- From: <meetings@w3c-ccg.org>
- Date: Tue, 13 May 2025 22:05:53 +0000
- To: public-credentials@w3.org
- Message-ID: <CA+ChqYcyc7mRgds9hCqMUfV3v54W_sV3=2kX9QR7TB=VLrV=gA@mail.gmail.com>
CCG Weekly Meeting Summary - 2025/05/13
*Topics Covered:*
- *Administrative Items:* Code of ethics reminder, IP rights, call notes
updates (Google Meet recording and Gemini summaries), upcoming agenda items
(GS1, Verifiable Credentials WG update, Providence Mark). Consolidation of
calendar events onto the W3C calendar.
- *Taiwan Digital Identity Wallet (TWDIW):* Presentation by Denken Chen
detailing Taiwan's approach to digital identity, focusing on the TWDIW.
- *Special Considerations for Taiwan:* Existing PKI infrastructure
(TW-TO, national health insurance cards), challenges from
previous national
ID rollouts.
- *Technical Specifications:* Use of DID 1.0, VC data model 1.1, IETF
selective disclosure (JWS), OpenID 4VCI and VP, and the Between
status list
for revocation. Currently using DID Key method (P-256) with plans for
future exploration of other DID methods. Mobile-first approach
with iOS and
Android apps.
- *Selective Disclosure vs. ZKP:* Choice of selective disclosure for
easier implementation and explanation, but acknowledges ZKP as the future
direction for privacy. Exploration of ZKP solutions (DKID) as an add-on.
- *Verifiable Data Registry:* Plan to use EVM-compatible blockchains
for public key and schema storage, ensuring data availability and
permissionless verification. Government responsibility for managing keys
for government issuers initially. Discussion around the permissioning
structure for adding issuers. Inclusion of Identity Assurance
Levels (IAL).
- *Verifier Registry:* Discussion on the establishment of a verifier
registry, potential for web-based registration, and user rights
(access and
right to be forgotten). Challenges around governance and trust.
- *Use Cases:* Discussions around age verification, integration with
online governance platforms, and challenges associated with cross-border
recognition. Focus on unlocking scenarios only possible with digital
wallets (e.g., car rentals, international travel).
- *Open Source:* The project's open-source plan (August-November
2025), including software components, and a sandbox environment
for testing.
*Key Points:*
- Taiwan's TWDIW prioritizes a practical and easily understandable
approach, currently favoring selective disclosure over ZKP for initial
implementation.
- The TWDIW leverages existing infrastructure and adopts widely used
standards for interoperability.
- The government plays a key role in managing the verifiable data
registry and establishing initial trust.
- There's ongoing discussion about the future integration of ZKP, the
governance of the verifier registry, and the balance between citizen
control and government oversight. There is also an acknowledgement that the
ecosystem needs to expand beyond government issuers.
- The project is moving towards an open-source model and provides a
sandbox environment for testing and collaboration.
Text: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-05-13.md
Video: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-05-13.mp4
*CCG Weekly - 2025/05/13 11:55 EDT - Transcript* *Attendees*
Alex Higuera, Chandima Cumaranatunge, Denken Chen, Erica Connell, Greg
Bernstein, Gregory Natran, Harrison Tang, Hiroyuki Sano, James Chartrand,
Jennie Meier, Joe Andrieu, Kaliya Identity Woman, Kayode Ezike, Kerri
Lemoie, Mahmoud Alkhraishi, Otto Mora, Przemek, Rashmi Siravara, Rob
Padula, Sharon Leu, Ted Thibodeau Jr, Tim Cappalli, Vanessa Xu, Will
Abramson, Yen-Lin Huang, 王浩恩
*Transcript*
Will Abramson: Yeah, I think yeah, right.
Harrison Tang: Hey, how's it going?
Denken Chen: Hey, great.
Denken Chen: Let me screen share.
Harrison Tang: Yeah, thanks for jumping on. Thank you for taking the time.
Yeah, I know it's very late.
Denken Chen: Yeah, No problem.
Harrison Tang: It's very late there. So, Tinten, will be hosting today and
then, we will go over the administrative stuff for about four to five
minutes and…
Harrison Tang: then we'll get to your presentation around 9:07. Yeah. can
you hear us?
Denken Chen: …
Denken Chen: yes. Okay.
Harrison Tang: All right.
Harrison Tang: So will host and then he will go over the administrative and
also announcement reminders and…
Denken Chen: Hey, it's my honor to be here to share our experience.
Harrison Tang: we'll start your portion around 9:07. All right, sounds good.
Will Abramson: Cool. Yeah,…
Will Abramson: thanks I appreciate it as well. it's not a good time for
you, so thanks for jumping on. Cool. Yeah, thanks a lot. We'll give people
a couple of minutes and then I'll kick it off. I don't need to ask you,
Harrison, anymore, do I? Stop the recording. Just going cool.
Harrison Tang: Yeah, it's being recorded right now.
Will Abramson: Okay, I think I'll get started. quite a few folks have
joined the admin portion first. so Tim just good catch. thanks Tim. Yeah.
Okay. So, we need to update. That's like the W3.org, right? Yeah. Just want
to update. Great. I'll try to do that after welcome everyone to this week's
credential community group call. today I'm delighted to have Denin Chen
here going to present on what Taiwan is working on with their digital
identity wallet.
Will Abramson: so we really appreciate Den taking the time especially
because I don't know some god awful time in the morning for him. but before
we get into that I just run down some administrative items. So code of
ethics and professional conduct reminder treat people with respect. we're
here to collaborate and work together and trying to create a friendly
environment for us all to do that. But just keep that in mind when you're
interacting with others in this community. Thanks. IP note. So, anyone's
welcome to participate in these calls. however, all substantiative
contributors to CCG work items must be members of the CCG with full IPR
agreements signed.
00:05:00
Will Abramson: If you're unsure what that means or you would like to become
a member but don't know how just reach out to the chairs that's me Harrison
or Mammud and we'll be more than happy to help Call notes. So, yeah, we've
moved over to Google Meet. These are being recorded. the audio is archived
and there's also a summary from Google's Gemini that is produced at the end
of these calls. I think we don't use IRC anymore to queue, so we should
probably update that. But just raise your hand in the Google meet and we'll
manage a queue as we need.
Will Abramson: Introductions and reintroductions. Is there anyone new on
the call today who'd like to introduce themselves or anyone just feeling
friendly and wants to say Just jump on the queue now. Love to hear from No
one today. moving on announcements and reminders. Are there any
announcements that you want to make the group aware of or reminders that we
should be keeping track of? please on the queue. Okay. Not hearing any
announcements or reminders.
Will Abramson: moving on. are there any updates on the CCG work items that
have been going on? I mean, I was away last week, so I haven't been
tracking any of the data integrity stuff. So, I'd appreciate a rundown of
if anything there that I should be aware of, but really anything that's CCG
related, both has Appreciate feedback. No worries. I think then we can just
move into the main part of the call and I'll hand it over to Denan. go.
Harrison Tang: So, just a quick preview. So, next week we'll have GS1
talking about their implementations on verifiable credentials and then the
week after we'll have Brent to talk about what's next at verifiable
credentials working group and then the week after that we'll have Wolf from
blockchain comments to talk about Providence Mark. I'll keep sending out
the agenda the week of events and then of course you can just go to W3C
calendar to see the latest events coming up and then we also put in the
VCedu and also the data integrity and other task forces calendars in the
W3C calendar.
Harrison Tang: I'm sending out the link here and if there's anything
missing just let any of the chairs know we'll try to consolidate all the
calendar events to the W3C calendar.
Will Abramson: Great Harrison. That's good. I know there's been a recurring
sort of issues we've had to the calendar. Hopefully, this is going to solve
that. Right. There's one bite that we manage it and it's on the W3C website.
Harrison Tang: Yep. So that integrations and promotions if you're curious
about the work items and then which work items will be promoted to the VC
working group the data integrity which is the crypto suite stuff and then
VCD the dates and times are all there
Will Abramson: Thanks a lot. Okay, last call. Any introductions,
announcements, work item updates? No once.
Will Abramson: Over to you thanks again for presenting.
Denken Chen: Hey, hello everyone and…
Denken Chen: I'll share my slides in this group chat so you can see it by
yourself and in the attendees I've seen Yanding Hang he's matching an early
contributor or say the main people inside the government to be responsible
for this project but he has been resigned recently and I see Aliyah
identity woman we invited her to Moda to talk about identity stuff last
year. So nice to see you again.
00:10:00
Denken Chen: And in this talk I think we will start by sharing our
experience since last year TP pack 2024 we had a breakout sessions and
there are m lots of details since then and let's get started. So a few
disclaimer in the beginning this whole presentation is based on
collaborative efforts and it's lots of people working on this and I'm just
collecting some public informations or aspect to it and so today I do not
represent the moda the government or I do not represent the the other say
labs.
Denken Chen: So today I'm presenting for myself and so those opinions are
on my own and on a brief introduction of myself. I've been a mobile app
developer for over a decade mainly on the iOS app site and I've been
information security consultant for a while. So this is my first time to be
a technical staff and advisor to the government and to this digital
identity world and in this job I producing Dr. Sim report and mainly
working with my colleagues to working on a technical adversary meetings
where we invite multiple stakeholders to discuss issues around this digital
identity wallet.
Denken Chen: So you may commit donate me at my web page and during this
digital identity wallet formation of this ecosystems I think there are some
special considerations for Taiwan and from now on I probably would just use
one topic one slide so if you got any question of this slide you can just
raise your hand or leave some message I will pause for a few seconds at the
end of each slide.
Denken Chen: So for this style we are talking about there are some special
considerations here in Taiwan we do not have digital versions of driving
license for now but we do have lots of existing government PKI cars or
services including we have cars for the legal entity entities and we have
cars and a mobile version called TWTO for natural person and we also have n
national health insurancees which issues IC card to both doctors and
patients.
Denken Chen: So we already have lots of PKI cards here and so the
motivation for this digital identity movement I think it's kind of very
different from many of the countries in Taiwan we had a new ID in 2021 and
it was kind of like a tragedy to me because when the government would like
to roll out a new Yeti from paper card to an IC card. There were lots of
fight back from the organization like some NOS's like some association for
the human right or open culture foundations.
Denken Chen: they fight for the information security issues and privacy
issues and mainly for the reason that there was no specific laws for a new
eid. So lots of debates and dispute there. So in the end the government
decided to suspend that new eid roll out and eventually I think it's kind
of suspended it forever. So now comes to Moda the government I work with
the of digital fair So this ministry you can see it's been established in
2022.
00:15:00
Denken Chen: It's after the aftermath of the eid stuff they just
established after that and in 2023 the Moda did some early research on some
decentralized tech. So there are multiple fields has been discovered I
would say has been researched deeply that including the decentralized
identifiers including the tools there and they're also doing some
retroactive public goods funding within the government and the civil
community and after that project I think the government decide that this
decentralized identifier is the way to
Denken Chen: And that's based on a pioneer early research which is called
Taiwan DID. You can still find this projects on the GitHub. it's a early
research and kind of proof of concept to make sure that the DID can bridge
the current existing system the TWW50. So like I mentioned that it's a
existing X50 files nice certificate for natural person and to bridge that
existing PKI card to a Ethereum address or a sim for ity a ZKP identity to
use CD and VC as a bridge to make sure those can be connected.
Denken Chen: So I think it's a really interesting project in 2023 and it
has served as a research base to led to current spec of TWWDIW. So I have
seen someone was argu that TWWD hasn't been evolved into our current spec.
Yeah, exactly. it's just an early proof of concept. that also defines the
current spec. So let's see the current spec. We've shared a little bit
about this before back to tack we've used the decentralized identifier 1.0
and we also use the verifiable credentials data model 1.1. And we know that
the 2.0
Denken Chen: is going to be released soon and we also have done some
internal research to migrate the version but it's in preparation and one of
the interesting part is that we pick IETF selective disclosure for JT SD J
and we'll talk about it later. So the communication APIs we pick verifiable
credential insuranceances open ID for VCI and for verifiable presentations
for VP. So the final part is we use between status list for the revocation
list.
Denken Chen: So you can see that from those days it's kind of very akin to
what europe has been choosing like the SD j for the selective disclosure
and the open ID for VCI and VP. So I think for the early researcher the
reason they choose there are kind of relatively mature standards. So you
can see afterwards. maybe I can just stop here for a while. If you have any
questions, you can raise your hands or I just continue. great. We'll just
step into a little bit details. So on the D method, so far we only use the
key.
Denken Chen: by the way basically this presentation I present are basically
public information that you can get from the sandbox environment or from
our public document. So on this part we only use the key for now and it's
based on this P 256. I think the reason they picked that is that we use the
mobile phone as the holders wallet and use secure encrament to generate the
key pairs and so far it's the only curve that been supported.
Denken Chen: So that bring us to the software components here like the
issuer and the verifier side we have got two docker image will be offered
to the industry and so on the holder side it's kind of interesting that
this project pick used mobile apps on the iOS and Android it's a local only
apps there's no wallet agent or holder services online.
00:20:00
Denken Chen: So it has to be purely local apps and it support code through
open ID4 VCI or open ID for VP and this project is bettered to support NFC
as well but it's still in development and one of the interesting things is
that when you downloading the testing version you'll see that this wallet
maintains VP history because it's very important for the holder to
Denken Chen: know what services they have been authorized and they can keep
up to the law of the personal information requirements and for each project
there will be some software development kit SDKs will be provided for the
trusted triangles. So let's see why they choose selective disclosure over
the KP for this project. I think it's because it's easier to implement for
the engineers side because a bit discursive to see the spec is relatively
easy to understand. on the contrary like ZKP there are lots of
implementations or standards or algorithm competing for a while. We'll talk
about that later.
Denken Chen: And for the government part it's also easier to explain what
is selective disclosure. you of the VCs You're just hiding some fields. So
when you are revealing your legal name but you can hide your birth date
like those kind of things. So it's easier to explain to the citizen or we
also collaborating with lawyers to make sure the regulations works under
these systems and also to the government officials and also because it's a
relatively mature standards so we choose static disclosure I think is kind
of reasonable for the government because they had to pick something that is
easier to understand and
Denken Chen: easier to implement and we also did some DKP explorations I
think it's based on DK ID for a while have been shared a little bit in the
data integrity meetings since April and I personally have many discussions
with them so they're implementing ZKP solutions directly from the SD jot.
So it's important for the government side when we are implementing the
services there's no need for the ZKP service to change the issuers process.
So that means that this DKP can be an add-on to the whole ecosystem later.
Denken Chen: So when the whole ecosystem has been established we can add
the later. So before diving in this I would like to see if there's any
question for this because I might have been gone too fast.
Will Abramson: I had a question Duncan.
Denken Chen: Yeah.
Will Abramson: You said currently you're using did key Is there plans? Have
you explored what might be after did key Yeah,…
Denken Chen: You mean some other did methods? Yeah.
Will Abramson: I did message that would allow you to do updates, right?
Denken Chen: Later we'll talk about verify registry and I personally would
advocate to use the web to kind of expand the use cases or expand the
registration methods through it. But so far I think one of the reason is
that we don't disclose any holders on the internet we only keep it on the
mobile phones. So unless there's a interaction between the holder and…
Denken Chen: the verifier otherwise the ID key for the holder wouldn't be
disclosed interesting. Yeah.
00:25:00
Will Abramson: And that actually brings up another question that I think I
had are holders in your system do they have one did key or…
Will Abramson: do they create many did keys.
Denken Chen: Let's one part I forgot to mention. in this wallet they will
be able to create multiple wallets inside the app. So for now each wallet
will corresponding to one key. So it can create multiple keys.
Will Abramson: Okay,…
Denken Chen: Yeah exactly.
Will Abramson: cool. Thanks.
Denken Chen: So any other questions? anything you can discuss. I think we
are very welcome for discussions because I also see not just me but also
Hen from the Moda has been join us as well. Sure.
Will Abramson: I guess I could ask another question about the ZKP stuff.
sounds like you decided not to explore that. you explored it and…
Will Abramson: then pulled back. Do you think in the future you might move
to a ZKP solution or you kind of rolled that out?
Denken Chen: Yeah, I would say the reason the government would mostly
choose selective disclosure…
Will Abramson: Mhm.
Denken Chen: because it's more practical in the sense that it can be rolled
out and easier to understand. But on the other hand last year or no this
year I attended rights come and when it comes to human rights I think many
of the people there understand that ZKP is the way to go to prevent your
behavior heavier tracking stuff.
Will Abramson: Mhm. Okay.
Denken Chen: yeah and also it's kind of the only reason that we can
minimize our personal information leakage to the outside world or even the
can be a checking parameters right so to deal with those situations we have
to do ZKP solutions but I think it's kind of like an industry problem like
some indust industry do rely on tracking the ad industry right there are
many industry that rely on as revenues.
Denken Chen: So I think for the government side there has to make sure a
ecosystem that works for most of the people there and for some scenarios
that cares about privacy a lot more it will be much suitable to use DKP and
for our part I think we are trying hard kind of to research available
solutions for the government so they can see at what's…
Denken Chen: what has been involved and what's a possibility and possible
solutions out there so they can roll out their plans for next year or next
two to three years. Yeah. Yeah.
Will Abramson: Did you explore any of the BBS plus stuff like BBS
signatures?
Will Abramson: It's right. Mhm.
Denken Chen: the reason we are not exploring BBS for now is because we know
that BBS will require some change to the issue processes and let's from the
government's point of view because the ministry of digital affairs has to
cooperate with other ministries there are parallel level so I think it has
to be pursued
Denken Chen: way they as in to explain the technology to other mystery and
to convince them to work in this way it also takes some time right so for
now we've seen W3C VC standard is mature enough but when it comes to ZKP we
don't see formal standard yet BBS hasn't done the kind of WG recommends
right so I think when it becomes the recommends it it we will step in and…
Denken Chen: to see the possibility.
Will Abramson: Yep. Thanks.
Will Abramson: It's interesting to hear the tensions the government has to
manage, right?
Denken Chen: Yeah, exactly.
Denken Chen: And I see auto had some messages mentioning that Zikabin can
start new age verifications and it's easier to understand and one of the
reason I think age verification is important and easier to understand is
that you don't have to reveal the full birth date instead you can reveal
only age over 18, 20, etc. And spar experience is there are some online
scenarios or offline scenarios that requires age verification when you are
buying alcohols or cigarettes.
00:30:00
Denken Chen: however in terms of the application scenarios to develop a
scenarios for that so far we has already got some solutions for edge
verification just presenting your physical certificate right so it's kind
of very difficult for the government I think it's for a government through
these digital identity
Denken Chen: wallet project to enforce you have to showing your digital
identity online or offline. It's kind of another regulations issues there.
Will Abramson: Actually talking about use cases that remind me I think a
really interesting use case for Taiwan in particular to explore is some
kind of integration with your governance platform,…
Denken Chen: So I think we've seen there could be some fightback there. So
age verification so far hasn't been a I would say strong application
scenarios for now. Mhm.
Will Abramson: You have pol because I think that's the context where,
people ideally wouldn't want to be personally identifiable, but you still
want to have some constraints about who can participate and…
Will Abramson: what perspectives they're coming from. Have you looked into
that at all or is that just a completely separate thing that happens
elsewhere? Yes.
Denken Chen: You talk about policies is the online forum.
Denken Chen: I know Okay, I see. Yeah, that's interesting. And probably
Meshing is more familiar than me on this part when it comes but I'll just
share my personal opinions on this because I have been working with another
online foreign called EDT. Another BBS is called the bulletin board systems
technology and it's still a big forum here called PDT.cc
Will Abramson: Mhm.
Denken Chen: CC and I think in terms of the manager for the digital
identity is not the best way to go because unless there is a strong reasons
to verify your digital identity to make sure what you say or the user
generated content has to be identified said by whom otherwise as there's
not very strong reasons for a user generated content platform to identify a
specific person. That's from the content platform point of view.
Denken Chen: But if we would like to like for police they may look forward
to identify any person to improve the credibility of the speech that could
work and I'm not sure whether it's a good way to go.
Will Abramson: Mhm.
Denken Chen: Okay. Interesting. Meshbin has shared some information in the
message and me do you like to talk about it for a while.
Yen-Lin Huang: Yeah. I Ying previously working with Moda and I left my job
since last month. So today I'm going to speak on my own capacity and mod
due to the previous minister Audrey Tong she implement a lot of
deliberative tools such as polace or talk to the city into the digital
policy making process and there are a lot of project that we implement
policen things. although we have established a lot of citizen as assembly
to talk about digital identity policy but we haven't used pol because we
find out that it is too difficult to choose the support or the object
online.
00:35:00
Yen-Lin Huang: So we focus on the on-site deliberative workshop with
multiple stakeholder and there are some results and I think it will be
public this year. I think maybe Denan can follow up in a few months and if
it is released you can just mention it in the email list. Yeah.
Will Abramson: That sounds great.
Will Abramson: Thanks again.
Denken Chen: Thank you.
Denken Chen: Okay, is there other topics that people would like to ask or
follow up? Okay, let's forward to the next topic.
Denken Chen: The second half that we are also very in serious discussion of
how to build this verifiable data registry in the decentralized identity
model that VC has presented to us and so for the first one is from the
issue side and actually this is one of the reason I decided to join this
project because it's very interesting to see a government particularly from
the Taiwan government to
Denken Chen: do a insuranceances so on the issue registry there has to be
issues public keys and schemas right so easy to understand and the
government will take responsible for it and one of the interesting decision
is that this data will not just be publicly available it will be on chain
it'll be on the public ledger and I think for current
Denken Chen: information it will be on EVN compatible blockchains and for
Taiwanese government's side I think one of the reason to put this on chains
there's no other reason not to put it on the public because ensures the
resistance when the government service is down you can still retrieve the
data on the chain right so it also ensures availabilities because in the
past
Denken Chen: I think it's a really hard for government vendors to ensure
availability it's very hard for I think any of the software vendor to reach
9999% availability right it's really hard so instead of spending tons of
money on the cloud services It's much more reasonable to put it on chain
and I think there's no dispute on it because the insurance public keys
should be publicly available and that also enables a permissionless
verification ecosystem because that you don't have to get any permission to
verify certificate from the issuers.
Denken Chen: you can just see the public keys and verify the credentials by
yourself. So that aligns the advocate of the open ecosystems there.
Denken Chen: So it's a strong foundations here and when sure Okay.
Will Abramson: So I just have a quick question on that.
Will Abramson: So this public ledger is going to be permissioned, right?
it's going to be like the Taiwanese ledger or there's going to be some
structure by which only the government can add people to this list issue.
Mhm. Mhm.
Denken Chen: Actually, probably I should add to that is that it will be a
public blockchain say arbitron or polygon zkvn those kind of stuff. So it
will be public accessible. Yeah.
Will Abramson: But I mean somebody needs to know these are the government
issuers public keys.
Will Abramson: There's going to be some permissioning structure maybe
layered on top of the public threat.
Denken Chen: You mean look let me put it that way that the public keys here
aren't for the public key of the address for the web three.
Denken Chen: It's a public key from the issuers for using the P 256 the key
the information will be on the chain I mean it basically use the chain as a
notebook in this sense so when you're talking about the permission is …
Will Abramson: Yeah, I think I got it.
Denken Chen: how does those issuers put their own public key on chain
00:40:00
Will Abramson: Yeah, I think I understand just there's going to be some
permissioning structure, around the trust list. at the end.
Denken Chen: Okay, I see.
Will Abramson: Yeah. Mhm.
Denken Chen: Okay, I see. So the moda will be responsible to collecting all
the issuers public keys because I think the issuer here will be limited to
only the governmental issuers for now. So we don't deal about the issues
found from the industry yet and probably I think when the structure is
mature any of the industry issue can take the same procedures. Yeah.
Denken Chen: And so mement mentioned that this measurement we expect it to
be a list of both public sector and private sectors we can do anything
based on this structure. So for this project I think it's interesting that
the government meaning moda has to take the responsibility for issues from
the government at least this could be solved from their side. Hey, so when
we are talking the insurance, we talk about identity assurance level as
well.
Denken Chen: it's a concept from the NIST document for the digital identity
guidelines when you are having a higher IL that means you probably get your
credentials on site to verify you are the identity like you described as
lower as the verification will be less reliable so it's The interesting
part we are discussing which credentials the government issues
corresponding to I1 or two or three the highest one and we haven't
established any measurement or audit stuff like that. So far at the first
stage we only serve it as a optional VC field declared by the issuer.
Denken Chen: That means that we taught the issuer from the government that
what is ILO and what's the benefit of you tagging this ILO as a VC field
because that will enable the verification or the verifier to decide if you
need a higher ILO credentials for any banking services they may need ILO3
credentials to verify your identity. they can decide that. So that's one of
the reason that when we are asking our issuers to declare Ilos that means
we will have a extra levels of different credentials for the verifier to
decide.
Denken Chen: So they don't have to pick one by one. in the end I think they
can just pick I need ILO3 cars and probably in the end will be insured or
audited by someone else. So we try to incorporate the ILO concept into
these systems and so far when we are discussing this we al already got some
challenges when you are reassurances or renewal the cars it will be much
more frequent than I think especially for the phone replacement you're much
more frequent than you replacing your existing physical certificate or
cards or
Denken Chen: could we do some D key rotations here? That's one of the
reason that for the past few months I've been some research on some
different date method and so far we didn't get good enough solutions here
because we are so attached to a key solutions so far. But on the verifier
side it's much more interesting.
Denken Chen: we kind of take much approach EU has been done some trust list
approach and we are still under discussion about this if we are going to
verify our verifier to make sure the holder knows it's legitimatate
verifier how do we do that we could maintain a registry right so there will
be verifies public keys and schemas
00:45:00
Denken Chen: And that means the verify with requested vis and that's one
part that I personally would like to step in that is it possible for us to
verify to register through their own domain names using daddy web because
for our side if you have to register on the registry through our existing
PKI cars it will be kind very hard for a large organization to go through
all the processes of using the cars. So is it possible that we can register
through dominance and also add some other contact.
Denken Chen: The reason is that I think for most of the law of personal
information there will be requirement to have the ability to enable user to
the right to access or the right to be forgotten and so far we haven't got
any great automations or requirement or even API spec for enable that. So I
think the most practical way is to add a r verify contact here and that's
also just the establishment of the verify registry.
Denken Chen: we haven't talked about registry governance yet. Will it be
like an I can the domain name governance from the industry or what should
the government do in terms of the registry governance because it's really
hard and I think it's also impossible for government any of the ministry to
take hold of all the application scenarios and all the verifier
verification sites. So I think it's interesting topic here auto mention in
the message that the check of verify the relian part is something that we
would like to plan to do on what the label you mean? yeah exactly.
Denken Chen: So I didn't got the imagery here but actually in the end we
will have the war to show whether this verify has been a green checked
icon. So only when they are listed on the verify registry they'll be green
check or say it'll be tag as trusted. But on the other hand, we also stick
to the SSI self-s server identity rule stack. The holder should be enable
to do whatever they like. So there will be a warning on the wit if the
verifies isn't on the trusted registry, but you can still submit your
personal data out there. Yeah, that's a current structure. Auto please.
Otto Mora: No, thank you super interesting. I wanted to ask so maybe I
missed it a bit at the beginning of the presentation, but would citizens be
able to use other wallets besides the government wallet as well or…
Otto Mora: are you for now just restricting the credentials to be issued
only for the government wallet because I think that would also play into
interoperability and some other things. Yeah.
Denken Chen: So yeah in the end the whole ecosystem will be open source.
Denken Chen: So technically you can build a third party wallet and I've
been talk about it again in the public I personally would like to build a
third party what it for myself and that's one of the reason we call the
open ecosystem you can build your own third party issuers wit or verify as
you like and the spec is out there when you are implementing the open ID
for VCI
Denken Chen: VP and the corresponding VC master I think it will be all fine
and on the other side is like whether there will be some regulations on the
third party wallet we haven't talked about it yet but personally I would
think that for the industry or for Taiwan's experience it would be much
easier or healthier to just let the ecosystem develop…
Denken Chen: what they like and found all the regulation later. Yeah.
Otto Mora: Yeah, because in some sense…
Otto Mora: what you're saying is that exactly mimics a little bit of the
browser situation, Where maybe Firefox trust one set of versus Chrome
trusting a different set of certificates. And I guess maybe something
similar could happen here with identity wallets, right? trusting different
relying parties or different issuers that they have checked or…
00:50:00
Otto Mora: have vetted from various different trust registries or trust
routes. Sorry is very interesting.
Denken Chen: Yeah, that's a very interesting point of view I actually have
another point of view like the trust list or…
Denken Chen: the trust registry should be able to be imported into
different wallet. I mean that the trust wallet or the trust registry should
be separated from the wi provider. So for example in my view that anyone or
any organization can maintain a verify registry and it should be able to be
imported to any of the wobby. It kind of works on your OS or I think not
for the browser but for the OS you can import any root certificate as you
like.
Denken Chen: it's kind of like a user's freedom to do that but I think it
will be very difficult for the government to do that because the government
or most of the time they will think it in a centralized way they have the
credibility to make sure that what it works and be secure but on the other
side my point of view is that the trust registry works like a root
certificate. Yeah, that's my pro personal point of view. Okay, let's no
other question. So, we move on.
Denken Chen: A few other things like when we are talking about the verifier
we've seen that there's a electric signature but we are not going for
digital signatures on the law for now because it will be similar to the
codified electric signature QS under EU law because I think our law is
quite in the same structure and it'll be very tedious years procedures and
lots of audit processes to make sure it is a digital signature. So for now
we are not pursuing it yet but still it is electric electronic signature
right.
Denken Chen: personally and with my colleague we are pushing or say we are
arguing that could we treat the Bible presentation as an authorization the
electronic document and there also already has some holders binding to sign
the electric electronic signatures they will indicate the user consent and
I think it's important to the lawyers to
Denken Chen: understand what the VP means when you are putting I remember
in the open ID for VP spec there's a recent field for the verify to shown
to the user it's kind of works like in the mobile app when they are
requesting any of the permissions the app has to shown the reason for
requesting it so I think the VP kind of works like the same they can be
like a electric electronic document mentioning okay I would like to request
some of the fields of your VC and here's the reason would you agree to that
if you do you can sign with your older did ID right so I think the VP could
be explained or interpretated as this way but I think the official has to
done some process to measure this whether this statement is true or
Denken Chen: and just to mention that the matchpin also leave some message
on the message why I mentioned the verified registry should be included
into a trust list management and should be recognized by any kind of the
wireless service. Yeah, I think it's a ultimate goal but it's kind of still
very extra for most of the people there and sure the obstacle is still the
government governance process regulation compliance but from my point of
view because I grew myself in the civ tech community I usually do things
before any law established.
Denken Chen: So when it's a open source project so we can just do it by
forking the projects or just did our own and that's for my personal
opinion. So quick go through the others things like we do have some other
changes like we are using selective disclosure but how do NFC to work with
relative disclosure is kind of very hard UX problems. it's really hard to
keep it connected and also select some fields right but also we are facing
some challenges to present QR code from the holder side and the reason is
that in the convenience store here in Taiwan it's very popular to show your
QR code to either do some online payment or your membership R code so it's
very frequent actions here
00:55:00
Denken Chen: to present rather than scan. However, this award does not
include any agent online. So, there must be some middle server to do that.
Also, I think it still remains a challenges we discussed internally. the
solution hasn't been final yet but also we are also developing some
application scenarios and personally I think that we all mentioned that the
internet has identity layers for decades so we should have it but when we
are establishing this ecosystem we has to unlock some scenarios that's only
possible with the digital
Denken Chen: or identity wallet unless the industry will not have a
incentives to join our ecosystem right so that's one of the things I've
been pushing hard we should focus only on those scenarios in the early
stage so for example even on the car rental side can we just rent a car
with just mobile phone without preparing any physical driver license or
when we are going abroad for traveling is it possible we don't bring any
international driving permit. That could be done technically, But there's
also a crossber recognition stuff or issues there. it's really a struggle
in Taiwan because of some political issues there.
Denken Chen: So that's interesting that it's not just a digital technical
issues but also I think a country's level cross borders issues there and we
are still developing other scenarios. Okay. So I think this project has
announced the open source schedule. If you are a sandbox users, you receive
some data claim that this opensource project will be starting this August
to November. So basically you're covering all software components. So final
slide this one of the reason I'm here. We do have a sandbox environment. I
would like to invite anyone to test on it. It's a testing environment. is
not a regul regulatory sandbox.
Denken Chen: I know that some financial or some banking people will think
about that but no it's on the testing environment purely technically and
you can access the testing version of the app now and there have been some
demo scenarios on this website you can see it and from the sandbox website
you can create some testing bases and VPs out there and for now we are
opening in phone verification for our own Chinese people, but we also open
for foreigners to just send us an email. You can apply for an account to
see around.
Denken Chen: unfortunately it's still only in Chinese but I think in this
era we have lots of AI tools or translation tools can just play around to
see whether our spec is obeying the specifications or any comments we are
very welcome so you can just send email there okay that's for the today's
talk and I think we've done many of the issues each of the issue could gone
very deep.
Denken Chen: So I'd like to see whether we do have some question or
emphasis there.
Will Abramson: Great. Thanks so much,…
Will Abramson: We've got a couple of minutes. So, if anyone has a final
question, please jump on. Harrison, go for it.
01:00:00
Harrison Tang: No, actually I just pressed the wrong button. I just want to
say great job. This is really really good stuff. So yeah,…
Denken Chen: Thank you.
Will Abramson: Yes, I agree. It's really nice to see an overview of a,
government's perspective how they're looking.
Harrison Tang: a lot of concepts that we talk about here, I'm really glad
and also slightly pleasantly surprised that the Taiwanese government is
actually on top of it. So thanks a lot.
Will Abramson:
Will Abramson: Okay, I'm not seeing anyone. Last question, then we'll close.
Otto Mora: Sorry, not to abuse the time, but my only question was what are
your opinions thinking on the state of Utah and the way that they view the
citizen kind of owning the identifier and the state more just endorsing it.
if you have any opinion on that or view how the Taiwanese government views
things like that. …
Otto Mora: Obviously it's something very recent, but I just wanted to see
if you had any thoughts on that.
Denken Chen: I didn't pat your question very clearly.
Denken Chen: Could you elaborate a little bit more?
Otto Mora:
Otto Mora: Yeah, no problem. Yeah, the state of Utah in the United States
recently passed or is about to pass I believe actually correct myself some
regulation that indicates that user identity is citizenowned or the
identifier is citizen owned and the government's role is just to endorse a
person's identity right so they view it as the citizen brings their
identifier whether it's did key did whatever, right? And they issue you a
credential endorsing the fact that you are, this person. so it's obviously
something very recent,…
Otto Mora: but I just wanted to know if you had heard about that or if you
had any opinions or how that aligns with the way that you are viewing this
project in Taiwan.
Denken Chen: Yeah, I'm not familiar with the law you mentioned.
Denken Chen: But I think it's kind of interesting we had to explain what is
for many people because it actually works behind the scene. I think many
people will probably only recognize the credentials it's a digital version
of the certificate, right?
Denken Chen: however did live behind the scene and how do we define whether
did the represent this identity right is there a legal representations or…
Denken Chen: interpretations for it right I have to say we don't have a
solid foundation for it yet and Okay. Sure.
Will Abramson: Sorry, I don't have to cut you off.
Will Abramson: I just realized over time. We I would be very interested.
It's an interesting question from Otto. Maybe if you get a chance to read
that link Joe posted, maybe you could take it to the mailing list and share
your thoughts or the Taiwan digital wallets thought. That would be really
cool.
Denken Chen: Thank you.
Will Abramson: Great. Thanks everybody. …
Will Abramson: Tim's saying he can't get to the demo. We have to close.
Maybe Denin, you can have a look at that link and see what the problem is.
Denken Chen: Okay. Hey,…
Will Abramson: Thanks for joining and then thanks again. I really
appreciate you coming on at this time in the night to share what's going on
and everybody else who's joined from Taiwan people. Thanks a lot. Have a
great week. Great.
Denken Chen: thank you.
Otto Mora: Thank you.
Meeting ended after 01:04:16 👋
*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 13 May 2025 22:06:05 UTC