- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 03 Jan 2024 21:38:59 +0000
Thanks to Our Robot Overlords and Our Robot Overlords and Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2024-01-02/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2024-01-02/audio.ogg A video recording is also available at: https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-01-02.mp4 ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2024-01-02 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jan&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords and Our Robot Overlords and Our Robot Overlords Present: Harrison Tang, Dmitri Zagidulin, David I. Lehn, pauld gs1, Dmitri Z. (pres.), GregB, Brandi Delancey, Jing Chao, Susan Stroud, Kimberly Linson, Leo, James Chartrand, Kerri Lemoie, Will, Manu Sporny, Mike Xu, Marianna Milkis, ASU Pocket, Benjamin Young, Nis Jespersen , Adrian Gropper, Brian, PL/T3, Rashmi Siravara, Kaliya Young, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), James Easter, Bob Wyman, Kayode Ezike Our Robot Overlords are scribing. <kerri_lemoie> Happy New Year! Harrison_Tang: Hello let me check the recording right now. Harrison_Tang: All right it seems to be working happy New Year everyone so welcome to the first meeting of the w3c she gee I hope everyone had a great holiday and as well as hope everyone have a great 2024 and head alright so today very excited to kick off the first meeting of 2024 with the ministry talking about and leading the discussion on credentials rendering the topic that. Harrison_Tang: I'm quite interested to hear but if you before we get to. Harrison_Tang: I just want to quickly go through some administrative stuff first of all just a quick reminder on the code of ethics and professional conduct just want to make sure that we hold fruitful constructive conversation make sure that we respect each others opinions and perspectives. Harrison_Tang: Property know anyone can participate in these calls however all substantial contributions to any CCTV work items must be member of the ccg with a for IPR agreements time all right I think there's an issue through recording give me a second. Our Robot Overlords are scribing. Our Robot Overlords are scribing. Harrison_Tang: All right I think it's should be working right now let me check the transcriber. Harrison_Tang: All right sounds good so yeah just I was on the intellectual property know just make sure that you have the w3c account and you have encounter any issues feel free to reach out to any of the cultures myself Kimberly and will. Harrison_Tang: Meetings are being automatically recorded and also transcribe. Harrison_Tang: We used to teach at to Q speakers during the call and take minutes I if you want to add yourself to the queue please enter Q Plus and that you want to remove just enter Q - it was see who's in the queue just to Q question mark. Harrison_Tang: All right introductions and reintroductions if you are new to the community or you haven't been engaged with the community and want to re-engage please just feel free to unmute and introduce yourself. Harrison_Tang: Don't be shy this is the very first meeting of 2024 so. Harrison_Tang: Right at any time toward the end of meaning or next Tuesday if you want to introduce or reintroduce yourself feel free to just argue at any time. Harrison_Tang: all right. Harrison_Tang: Elements and reminders any announcements and reminders for the upcoming events or papers. Harrison_Tang: Any updates on the work item oh Manu please. <manu_sporny> VC v2.0 Test Suite: https://lists.w3.org/Archives/Public/public-credentials/2023Dec/0057.html Manu Sporny: Hey hey Harrison hey everyone happy New Year three announcements in case folks missed it last year I'll put these links into the chat channel the first one is that Benjamin and team have been working on the test Suites for verifiable credentials version 20 in made a big release late. Manu Sporny: Earth so that there's the link there for the verifiable credentials 20 test Suites this includes a large number of data Integrity test Suites the verifiable credentials v20 data model tests in in that sort of thing we are looking for implementers at this point we already have a number of people that kind of worked throughout the year and in late December to add their implementations to the test Suite. Manu Sporny: A really important for getting to the final standard stage at w3c we have to demonstrate that they're multiple interoperable implementations right now there are for many things but the more implementers the better the specifications end up being because of all the testing and eyes on the specification from an implementation standpoint they are so that's the first announcement there if you have. Manu Sporny: Actions or working on implementation. Manu Sporny: https://github.com/w3c/vc-data-model/pulls Manu Sporny: As for a verifiable credentials in the next two to three months please get those implementations in and done so that we can move quickly to global standard the other kind of heads-up is simultaneously the verifiable credentials version 20 specification is more or less ready to go into the candidate recommendation stage so that basically means. Manu Sporny: We are. Manu Sporny: Your complete and we believe we're done with the technical aspects of the specification in we are going into the phase called candidate recommendation which basically says we think we're done what do implementers think and that's when you know people Implement and all that kind of stuff so I just put in a link to the verifiable credentials data model the very last set of changes to the specification before the group goes into candidate recommendation we're expecting to potentially try to. Manu Sporny: Do that this. <manu_sporny> Bitstring Status List specification: https://github.com/w3c/vc-bitstring-status-list/pulls Manu Sporny: Tweaked so heads up on that the other thing that happened over the last month is that the B string right the side B string status list specification has had upwards of 20 new pull requests that effectively address every last issue that we needed to address before we go into candidate recommendation. Manu Sporny: And so a heads-up. Manu Sporny: Books that if you have if you were working on status list 2021 it is now called B string status list in the B string status list specification is getting ready to go into the candidate recommendation phase so please take a look at that we are hoping to maybe transition that into candidate recommendation at the end of this month or early February that's it for all the updates thanks Harrison. Harrison_Tang: Oh thank you thanks Mommy and happy New Year to you as well. Harrison_Tang: All right any other announcements or reminders. Harrison_Tang: Any update on the work I'm hey Greg. GregB: Hey I just wanted to let folks know that BBS which provides extra privacy and and cements has gone into it's been updated at the ietf and it's going to be asking for last call for cryptographic review of we've updated the BBS w3c verifiable credential BBS spec so that. GregB: that has. GregB: Information about how to use that and preserve the Privacy please take a read we've updated that and all the data Integrity specs are going in for CR2 so please take a look and if people have any questions about BBS don't hesitate to reach out to me I've been working with the diff group the ietf group and of course I'm a co-editor own R-Spec here at the w3c. Harrison_Tang: Thank you Greg. Manu Sporny: Sorry I forgot well one last thing yes Greg's been doing fantastic work on the the privacy-preserving signatures the BBS stuff or the unthinkable signature stuff there one other thing that lets see I think Benjamin also mentioned in the announcement in December that we're going to start holding office hours for implementers so you know now that. Manu Sporny: That we're transitioning into like this. Manu Sporny: Implementation of the final specification phase for verifiable credentials 20 in all the data Integrity stuff in the status list stuff we thought it would be helpful to try and support the community by holding regular office hours so that implementers can come to the office hours and get any questions that they have about the specifications or the test Suites answered that's in the in the hope of getting you know more implementations implementing and that sort of. Manu Sporny: Thing and I see Benjamin's on the queue for that so I'm going to be. Benjamin Young: Yeah thanks man. <benjamin_young> Poll https://doodle.com/meeting/participate/id/ejv7NM4e Benjamin Young: Yeah the there's a poll that we're running four times for next week's office hours Monday and Wednesday are looking like the best days but I'll share the poll for that I'd love to get feedback from folks will probably run it on a every other week basis through hopefully getting us all to tr but in the meantime we'll do this for a while. Benjamin Young: Is on the list and the test Suites more stable please feel free to reach out to me directly if you have questions or want to participate at all. Harrison_Tang: Thanks and by the way I just want to say a big thanks to Benjamin for helping write the script to publish the video recordings online so we'll start seeing the video recording links are in our weekly minutes so thank you. Harrison_Tang: By any other updates updates on work items announcements were reminders. Harrison_Tang: All right and then in the next few weeks I'll reach out to folks to start creating the agenda and content calendar for the ccg for 2024 I wasn't able to do as much work in the last month or two so just just want to give everyone a quick heads up we'll start building out the common calendar and if you have any questions or actually suggestions on what topics like. Harrison_Tang: like we want to discuss. Harrison_Tang: Each other reach out to any of the cultures thanks. Harrison_Tang: All right let's get to them in gender so today I'm very excited to have the imagery here to lead a discussion on credential rendering so Dimitri before it's yours. Dmitri Zagidulin: Alright thank you so much hair so I'm excited to be here all right so let me share my screen. Dmitri Zagidulin: And as usual if you have questions as a present please get on the Q raised your hand and this should be time afterwards for questions as well alright so. Dmitri Zagidulin: There we go. Dmitri Zagidulin: So those of you have been following. Dmitri Zagidulin: Under methods discussion here on the ccg or on the VC Edge you task force calls or the past several IW conferences so there's been a lot of good good conversation discussion on this method and I'm going to go into what it's about just sort of setting the context so this tag has been around it and discussion for a while there is a specification being incubated at this ECG. Dmitri Zagidulin: And now we finally. Dmitri Zagidulin: To actually implement it at MIT is digital credential Consortium so I wanted to update people on where the conversation has gone and what we've learned from trying it out in our wallet apps and another software so let's get into it. Dmitri Zagidulin: So the upshot here is that it is crucial for the verifiable credential Community to be able to display consistently. Dmitri Zagidulin: Systems and applications meaning whether you're an implementer of an issuer of a wallet a verifier software a various Downstream post verification right so if you're if you're an implementer of HR software promotion software applicant tracking. Dmitri Zagidulin: You're going to need to display credentials. Dmitri Zagidulin: And so how to display it how to reduce the implementation development costs and integration costs is partly what the stack is about so render method is a is a CG work item that was accepted I think last year or the year before that and it's also a reserved. Dmitri Zagidulin: The VC data model 2.0 context and it's linked to off of the VC specifications directory which if you're not familiar with should be it's a great listing of extension points and other related specifications to verify the credentials so at I like to use digital credential Consortium which is exactly it sounds like Consortium of. Dmitri Zagidulin: A bunch of universities in United States Europe Japan all over the world. Dmitri Zagidulin: We've had a chance to implement this render method in our open source wallet earn a credential wallet and we're in progress sort of reusing that code in other other components of our ecosystem so our opens those issuer verifier software and so on so I want to share a couple of lessons I learned from it. Dmitri Zagidulin: A lot of the discussion around this technology has been. Dmitri Zagidulin: Has turned out to be around PDFs we found that both in terms of sharing. Dmitri Zagidulin: The credential recipients being able to share credentials with other parties and in terms of the verification process PDFs have turned out to be way more important than we suspected or hoped I think in the beginning of the verifiable credentials community so let's let's dive into it oh and let me let me share the link to the slide deck that I'm using for people to follow along. Dmitri Zagidulin: I hear it is one second. Dmitri Zagidulin: https://docs.google.com/presentation/d/1BSaUKoxOArH_OA5ILTXV5USDLU_ug0Rl12iyQhNmWAA Dmitri Zagidulin: Here's a slide back. Dmitri Zagidulin: Okay so brief summary a lot of you may be familiar with this so why do we need something like render method. Dmitri Zagidulin: Well a lot of issuers deeply care about consistent visual styles. Dmitri Zagidulin: A lot of them I suspect would be would be happy to be able to enforce legally or technologically exactly how their credentials appear but much like with HTML and web sites regardless of. Dmitri Zagidulin: What a company does to their web design you as the user in control of your web browser can override that design right so that's the main thing that we should all keep in mind all of the really valuable mainstream web Technologies in their deal allow. Dmitri Zagidulin: The users to override the author's authorial intention but in any case so however giving issuers the ability to have some input into the conversation of what their feces show up as is incredibly valuable so this has been highly demanded item on the implementer side. Dmitri Zagidulin: Displaying the D.C.'s you're going to be doing it a lot right it's something that you'll be doing even more commonly than issuing them or verifying them. Dmitri Zagidulin: Those things need a lot of times they need user interface and so. Dmitri Zagidulin: They'll be great advantage to reducing the integration development costs for this very common operation. Dmitri Zagidulin: As I mentioned before. Dmitri Zagidulin: Especially from wallets but this displays into other pillars of the ecosystem as well. Dmitri Zagidulin: There's a lot of advantage and demand to being able to conquer print out the variable credential into a PDF to render a credential as a PDF and we'll get into some of the use cases that that our member universities have run into and of course looking ahead we need for verifiable credentials to be accessible. Dmitri Zagidulin: Being able to switch to different modalities about whether audio or Braille or so on but even more commonly this needs to appear on different sized screens different form factors not to mention getting into design details of okay here's how credentials should look in detail view but here's how it looks on a list right in if you have a list of verifiable credentials you. Dmitri Zagidulin: You're probably not going to be. Dmitri Zagidulin: Displaying the full details on the last right it's going to be a subside and then emerging Technologies such as weak geez. Dmitri Zagidulin: VC selector credential selector the thing that is that is in the process of being built into operating systems and browsers. Dmitri Zagidulin: The disability to do not just wallet selection but credential selection so it's it's something that's controlled by the operating system but again wouldn't it be great if the issuer. Dmitri Zagidulin: I hadn't put in this that says Chrome when presenting a list of credentials. Dmitri Zagidulin: I requesters asking for here's how you should render mine and realistically what we're talking about is here's what the title is here's what the little icon is and so on but still it's really important for issues to be able to customize this. Dmitri Zagidulin: The main problem that we're all facing as implementers is at the moment all of the sort of implementations and Pilots tend to be of credentials that were familiar with. Dmitri Zagidulin: Typically you're an issuer wallet or verifier you do a pilot and you know what credential you're going to be dealing with it's gonna be a diploma or it's going to be a student ID or it's going to be a permanent citizen card or a achievement credential that you've trained on this food safety course. Dmitri Zagidulin: And that's understandable right so you so far we have the community have been focused on familiar credentials to us so that we know exactly how they're going to display. Dmitri Zagidulin: But if if this is her to succeed the vast majority of credentials. Dmitri Zagidulin: Unknown to you as a wallet implementer right your we need to account for the fact that most credentials that are verifier or wallet will ever encounter are going to be unfamiliar to them are not going to be ones that our designers knew about and created specific display logic. Dmitri Zagidulin: So pay your wallet or verify or any kind of BC app implementer and your app encounters a new VC just literally how do you display it for the moment vast majority of DC applications. Dmitri Zagidulin: You have a long if-then statement you have a long switch statement where. Dmitri Zagidulin: Something about a credential typically its type or sometimes it's a sure but usually it's type. Dmitri Zagidulin: And then route your application code to specific display components that your graphic designers that your web designers. Dmitri Zagidulin: Lovingly put together right so if some wallet and I encounter a credential of type student ID I say aha okay I have this code prepared that lays out specifically the student ID fields. Dmitri Zagidulin: But as you can probably guess this is not scalable we need to be able to handle VCS that we didn't prepare for so what are the options what are the basic tools that we have in order to do this well we have the time and true tried and true technology of pre-rendering by five credentials into static images right so the issuer usually at issuing time. Dmitri Zagidulin: Have full control over what the image looks like can render it either as you know I fancy diploma with a big seal or a driver's license card with rounded Corners that looks like a real-world skill more fake driver's license and fill out all the fields right so we can pre-render them. Dmitri Zagidulin: Where that goes is the issuer host the pre rendered image on their website and puts a link to it in the verifiable credential although it's also possible to embed the full image into the PC itself right so we have some experience into doing this from the open badges version 2 and previously community. Dmitri Zagidulin: As I mentioned of course the most popular current method is to provide custom Logic for each PC and then for unfamiliar Pisa VC's to sort of fall back to the most commonly recognized Fields meaning every VC is going to have an issuer and sometimes an expiration date. Dmitri Zagidulin: And sometimes issuance date and so on but beyond that it becomes dicey we hope that our fabric credential has a name field we can display right we hope that it has a description field but here we are unfamiliar territory. Dmitri Zagidulin: To create a friend verify the credentials are going to have different fields in them. Dmitri Zagidulin: For the third option is and we've seen a number of wallets that I have taken this approach. Dmitri Zagidulin: Really Loop through all of the properties all of the attributes in a verifiable credential and just display them on the screen like. Dmitri Zagidulin: Issue were expiration date issuance date and then I have everything the entire contents of credentials object just put them out there in a bulleted list essentially we can talk about the drawbacks and benefits of each one of these approaches. Dmitri Zagidulin: Option is of course to look for rendering directions in the VC itself in a number of specifications including render method that we're talking about today have taken this approach. Dmitri Zagidulin: Put some kind of rendering hint either fully rendered or template or some structured data. Dmitri Zagidulin: That says here the fields that are important here's what you should display and how here's the font size and so on and so forth right so any sort of rendering Direction either stuffed into the VC itself or hosted elsewhere and linked to from the BC but the important part is you got to be see you can discover how to display it. Dmitri Zagidulin: And of. Dmitri Zagidulin: If he future desired option once these for get get well understood and settle down and implement it in the community we were of course would love to see is. Dmitri Zagidulin: For commonly used credentials for there to be trusted directories either from the implementers community or governments trade Association so any sort of trusted party that we have in them. Dmitri Zagidulin: You know communities and of course once those directories emerge you can use any of the previous four options to put into them including the render method rotation okay so let's talk about pre-rendering real quick this is images right so this is a tried-and-true approach using this for a number of years I think up to a decade already eyes open badges the benefit of course is you have Pixel Perfect control by the issue. Dmitri Zagidulin: Really how the image appears you're essentially looking at a JPEG or PNG. Dmitri Zagidulin: Of the rendered image and typically it's hosted on the issue or website you can of course posted on a generic. Dmitri Zagidulin: Web host an Amazon S3 buckets a cloudflare Content Network on GitHub Pages whatever. Dmitri Zagidulin: The drawbacks especially with open badges. Dmitri Zagidulin: Posting the image directly on the issuer. Dmitri Zagidulin: And of course the our favorite topic the call home the tracking Vector meaning. Dmitri Zagidulin: That's worst-case the issuer knows. Dmitri Zagidulin: Exactly how many times then when and from what IP address. Dmitri Zagidulin: Given credential is verified and more importantly open badges version 2 and and previous did not carry digital signatures in and of themselves the root of trust was the fact that it was hosted on. Dmitri Zagidulin: The issuer's website right so so literally in the verification your verifier logic would say okay the issuer is a mighty then the host that image must be at mit.edu. Dmitri Zagidulin: We have a bit more options in that regard now that we have digital signatures in verifiable credentials but it's still. Dmitri Zagidulin: It's still an important topic that the hosted images are both a root of Trust on the loot of vulnerability but even say if you embed the full image in the verifiable credential itself aside from the fact that it's the size is going to get huge and we've already encountered some problems with that where some mobile devices just run out of bar sir and compiler memory. Dmitri Zagidulin: I'll leave for. Dmitri Zagidulin: Those that are not that huge right like for diploma size essentially rendered credentials so. Dmitri Zagidulin: Fight from from thighs the challenge with static images is. Dmitri Zagidulin: The usual challenge with images on multiple devices right. Dmitri Zagidulin: On smaller screens some of the damages are going to be two huge and vice versa you're going to need to pre-render an image both for the detail View and for the list View and of course you have all of the screen reader. Dmitri Zagidulin: Disability challenges that we have with with its Shores so the engineering trade-off is of course. Dmitri Zagidulin: Do we embed. Dmitri Zagidulin: The image or whatever the pre-rendered pre-baked their fiber credential in the DC itself or do we link to it we mentioned some of the considerations there we have our old friend custom display logic which is what we essentially all do as implementers again the benefit is that great control not by the issuer but at least by the app developer so you have room for Innovation you have room for wallets and verifiers. Dmitri Zagidulin: As and. Dmitri Zagidulin: Our to experiment with what's the most usable way to present credentials that they share might not even have thought of so there's been a lot of a lot of interesting work a lot of opportunity for Innovation here on. Dmitri Zagidulin: How to display. Dmitri Zagidulin: If I have a grandchild regardless of how an insurer intended to the downside of course to this is that this is high effort every single application developer needs to sit down and hand code the display Logic for each credential type now as as the open source software matures we're likely to see to be able to see reusable. Dmitri Zagidulin: Code level of like here is the top ten most commonly displayed. Dmitri Zagidulin: React native components or here is the top ten most common web components which is another related technology for this we're not there yet and that could reduce some of the effort but we can do better than that and of course the main drawback is the issuer has no input to. Dmitri Zagidulin: How nervous he gets displayed and while that ultimately is correct while it is the user and the implementer should that should be in control of how its displayed it would be nice if the issuer at least had the opportunity to join the conversation and of course is as we mentioned before it's not general purpose so it breaks down when encountering an unfamiliar BC so number of implementers take the. Dmitri Zagidulin: All the fields approach and good news is it's very easy to implement and it Implement and it is general purpose so. Dmitri Zagidulin: On a technical level it will work with anything that's a verifiable credential because it's just Json object it's a nested set of field value Pairs and because of that because it's taxed you have much better affordances for screen readers and accessibility the drawback is that it's a mess. Dmitri Zagidulin: Not a good user experience. Dmitri Zagidulin: Some of the more complex credentials such as open badges version version 3 and those are Standalone credentials we're not even talking about something as complex as CLR version to I would present a common thinking what's your common learner a comprehensive learner record right where it's an entire transcript I uses entire education history contain in a verifiable credential. Dmitri Zagidulin: Imagine that display. Dmitri Zagidulin: Anybody's general-purpose code. Kerri Lemoie: https://www.1edtech.org/initiatives/digital-credentials/clr Dmitri Zagidulin: But even if you don't go to that extreme any given verifiable credential has a lot of properties only a few of which are of interest to the user. Dmitri Zagidulin: So there's no there's no ability for the display or two to say okay this is what the credential is. Kerri Lemoie: https://www.imsglobal.org/spec/clr/v2p0 Dmitri Zagidulin: And optionally reveal some of the under-the-hood metadata and credential. Dmitri Zagidulin: Comes out on the screen so. Dmitri Zagidulin: The larger the more fields that are and the more deeply nested they are starts to pose challenges especially on mobile screens where it's it's not easy to display nesting Behavior with indentation and so on so method we're talking about today is of course looking for the rendering directions in the DC itself so now the issuer has some input it says Hey Downstream app developer if you encounter my credential. Dmitri Zagidulin: Here's one way to display it I you can override it but at least here's a starting point. Dmitri Zagidulin: Now because the root of trust is in the digital signature and not in the rendering template it now becomes untrackable by the issue you can now Host this thing genuinely on a neutral content hosting parties or even embedded in the credential selves you know hosting involved and now we have affordances for responsive design for accessibility. Dmitri Zagidulin: The thing to understand about this approach is that. Dmitri Zagidulin: It also encompasses in itself all of the other approaches you can use render method to include a pre rendered image a pre-baked image you can use render method to say. Dmitri Zagidulin: Looping through all of the fields and displaying them here are the important ones and so on. Dmitri Zagidulin: You do have some engineering trade-offs as usual with this method the first one being. Dmitri Zagidulin: Do you embed do you stop the entire rendering hint meaning HTML template or or pre-render or whatever whatever you're going to use do you embed the whole thing in the verifiable credential and therefore increase its size but enable its display without a net connection right offline use or do you link to the remote in which case you need to sprinkle some extra. Dmitri Zagidulin: X10 to make the lock down the contents on the other end of the host link and of course. Dmitri Zagidulin: In order to do offline access if he wallet will need to have prefetched cashed all of the rendering hints before being able to display it in an offline scenario and of course hopefully as the previous render method Tech matures will be able to. Dmitri Zagidulin: Play some of. Dmitri Zagidulin: Random methods into trusted Registries and that's that's still sort of in conversation series well we're still exploring that part but the good news is that given that we need known issuers and known verifier lists anyways as a VC equal system right so regardless of what we do with the display for for the whole thing to work we need known issue or lists we need these trust Registries so if we have them we could also piggyback on them. Dmitri Zagidulin: I'd say. Dmitri Zagidulin: Hey the for this issuer and it's an authorized issuer here is a list of their preferred templates look here anyway so we can talk about that once it's time for that so as always we like to mention prior art so lots of experience from open badges V2 this whole render method discussion got started and rebooting web of trust 11 where a number of us collaborated on a paper and there's a demo video of what it looks like and that paper. Dmitri Zagidulin: It's always unfortunate. Dmitri Zagidulin: And by some of the diff specifications the traceability vocab is another task force of CG specification and so on right so it's currently living in the ccg repo that you should check it out and then over the past couple of IW we've been in the conversation with Hyper legendaries OCA which is something overlay. Dmitri Zagidulin: But basically it's another way to add display directives in a verifiable credential and it's a slightly it's not an exact alternative it's a related technology that we want to be informed by that we want to keep in mind when designing this render method so that it's compatible with OCA bundles. Dmitri Zagidulin: So like I mentioned a DC we've we have an in-progress pilot deploying this render method Tech with one of our partners with just Tec de Monterrey Mexico and here is here's what it looks like currently right so here's the current screen shots from our Mobile wallet is open source should all check out if you haven't yet and I want to draw your attention to this second button from the top even though it's not highlighted so. Dmitri Zagidulin: When I pull up a giving. Dmitri Zagidulin: If it has a render method section in it I can when I go to share that credential the wallet provides me this extra button exported to PDF when I click that button it renders the PDF opens the operating systems share screen that's the middle middle sign that you're looking at middle image and this is what the PDF looks like in the Mobile screen right so we. Dmitri Zagidulin: A diploma with the feel the thing that we all sort of expect with this particular kind of credentials because the pilot is dealing with diplomas of graduating students. Dmitri Zagidulin: What does the credential look like what what's the VC data that powers this these screenshots well if we zoom into those credentials they are exactly the ones I described in Z in the render method specification So currently we just include one render method hint now keep in mind that it could be more than one right so we could also include a pre-baked. Dmitri Zagidulin: Can also include all sorts of things but at the moment the pilot we started with an SVG rendering template so the template itself is hosted on GitHub Pages view rendering logic is contained in the type we also have additional optional both name and the CSS media query which results in this thing that you see and if you pull up the. Dmitri Zagidulin: From that GitHub site this is what it looks like right so it's a. Dmitri Zagidulin: Format SVG format familiar with familiar to all graphic designers and web designers and the important part is that you have these handlebar templates the the credential subject name and the Prudential name so you can say to your graphic designer hey. Dmitri Zagidulin: When printing to the PDF compose how you would like to how you like it to look and for the actual field values just put them in these what are called mustache templates right so it's a very it's very useful mechanism and Ian in the DC issuer platform in the admin dashboard we. Dmitri Zagidulin: Basically when any sure goes to issue a cohort of credentials there's a text box where they can paste the the template that the SVG for example and the issuing software will just use it and include it in the credential and so on so it's a user-friendly how sort of setup all right so what have we learned from from testing this out with our deployment one is that we ran into the problem with SVA. Dmitri Zagidulin: G templates. Dmitri Zagidulin: The benefits to spg's but part of the reason why I personally have advocated for them initially was that they're widely support across all systems they they can both be responsive and. Dmitri Zagidulin: The issue of the designer can specify exactly what they look like and it's familiar do Graphics designers well we ran into and of course no design no initial design survives contact with real user data meaning. Dmitri Zagidulin: We put together. Dmitri Zagidulin: Tablet and then we came into contact with real user names which are gigantic right so if you look at this potential here it's a subject name. Dmitri Zagidulin: It's great if the name if the name is short so artist formerly known as Prince great you just put Prince there it looks fine but we saw what we found is that especially in Spanish-speaking countries people have really long names and they start to scroll off the screen and what we found out is raw FEG by itself and does not give us the ability to control the alignment in the wrapping which was a. Dmitri Zagidulin: Which was a surprise to us and. Dmitri Zagidulin: RSG expert and. Dmitri Zagidulin: You can read. Dmitri Zagidulin: And be like no I know how to control wrapping an alignment here's how to do it but we ran into this roadblock so current solution that we're exploring is we're switching from SVG to HTML and CSS templates which are of course all about alignment and wrapping directives and can handle larger user data what the. Dmitri Zagidulin: The idea is the same can what designers knows how to use knows how to work with HTML and CSS templates they know how to use mustache and handlebars style template fields. Dmitri Zagidulin: It's not a huge pivot but this is basically what we're deploying currently. Dmitri Zagidulin: And as I mentioned before. Dmitri Zagidulin: Focuses on the PDFs. Dmitri Zagidulin: Stepping back from our deployment in general as a VC Community we need to nail down a round-trip life cycle between a Json object that is a VC and some sort of print and paper ability so. Dmitri Zagidulin: If I receive a regular credential classic VC it's in my wallet now what. Dmitri Zagidulin: How do I actually share with people so the very first Pilots have literally been I'm going to take that Json data and make a Json file attachment to an email or a text message it's can imagine that's not very usable the receiver on the other end looks at in what is this this bunch of text gobbledygook yes you can give people the instructions of okay now copy and paste this Json into this website or this. Dmitri Zagidulin: Fire sauce. Dmitri Zagidulin: But as we can all tell like that that's not that's not really usable. Dmitri Zagidulin: But what everybody's positively responded to is if the receiver on the other end if the verify if the requester doesn't know if he sees our has no verifier software and doesn't want to use ours the one thing they can all do is hey oh there's a PDF attached to my email. Dmitri Zagidulin: Yeah if I'm a famous Tune Time this is a real use case that McMaster University in Canada has has already bumped up against. Dmitri Zagidulin: Students entering the country at the need to present the Border guard proof of that their students in the university in order to be let in and it'd be nice to say hey here's the verifiable credential issued by. Dmitri Zagidulin: City and the Border guard will have verifier software and they can scan it and all will be well but of course the moment but our guys don't have their fire software so the. Dmitri Zagidulin: Shinto that has been to print out the VC on on paper you know through a PDF but then also include machine-readable data on that be on my PDF I'm not pay-per-view a QR code so what I what I mean by round-trip lifecycle is we need to be able to go from a VC to paper and the other way around we need to be able to go from a paper to a VC which basically there's. Dmitri Zagidulin: Two options. Dmitri Zagidulin: That we can use a QR code is familiar to us well there are several considerations with offline and online usage and then of course a lot of you have may have heard of C2 PA and I believe we had cgpa presentation on here on the ccg in the past so it will be until and some others are working on this standard. Dmitri Zagidulin: A place to. Dmitri Zagidulin: Find Digital Data any kind of Rich metadata in the PDF itself or also in a PNG or in a Photoshop file or in a video. Dmitri Zagidulin: But that's a that's an under the hood metadata specification. Dmitri Zagidulin: The moment it goes to print all of that metadata is lost right so we still need ideally would need to use both we can use the vendor provided tools and open specification on how to. Dmitri Zagidulin: A full-on verifiable credential into the PDFs metadata but also. Dmitri Zagidulin: Once it actually goes to print we're likely going to need to use a QR code next steps so we're still in the process of implementing and Gathering deployment lessons from from this pilots from Tec de Monterrey and others 11 Next Step possibility would be to explore other render method types right the render method is just an extension point. Dmitri Zagidulin: You can put all sorts of things in there at the moment we have HTML templates but we could also of course pre-render the images or pre under the full PDF themselves. Dmitri Zagidulin: And choose to interoperate with other similar approaches like OCA bundles. Dmitri Zagidulin: I'd hash links through the digest multi Basin Sr i-- mechanism to our external host of templates and of course I'm and this is again of interest to tectum Andre and other multilingual issuers you can use render method to issue one credential that supports localized display of multiple languages not just on a field level but on a full document level. Dmitri Zagidulin: That can be a subject for more discussion. Dmitri Zagidulin: In in that calls because as always translation internationalization important important topic all right questions from the audience. Manu Sporny: Woman yeah thanks for this Dimitri that was a wonderful presentation like very super thorough and covering you know all the all the different options so thank you that was a wonderful and we've hit the same issue X rapping issue like if you go and they were talking about like text wrapping in SVG to and it's coming soon and I don't know what happened but. Manu Sporny: But it's still a problem today. Manu Sporny: Um so one of the things so we are also implementing render method along the lines of what DC's implemented so one one side comment as we should probably let the VC WG know that there are multiple implementers of the specs that we can make sure that the render method extension Point stays in there the the other thing is you know we took a look at. Manu Sporny: HTML based rendering in. Manu Sporny: In boxing it in a way inappropriate way the biggest concern we had with the HTML thing is it allows other kind of tracking mechanisms to be injected into the HTML and we didn't know how to potentially address those you know tracking cookies that that sort of thing so that that remains kind of a challenge for us the other thing we've been looking at because of the text wrapping it is like. Manu Sporny: DF based like you know their JavaScript libraries that will render PDF in where we like wondering well you know maybe what we can do like you said is provide a files and then maybe real-time render those in the mall it's using a you know JavaScript PDF renderer some of the pushback we've heard on that from wallet providers is that the native wallet vendors are like we don't want to include PDF rendering functionality or we don't want to have to include an. Manu Sporny: Email rendering capability in our native wallets. Manu Sporny: It's am wondering what you think. Manu Sporny: Some of those problems are one the HTML sandboxing issue to the you know some native wallet vendors are balking at the idea of needing to render SVG or needing to have an HTML rendering engine their wallets thoughts and how we get kind of past those that that kind of vendor pushback from the Native wallet immunity. Dmitri Zagidulin: Great question and it's very comforting to hear that your team has run into very similar problems that we did so it's not we're not crazy not just us but so yes we we've we've had those discussions as well real quick the thoughts have been with HTML rendering twofold one most libraries that go from HTML to PDF allow you to essentially. Dmitri Zagidulin: Ali sanitize the tags. Dmitri Zagidulin: To prevent for example you injecting JavaScript into the display of that sort of thing so sanitization and checking which we all know only goes so far that that's that's a bare minimum and not not the full solution but thought I'd mention it and then the reminder is of course as always the issue is the root of trust that. Dmitri Zagidulin: You're absolutely right for tracking an issuer could. Dmitri Zagidulin: I had a tracking image right A Familiar Lighthouse image that we all know from emails which is which is the way that a lot of email senders can tell whether you've opened the email or not so we would need to apply similar. Dmitri Zagidulin: Garrity tools that email client implementers have but ultimately this goes back to the reputation of the issue right so if the template is found to have tracking cookie or tracking image than we would need Community pressure so in short you're absolutely right that is that is one of the one that considerations in HTML and PDF itself right we all know PDF can be. Dmitri Zagidulin: A source of fishing. Dmitri Zagidulin: King of thorn so definitely a large conversation and. Dmitri Zagidulin: How was the second or second question. Dmitri Zagidulin: I forget so yes definitely oh the providing yes so we also ran into the we initially thought could we somehow render the credential directly via by providing. Dmitri Zagidulin: JavaScript or bundle of webassembly and have the wallet use that for rendering and you're exactly right that is a hard task of Downstream implementers so. Dmitri Zagidulin: We decided not to go down that route for exactly those reasons that you mentioned and are exploring a declarative rather than a comparative method which is HTML and CSS which is templates rather than running code. Dmitri Zagidulin: We got a couple minutes left I think Bob is on the queue. Bob Wyman: Yeah Demetria sorry I came home late she may have already made this comment but I'm curious is there anything about your proposal here about render method is a generic idea that is specific to the credentials problem why wouldn't any protocol which which involves sending data that might then later be presented use something similar like even in. Bob Wyman: Activity Pub. Bob Wyman: Lots of objects that exist not everybody actually has not every implementation has code to display them all why don't they all have essentially render methods that Define a default presentation so is there anything here specific about credentials and what are those specific things that they exist. Dmitri Zagidulin: Yeah that's a great question and the short answer is no it's not specific credentials activity Bob absolutely can benefit from a similar mechanism and so we could we could evolve it while keeping activity streams and activity Pub in mind and then social media in general the main the main precedent yes. Bob Wyman: Thinking brother worry about the chess move problem the chest you are going to want to have to represent chess boards they just one obscure codes but a render method could tell somebody who didn't know how to move how to prison. Dmitri Zagidulin: Right right that's that's a great point and yes something like render method would be been beneficial the I think the main precedent that we have in computer history is email of course right very quickly for Rich emails the email needed to contain ways to render it aside from text and email settled on HTML and then. Dmitri Zagidulin: You know in certain. Dmitri Zagidulin: Any Decades of arms race evolution of sanitizing HTML versus versus features right so we can at least look to that but you're absolutely right we should also include. Dmitri Zagidulin: So on in this conversation. Dmitri Zagidulin: Anyone else I see we're at the top of the hour over to you Harrison. <kerri_lemoie> Great work, Dmitri! Thanks! Harrison_Tang: All right thank you thank you Dimitri and a great presentation all right so this concludes this concludes the first very first meeting ccg meeting for 2024 and again thanks in the tree and thanks for everyone for joining have a good one bye.
Received on Wednesday, 3 January 2024 21:38:59 UTC