- From: <meetings@w3c-ccg.org>
- Date: Thu, 16 Apr 2026 17:05:27 -0700
- To: public-credentials@w3.org
- Message-ID: <CA+ChqYeS_0mW91dBQ2iDdvBUDezidiozLotYR8jBMbemt4X4mQ@mail.gmail.com>
This meeting marked the relaunch of the CCG Asia-Pacific series, focusing on onboarding new members and discussing the MOSIP NG stack. The presentation highlighted MOSIP's role in foundational identity systems and introduced the NG stack, which comprises three modules: NG Certify for credential issuance, NG Wallet for credential holding, and NG Verify for credential verification. A live demo showcased the interoperability of these modules with different credential formats and issuers. The discussion also touched upon potential areas of collaboration with W3C on verifiable credential standards, including the Verifiable Credential API, offline credential delivery, and privacy-preserving biometric verification. The meeting concluded with a Q&A session and an invitation for community feedback and contributions to the open-source MOSIP project. *Topics Covered:* - *CCG Asia-Pacific Relaunch:* The call officially relaunched the CCG Asia-Pacific series with the goal of onboarding more members from the region and establishing monthly calls. - *MOSIP Introduction and NG Stack:* Vishwanath Vaidyanathan and Swati Goel provided an overview of MOSIP, a modular open-source identity platform, and its NG stack, which aims to enable digital service delivery through verifiable credentials, particularly in areas with limited internet connectivity. - *NG Module Capabilities:* The presentation detailed the capabilities of the three core modules: NG Certify for issuing credentials from various data sources, NG Wallet for secure credential storage and presentation, and NG Verify for credential validation by relying parties. - *Interoperability and Standards:* The discussion emphasized the importance of interoperability and adherence to standards like W3C Verifiable Credentials and OpenID Connect for VP. - *Demo of NG Stack:* A live demonstration showcased the end-to-end process of issuing and verifying credentials, highlighting interoperability between different issuers and formats, and the use of OpenID for VP. - *Collaboration with W3C:* Manu Sporny highlighted several areas for potential collaboration between MOSIP/NG and W3C's ongoing work, including the Verifiable Credential API, offline credential delivery, privacy-preserving biometrics, and web wallets. - *Key Management and Post-Quantum Cryptography:* The discussion touched upon MOSIP's modular key manager component and its ability to work with HSMs, and the need to address post-quantum cryptography challenges in future standard development. - *Wallet Modularity and Data Portability:* The modular nature of the NG Wallet was emphasized, allowing integration into existing applications, and the challenge of data portability and wallet-attached storage for verifiable credentials was discussed. *Action Items:* - Attendees are encouraged to review the W3C Verifiable Credentials API and other related specifications for potential collaboration with MOSIP/NG. - MOSIP team to investigate the VCOM specification for potential integration with their VC issuance plugin to simplify external issuer integration. - MOSIP and NG teams to actively participate in W3C working groups, particularly regarding web wallets and privacy-preserving biometric mechanisms. - Attendees are invited to provide feedback on the CCG Asia-Pacific monthly calls through a provided survey. - The MOSIP team encourages contributions and feedback to their open-source project through their community channels and GitHub repositories. Text: https://meet.w3c-ccg.org/archives/w3c-ccg-asia-pacific-2026-04-16.md Video: https://meet.w3c-ccg.org/archives/w3c-ccg-asia-pacific-2026-04-16.mp4 *CCG Asia-Pacific - 2026/04/16 09:29 EDT - Transcript* *Attendees* Bumblefudge von CASA, CHIHYUN LIANG, Dan Yamamoto, Denken Chen, Manjunath Bhagwat, Manu Sporny, Sanchi Singh, Swati Goel, Ted Thibodeau Jr, Vishwanath Vaidyanathan (Vishwa), Will Abramson, Yen-Lin Huang, 王浩恩 *Transcript* Will Abramson: Hold on. Nice. Denken Chen: Hey Dave. Vishwanath Vaidyanathan (Vishwa): Hang on. Dan Yamamoto: Hi everyone. Denken Chen: and let's wait for a few minutes for the folks to join in. Denken Chen: Okay, let's get started. this is the first AP pack series CCG call relaunched and we hope to on boarding more members from the APC region and starting with a monthly call. So to start it just as usual we've been doing in the Atlantic CCG course we are following the code of conduct from W3C and I'll paste the link here for our event and we would like to doing for friendly environment for our community. Denken Chen: So you can read that code of conduct and if you would like to made substantive contribution to the CCG work items you need to agree to the full IPR agreement and have an contributor license agreement all those kind of things. today we are inviting responders to this call and the show note will be shared with our W3C mailing list it'll be So started we would like to start with some introductions. Denken Chen: If you are new to this call and you would like to share a little bit about yourself feel free to raise your hand. no pressure. Yeah. No. Okay. That's fine. And okay will Will Abramson: Yeah, I can say hi to some folks I don't know. So, I'm Will Abramson and I'm based in the UK. I'm delighted that we're starting up this APAC series again. I think it would be great to, continue get a bit of momentum going. I'm one of the chairs of Denin of the credentials community group. Will Abramson: So, thanks everybody for joining. Denken Chen: And also a little bit for myself. Denken Chen: I'm the co-chair of the CCG. I'm leading the efforts of onboarding more APC members onto our community group. yeah so for the newcomers we are at the stage for self introductions. So if you are interested in introduce yourself if you are new to this community you can raise your hand and speak for yourself. 00:05:00 Denken Chen: Yeah, man. Please. Manu Sporny: Hi, I don't recognize a number of the names but thought I'd introduce myself. hi, my name is Mispornney. I am one of the chief architects and lead editors of W3 verifiable credentials, W3C decentralized identifiers, the data integrity specs and a number of other standards at also am one of the co-founders and CEO of a company called Digital Bizaarre that builds these technologies out for state governments, retail industry, education, those sorts of things. Manu Sporny: very interested in the work that Asi and Vishua and others are doing around Mosep and… Manu Sporny: those sorts of things. So very very interested to participate in the discussion today. Thanks. Denken Chen: And we've seen Bumble F have some message in the chat. Denken Chen: I've met in some other message group and so you'll be interested to see any topic you'll be interested in our group. So the next one is there any announcement from the community like any project you would like to share to let the community you can also raise your hand to have some words. if no we can hand over to Banage for the speak. Okay. Denken Chen: menu, please. Manu Sporny: Yeah, just a quick announcement. as a number of the verifiable credential working group has been rechartered through the end of the year 2028. one of we have a lot of new work items that the group is working on. those include things like render method for displaying verifiable credentials, a confidence method which includes some biometric work that has some overlap with the work that MOSIP is doing. Manu Sporny: verifiable credential API for complete life cycle management of digital credentials in general. and so a number of those specifications have been published today as first public working drafts. VCAPI u and a number of the other documents were published. I'm trying to get a link of the announcement there. it's here. So if folks want to go and read this link in the chat, it talks about verifiable credential barcodes as a first public working draft data integrity, ECDSA, crypto suites, verifiable credential API. Manu Sporny: we will have future first public working drafts on entity recognition which is about who do you trust to issue certain types of credentials and things of that nature. So the work's very much underway and moving quickly. we're also expecting the quantum safe digital signature work to be published in the next little bit. Manu Sporny: That's it. Denken Chen: Thank you Manu. Denken Chen: I'm also leading the efforts of developing VC confidence and which one told me that the O SIP is applying for W3C member and so we will be welcome that you can join us to developing the confidence and the rendering method. Yeah, thank you. let's hand over to Ves. Vishwanath Vaidyanathan (Vishwa): Thanks thinking hi everyone. thanks for opportunity to present about NG in the W3CCG. and for the membership we have applied so that process still going on. looks like it'll take some time but we are also excited to start working with the working groups and contribute for the standards. yeah Sanji can sorry Swati can you please share your screen for the slides? 00:10:00 Swati Goel: Yeah, Which one? It is loading. Just give me a minute. I hope my screen is visible. Vishwanath Vaidyanathan (Vishwa): Yes, Swati, we can see your screen. Swati Goel: I have started the slideshow. Vishwanath Vaidyanathan (Vishwa): Yes, we can see. hi everyone. small self introduction. my name is Vishnuat Vyanadan. I lead the architects group at MOSP we work with couple of DPGs. we'll see more details as part of this slide. So the agenda is more like a brief introduction to MOSIP and about the NGNG stack and we are also planning to show a small demo of NG and all the various modules available and the capabilities that provides for the adopters. So this is how we have structured the presentation. I'm going to present this along with my colleague Swati Goyel. Vishwanath Vaidyanathan (Vishwa): Swati, can you give us a short intro on yourself? Swati Goel: Thank you Hello everyone. Myself Swati Goy. I have been engaged with ING and MOSI for almost last three years. So I am mostly working on ING DPZ which is also part of MOSIT. So I started participating in one of the module of NG but now I take care of all the modules and… Swati Goel: we have three modules in NG we'll see in the upcoming slides how these modules interoperate with external systems also. So all these things I take care along with this. Thank you. Which one? Good. Vishwanath Vaidyanathan (Vishwa): Thanks. Vishwanath Vaidyanathan (Vishwa): We can Swati, we can move to the next slide. Okay. Yes. Swati Goel: I have changed. You can't see I have switched to the next slide. You can is there live? Okay. Vishwanath Vaidyanathan (Vishwa): We can see. please feel free to stop us anywhere, any questions. we can have this as an interactive session. so MOSIP stands for modular opensource identity platform. Vishwanath Vaidyanathan (Vishwa): The idea is to create an open-source platform based on which countries can create their foundational identity system for their countries. So the idea is as a country they can take MOSIP we'll help countries with customizations and then we also have a marketplace of system integrators also whom countries can take help from and customize MOSIP specific to all the country needs and issue foundational identities to all the residents of the countries. Vishwanath Vaidyanathan (Vishwa): So the way we are thinking is this becomes a foundational layer above which lot of digitization in a country can happen like social benefit delivery, bank account openings, payment payment and lot of these DPIs can be created on top of foundational identity. So this would be a very good beginning point for a country to start the digization MOSEP as a project started in 2018. it is a non-for-profit project. it is incubated at International Institute of Information Technology, Bangalore. It's a university in India. Vishwanath Vaidyanathan (Vishwa): It is supported by a lot of philanthropic companies listed below. these organizations support us for the past 7 years and there's a lot of countries whom we worked with to enable them for their digital journey. so you can move to the next slide. Okay. So this is what Mos was able to achieve in the last 7 years. we started with one country even before we kickstarted the project. There's one country Morocco who was interested in the project to build their foundational identity. over the past 7 years the MOSUP has been adopted by almost 29 countries and over 185 million identities are generated using this platform. so it's an open source project. 00:15:00 Vishwanath Vaidyanathan (Vishwa): Every country runs their own instance with the customizations but all put together so far we have 185 million plus identities which has been generated and so over a period of time we have also encountered countries where they already have their identity system where identities are issued but they were not very usable in terms of enabling digital service delivery. So we also started working with those kind of countries. You'll see some sample countries in the next slide. But over 30 million ids were already available in the existing system. Identities were issued but those were also migrated to MOSIT based digital ID system and we enabled country for the digital journey. so can you move to the next slide? Okay. Vishwanath Vaidyanathan (Vishwa): So this is where MOSIP is currently used the 29 countries. we started with Morocco as I said even before the project Morocco signed up an MOU with the university and the IDE system was created and they were helping us creating the opensource identity platform. So then we also moved to Philippines almost 100 million plus identities were issued even though we started with Morocco, Philippines was the first country which took the project to the production and they were issuing identities the scale of the system was actually tested as part of the Philippines journey as I said as part of all these countries who started with fresh identity system we call them as green field implementations Vishwanath Vaidyanathan (Vishwa): So where fresh identity was issued, collected biometrics were collected, uniqueness was checked and a unique identity was issued. but we also saw countries like Uganda where there was an existing system where 30 million registrations were already done and identities were issued but those identities needs to be moved to MOSIP based system. So we also improved the platform to support lot of migration needs. How do you collect the old data from the old system and include those biometrics, check for quality and then ensure the uniqueness is there and then reissue those identities from the old data. Vishwanath Vaidyanathan (Vishwa): from there we also moved to signet based ID systems. I'll give more details on the signet in the upcoming slides. but we had MOSIP as a foundational ID and then we have Eignet and NG. These are three different DPGs that we have. So all these countries put together they are in the various level of adoptions right now. There's 10 plus countries in the production but there are also countries who are doing pilots and who are ready to begin pilots but all these countries put together we are almost a possibility of touching over a billion people. so we are very proud working with so many countries implementing for them. so we can move to the next slide. Okay. Vishwanath Vaidyanathan (Vishwa): So we started with this foundational identity system which is MOSEP. citizens or the residents of the countries were registered. There is a module for registering the people collecting biometrics and demographic details, documents etc. And uniqueness based on the biometrics were assessed and an identity was issued. But an ID makes sense based on what it can enable. Right? So once this action was fairly completed, we were also supporting countries multiple countries. But there was one part which was very clear that we have to enable authentications verification of these identities and we had a very minor authentication system as part of our foundational identity system but there were pain points in terms of integration. Vishwanath Vaidyanathan (Vishwa): Which is where we started looking at how to simplify these integrations because when it comes to a country and there is one national identity in the country there could be easily 100 plus relying parties who wants to verify users for service delivery. So the integration becomes very difficult and then that is when we created eignnet. So eignet is basically an open id connect system. you can think e signet is more like login with Facebook. Likewise, can we do login with national ID and the integ? We want to simplify the integration to a great extent. 00:20:00 Vishwanath Vaidyanathan (Vishwa): That is where we were looking at standards and we looked at the open id connect standards so that the integration libraries are available in all the platforms and once we did this there's an interesting story story Ethiopia took eignet and they were actually able to do a million authentications per day. So the system scaled to do a million authentications per day recently on eignnet and e signet was actually moved as a separate DPG because we were also getting requests from countries where their identity systems were good but it's only that they are not able to use their existing identity systems for authentication. So eignet was designed in such a way that it's a very thin layer to simplify integration but it can work with any identity system not only musip. Vishwanath Vaidyanathan (Vishwa): So we thought it is better to have it as a separate DPG instead of having a module inside MOSIP. So it has become separate. So in the same line of thought we also created in more details on NG is what we are going to cover in this presentation. Swati can we move to the next slide? so with MOSFET we were able to issue unique identities, enable service delivery using authentication but lot of countries where we are working are all developed developing nations. these places internet is not widely available everywhere. So e signet was helping the countries to enable service delivery but it's a smaller population right but there's a huge set of population where internet is a challenge. Vishwanath Vaidyanathan (Vishwa): So we were looking at other ways to enable service delivery which is when we were looking at credentials actually we started with a digital signature can we just digitally sign this data and then can we actually give it as an mobile application that's how we started in but later we were looking at W3C JSONLDD VCs which actually made sense again looking at the standard based implementation. Vishwanath Vaidyanathan (Vishwa): So we started issuing W3C JSONLDD in a custom format but later we also understood that this ecosystem is going to grow and the solution that we are building called NG is not specific to an identity solution but it could be reused for various agriculture sector where you want to give a far farmer IDs there's a social benefit sector where we are talking to countries where they also want to give an identity as a verifiable credential. Vishwanath Vaidyanathan (Vishwa): Since we came out from a university we were also looking at can we make the university certificates also as a verifiable credential. So we understood the new module that we are creating to solve the internet issue it could also make sense on a nonidentity related areas also. So we made ING also as a separate digital public good which allowed us to do instant verification at a very low cost since there's not to support a huge population when there is a central system it also needs to be scaled up. Our solutions can scale up but again the required hardware needs to be provided by the countries right these are developing countries. Vishwanath Vaidyanathan (Vishwa): So this also helped us with reducing the cost of verification with the VCs and we started with a mobile app but for the inclusivity aspect which is one of the very basic pillars of MOSB where we want to make sure that nobody is left out. So we also created a web or cloud-based valid solution to hold credentials for people who are not having smartphones. so I think we can move to the next slide. I don't think I need to spend any time on this slide. So the decentralized verification model savior are the basis for the ng platform. Vishwanath Vaidyanathan (Vishwa): So we have this issuer, holder and verifier, right? So I'm still showing this slide because I want to correlate to the toolkits that ING provides to facilitate all three parties in this ecosystem. so I think let's move to the next slide. Okay. So we have this three major modules in for the issuers we have a module called NG certified. So this is a system which allows anybody to take any digital data that is available and convert that data into a credential and then securely deliver that credential to a valid. So this entire responsibility is taken by we'll look at certify a little more deeply in the upcoming slides. Swati will explain that. in validot this is for the holder. we have a mobile and web interface for the inclusivity. 00:25:00 Vishwanath Vaidyanathan (Vishwa): The whole idea of valid is again aligning to the specification and the standards which allows receiving of credentials and storing it in a secure way and allow presentation of these credentials again for the service delivery aspects. finally we have yes man. Manu Sporny: Sorry, Michelle. Is it okay if I ask questions as you go? or… Vishwanath Vaidyanathan (Vishwa): No problem. Manu Sporny: would you rather get through the whole presentation? Vishwanath Vaidyanathan (Vishwa): What? No no no no. we would like it to be interactive please. Manu Sporny: Okay, great. this is wonderful. Vishu as you know we're big fans of the work that all of you are doing at MOSIP and… Manu Sporny: and I wanted to make sure that I'm looking down at the standards and… Vishwanath Vaidyanathan (Vishwa): What are we doing? Manu Sporny: that's great. broad standards coverage, supporting multiple formats, protocols, all that kind of stuff. specifically related to your use cases makes a lot of sense. I think some of the items that we're working on that are opportunities to collaborate … Vishwanath Vaidyanathan (Vishwa): working on. Manu Sporny: are things like the new verifiable credential API that deals with the entire life cycle management between something like NGCertify the wallet and verify. we are also working on wireless specifications not just Bluetooth but NFC for completely offline engagement and delivery of verifiable credentials. as you know there's a SD jot is one way to do selective disclosure. Manu Sporny: And there's some postquantum things that we're increasingly concerned about. so paying attention to those would be a good thing I think for and then finally the claim 169 work as Denin mentioned there's work on biometric not just the picture not just fingerprint but facial vectors and facial vector matching so that it can work offline as well. Vishwanath Vaidyanathan (Vishwa): smoke. thanks thanks man. Manu Sporny: So I'm just mentioning these things because these are all things that we would love MOSIP and Ing's engagement on as we develop the standard so that we make sure that it works for the use cases that you have. that's it for now. Vishwanath Vaidyanathan (Vishwa): It definitely makes sense. Vishwanath Vaidyanathan (Vishwa): For us also interoperability is a big area of interest. we want to provide options for the countries. that's the whole idea. So the valots also ing valid is just one option right but we want countries to have choice they can take in vallet or any compatible valot right but still they should be able to issue credentials to that ballot and there could be hundreds of relying parties in the countries where they would like to consume verifiable credential and do service delivery. Vishwanath Vaidyanathan (Vishwa): So there could be few people taking various other proprietary solutions. and still we want entire thing to work with each other and working with W3C and other standard organization is very important to us to make sure that our use cases are heard and those are incorporated in the standards that way it helps with the interoperability. want to duly noted so that's where we also started on the membership once that is in we will very actively participate on all the render specs as you know we are already using the VC render spec in our valid for SVG based rendering so all the other areas that W3C is currently working we would also love to join and contribute Vishwanath Vaidyanathan (Vishwa): So yeah standards I think manu covered. So these are the various standards currently we support. BL is something very special to Open ID for VPLE because people from MOSP is also an author for bringing out the open ID for specification. And we started with W3C data model with 1.1 and now we are moving into 2.0. so that's where we started and we thought it's going to be one credential format but the reality has been that there are other formats which is getting popular. So then we said that anyway we are agnostic to the format. So that we started supporting other formats like SDJ, MDO and other places. 00:30:00 Vishwanath Vaidyanathan (Vishwa): since we want to be interoperable and it's an platform where we want to globally get utilized and there are choices that countries normally make and also we want to give that choices right so we started also implementing the other formats so currently major formats are W3C JNLD IDF SDJ and MTOK m not on the issuance side much but from the valid side we want to receive all the credentials and enable verification of those things or representation of those formats. Claim 169 is again special since we are working with INA for u bringing this identity claim but as Manu said there is definitely synergy in terms of working together so that it becomes a global standard. Okay. Vishwanath Vaidyanathan (Vishwa): With this I would like to hand over to Swati so we can see a short demo and… Vishwanath Vaidyanathan (Vishwa): we can look at a little more closely on these modules and we can take questions. Over to you Swati. Swati Goel: Thank you Vishua. Swati Goel: So Vishua has covered about all these three modules we have in NG. So first we will do a quick demo just to see how we are leveraging NG which includes interoperability as well as all the three formats supported by NG. So the first demo is about leveraging engine national ID as well as age proof so that a user who holds national ID and the age proof can avail the services which required age verification. Okay. So what we are doing here is we're calling it age verified service access. certify and other issuers. So this is to showcase the interoperability. We are interacting with animal as well. Swati Goel: So in national ID is issued by certify through mosic system and age proof credential is issued by animal. These both credential will be downloaded in wallet and then there's a service portal which we are using ng verify as a party portal or service portal which can request a credential for the age proof. So let's see the demo. I'll share the device connection. Yeah, I hope my device is visible. Vishwanath Vaidyanathan (Vishwa): So I think we can see the co device here. Swati Goel: So, this is the NG wallet. this is the list of issuers we support to issue different types of credentials. I'll go with the national ID first. So we are using national ID with the unique identifier which we called UI in MOSIP system. So that's why we say UIN or virtual ID and we are leveraging our e signature here for the authentication layer. I'll enter my UIN here. Swati Goel: We have a system for real time OTP also but for the collaboration environment we have enabled the mock OTP so that anyone can just get the UI issued and verify with the mock OTP. So I'm using mock OTP which is one for us. Now we can see our authentication successful. is asking a issue which is rt to get the VC downloaded. Here I can see my national ID VC is available. This is the W3C JSON LTVC. with the biometric photo and it has a QR code also which is basically in this flow we have used claimation and R code. So this is the national ID VC. for this use case as we want to show the age group I'll go to anymore. I'll issue a age verification VC. Swati Goel: This is to showcase interoperability as well as for the specification of open ID for VCI there are two ways to get the credentials. One is wallet initiated another one is wallet initiated I have showcased to download the national ID. This one is about to showcase now is okay. Vishwanath Vaidyanathan (Vishwa): Thank you. Swati Goel: I'll see both device as well as browser is visible right okay because of my why so I'll scan the QR code from device it will first ask whether you want to trust this issue or… 00:35:00 Vishwanath Vaidyanathan (Vishwa): All right. Swati Goel: Swati Goel: it will show the basic information about issuer who is the issuer with the logo and other things so that a wallet can trust and whenever you access the new cad from the same issuer it won't ask for the trust because you have already trusted so as a user I am consent and trusting the issuer to get the VC now VC is downloaded so this is the sdfc and I can see this VC is available with few disclosure so we have highlighted the disclosure with some special icons this way and… Vishwanath Vaidyanathan (Vishwa): That's good. Swati Goel: we want to see what are the sharable items. These are age over 18 and age over 21. These are the two disclosure we have. So now I hold two credentials. One is national ID credential that also have a date of birth and another credential also just to showcase I am over 18 but age over 21 is not true. I'll go to the lang party portal which is Here as a service provider I want to get your national ID and the age proof credential. So I will generate open ID for VP presentation request. It will generate this QR code contains authorization request for a VP. Vishwanath Vaidyanathan (Vishwa): Nothing. Swati Goel: So again this is a verify which is It will ask wallet to trust this verifier and based on the VP request it shows the credential which match the criteria. So I have selected MOP VC and the age proof credential with some presentation request as per the point info VP specification. we are following draft 23 with the presentation exchange. So choose In I can choose any disclosure one or two. Let's say I choose only age over 18. because one of the VC contains a picture it will allow only to share with your Without face verification we cannot present the VC. Swati Goel: It also give that authenticity who is presenting a credential to a relying party or service provider that person holds that right otherwise anyone if I share this with somebody else they would like to present it the face verification will not work. So that the face verification is also one of the SDK we are using in NG. So I will do face verification. Vishwanath Vaidyanathan (Vishwa): Just to add a small point. Vishwanath Vaidyanathan (Vishwa): So the phase verification unlocks the cryptographic key that can be used for signing the presentation. So it is secured using the secure key store to allow utilization of that particular key for presentation phase matching is required. Vishwanath Vaidyanathan (Vishwa): So any credential which has a face in G valet has a functionality to first verify and then present. Swati Goel: So it requested two credential. Swati Goel: One is MOSI credential. It has received here. Second is age verification. as a wallet holder I shared only one disclosure. It has received only one disclos age over 80. So this is a use case about end to end using entire nist issue a credential through mossip with certify and get a credential from a different issuer to showcase the interoperability and how can we avail the lang party portal and to showcase the open ID for VP specification and it also covers two types of credential format one is W3C JSL credential another one is ITF SD JPC that's the one use case I've covered Swati Goel: Second use case. Any question? Yeah, please. Somebody has Manu Sporny: Yes, that was so I think this is again wonderful to see the whole demo and everything come together. A couple of notes on areas that we could collaborate. the first is the QR code for cross device. One of the new work items in the W3C verifiable credential working group is a QR code format that is communication protocol agnostic meaning that you can put up a QR code in basically and it's a low density It's not a super highdensity code like some of the open ID ones. Manu Sporny: it's called an interaction QR code and through it you can select… Vishwanath Vaidyanathan (Vishwa): Take people here. Manu Sporny: which protocol you want to support with the wallet. So sometimes you want to redirect the person to a website sometimes you want to engage in OID4 VCI or OID4VP, sometimes you want to run VCOM and sometimes you want to run a proprietary wallet specific protocol. this new QR code format allows you to more dynamically select the protocol that you're going to use to engage with the system instead of basically just locking into one protocol. So that's one area that we might want to collaborate on. 00:40:00 Manu Sporny: It's in the verifiable credential API spec, but It's a protocol agnostic QR code. the other item is that I noticed I think Vishua you mentioned and… Vishwanath Vaidyanathan (Vishwa): Look at me. Manu Sporny: Swati you mentioned that you're using web wallets to make sure that if people don't have access to mobile phones or native devices or whatever that they have a wallet. I think that's a brilliant idea. I think that that is absolutely required in the ecosystem. I'll note that, eventually the digital credential API at W3C is supposed to replace the protocol negotiation, but they have not, supported web wallets yet. Vishwanath Vaidyanathan (Vishwa): Go back to school. Manu Sporny: And I think that's a big problem, Because I think the vast majority of people will end up with a web wallet or some kind of custodial wallet at first and… Vishwanath Vaidyanathan (Vishwa): Oops. He has more than Manu Sporny: then maybe they'll upgrade to a native wallet. So, another thing we could really use your help with is convincing the W3C membership to support web wallets in something like the DC API. and then the third thing is around the biometric face verification mechanism that you showed. that's great. we are trying to push the global community to do more privacy preserving biometric checking. Manu Sporny: So for example, in the United States, because of privacy regulation, we really don't want to upload a picture of the person's face. We would rather, there be a biometric facial vector that's used instead of an image of the person. And so, as Denin mentioned, he is leading the group to try and figure out a more privacy preserving way of doing that. Vishwanath Vaidyanathan (Vishwa): It feels good. Manu Sporny: I think the interaction that you showed is great. we need that. but we also want to really make sure that we make it as privacy preserving as possible. And ideally, the verifiable credential that's sent over to the verifier is is not, something that can be traced like a ic an SD jot a static signature. rather it's something that it can be done at the time to give the verifier strong acknowledgement that this is the person that is associated with the credential without giving them any kind of biometric data directly if that makes sense. So we're very much working on that as well and would love to collaborate with you on making that something that you can use. That's it. Swati Goel: Yeah, thank you I think it's really good to know we are working towards privacy along with that proving that person's identity along with managing the privacy. Swati Goel: Yeah, I think really good looking forward also to see how things works. Vishwanath Vaidyanathan (Vishwa): Also manu the statement you made on the web valid is very real from the standards space wherever we are looking at web valid cloud valid is not seriously considered and… Vishwanath Vaidyanathan (Vishwa): you don't see it in the samples it is more of an interpretation of our implementation is also more of interpretation of Vishwanath Vaidyanathan (Vishwa): how it should be where we are trying to align to the standard but that's not a first class citizen that's a reality we are seeing today that should definitely change we'll try to bring that perspective to the working groups yeah I think we can go to capabilities and… Swati Goel: Which considering the time do you want to cover the next demo or the capabilities? Vishwanath Vaidyanathan (Vishwa): if there are any questions we can actually spend Time on the questions. Swati Goel: Yeah, that will be better. Yeah. Okay. Let me then I'll just skip the next demo. I'll move to the capability section. So this is one demo we wanted to showcase about how we can get another VC which is linked with the national ID but we will skip for now move to the next slide. So we'll deep dive into these modules now in the certify NG wallet and verify to focus more about capabilities. So far we have seen how it is working as a live demo but what capabilities it offers how it can be utilized by the existing system available in the ecosystem or from the scratch as well. So let's first go into the NG certified module which is about issuance of credentials. So I will not go in details explain this diagram. This is about complete architecture. I'll quickly focus on the area which is more interested. 00:45:00 Swati Goel: So if we see in this layer architecture the bottom layer where we define the data provider plug-in audit plugin and VC is plug-in. So this data provider plug-in so certify works in based architecture. What does it mean is you can add any plug-in to serve the data and certify can convert the data into the connection. So that plug-in is known as data provider plug-in. So this data provider plug-in can interact with any source system. It can be a database. It can be your file Excel file. All these things is available here. So you can just write your custom implementation by implementing data provider plug-in and get the row data. What happens is this data provider plugin is simple kind of JSON data to incertify service. Okay. Swati Goel: And the NG certified service use the second layer VC serer and templating engine. template engine is nothing but template engine which transform that row data into a VC and VC signer basically sign that digitally sign the credential. And this VC signer is using another MOSIP service available in the system is key manager service takes care of all the life cycle of key management. how do we generate different types of key we are supporting RSA, ECR1, EC1 and AD 5519 generating those keys rotating those keys after expiry signing the data based on these keys. So all these is controlled by key manager service. Swati Goel: So if we look at the capabilities like any downstream system the example use case which I explain at university right they might have a data in excels which can be considered a CSV or if you talk about any organizations they can also have a data in the database they want to issue a credential digitally so we can integrate the plug-in with this get the data sign it through the VC signer and then give a VC back that's Swati Goel: Second thing is about VC plugin as well we have existing system in ecosystem who already holds a web credentials. Let's say if you talk about sunbar registry and sunbar credential system exist already. So they issue a web credential with signed data certify can also act as a proxy in between and it can fetch the data from downstream web credential services and give the credential to the wallet. This plug-in architecture is core of certifi. Anything you would like to add here. Vishwanath Vaidyanathan (Vishwa): Yeah, quick points Swati since we are also running out of time. one quick point is Key manager, I'm just relating it to what Manu said on the postquantum problems. key manager is a component which deals with lot of cryptography in G35 and key manager is also a component which is part of MOSIP's foundational identity system. So since it's modular, we just took that module and we started reusing it here as a library. post contam is a real problem that we need to sort out there. But once it is sorted out in one place it will basically satisfy most of foundational identity as well as NG. that's how the current design is. it also supports HSM because a key manager is designed in such a way to work with the hardware security module. So that capability is also something we got in. one last point on the in architecture. Vishwanath Vaidyanathan (Vishwa): plug-in is a very thin layer of integration which is a very simple one Java class file people can write for connecting the data but once that data is connected NG certified system can be configured to work with any kind of formats in the sense currently we support MTO SD jot and W3CVC all these things are just configuration the integration is just for connecting the data after that what kind of what is the schema everything can be configured and certified and the verifiable credential can be very easily issued from certify in various flavors or various different credential types. All those things can be simply configured in certify is one of the big advantage we see with using certify for issuing of credentials. yes ma'am. Manu Sporny: Yes, a plus one to that architecture that makes an enormous amount of sense. that is the same kind of approach that our implementations and our architecture have taken. It's a very powerful way to set it up. I had a question on the VC issuance plugin to the external verifiable credential issuers. the new VCOM spec,… 00:50:00 Manu Sporny: the verifiable credential API for life cycle management defines an open API on how to do that connection. I was wondering what you're looking at to do that connection or am I misreading the diagram? I'm guessing the integration could be through a HTTP API. Is that correct? Vishwanath Vaidyanathan (Vishwa): Yes mono. Vishwanath Vaidyanathan (Vishwa): So plug-in is where we started. which is again a Java code people can write it could be HTTP or any kind of way in which that could be connected to the system to receive a credential but then follow the open ID for VCA to deliver it in a standard way to a valid that's where we started the whole thing but later we brought in lot of VC generation capabilities into NG certify and we introduced this data provider plug-in which is just getting the data but the generation can happen inside but since we started there we support both Manu Sporny: Got it. I guess my point is that we do have an open API for calling out to an external service to issue through the verifiable credential API for life cycle management. Vishwanath Vaidyanathan (Vishwa): Got it. Manu Sporny: It's not an open ID for thing. It's specifically for calling an external service and having it issue and it's really any credential. It doesn't have to be a rifiable credential. It could be an It could be an SD jot. It could be anything, right? It supports all of those things. So, I just wanted to make sure that you were aware that the VCOM spec does have an open standard for that issuance portion and that would enable interoperability between the VC issuance plugin and the external verifiable credential issuer service. That's it. Vishwanath Vaidyanathan (Vishwa): Got it. Vishwanath Vaidyanathan (Vishwa): So we can have a standard plug-in following the VCOM available for simplifying the integration further. Yes, we'll look at it. Swati, we can move to the next slide. Swati Goel: Next is about So wallet is again a module which is modular. So if you can see ng mobile and ng web right these are the two wallet we have cloud wallet and the mobile wallets. But whatever the features we are supporting in wallet either it's based on the specification or… Vishwanath Vaidyanathan (Vishwa): Oops. Swati Goel: let's say about key management other things everything is modular. So that people who wants to use these pro services in the ecosystem they can either use those SDK or libraries or modules in their existing applications or they can just use the NG wallet completely So let's talk about what are the modules right now. So let's say secure key store right as the name says it's about generating a key iOS keychain storing those keys when you want to request for a credential you have to sign the data So the signing will be managed by secure key store because it will access the private key from your Android hardware key store or iOS keychain. So it takes care of all of this storing the data encryption. This is the secure key store library written in cotlin and swift. All the libraries are written in cotlin and swift. Swati Goel: So that if we use native application let's say Android application or swift mobile iOS application right we can directly integrate native libraries if you want to have a crossplatform applications let's say react native page fl or any other right so we can still use cotlin application which is… Vishwanath Vaidyanathan (Vishwa): Take a moment. Swati Goel: which produces a jar file as well so we can write a rapper on top of kotlin desund crossplatform stacks and use this existing features that's the purpose of writing these libraries in cotlin. We have very dedicated library about we open specification that is called in GBCI client. So what this li takes care of is completely owning wallet part of PCI specification. So all the heavy lifting of theation is handled by this library. We just need a wallet to integrate with this library and handle few call backs whenever you user interaction is needed. Everything else is controlled by the library. Vishwanath Vaidyanathan (Vishwa): Thank you. Swati Goel: So anyone have any existing wallet which is not a digital credential wallet but they want a capability of digital credential their existing mobile application they can integrate with this library and get the digital credentials enabled in their wallet. Then we have So this VC verify library is written to verify different types of credentials we have W3 series and LD MS credentials and SDJ credentials. So to verify all those credential with respect to different algorithms whatever we support based EC or R algorithms. So all these managed by the library in open for VP as the name says it also module import for VP specification. 00:55:00 Vishwanath Vaidyanathan (Vishwa): Whatever. Swati Goel: So if you talk about in operative specification it has lots of details about how the wallet presents a credential to the party right so many flow are there in operating once you have to scanning a QR code you need a U that will be controlled by the wallet once you scan the QR code you get the data the data can be passed to the library and library will take care of everything after that the processing Swati Goel: the request understanding okay what the requirement from the link party then it will communicate to the wallet just give me the credential which matches this criteria because wallet has the credentials right so library cannot hold the credentials so library will just ask the wallet give me the credential which matches the criteria after this library will take care of generation of entire response as per the specification and submitting the response to the ling party as well so all the heavy lifting of is done by the library just need the UI and the interaction Whatever is needed for the QI display for signing the data you need a user consent right the face authentication or biometric authentication all this will be done by the wallet but things will be controlled by the V library then we have NGVC render library this library is still evolving we started this library to spec SVG render especially so we moved to the 3C data 2.0 Swati Goel: to refer to the SVG rendering. So to create a new library which can control entire specification of how a issuer wants to display a VC and that library can be reused across NG mobile and the web ballet as well as in the L party also you want to see the same visualization of the same credential. So that's the purpose of starting with this library is still evolving. We have a pixel pass library. This library started with controlling the R code management like generating a QR code based on the credential you have received decoding the QR code. Now this library is also evolving doing more than the R code. It also handling entire claim 69 mapping. So you have a JSON data you have to convert the JSON data into the claim 69 specific specification data. So it will control that as well as you can decode the claim of CN data into a simple JSON data. Swati Goel: All this will be manifest library. We have face match SDK. This is not a mossip module. This is an external module. we have third party partner scan. This module is written in react native. So this is in the demo we showcase right. We are verifying the phase. The verification is happening through this SDK. We have touali v to library as we have icon blueprint layer. So this is return to implement for specification. That's which was mentioning at the start right. So we have a VP B specification which works in offline mode where wallet and party can be in offline mode and you can transfer the credential from wallet to the party. So all these libraries are written in such a way it is plug and play kind of thing. Any existing wallet in the ecosystem can use any of these feature. They can directly integrate the library. Swati Goel: And if you can see in the NG web also we have started using this library key manager the same thing of the MOSFE system we have key manager services to manage the keys we have VC verifier using here render library also being reused pixel pass and… Swati Goel: All these we are making sure we are using this component across different cloud page and mobile application which you want to add Vishwanath Vaidyanathan (Vishwa): Yeah, that's one thing. Vishwanath Vaidyanathan (Vishwa): I think pretty much you're covered. So the way we have started we came from the MOSEP side where modularity was one important aspect. So we started splitting these as separate modules. so the entire ng validot is available which can be white labelled by any country or any implementers take this open source code white label it for them and they can start their valid. It is that simple and available. Vishwanath Vaidyanathan (Vishwa): But the reality when we actually speak to countries what we came to know is for lot of government service delivery they already have some app and it is already published in the play stores and app stores and it is available right so the country doesn't want to push one more new application so in that particular aspect this modularity helped us really lot of countries like Brazil and couple of other countries they took all these libraries and they integrated into their existing apps and they just brought in valid capability into their existing app. They didn't create It is just a capability incorporated into an existing app. All the complexity in terms of handling verifiable credentials the way we need to talk to a verifier we need to talk to an issuer everything is abstracted in these libraries. 01:00:00 Vishwanath Vaidyanathan (Vishwa): These are simple libraries with examples given for people to integrate into their existing apps. And web as we said it uses the same module to bring in the capability but this is a cloud valid which enables inclusion and people to get the same benefits of using it in a smartphone but it is available in the internet for them and they can eventually move to a mobile based valid and this data can be synced later. yes, m Manu Sporny: that makes again a whole lot of sense and there's a very good benefit there. one of the other things that you might have seen the discussion on the public cred the CCG mailing list is we're going to start focusing on wallet attached storage. Vishwanath Vaidyanathan (Vishwa): Hey, thank Yes. Yeah. Manu Sporny: So this would be the ability for mobile or ING web to connect to a encrypted backing store that's actually holding the verifiable credentials. So they could share kind of the credential storage as another option. I'm not saying that would be the only option, but one of the things that we are starting to see is that governments want to issue these credentials and they want to make it easy for people to use it. But many of the wallets today can't just attach themselves to a government data store move those credentials to their own own data store. So there's a data portability problem that we're seeing that and I'm not saying we're going to solve it next year or the year after, but we're going to start working on it. Manu Sporny: And it would be really good to have your input and thoughts into that solution as well. So that's Zcap's encrypted data vaults, authorization capabilities and the wallet detached storage work that's happening in the CCG. Vishwanath Vaidyanathan (Vishwa): So Mono,… Vishwanath Vaidyanathan (Vishwa): if I understand this correctly, you saying that you're working on a way to move credentials from one ballot to another. Manu Sporny: Yeah, it not necessarily move you to the end user it will look like they're being moved but behind the scenes it allows a wallet to attach to multiple different data stores. think of it connecting to a bunch of different Google drives or Dropboxes and the wallet would pull the credential data and… Vishwanath Vaidyanathan (Vishwa): People. Manu Sporny: show the user from those multiple different backends. it's another way of trying to smooth the process from a purely custodial web-based approach that a government might start with to moving those credentials into the individual's wallet or allowing them to pull them into the wallet using an open standardbased mechanism. What we're seeing with some wallets today is kind of a lock in that's happening. Once you get your credentials into that wallet, the wallet doesn't have a way of exporting or sharing or doing any of those things. So, that's generally what the work is around is providing secure storage for the individual so that they can choose where to move their credentials and where to store their credentials independent of the wallet that they're using. Manu Sporny: And it's also a way for a government to say, we are going to put your credentials in this custodial wallet for now. Vishwanath Vaidyanathan (Vishwa): All right. Manu Sporny: If you want to move them out of the custodial wallet, you have the right to do that and move it wherever you want to. again, it's to starting an individual, a resident, a citizen out with, something that's custodial and then enabling them to then port their data to their own storage in their own wallet in time. If that made sense. Vishwanath Vaidyanathan (Vishwa): No, no. U this makes complete sense. we also allow exporting of our credentials. But one area that we are we were puzzled how to do this is because the holder binded keys, The private keys that gets generated within device,… Manu Sporny: Yes. Vishwanath Vaidyanathan (Vishwa): we were actually looking for some way to export it. Vishwanath Vaidyanathan (Vishwa): So that we give that flexibility for people to move to another wallet export and import capability. If there is a open standard, we would be definitely interested. we'll look at that. Mono, thanks for the information. Manu Sporny: Plus one of that standard it's not a standard yet. the problem is that there are a lot of wallet vendors that it's called webkms. Vishwanath Vaidyanathan (Vishwa): Ear. Okay. Manu Sporny: So the key management portability is also a big pro issue as you said. we have an interface called WebKms that we started six or seven years ago, but we found a lot of the for-profit wallet vendors don't want people taking credentials out of their wallet, right? because, once you have your credentials in that wallet, they kind of have data portability is not high on their list. 01:05:00 Vishwanath Vaidyanathan (Vishwa): Hope your best. Manu Sporny: But it is very important for us as individuals to be able to have control over these credentials and the data have control over the keys and the credentials. And so I think recently there have been certain wallet providers and I would think that MOSEP and NNG are in this area where you do care about an individual having the ability to port to a different wallet or… Vishwanath Vaidyanathan (Vishwa): Sure. Manu Sporny: a different storage something of that nature. So yes, authorization capabilities, encrypted data vaults, wallet attached storage. I'm not saying we're going to solve the problem in the next two years, but we are very interested in trying to do it and would love your help and input in achieving Vishwanath Vaidyanathan (Vishwa): Press on that. Okay, we have already five minutes passed. Denken Chen: Okay. Yes. Denken Chen: So, we are out of time. I would like to see whether other attendees have questions. Let's open for another last one. If not we will have a feedback survey past it in the message. So please take the feedback survey. Denken Chen: So helping us to grow the APE community and to give us some feedback about how to do this monthly call for APE regions. mostly folks and Vana and Swati. Thank you very much. We see you soon. Vishwanath Vaidyanathan (Vishwa): Thanks Thanks everyone for the opportunity. last sentence please look at ING project it's an open source so feel free to look at our work contribute provide us feedback. Vishwanath Vaidyanathan (Vishwa): Denken Chen: Thank you. Vishwanath Vaidyanathan (Vishwa): So that is a request. Thank you. So this R code you can actually scan this QR code which take you to our documentation and GitHub repositories. you can add your suggestions and feedbacks to our community channel also. yeah, any kind of general feedbacks and contributions are welcome. Denken Chen: See you soon. Vishwanath Vaidyanathan (Vishwa): Thanks everyone. Sanchi Singh: I don't care about Meeting ended after 01:21:47 👋 *This editable transcript was computer generated and might contain errors. People can also change the text after it was created.*
Received on Friday, 17 April 2026 00:05:37 UTC