- From: <meetings@w3c-ccg.org>
- Date: Mon, 17 Nov 2025 17:15:10 -0600
- To: public-credentials@w3.org
- Message-ID: <CA+ChqYeHmuLaRGf1kJRewHTuFkpiSxCrg-CeOJZWE_tsnTfWqg@mail.gmail.com>
Here's a summary of the W3C Verifiable Credentials Task Force meeting:
*Meeting Summary*
The meeting focused on Velasert's work in the realm of European digital
credentials, open badges, and digital wallets. The presentation covered the
integration of digital signatures, multi-page credential design, and the
challenges of issuing credentials to wallets when the wallets don't yet
exist. Key topics discussed were:
- *Introduction to Velasert:* Overview of Velasert's work in
cryptography, digital wallets, and verifiable credentials, particularly in
the education sector.
- *European Digital Credentials and Open Badges:*
- Explanation of the legal framework and technical standards (e.g.,
JAdES) for European digital credentials.
- Demonstration of signing open badges with JAdES, including the use
of baseline B profiles and the integration of both ELM and Open Badges.
- Validation process using the European Commission's validator.
- *Multi-Page Credentials Design:* Showcasing the design and rendering
of credentials, including multi-language support and editable fields.
- *Issuing Credentials to Wallets:*
- Addressing the common challenge of issuing verifiable credentials
when users do not yet have wallets.
- Presentation of a cryptographically secure method to issue
credentials before wallet creation, decoupling the lifecycle requirements
for students and organizations.
- Demonstration of the process, including receiving credentials via
email and cryptographically linking them to a wallet.
- *Q\&A and Discussion:*
- Discussion on the mapping between ELM and Open Badges, including
complexities.
- The role of European Digital Identity wallets and potential
integration.
- The use of legally binding signatures and the level of assurance
required for education credentials.
- Integration with Europass and credential deposit processes.
- Attachment formats and wallet import procedures.
*Key Points*
- Velasert has developed a product for issuing verifiable credentials
aimed at universities and other organizations.
- Velasert is working on integrating ELM (European Learning Model) and
open badges, and has successfully implemented ELM and open badges
signatures.
- Velasert has developed a method for issuing credentials even when the
recipient doesn't have a wallet, by providing a cryptographically secure
way to link the credential to a wallet later.
- Discussion on the upcoming European digital identity wallets,
including technical specifications, and cryptographic binding for education
credentials.
- The significance of legally binding signatures for education and the
assurance level.
Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcs-for-education-2025-11-17.md
Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-vcs-for-education-2025-11-17.mp4
*kte-hamg-bpj (2025-11-17 10:59 GMT-5) - Transcript* *Attendees*
Alen Horvat, brandon Dorman, Deb Everhart, Eric Phillips, Ildiko Mazar,
JeffO - HumanOS, Justin Cooke, Kaliya Identity Woman, L, Lucy (Qixue) Yang,
Sebastjan Pirih, Sharon Leu, Simone Ravaioli, Steven Cederquist, Ted
Thibodeau Jr
*Transcript*
Ildiko Mazar: Hello.
Sebastjan Pirih: Hello. Hi.
Alen Horvat: Hi.
Ildiko Mazar: How are you?
Sebastjan Pirih: Okay.
Ildiko Mazar: You not see you.
Sebastjan Pirih: And he's gone.
Ildiko Mazar: And he's gone.
Sebastjan Pirih:
Sebastjan Pirih: Yeah. He will come back. probably some mic issues or
something. Yes.
Ildiko Mazar: Sebastian, are you joining with Alan?
Sebastjan Pirih: Yes. I'm joining.
Ildiko Mazar: Okay, you're not familiar.
Sebastjan Pirih: Yes. Yes. Yes. Exactly. Yeah.
Ildiko Mazar: Okay, here he is again.
Alen Horvat: I know. Yeah, lately I've been having some issues with the
other browsers and so I have to switch just in case.
Ildiko Mazar: You're here in time.
brandon Dorman: Good afternoon,…
Ildiko Mazar: Good afternoon,
brandon Dorman: Brandon. I'm just going to join this call. Been interested
in this stuff for a while.
brandon Dorman: Hope it's okay just to kind of listen in today.
Ildiko Mazar: Absolutely. I believe he will be coming as well.
brandon Dorman: I know Simone I don't know how you say his last name,
Ravili, but Yep.
Ildiko Mazar: But it's not uncommon that people join slowly.
Ildiko Mazar: It's 8 o'clock in the morning in some parts of the world
where we have regulars from. So let's wait a couple more minutes until
people come in. You want to Good to see you. And Justin,…
brandon Dorman: Exactly. That's good to hear. Hey
Justin Cooke: Hello. Good morning, good afternoon,…
Ildiko Mazar: thank you for joining.
Justin Cooke: good evening wherever you are.
Ildiko Mazar: Those who are already here, I suggest we do wait a couple
more minutes. usually we're more on the call. So let's give people some
time. It's also Monday. That's when systems get updated and people get
frustrated.
Sebastjan Pirih: Yeah.
Ildiko Mazar: In the meantime, Alena, are you going to have slides or just
regular screen share? We don't have to test anything.
Alen Horvat: both I like short slides,…
Ildiko Mazar: Both. Okay.
Alen Horvat: set of slides just set the stage and…
Alen Horvat: then to showcase I hope things that will be interesting to
this group.
Ildiko Mazar: Okay. Yes.
Ildiko Mazar: Go. Okay. That's more like a usual Mondays. I do believe
people might still be coming in but we can start with the usual disclaimers
and the notes. So first of all anyone can participate in these calls. this
is the W3C verifiable credentials or education task force meeting. We have
them every Monday.
Ildiko Mazar: If you want to make a substantive contribution then you have
to be a member of the CCG with full IPR agreement signed. If you received
the invitation to today's call you can find the link to it there. and for
the call notes we use Google MS as you can see to conduct our calls and all
these calls are recorded and trans Keep that in mind. and if you want to
contribute to the conversation, you can either raise your hair, hand or
hair that too, or you can type in the chat. and please keep your
contribution as brief as possible so we can have more people engaged and
then later after the call we will share the archived minutes on our GitHub
repo.
00:05:00
Ildiko Mazar: So welcome everybody who managed to join by now. this is time
for introductions and reintroductions. if anybody is new in the call and
would like to briefly introduceelves or you haven't been for a while, this
is your cue to speak.
brandon Dorman: Hey, my name is Brandon Dorman and I'm the chief product
officer at a company Digicred. I've been really active in the one tech
world, but more new to the 3C verifiable credentials kind of schemas and…
Ildiko Mazar: Nice. Thank you,…
brandon Dorman: whatnot, but just love the work you all do and it makes
everything else possible. So,
Ildiko Mazar: Brendan. Okay, sounds like you're the only new one besides
our announcements and reminders. is there anything happening round about
now in the coming days or weeks that you would like to alert the community
about? Please feel free to speak up or leave URLs and notes in the chat.
Does anybody want to speak? All right, then time to get the main event.
Ildiko Mazar: our main topic today is bellisert and I am going to
immediately hand over the floor to our speakers Ellen Horvat. please the
floor is yours.
Alen Horvat: Thank good afternoon, good morning, good evening. yeah thanks
for joining this call. I'll be sharing my screen. I have a short
presentation and few things to showcase and I hope will be interesting for
this working group with me. I have a Sebastian will also do more like
showcase how this looks end to end. I will more focus on tricky aspects in
this call.
Alen Horvat: To share windows. Can you see the slides? I can see. Yes. No.
Can you see the presentation?
Sebastjan Pirih: No, not yet.
Ildiko Mazar: Not yet. Wrong screen.
Alen Horvat: What is screen okay. you see it.
Sebastjan Pirih: Not yet.
Alen Horvat:
Alen Horvat: So, today I will present a bit what we're doing at Velasert.
Ted Thibodeau Jr: It's not preventing it.
Sebastjan Pirih: We are not presenting the slides. Alan, no.
Alen Horvat: I mean I am…
Sebastjan Pirih: No, no,…
Alen Horvat: but what do you see?
Ildiko Mazar: Nothing. We see nothing.
Sebastjan Pirih: you see you.
Ildiko Mazar: Just you
Alen Horvat: me
Sebastjan Pirih: Okay.
Alen Horvat: Presentation. Maybe I forgot to click on something.
Ildiko Mazar: Yes.
Sebastjan Pirih: Yeah. Yeah.
Alen Horvat: Okay, let's try again to share screens.
Alen Horvat: Okay, can you see something now?
Sebastjan Pirih: Yeah, we
Ildiko Mazar: Yes, we're on.
Alen Horvat: Okay, Yeah, something needs to go wrong in the time maybe. So,
Today I will be presenting what we're doing at Velocart and especially I
will touch upon European digital credentials, open badges and digital
wallets. so I will talk about four tricky points. So okay short
introduction about who we are, where we're coming from for those who don't
know us. Then I will present digital signatures that are used in Europe and
then how we managed to find a way to use signatures that have legal
validity that also work with open badges.
Alen Horvat: then I will show how we can be basically design and render
multi-page credentials which not just badges for the front page but also
can a more complex appendix and last I think this is at least from my tech
perspective as a tech p most interesting one I will address the main issue
in the domain so how to issue credentials to wallets when wallets don't
exist yet So there is a cryptographically so secure way of doing it. I will
showcase it and then we can discuss it further. So a bit about us. So we
are experts in cryptography and digital wallets and we are designing and
building digital wallets for years for both organizations and natural
persons.
00:10:00
Alen Horvat: education is one domain where we're active. in general we are
working with other domains bringing virtual credentials and this verifiable
world also to products domain customs digital identity and what's more
important we are working with stitution lot of government institutions
European commission private education institutions at tech like
universities where basically We help them to basically define design and
build solutions that they need in order to start issuing ver credentials.
So we understand where from our understanding of the problem we kind of
brought to life valert.
Alen Horvat: So valortert is essentially a product that we recently issued
aiming at universities any organization that wants to issue virtual
credentials. But let's if there's any question remark just feel free to
stop let me know and we can discuss. So no need to wait until then. if you
want to receive a certificate of attendance for this meeting, feel free to
scan this QR code so that you can share your email and your name Sebastian
will put a link in the chat. Just it's a form. Fill it in. yeah, you will
not receive any marketing material though. It's just for this. Yes. Sorry.
I heard Okay. So good.
Alen Horvat: Okay, let's go to the interesting part. open badges and
European digital credentials and digital signatures. So, first to set the
stage in Europe, we have a framework that defines legally valid eals. eels
are done by organizations and basically there are technical guidelines also
on how to do that. So what formats are supported, what algorithms are
supported, what are the requirements to obtain the certificate and similar
and the technical standard that is relevant for European digital
credentials and open badges it's soal jade.
Alen Horvat: So J it stands for JSON advanced digital electronic signatures
and it essentially defines a profile for Jot/JWS signature formats and of
course this is compliant with the regulation. of course there are five
profiles. We'll not go through all of them. We'll just look at the one that
is relevant also for open badges. But in they range from very simple
compact signatures to full archiving signatures with long-term validity and
so on. And of course, I mean, we are working in this domain for a long long
time. We know the We know also the requirements that come from open batches.
Alen Horvat: Essentially we figured that it is possible to apply one
profile so the called baseline B profile for digital badges right so this
is the only profile also that results with a serialized JSON web signature
but European digital credentials of course can be seen with all profiles so
they're usually because when we talk about diploma or similar education
credentials by education institutions. They want long-term archival
signatures. but there will be the difference they need some unsigned
properties. So they cannot be easily put in the compact format that we need
here. Okay.
Alen Horvat: So our main focus and work is about European digital
credentials but we also started integrating version three and open badges
support link the link data signatures and jot signature formats and
basically here I summarize a short table what are the requirements for the
jalis baseline B and for the open badges and bas okay the title is wrong it
should say elm but these are the protected header properties that are
supported within this profile and this is what it's required.
00:15:00
Alen Horvat: this is the minimal set. So additional properties can be
there. But we see that it's possible basically to put all these headers
here. And now I will show you how we can sign an open batch with and also
fed it in the signature. So let's take a So okay this is sort is a simple
web platform. I can log in with my organizational account. So we're using
Google Workspace. Essentially it has also organizational identity and
access management built in. and basically you can see what credentials you
issued and so on so forth.
Alen Horvat: here are some of the templates that are preloaded but you can
also edit your credential. So we will look at this a bit later. So where I
want to get essentially because we just recently added open badges they're
available via APIs. So on the front end don't have support yet but I can
generate an API key and through our APIs essentially I can perform certain
actions. So for example I can check and list all the credentials that are
available. So let's take a Micro credentials are very popular lately.
Alen Horvat: So micro credential has an identifier u 20. Okay. So this is
also what you can match here with the credential and there are additional
APIs where I can then check. So now elm and open badges are framework. we
need to define profiles and for developers it's important to know what
payload they need to send. here's a very simple example when I just need to
fill in the full name the user and for integration purposes I can also go
here and I can basically test whether my payload is correct. So full name
is a required field.
Alen Horvat: so I receive an error by some data works Spend it. Oops. And
basically now I can issue a credential and click here. Oops. When I do that
now, it takes a while because we render all the credentials. But now this
credential will u get into my email. And now there's one interest other
interesting thing that we did is we managed to map the ELM micro the
European micro credential to open badges.
Alen Horvat: And now I will do it like this. So I just reuse the identifier
that identifies uniquely the previous credential and I will issue a open
batch. let's take so I received an email. So here the email we will look at
the content later but now let's what we're interested in now is the open
batch part. so I can go here. so if I paste it you will see. So this is a
JSON. Those familiar with JWT know at least it looks like one. let's take a
look what happens here. So first let's look at the payload.
00:20:00
Alen Horvat: So first we see it's a valid JSON web token. This is good. We
will also check other validators later. This is what I was talking about So
now in the header essentially what we do we include Vx59 certificate which
we will see it's a valid eing certificate here in Europe and a JW K public
key which is essentially derived from the certificate. For those more
familiar with will recognize this as a valid open bench.
Alen Horvat: So this is W so and version three okay so super micro
credential there's this des title and description are also visible here
okay I play around with okay so all this information will also appear in
the credential so we take a further look we see okay we have the default
language we also link with the qualification levels and we have multiple
alignments. so different learning out so we managed to link map multiple
learning outcomes from the European digital credentials here. So it's all
available here. This is the issuer.
Alen Horvat: it's also one thing that we also do is awarding body and the
signer can be different entities. in this case net is the awarding body and
valert is the signer. but depending on which ECL is used also we put ECL
with the net is seal but okay let's go here again. Usually I need to do it
Upload this file. So we are using this validator to validate the signature
and compliance. So we see that the open badge we tested is correct. And now
comes the interesting part. Let's also take this one. What we're looking at
here is basically the validator.
Alen Horvat: This is managed by the European Commission. I have put it
here. Submit. And what is this result telling us? So there are multiple
levels for ECL. So we are using advanced ECL because it's more efficient.
So that's why the note that it's not qualified is the highest level but the
signature is correct. So what we managed to achieve here? So we see this is
the company to which certificate has been issued. This is the root
certificate authority. It's also a qualified trust service provider as we
call them here. And that's it. So this is how basically we can in Europe
eal open batches. Okay.
Alen Horvat: So this was the ealing. I will go to the second part we
briefly look at but maybe we can good look at this in more detail. So what
we learned over the years that for organizations it's important to also be
able to design the credentials not just define the data model and as
mentioned since ELM and EDC on open badges are frameworks we need to define
smaller profiles for micro credentials achievements certificate of
attendance and basically here then what
Alen Horvat: we do so this is a fully editable first page. Okay, I can edit
this field. I can change them and this can be a highly advanced I would say
appendix with tabular data and icons and One important here is that we
don't allow organizations to edit and manage the data about themselves.
This way we prevent that someone is putting their name of a different
organization or Here we can also switch fields, switch categories and
there's also a multilanguage support. Okay.
Alen Horvat: So I can just add new lang sorry I can just add new ang
languages and they will appear here right so there are also elements that
can be translated so I can simply click here and basically go through all
or go one by one and last maybe but not the least also I can configure
which credentials will appear
00:25:00
Alen Horvat: here whether they are u multil language not whether they are
say constants variables that will be filled at later stage okay and okay
and that's basically for the second part will show you how this multi-page
credential looks like when it's deposited to the Europas wallet and I would
like to touch upon maybe on the last part.
Alen Horvat: the waters first introduction of the problem any so so
whenever we talk about verifiable credentials it's always this same
question right which comes first either the student or the wallet and we
have that most students don't have digital wallets yet today not just
students but also other learners So getting a wallet to someone is a
friction. Now on the other to make things more complex in order to issue a
credential not only that student needs to have a wallet, the student has to
connect their wallet with the organization. But the only digital link
that's usually shared with the organization is it's an email.
Alen Horvat: And this has a huge adoption impact because I mean explaining
the student they need a wallet getting a wallet then linking that wallet to
the organization verifying that the wallet belongs to the student is a
complex process. However, verified credentials are the ones that should
come first. And essentially, we managed to find a cryptographically secure
way for organizations to issue verifiable credentials to students even if
students don't have wallets yet. And this is quite interesting because
suddenly we decouple the life cycle requirements for a student student
having a wallet and organization issuing a credential.
Alen Horvat: So in this flow as I will then show you I can as an
organization issue a credential. The student receives it and once the
student decides they want to add cryptographically link the credential to
their wallet they can do so in a fully secure way. And this is the way and
we're quite happy when we managed to find a solution for this that wallets
are no longer a burden but can actually simplify everyone's life because
issuers issue users can decide and if they decide to use a wallet they can
have all the security properties that they have with the conventional
wallets.
Alen Horvat: to really show how this works, what we usually do is in the
email we put so in the email that so this is the credential that I showed
before. Okay, I get a re This is nice. people want rendered credentials. I
get the one that I can import in the Europas wallet. But then I have one
nice credential that I can basically import and then cryptographically link
with my next ID wallet. So this is my wallet. I logged in. I will add a
credential. Next up this is processed. So before I issue I see some minimal
information.
Alen Horvat: So we don't reveal any private information yet. Everything is
encrypted. Unless the user can prove they are to whom this credential has
been issued. I've got a verification code to it's a good question I used.
Yes. Okay, let's wait a bit.
00:30:00
Alen Horvat: Okay, get my codes. Voila. And here I can see some of the
details. different ESCO skills, learning outcome. So this is my credential,
what is the awarding body? and if I want I can basically preview the full
credential. So I can see all the elements. Okay, I will stop the
presentation here.
Alen Horvat: So yeah that's in short I mean I know all these topics can be
discussed in length but if there's interest we can discuss each of the
topics separately u always happy to do so but just to give you an overview
I don't know Sebastian do you want to do a quick showcase and…
Sebastjan Pirih: Yeah. Yeah. I will issue the credentials for the people
that provided the data from the beginning of our presentation.
Alen Horvat: trends and then we can go to questions.
Sebastjan Pirih: So let me just share the screen. Just a second. yeah. do
you see the screen?
Alen Horvat: Yes.
Sebastjan Pirih: So yeah, I prepared here a credential. So I will issue now
the certificate of attendance on this call. So I prepared a template before
and I have now this data till now. So I will copy this.
Sebastjan Pirih: So yeah, as Alan said, you can play around with different
fields, but I already prepared the certificate of attendance and I will now
go to the next step which Alan hasn't showed before. So here then what you
need for the template which I designed you just need two things full name
and email address of the users to which we will issue the credentials. You
can manually import them or you can upload the template I have before
downloaded it. So this is the template.
Sebastjan Pirih: I will now copy here data. let me just say this because
this is now the template. So I will now upload. So this is the data import.
So I have now all these users inside. I can add So here you can also
preview the credential before you issue it. usually organizations to really
double check if everything is okay.
Sebastjan Pirih: So here I can check if I need to all the credentials and I
now just need to do the last step which is I sign the credentials which are
now issued or I can sign and send them to the users. and now let me choose
the quick one which is sign and send. And so this now was signed and it is
now being sent. So this was now sent. So I think someone is trying to Did
somebody raise the hand or something or…
Alen Horvat: No. …
Sebastjan Pirih: not? Ah.
Alen Horvat: no worries Sharon. This is not shared otherwise with anyone.
Sorry.
Sebastjan Pirih: Okay.
Sebastjan Pirih: so okay let's check my this was my credential. So this is
the one which I received this Alan show before and now I can deposit this
credential to the Europeas. I come to this screen and I deposit it. We now
wait for the Europe to accept the credential and this is on their side but
it usually takes time. Okay, let me see if No, it's not yet.
00:35:00
Sebastjan Pirih: still Deposit failure. Interesting. Let me just try again.
It was something wrong on the Europas site. Let's try again. It looks like
it now everything was So let's see. Usually automatically then the email is
received. me Yeah. I received the email from the Europe pass. The
credential was deposited.
Sebastjan Pirih: We can go through the link here and the credential in
Europe we can see the official Europe pass viewer verifier. we can see here
that the format was okay that the still being used was well served. Okay,
the location accredititation part is not yet supported by the Europeass
itself and we also see the validity and everything is verified. We see here
also usually as you can see it on the Europeass and you can also see all
the other information.
Sebastjan Pirih: So okay who is the issuer so for the attend attending at
the test course call one hour and also additional information can be seen
so it. yeah, that's it. So, if there's any questions now, we are prepared
to answer.
Ildiko Mazar: Thank you very much. This has been fascinating. And I do have
questions, but I will let the audience ask theirs first if any or while
they're thinking did I pick up correctly that you need a single signature
i.e. the eid compliant electronic seal to produce these credentials in both
EDC and open batch format. So this credential I just received I would be
able to seamlessly upload into a backpack as well and match backpack.
Alen Horvat: No, no. answer to the first question is so we have the same
seal to sign m and open but since we integrated open badges just last week
we tried really hard to have it for this call because we know that open
budgets are very important. it's not yet in the full flow but soon you
would receive a credential that has whenever this is possible we know that
exact MAC so mapping between ELM and open badges not always possible but it
is for the credentials where you would receive both but I'm also putting
this but okay this working group probably knows about the challenge for
either to
Alen Horvat: have the mapping that's one option or an ability to use I
don't know vocabulary of ELM within open benges and vice versa right
vocabulary from open benges within u elm this is something we are still
experimenting with…
Alen Horvat: but we know about all your effort and really appreciate
everything this working group has done so far in the domain because I think
you really pushed things It's really really fun.
Ildiko Mazar: It's really exciting…
Ildiko Mazar: what you're doing with the single signature. The second
question I would have is so when somebody designs the credential content
all those fields that you showed on your screen Alan for I can't actually
remember…
00:40:00
Ildiko Mazar: what they were but are they instantly mapped to Elm as well
as open badges or the open badge mapping is yet to happen because it seemed
to be quite flat and at some point there was a code as well for various
properties
Alen Horvat: No. So let me No.
Alen Horvat: So the building Oops, I clicked too much. So the current
builder it's all the field. So even though things look flat in the back
end, everything is mapped to today it's mapped to the ELM. So at least the
way the workflow works today is that whenever you build and design things
by default it's mapped to an ELM but now we are adding an we're extending
it so to have also the mapping for open badges meaning that let's take the
micro credential example which we managed to map to both ELM and open
badges in this case with the same builder you would get both
Alen Horvat: Right? Because at least the way the front end the issuance are
designed there's a middleware there that decouples the two which then
enables us to do this mapping still need to be done manually right because
I mean if there was an automated maps to this claim we know it's much more
for example supports arrays you can have multiple learning outcomes. It's
not always possible to map them to an open badge, there are situations
where you would simply need to design multiple open badges, So in theory
it's possible but you understand better the comp complexity of the mapping.
So at least for the simple credentials we can do it.
Ildiko Mazar: Thank you.
Alen Horvat: Yeah, it's possible to have one front end. Now, we didn't
check yet what would be an option for example to if there is an option to
have open badges with multi- page. I'm not sure that whether that's
possible but at least once now that we figure out the signatures which I'm
personally quite happy about basically the next steps are to see…
Ildiko Mazar: Yeah, it's so you don't have restrictions.
Alen Horvat: how far we can get with this mapping and having a single space
for creating and stuff.
Ildiko Mazar: The reason why I ask and sorry that this is a very specific
question that when we are talking about activity type claims you cannot
really link them to skills because skills are learning outcome properties
and learning outcomes are learning achievement properties and learning
activities are not learning achievement. So you have some kind of a
background magic where if a link is missing then you supply that and you
introduce that kind of missing connector between the credential and…
Ildiko Mazar: a skill that would be a three-step connection. Do I presume
it correctly?
Alen Horvat: Mhm. yes,…
Alen Horvat: but I would need to ask members of the team who are doing the
mapping. I mean, I say probably yes, I'm not doing the mapping, but I can
pass the question to team members who are doing it, but I said it's not a
simple onetoone thing.
Sebastjan Pirih: Yeah, it's complicated so to because really yeah even if
you are just trying to translate to open batches the learning outcomes for
instance which you can have multiple 20. So what should we do wi with open
batch what issue 20 open batches or is putting them into alignments is that
all we can do I mean yeah it's complicated…
Ildiko Mazar:
Sebastjan Pirih: but yeah let's we try to see what is possible here I mean
No.
Simone Ravaioli: Hey guys, thank you for sharing this. I have a set of
questions that I guess I would start from one around the wallet. So, you've
built your own web wallet, I wonder if you have looked at the upcoming
European digital identity wallet architectural reference framework and…
Sebastjan Pirih: All right.
Simone Ravaioli: whether you are you would be able to push the credentials
or deposit it into one such reference implementation of one of these new
wallets.
00:45:00
Sebastjan Pirih: Will you or
Alen Horvat: That's a multi there are several challenges.
Alen Horvat: So the technical specs are not closed yet. So f first question
is will be the format supported? then we need to talk about cryptographic
binding. Is it needed or not? so the way we are doing it today you cannot
do it with so it would fall into advanced assurance level. So we can do
cryptographic binding but the keys cannot be hardware protected with a
qualified electronic digital signature creation device.
Alen Horvat: So once the specification will be public yes we can do it but
not necessarily with the flow I just shown right usually so with the EODI
wallet the usual flow will be you need to first present the wallet to the
university and…
Simone Ravaioli: Do I do the kind of handshake and
Alen Horvat: but al also also there Again all boils down to the question do
we need education credial do we need this really hard device binding of
education credential in the wallet or not? If no then for example and I
believe also open batch could be issued to a user who perform
identification with an EUI wallet.
Alen Horvat: So UDL it's not magic right it's just another identification
means right instead of showing your passport or showing up at the
registration office at the university you do it online you present your eid
or this paid data and that information then goes for example in European
digital credential you can just put certain data and then do contextual
matching between last name, date of birth, whatever you need, so question
is I mean I think this is more of a but I mean universities usually don't
express a need to have this hard cryptographic binding in that sense.
Sebastjan Pirih: This one.
Simone Ravaioli: So, this is already a great answer and…
Simone Ravaioli: which opens up more questions and I feel like you guys
might have looked it into it more than most there is a sense out there that
this European digital identity wallets are coming each member state has to
have one and so even in education and work all our digital credentials will
live inside this new generation of wallets right so I guess my question was
intentionally planted to maybe have this conversation right it might be an
overkill I'm jumping on what maybe my opinion so take this with a grain of
salt
Alen Horvat: Okay.
Simone Ravaioli: I mean there are a lot of assumptions that we're making
and…
Simone Ravaioli: being the one that you raised Alan do we need this binding
between a user and a wallet for academic credentials but the other one that
I would raise is I mean do we need legally binded signatures for each
credential that we issue in education?
Simone Ravaioli: I mean I'm okay with diplomas but the level of assurance
of the signatures that feels like it's a bit of an overkill like it doesn't
capture all learning and if all learning counts we likely would not have
the ability of having issuers like that level of assurance it's kind of an
overkill so more and…
Simone Ravaioli: more I think even part of what we'd like to do here with
in this working group is have a bit of a myth busting sessions or reality
checks you reading together. What's coming? Because there's a lot of
confusion.
Alen Horvat: No, you're absolutely right.
Alen Horvat: But what we also see is that I mean so device binding is
important for credentials that are used for identification purposes but
requiring this for all the credentials I mean so at the end of the day
student just wants their education skills credentials and they want to use
them. If the integration is too complicated market will find its so that's
why I think the wallet is great. It will simplify many things, but at least
when it comes to education and skills, we see that having substantial
assurance level, it's sufficient in most cases, right?
00:50:00
Alen Horvat: And even what I show it's much simpler there's a huge step
between advanced and qualified and usually the step is too high. So they
just say advanced assurance level it's sufficient we don't bother with more
so it's a sweet spot between security reliability and also the cost both
operational and on
Ildiko Mazar: In terms of investment of an education or training providing
organization doesn't well assert already offload that by offering a service
of ceiling credentials for your customers or clients.
Sebastjan Pirih: I mean,…
Sebastjan Pirih: we have maybe
Alen Horvat: the ceiling so u so currently everyone that we're working with
is using advanced seals this means that these seals are not bound to a
hardware and…
Alen Horvat: and basically we manage those for them but basically how
should we do the volert itself can be so some actors are plan to self-host
it so manage it on site which is also possible and they have full control
and security and everything. So understanding the pain from all this easy
especially when it comes to qualified and hardware requirements and the
costs. yeah, this is what they usually go for. But if someone wants to go
to the highest assurance level, it's not an issue.
Alen Horvat: It's a decision of you they want to do.
Simone Ravaioli: I have a question about integration with Europass.
Simone Ravaioli: So when you deposit on Euro pass are you calling in an
endpoint that is offered by the commission? How do you do that?
Alen Horvat: So, Europas has a very nice model for depositing. namely if it
looks like an unprotected endpoint. but essentially what they do they valid
so the credential must be If it's sealed it means that the organization
under random identification and to receive an eil. So if someone would post
deposit malicious credential or…
Alen Horvat: misuse the service the commission knows exactly who is so when
I saw it I was pleasantly surprised. It's a very nice model because you can
deposit without just call by just calling an API without any integration
efforts. So it's quite nice.
Simone Ravaioli: follow up.
Simone Ravaioli: But you're in that process,…
Simone Ravaioli: you are issuing to an email address still, right?
Alen Horvat: No, no,…
Alen Horvat: that's u. No, I let me find the credential. Let me show you.
No, it's also bound to a public key. So that's let me get this. So if you
check your credential, the JSON LD1, you will see that there's a
confirmation claim in open to changes. Sorry. Let me share a second to
share screen.
Simone Ravaioli: Yeah.
Alen Horvat: Can you see my screen? Okay. Let's go here. So this is what
the payload looks like. And wait, do I have it? I for so…
Simone Ravaioli: Thank you.
Alen Horvat: if we check here what you will see is oops. So it's not only
issued by e to email. So organizations have three options. You see this CNF
claim in the payload. This is actually the public key. the credential. So
if someone would like to use I don't know open ID for ver presentation on
the W3C they could create a cryptographic proof and this key is like a
standard elliptic curve kit.
00:55:00
Alen Horvat: it's not nothing special. So from that sense the credential
can be issued. So okay to email or I don't know online courses universities
do have personal data. So what they usually put national number name
surname I mean this is the payload of the EDC and then there's this
cryptographic binding right. so not only that you can now deposit it, you
can also add it to your regular wallet and essentially then present it and
create also cryptographic proof that you own the credential. So, all three
options are possible. Now, of course, depending on the use case and needs
one or the other is we are using email just to send out the notification.
Okay.
Alen Horvat: So in the payload I know you define what user data you want to
put in.
Simone Ravaioli: But on the Europeass, so I have an account on Europeass
that is connected to a different email address than the one that I added
there. So I don't see it show up. So that's on the Europeass side. So I
would have to bind my two accounts if you will.
Simone Ravaioli: So I wonder…
Simone Ravaioli: what happened to that credentials that went didn't land
into Europas.
Sebastjan Pirih: I mean,…
Sebastjan Pirih: Did you deposit it? Because we don't do it in a way. It's
not automatic.
Alen Horvat: It's not automatically.
Alen Horvat: …
Sebastjan Pirih: Yeah. We don't do it. Yeah.
Alen Horvat: we decided not to automatically deposit to Europe pass for
privacy.
Simone Ravaioli: All right,…
Alen Horvat: I mean, we had this issue because this is a push mode. If
you're sending credentials to someone, you don't necessarily have a consent
to share the data with a third platform, right? Okay.
Simone Ravaioli: But I guess I was maybe thrown off because I received an
confirmation from Europass that says that my certificate of attendance has
been added to my Europeass wallet.
Sebastjan Pirih: But you have for sure clicked on the deposit in your
email,…
Simone Ravaioli: I have,…
Sebastjan Pirih: right? And…
Simone Ravaioli: but I don't see it in my Europe wallet.
Sebastjan Pirih: then …
Simone Ravaioli: Although I got the notification. That's what I'm saying.
Sebastjan Pirih: that's probably something on the Europa site,…
Simone Ravaioli: That's what I thought.
Sebastjan Pirih: I would say. Yeah. Yeah. Yeah. I've seen that issue.
Sebastjan Pirih: Yeah. you can try uploading it manually and you will see
if there is already inside you will get that you cannot do it because it
already exists. Yeah. Cool.
Simone Ravaioli: Thank you.
Sebastjan Pirih: Yeah. No problem.
Sebastjan Pirih: All right.
Ildiko Mazar: Okay, we're getting close to the hour.
Ildiko Mazar: Is there any final question from the audience?
Simone Ravaioli: I guess Sharon tried to get it into a web wallet, but she
can't. So, as well, I don't know.
Alen Horvat: We can…
Alen Horvat: if just send us any and we can look at if there's some yeah
currently what so the current issue that we're having we cannot package
everything in one credential so maybe something if it like how to when so
for example we have a credential down that is European digital credential
there can be an open badge there can be a PDF to at least find a way to
send this just added one file so that it's easier somehow for users…
Alen Horvat: because that part of user experience is still not the best.
Ildiko Mazar: One last quick question…
Ildiko Mazar: because I'm seeing in the email notification that there's
three attachments. One's the JSON LD, the other is a PDF which is the
rendered version,…
Ildiko Mazar: but there's also a wallet certificate of attendance VC
credential. Is that what format is that?
Alen Horvat: that is…
Alen Horvat: what you import into the wallet. so it contains the JSON LD
plus additional metadata that we need…
Alen Horvat: then to generate all the crypto.
Ildiko Mazar: So that's…
Ildiko Mazar: if I open my wallet. Okay.
Alen Horvat:
Alen Horvat: Yeah. I mean it's a binary so you will not try to open it but
this is the one that you import into the web wallet and
01:00:00
Sebastjan Pirih: that's probably why Sharon couldn't get it into the wallet.
Sebastjan Pirih: I don't know if she's here still. Maybe she tried using
the JSON LD instead of the file number three. Probably. I'm just guessing
here. All right.
Ildiko Mazar: Gentlemen,…
Ildiko Mazar: thank you very much for this presentation and thank you for
the audience for staying until the hour. And I don't know if you want to
share your contact details Alan in case anybody wants to get in touch with
you after the event but I'm sure they can find you on LinkedIn. So I have
it.
Alen Horvat: Yeah. Should I put in the chat or send it to you or…
Simone Ravaioli: Thank
Ildiko Mazar: Yeah, there we go. Thank you very much again and hope
everybody had a good time and enjoyed the presentation. See you next time.
Alen Horvat: Thank you.
Sebastjan Pirih: Thank you very much for the opportunity.
Ildiko Mazar: Thank you. Right.
Sebastjan Pirih: Bye-bye. Bye-bye.
Justin Cooke: Stare
Meeting ended after 01:01:11 👋
*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Monday, 17 November 2025 23:15:19 UTC