RE: Verifiable Credentials over Wireless (NFC and Bluetooth)

Thank you Manu + Digital Bazaar team.  Verifiable Credentials over Wireless is a super interesting concept!

I can think of a dozen of use cases to “protect/program your interactions” using VCs in such a fashion.

A few thoughts (at a higher level), which can support multiple use cases:

  1.  Phone-2-Phone Chain --- Passing a single VC via multiple smartphones (users) --> think of it as a much better version of the in-person “game of telephone” (but without mistakes)
  2.  Online-2-‘In Real Life’ (IRL) --- connecting the User between online and in-person experiences & interactions
  3.  Links to Digital Proofs --- A secure way to share a tamper-evident link to another VC (e.g., a secondary VC, a much larger data packet, etc.)

Not to mention tons of identity, AI, payments and commerce-related use cases.

Some considerations:

  *   Presentation vs. transfer of VC (digital proofs)? How about both!
  *   Need to protect against P2P malware infections via sharable VCs
  *   Size limitations for larger VCs

Cheers,
Przemek


Przemek Praszczalek
Director, Identity Products & Innovation

Mastercard Inc.
Cybersecurity & Intelligence (C&I)
| mobile +1-914-441-0832
https://www.linkedin.com/in/przemek1
[cid:image001.png@01DB08E9.B3ACCC90]<www.mastercard.com>


From: Manu Sporny <msporny@digitalbazaar.com>
Sent: Tuesday, September 17, 2024 8:00 AM
To: W3C Credentials CG <public-credentials@w3.org>
Subject: {EXTERNAL} Verifiable Credentials over Wireless (NFC and Bluetooth)

As the adoption rate of verifiable credentials increases (TruAge, US Federal Government Agencies, European Digital Identity, US State Government Agencies), and as some of the use cases move from purely online flows to in person, it would be


As the adoption rate of verifiable credentials increases (TruAge, US

Federal Government Agencies, European Digital Identity, US State

Government Agencies), and as some of the use cases move from purely

online flows to in person, it would be useful if we were able to

transmit VCs in more high-security, in-person scenarios, such as via

short range wireless (NFC and Bluetooth).



We're excited to announce the Verifiable Credentials Over Wireless

specification that does just that:



https://urldefense.com/v3/__https://digitalbazaar.github.io/vc-wireless/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_UHQB5X2Q$<https://urldefense.com/v3/__https:/digitalbazaar.github.io/vc-wireless/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_UHQB5X2Q$>



There is a use cases section that goes over some of the target use

cases such as:



* NFC presentation of things like legacy public transit passes

(putting "things that are not VCs into VCs and doing something useful

with them"),



* Compressing and sending a VC over NFC in less time than it takes to

tap a credit card,



* Performing a VC API workflow over NFC or Bluetooth, and



* Upgrading from optical or NFC to Bluetooth, local Wifi, or a wide

area mobile network connection. There are protocol examples in the

specification to show each of the use cases above.



We've also got a demo video of the specification in action available here:



https://urldefense.com/v3/__https://youtu.be/hSG-J0LFqfk__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_UMEoIeqA$<https://urldefense.com/v3/__https:/youtu.be/hSG-J0LFqfk__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_UMEoIeqA$>



We will be integrating the functionality into the VC Playground in the

coming weeks.



We do expect to make a call for adoption as a CCG work item at some

point in the future. More to come after W3C TPAC, but until then,

happy to answer any questions, concerns, or comments people might

have.



-- manu



--

Manu Sporny - https://urldefense.com/v3/__https://www.linkedin.com/in/manusporny/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_WlY_RTGQ$<https://urldefense.com/v3/__https:/www.linkedin.com/in/manusporny/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_WlY_RTGQ$>

Founder/CEO - Digital Bazaar, Inc.

https://urldefense.com/v3/__https://www.digitalbazaar.com/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_VAFNPHoQ$<https://urldefense.com/v3/__https:/www.digitalbazaar.com/__;!!NDdRaFrjhKsg!pqbcpJR4qJVh6wu_kGrXiKQfG3gB0KHd9L4h2csB_kO5KX5PrJFU2OB0CAHcJ2OegXe-X0U96ACNsvMJIFImEn-1G_VAFNPHoQ$>



CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.