- From: Michael Herman (Trusted Digital Web) <mwherman@parallelspace.net>
- Date: Wed, 25 Feb 2026 04:41:20 +0000
- To: Steve Capell <steve.capell@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>
- CC: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <IA3PR13MB75412433F075CA72FA1B4CF0C375A@IA3PR13MB7541.namprd13.prod.outlook.com>
In Web 7.0, we have something we refer to as Web 7.0 Verifiable Trust Circles (VTCs): https://hyperonomy.com/2025/12/10/self-sovereign-control-ssc-7-0-metamodel/ Michael Web 7.0 Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Steve Capell <steve.capell@gmail.com> Sent: Tuesday, February 24, 2026 7:40:35 PM To: Manu Sporny <msporny@digitalbazaar.com> Cc: W3C Credentials CG <public-credentials@w3.org> Subject: Re: Renaming the Verifiable Issuers/Verifiers spec I’d like to confirm this this draft specification meets the design goals of what we call a DIA (digital identity anchor) in our UN standards - see here https://untp.unece.org/docs/specification/DigitalIdentityAnchor I think it probably does but I also note a rather fundamental difference in conceptual architecture The w3c efforts in this space seem to focus on the idea of a recognised authority publishing “lists” of recognised members. For example a national education ministry publishing a list of universities - so that a verifier that receives a degree certificate can verify that the issuer is on the list. BUT - that works nicely when that list of recognised entities is manageable in size and relatively slowly changing. However consider a business register such our national register in Australia. 2 million members and roughly 1000 changes per day. And we are only a mid sized economy So the UNTP approach to this problem is not to issue lists. Instead we ask the authority to verify that a given member is genuinely the controller of their DID - abs then issue a very light weight credential that only says “the controller of this did is known to us as <authoritative registered ID>. Another requirement we have is that the identity verification must be possible without any direct presentation / relationship between the recognised entity and the verifier. Common in trade because an importing regulator needs to verifier that an exporter in another country that issued an invoice really is the business registered by that registrar in the exporting country So no lists and no assumption that an authorised member has any direct relationship with a verifier I “think” this draft specification might fit our needs - but I’m not sure I see the explicit credential subject ID (members did) and the link to registered identity (as known to the issuer that is the authoritative register) Cheers Steven Capell UN/CEFACT Vice-Chair Mob: +61 410 437854 On 25 Feb 2026, at 12:50 pm, Manu Sporny <msporny@digitalbazaar.com> wrote: Hi all, The group that is working on the specification currently known as "Verifiable Issuers and Verifiers" has made significant progress over the past several months to the point where the specification feels like it has a fairly stable shape. Stable enough to rename the specification, anyway. The specification has progressed to be able to allow an individual, organization, collective, or nation state to: 1. Publish a set of recognized entities (identifiers, legal name, logo, website, description, etc.) 2. For each recognized entity, also include a list of recognized actions that the entity is known to perform (such as "issue a college degree that matches this JSON Schema"). 3. For each recognized entity, specify that the entity is also recognized in an external "trust list" format such as EU ETSI Trust Lists, X509 Certificate Authority lists, or another RecognizedEntityCredential. You can view some examples of what a recognized entity credential looks like here: https://w3c-ccg.github.io/verifiable-issuers-verifiers/#example-a-set-of-known-universities-in-a-particular-nation We want to rename the specification as it has outgrown the current title. We want the new title to quickly convey that the specification provides the capabilities to achieve the three things above. We don't want to use words like "trust", "authorized", "list", or anything that conveys centralization or an uneven power dynamic of any kind. The current proposed titles are: Recognized Actions Verifiable Recognition We're going to collect suggestions through the CCG mailing list, and then send a ranked choice poll out to the mailing list so that we can get some good data before we pick a new name. We want the name to be accurate enough, but also resonate with people that are not familiar with all of the minutiae of this community. With all that said: What other titles do you think we should consider? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Wednesday, 25 February 2026 04:41:28 UTC