dmitri Zagidulin:  The usual challenge with images on multiple 
  devices right.
Dmitri Zagidulin:  On smaller screens some of the damages are 
  going to be two huge and vice versa you're going to need to 
  pre-render an image both for the detail View and for the list 
  View and of course you have all of the screen reader.
Dmitri Zagidulin:  Disability challenges that we have with with 
  its Shores so the engineering trade-off is of course.
Dmitri Zagidulin:  Do we embed.
Dmitri Zagidulin:  The image or whatever the pre-rendered 
  pre-baked their fiber credential in the DC itself or do we link 
  to it we mentioned some of the considerations there we have our 
  old friend custom display logic which is what we essentially all 
  do as implementers again the benefit is that great control not by 
  the issuer but at least by the app developer so you have room for 
  Innovation you have room for wallets and verifiers.
Dmitri Zagidulin:   As and.
Dmitri Zagidulin:  Our to experiment with what's the most usable 
  way to present credentials that they share might not even have 
  thought of so there's been a lot of a lot of interesting work a 
  lot of opportunity for Innovation here on.
Dmitri Zagidulin:  How to display.
Dmitri Zagidulin:  If I have a grandchild regardless of how an 
  insurer intended to the downside of course to this is that this 
  is high effort every single application developer needs to sit 
  down and hand code the display Logic for each credential type now 
  as as the open source software matures we're likely to see to be 
  able to see reusable.
Dmitri Zagidulin:  Code level of like here is the top ten most 
  commonly displayed.
Dmitri Zagidulin:  React native components or here is the top ten 
  most common web components which is another related technology 
  for this we're not there yet and that could reduce some of the 
  effort but we can do better than that and of course the main 
  drawback is the issuer has no input to.
Dmitri Zagidulin:  How nervous he gets displayed and while that 
  ultimately is correct while it is the user and the implementer 
  should that should be in control of how its displayed it would be 
  nice if the issuer at least had the opportunity to join the 
  conversation and of course is as we mentioned before it's not 
  general purpose so it breaks down when encountering an unfamiliar 
  BC so number of implementers take the.
Dmitri Zagidulin:  All the fields approach and good news is it's 
  very easy to implement and it Implement and it is general purpose 
  so.
Dmitri Zagidulin:  On a technical level it will work with 
  anything that's a verifiable credential because it's just Json 
  object it's a nested set of field value Pairs and because of that 
  because it's taxed you have much better affordances for screen 
  readers and accessibility the drawback is that it's a mess.
Dmitri Zagidulin:  Not a good user experience.
Dmitri Zagidulin:  Some of the more complex credentials such as 
  open badges version version 3 and those are Standalone 
  credentials we're not even talking about something as complex as 
  CLR version to I would present a common thinking what's your 
  common learner a comprehensive learner record right where it's an 
  entire transcript I uses entire education history contain in a 
  verifiable credential.
Dmitri Zagidulin:   Imagine that display.
Dmitri Zagidulin:  Anybody's general-purpose code.
Kerri Lemoie: 
  https://www.1edtech.org/initiatives/digital-credentials/clr
Dmitri Zagidulin:  But even if you don't go to that extreme any 
  given verifiable credential has a lot of properties only a few of 
  which are of interest to the user.
Dmitri Zagidulin:  So there's no there's no ability for the 
  display or two to say okay this is what the credential is.
Kerri Lemoie: https://www.imsglobal.org/spec/clr/v2p0
Dmitri Zagidulin:  And optionally reveal some of the 
  under-the-hood metadata and credential.
Dmitri Zagidulin:  Comes out on the screen so.
Dmitri Zagidulin:  The larger the more fields that are and the 
  more deeply nested they are starts to pose challenges especially 
  on mobile screens where it's it's not easy to display nesting 
  Behavior with indentation and so on so method we're talking about 
  today is of course looking for the rendering directions in the DC 
  itself so now the issuer has some input it says Hey Downstream 
  app developer if you encounter my credential.
Dmitri Zagidulin:  Here's one way to display it I you can 
  override it but at least here's a starting point.
Dmitri Zagidulin:  Now because the root of trust is in the 
  digital signature and not in the rendering template it now 
  becomes untrackable by the issue you can now Host this thing 
  genuinely on a neutral content hosting parties or even embedded 
  in the credential selves you know hosting involved and now we 
  have affordances for responsive design for accessibility.
Dmitri Zagidulin:  The thing to understand about this approach is 
  that.
Dmitri Zagidulin:  It also encompasses in itself all of the other 
  approaches you can use render method to include a pre rendered 
  image a pre-baked image you can use render method to say.
Dmitri Zagidulin:  Looping through all of the fields and 
  displaying them here are the important ones and so on.
Dmitri Zagidulin:  You do have some engineering trade-offs as 
  usual with this method the first one being.
Dmitri Zagidulin:  Do you embed do you stop the entire rendering 
  hint meaning HTML template or or pre-render or whatever whatever 
  you're going to use do you embed the whole thing in the 
  verifiable credential and therefore increase its size but enable 
  its display without a net connection right offline use or do you 
  link to the remote in which case you need to sprinkle some extra.
Dmitri Zagidulin:  X10 to make the lock down the contents on the 
  other end of the host link and of course.
Dmitri Zagidulin:  In order to do offline access if he wallet 
  will need to have prefetched cashed all of the rendering hints 
  before being able to display it in an offline scenario and of 
  course hopefully as the previous render method Tech matures will 
  be able to.
Dmitri Zagidulin:   Play some of.
Dmitri Zagidulin:  Random methods into trusted Registries and 
  that's that's still sort of in conversation series well we're 
  still exploring that part but the good news is that given that we 
  need known issuers and known verifier lists anyways as a VC equal 
  system right so regardless of what we do with the display for for 
  the whole thing to work we need known issue or lists we need 
  these trust Registries so if we have them we could also piggyback 
  on them.
Dmitri Zagidulin:   I'd say.
Dmitri Zagidulin:  Hey the for this issuer and it's an authorized 
  issuer here is a list of their preferred templates look here 
  anyway so we can talk about that once it's time for that so as 
  always we like to mention prior art so lots of experience from 
  open badges V2 this whole render method discussion got started 
  and rebooting web of trust 11 where a number of us collaborated 
  on a paper and there's a demo video of what it looks like and 
  that paper.
Dmitri Zagidulin:   It's always unfortunate.
Dmitri Zagidulin:  And by some of the diff specifications the 
  traceability vocab is another task force of CG specification and 
  so on right so it's currently living in the ccg repo that you 
  should check it out and then over the past couple of IW we've 
  been in the conversation with Hyper legendaries OCA which is 
  something overlay.
Dmitri Zagidulin:  But basically it's another way to add display 
  directives in a verifiable credential and it's a slightly it's 
  not an exact alternative it's a related technology that we want 
  to be informed by that we want to keep in mind when designing 
  this render method so that it's compatible with OCA bundles.
Dmitri Zagidulin:  So like I mentioned a DC we've we have an 
  in-progress pilot deploying this render method Tech with one of 
  our partners with just Tec de Monterrey Mexico and here is here's 
  what it looks like currently right so here's the current screen 
  shots from our Mobile wallet is open source should all check out 
  if you haven't yet and I want to draw your attention to this 
  second button from the top even though it's not highlighted so.
Dmitri Zagidulin:   When I pull up a giving.
Dmitri Zagidulin:  If it has a render method section in it I can 
  when I go to share that credential the wallet provides me this 
  extra button exported to PDF when I click that button it renders 
  the PDF opens the operating systems share screen that's the 
  middle middle sign that you're looking at middle image and this 
  is what the PDF looks like in the Mobile screen right so we.
Dmitri Zagidulin:  A diploma with the feel the thing that we all 
  sort of expect with this particular kind of credentials because 
  the pilot is dealing with diplomas of graduating students.
Dmitri Zagidulin:  What does the credential look like what what's 
  the VC data that powers this these screenshots well if we zoom 
  into those credentials they are exactly the ones I described in Z 
  in the render method specification So currently we just include 
  one render method hint now keep in mind that it could be more 
  than one right so we could also include a pre-baked.
Dmitri Zagidulin:  Can also include all sorts of things but at 
  the moment the pilot we started with an SVG rendering template so 
  the template itself is hosted on GitHub Pages view rendering 
  logic is contained in the type we also have additional optional 
  both name and the CSS media query which results in this thing 
  that you see and if you pull up the.
Dmitri Zagidulin:  From that GitHub site this is what it looks 
  like right so it's a.
Dmitri Zagidulin:  Format SVG format familiar with familiar to 
  all graphic designers and web designers and the important part is 
  that you have these handlebar templates the the credential 
  subject name and the Prudential name so you can say to your 
  graphic designer hey.
Dmitri Zagidulin:  When printing to the PDF compose how you would 
  like to how you like it to look and for the actual field values 
  just put them in these what are called mustache templates right 
  so it's a very it's very useful mechanism and Ian in the DC 
  issuer platform in the admin dashboard we.
Dmitri Zagidulin:  Basically when any sure goes to issue a cohort 
  of credentials there's a text box where they can paste the the 
  template that the SVG for example and the issuing software will 
  just use it and include it in the credential and so on so it's a 
  user-friendly how sort of setup all right so what have we learned 
  from from testing this out with our deployment one is that we ran 
  into the problem with SVA.
Dmitri Zagidulin:   G templates.
Dmitri Zagidulin:  The benefits to spg's but part of the reason 
  why I personally have advocated for them initially was that 
  they're widely support across all systems they they can both be 
  responsive and.
Dmitri Zagidulin:  The issue of the designer can specify exactly 
  what they look like and it's familiar do Graphics designers well 
  we ran into and of course no design no initial design survives 
  contact with real user data meaning.
Dmitri Zagidulin:   We put together.
Dmitri Zagidulin:  Tablet and then we came into contact with real 
  user names which are gigantic right so if you look at this 
  potential here it's a subject name.
Dmitri Zagidulin:  It's great if the name if the name is short so 
  artist formerly known as Prince great you just put Prince there 
  it looks fine but we saw what we found is that especially in 
  Spanish-speaking countries people have really long names and they 
  start to scroll off the screen and what we found out is raw FEG 
  by itself and does not give us the ability to control the 
  alignment in the wrapping which was a.
Dmitri Zagidulin:   Which was a surprise to us and.
Dmitri Zagidulin:  RSG expert and.
Dmitri Zagidulin:   You can read.
Dmitri Zagidulin:  And be like no I know how to control wrapping 
  an alignment here's how to do it but we ran into this roadblock 
  so current solution that we're exploring is we're switching from 
  SVG to HTML and CSS templates which are of course all about 
  alignment and wrapping directives and can handle larger user data 
  what the.
Dmitri Zagidulin:  The idea is the same can what designers knows 
  how to use knows how to work with HTML and CSS templates they 
  know how to use mustache and handlebars style template fields.
Dmitri Zagidulin:  It's not a huge pivot but this is basically 
  what we're deploying currently.
Dmitri Zagidulin:  And as I mentioned before.
Dmitri Zagidulin:  Focuses on the PDFs.
Dmitri Zagidulin:  Stepping back from our deployment in general 
  as a VC Community we need to nail down a round-trip life cycle 
  between a Json object that is a VC and some sort of print and 
  paper ability so.
Dmitri Zagidulin:  If I receive a regular credential classic VC 
  it's in my wallet now what.
Dmitri Zagidulin:  How do I actually share with people so the 
  very first Pilots have literally been I'm going to take that Json 
  data and make a Json file attachment to an email or a text 
  message it's can imagine that's not very usable the receiver on 
  the other end looks at in what is this this bunch of text 
  gobbledygook yes you can give people the instructions of okay now 
  copy and paste this Json into this website or this.
Dmitri Zagidulin:   Fire sauce.
Dmitri Zagidulin:  But as we can all tell like that that's not 
  that's not really usable.
Dmitri Zagidulin:  But what everybody's positively responded to 
  is if the receiver on the other end if the verify if the 
  requester doesn't know if he sees our has no verifier software 
  and doesn't want to use ours the one thing they can all do is hey 
  oh there's a PDF attached to my email.
Dmitri Zagidulin:  Yeah if I'm a famous Tune Time this is a real 
  use case that McMaster University in Canada has has already 
  bumped up against.
Dmitri Zagidulin:  Students entering the country at the need to 
  present the Border guard proof of that their students in the 
  university in order to be let in and it'd be nice to say hey 
  here's the verifiable credential issued by.
Dmitri Zagidulin:  City and the Border guard will have verifier 
  software and they can scan it and all will be well but of course 
  the moment but our guys don't have their fire software so the.
Dmitri Zagidulin:  Shinto that has been to print out the VC on on 
  paper you know through a PDF but then also include 
  machine-readable data on that be on my PDF I'm not pay-per-view a 
  QR code so what I what I mean by round-trip lifecycle is we need 
  to be able to go from a VC to paper and the other way around we 
  need to be able to go from a paper to a VC which basically 
  there's.
Dmitri Zagidulin:   Two options.
Dmitri Zagidulin:  That we can use a QR code is familiar to us 
  well there are several considerations with offline and online 
  usage and then of course a lot of you have may have heard of C2 
  PA and I believe we had cgpa presentation on here on the ccg in 
  the past so it will be until and some others are working on this 
  standard.
Dmitri Zagidulin:   A place to.
Dmitri Zagidulin:  Find Digital Data any kind of Rich metadata in 
  the PDF itself or also in a PNG or in a Photoshop file or in a 
  video.
Dmitri Zagidulin:  But that's a that's an under the hood metadata 
  specification.
Dmitri Zagidulin:  The moment it goes to print all of that 
  metadata is lost right so we still need ideally would need to use 
  both we can use the vendor provided tools and open specification 
  on how to.
Dmitri Zagidulin:  A full-on verifiable credential into the PDFs 
  metadata but also.
Dmitri Zagidulin:  Once it actually goes to print we're likely 
  going to need to use a QR code next steps so we're still in the 
  process of implementing and Gathering deployment lessons from 
  from this pilots from Tec de Monterrey and others 11 Next Step 
  possibility would be to explore other render method types right 
  the render method is just an extension point.
Dmitri Zagidulin:  You can put all sorts of things in there at 
  the moment we have HTML templates but we could also of course 
  pre-render the images or pre under the full PDF themselves.
Dmitri Zagidulin:  And choose to interoperate with other similar 
  approaches like OCA bundles.
Dmitri Zagidulin:  I'd hash links through the digest multi Basin 
  Sr i-- mechanism to our external host of templates and of course 
  I'm and this is again of interest to tectum Andre and other 
  multilingual issuers you can use render method to issue one 
  credential that supports localized display of multiple languages 
  not just on a field level but on a full document level.
Dmitri Zagidulin:  That can be a subject for more discussion.
Dmitri Zagidulin:  In in that calls because as always translation 
  internationalization important important topic all right 
  questions from the audience.
Manu Sporny:  Woman yeah thanks for this Dimitri that was a 
  wonderful presentation like very super thorough and covering you 
  know all the all the different options so thank you that was a 
  wonderful and we've hit the same issue X rapping issue like if 
  you go and they were talking about like text wrapping in SVG to 
  and it's coming soon and I don't know what happened but.
Manu Sporny:   But it's still a problem today.
Manu Sporny:  Um so one of the things so we are also implementing 
  render method along the lines of what DC's implemented so one one 
  side comment as we should probably let the VC WG know that there 
  are multiple implementers of the specs that we can make sure that 
  the render method extension Point stays in there the the other 
  thing is you know we took a look at.
Manu Sporny:   HTML based rendering in.
Manu Sporny:  In boxing it in a way inappropriate way the biggest 
  concern we had with the HTML thing is it allows other kind of 
  tracking mechanisms to be injected into the HTML and we didn't 
  know how to potentially address those you know tracking cookies 
  that that sort of thing so that that remains kind of a challenge 
  for us the other thing we've been looking at because of the text 
  wrapping it is like.
Manu Sporny:  DF based like you know their JavaScript libraries 
  that will render PDF in where we like wondering well you know 
  maybe what we can do like you said is provide a files and then 
  maybe real-time render those in the mall it's using a you know 
  JavaScript PDF renderer some of the pushback we've heard on that 
  from wallet providers is that the native wallet vendors are like 
  we don't want to include PDF rendering functionality or we don't 
  want to have to include an.
Manu Sporny:   Email rendering capability in our native wallets.
Manu Sporny:  It's am wondering what you think.
Manu Sporny:  Some of those problems are one the HTML sandboxing 
  issue to the you know some native wallet vendors are balking at 
  the idea of needing to render SVG or needing to have an HTML 
  rendering engine their wallets thoughts and how we get kind of 
  past those that that kind of vendor pushback from the Native 
  wallet immunity.
Dmitri Zagidulin:  Great question and it's very comforting to 
  hear that your team has run into very similar problems that we 
  did so it's not we're not crazy not just us but so yes we we've 
  we've had those discussions as well real quick the thoughts have 
  been with HTML rendering twofold one most libraries that go from 
  HTML to PDF allow you to essentially.
Dmitri Zagidulin:   Ali sanitize the tags.
Dmitri Zagidulin:  To prevent for example you injecting 
  JavaScript into the display of that sort of thing so sanitization 
  and checking which we all know only goes so far that that's 
  that's a bare minimum and not not the full solution but thought 
  I'd mention it and then the reminder is of course as always the 
  issue is the root of trust that.
Dmitri Zagidulin:  You're absolutely right for tracking an issuer 
  could.
Dmitri Zagidulin:  I had a tracking image right A Familiar 
  Lighthouse image that we all know from emails which is which is 
  the way that a lot of email senders can tell whether you've 
  opened the email or not so we would need to apply similar.
Dmitri Zagidulin:  Garrity tools that email client implementers 
  have but ultimately this goes back to the reputation of the issue 
  right so if the template is found to have tracking cookie or 
  tracking image than we would need Community pressure so in short 
  you're absolutely right that is that is one of the one that 
  considerations in HTML and PDF itself right we all know PDF can 
  be.
Dmitri Zagidulin:   A source of fishing.
Dmitri Zagidulin:  King of thorn so definitely a large 
  conversation and.
Dmitri Zagidulin:  How was the second or second question.
Dmitri Zagidulin:  I forget so yes definitely oh the providing 
  yes so we also ran into the we initially thought could we somehow 
  render the credential directly via by providing.
Dmitri Zagidulin:  JavaScript or bundle of webassembly and have 
  the wallet use that for rendering and you're exactly right that 
  is a hard task of Downstream implementers so.
Dmitri Zagidulin:  We decided not to go down that route for 
  exactly those reasons that you mentioned and are exploring a 
  declarative rather than a comparative method which is HTML and 
  CSS which is templates rather than running code.
Dmitri Zagidulin:  We got a couple minutes left I think Bob is on 
  the queue.
Bob Wyman:  Yeah Demetria sorry I came home late she may have 
  already made this comment but I'm curious is there anything about 
  your proposal here about render method is a generic idea that is 
  specific to the credentials problem why wouldn't any protocol 
  which which involves sending data that might then later be 
  presented use something similar like even in.
Bob Wyman:   Activity Pub.
Bob Wyman:  Lots of objects that exist not everybody actually has 
  not every implementation has code to display them all why don't 
  they all have essentially render methods that Define a default 
  presentation so is there anything here specific about credentials 
  and what are those specific things that they exist.
Dmitri Zagidulin:  Yeah that's a great question and the short 
  answer is no it's not specific credentials activity Bob 
  absolutely can benefit from a similar mechanism and so we could 
  we could evolve it while keeping activity streams and activity 
  Pub in mind and then social media in general the main the main 
  precedent yes.
Bob Wyman:  Thinking brother worry about the chess move problem 
  the chest you are going to want to have to represent chess boards 
  they just one obscure codes but a render method could tell 
  somebody who didn't know how to move how to prison.
Dmitri Zagidulin:  Right right that's that's a great point and 
  yes something like render method would be been beneficial the I 
  think the main precedent that we have in computer history is 
  email of course right very quickly for Rich emails the email 
  needed to contain ways to render it aside from text and email 
  settled on HTML and then.
Dmitri Zagidulin:   You know in certain.
Dmitri Zagidulin:  Any Decades of arms race evolution of 
  sanitizing HTML versus versus features right so we can at least 
  look to that but you're absolutely right we should also include.
Dmitri Zagidulin:  So on in this conversation.
Dmitri Zagidulin:  Anyone else I see we're at the top of the hour 
  over to you Harrison.
<kerri_lemoie> Great work, Dmitri! Thanks!
Harrison_Tang: All right thank you thank you Dimitri and a great 
  presentation all right so this concludes this concludes the first 
  very first meeting ccg meeting for 2024 and again thanks in the 
  tree and thanks for everyone for joining have a good one bye.

Received on Wednesday, 3 January 2024 21:38:59 UTC