[MINUTES] CCG Atlantic 2026-05-12 from meetings@w3c-ccg.org on 2026-05-13 (public-credentials@w3.org from May 2026)

From: <meetings@w3c-ccg.org>
Date: Wed, 13 May 2026 01:27:41 +0000
To: public-credentials@w3.org
Message-ID: <CA+ChqYc+bYLSdoxvLaz7P+Pe_SVFLtphMU8dQgvPecmzxX+54g@mail.gmail.com>
This meeting focused on the European Business Wallet and its implications
for verifiable credentials, particularly in B2B and B2G contexts. Carsten
Stöcker and Ingo Wolf presented ongoing work in the W3C Verifiable
Credential Working Group, including the development of a vocabulary for
business wallets, with a focus on KYC/AML compliance and digital product
passports. Discussions also touched upon the importance of semantic
interoperability, the challenges and opportunities of enterprise identity,
and the need for post-quantum resilience in digital identity solutions. The
session highlighted efforts to integrate W3C standards into European legal
and standardization frameworks, with a call for community contribution to
the vocabulary task force.

*Topics Covered:*

   - *European Business Wallet and Regulation:* The presentation introduced
   the European Business Wallet regulation and its scope, emphasizing the
   shift towards B2B and B2G use cases over B2C.
   - *W3C Verifiable Credential Workgroup and Vocabulary:* Discussions
   covered the charter of the Verifiable Credential Working Group and the
   ongoing development of a vocabulary for business wallets, aiming for
   semantic interoperability.
   - *Rebuild Project and Enterprise KYC:* The Rebuild project was
   highlighted as a large-scale pilot focusing on business wallets, with a
   deep dive into the challenges and potential of enterprise KYC and due
   diligence processes, showcasing how verifiable credentials can enable
   straight-through processing.
   - *Data Spaces and Legal Person Identity:* The role of legal person
   identity in data spaces was explored, emphasizing the need for real-time,
   high-volume authentication and authorization for data sharing in industrial
   ecosystems.
   - *Post-Quantum Resilience and Crypto Agility:* The importance of
   building crypto-agile and post-quantum secure digital identity solutions
   was discussed, including the potential for dual-signing with existing and
   future cryptographic algorithms to ensure resilience.
   - *Grassroots Standardization Efforts:* The meeting highlighted efforts
   to ensure W3C credentials are referenced in European standardization
   documents and legal texts, advocating for their equivalence with other
   formats like SD-JWT.
   - *Business Wallet Playground and Authentic Sources:* A live
   demonstration showcased a simple business wallet connected to an authentic
   source (German Company Registry) to issue verifiable credentials,
   illustrating the concept of legal proof of existence for companies.

*Action Items:*

   - Interested parties are encouraged to reach out to Carsten Stöcker or
   Ingo Wolf via LinkedIn to contribute to the vocabulary task force for
   business wallets.
   - Further coordination is needed regarding the integration of business
   wallet vocabulary into the VC Playground, with an aim for earlier
   integration being welcomed.
   - Details about upcoming pilot programs in the United States involving
   retail businesses and verifiable credentials will be shared later.

Text: https://meet.w3c-ccg.org/archives/w3c-ccg-atlantic-2026-05-12.md

Video: https://meet.w3c-ccg.org/archives/w3c-ccg-atlantic-2026-05-12.mp4
*CCG Atlantic - 2026/05/12 12:01 EDT - Transcript* *Attendees*

Alex Higuera, Benjamin Young, Carsten Stöcker, Carsten Stöcker's
Presentation, Dave Lehn, Denken Chen, Dmitri Zagidulin, Erica Connell,
Geun-Hyung Kim, Grace Rachmany, Greg Bernstein, Harrison Tang, Hiroyuki
Sano, Ingo Wolf, James Chartrand, JeffO - HumanOS, Jennie Meier, Joe
Andrieu, Kaliya Identity Woman, Kayode Ezike, Manu Sporny, Phillip Long,
Rob Padula, Ted Thibodeau Jr, Will Abramson, Wilmer Daza
*Transcript*

Ingo Wolf: Hello.

Will Abramson: Hello everyone. Hi casting. Thanks for joining. we'll get
started in a few minutes. Let people trick in me.

Carsten Stöcker: Yeah, very good. I will long time seeing each other.

Will Abramson: Hey, I see him. you have a long agenda.

Carsten Stöcker: You had a long agenda for the meeting, I guess. Let's look
again.

Will Abramson: I mean, typically we just start with five minutes of
administrative stuff for the CCG.

Carsten Stöcker: Okay. Yeah.

Will Abramson: So it seems like a lot,…

Will Abramson: but it just reminds me of the things I have to say. It
doesn't take long 10 minutes at the most.

Carsten Stöcker: Yeah. Yeah.

Will Abramson: So, yeah, then we'll hand over to you, Ken. And then if you
just try away five 10 minutes for questions that would be great.

Carsten Stöcker: Together with me my colleague Ingo is doing a lot of WCC
work as well. So we do it together.

Will Abramson: Wonderful. Thanks. I

Carsten Stöcker: I'm very excited to be on the call. I think Grace, you're
from DIFF now, right? Grace, you're representing DIFF, aren't you?

Grace Rachmany: I am. That's right. I'm a def. it's just happening.

Carsten Stöcker: Excellent. That's good.

Grace Rachmany: That's what's happening.

Grace Rachmany: I love it.

Carsten Stöcker: Yeah, I also sum in the section.

Carsten Stöcker: I saw what the creator assertion working group is doing
also looking the credentials presentations and…

Carsten Stöcker: then yeah under diff and I think now we're talking about
WCC it's all good.

Grace Rachmany: Yeah. And yeah,…

Grace Rachmany: I'll be talking about that next week at the EIC, I think,
talking about the COG stuff in Berlin.

Will Abramson: Nice job.

Carsten Stöcker: In Berlin are you going there? quick enough. Yeah.

Grace Rachmany: And I think if there are other people in Berlin, we may
have a little hangout so people can just have a drink and hang out.

Will Abramson: Okay, cool. Let's get started since we got a lot to welcome
everyone to today's Credentials Community Group call. today we got Caren
and Ingo. They're going to be speaking about the European business wallet.

Carsten Stöcker: That's perfect.

Will Abramson: Before I get into that, I'll just go through the
administrative stuff. So, we follow the code of ethics and professional
conduct of the W3C here. It's just a reminder to everyone to treat people
with respect and build a collaborative environment for everyone here. next
IP note. So, anyone's welcome to participate in these calls. However, a
substantiative of contributors to any CCG work items must be members of the
CCG with full IPR agreements signed. feel free to reach out to me or any of
the other chairs. So, Denan or Mimmude if you have any questions about
that. We'd love to help.

Will Abramson: We can so call notes. These calls are recorded and
transcribed and the minutes will be available after the call sent on an
email to the CCG mailing list. So if you're not a member of the mail not
subscribed to the mailing list and you want to find the minutes then I
recommend you subscribe. next instructions and reinstructions. Is there
anybody new to the call today or who hasn't said hello for a while and
would like to come off mute and say hi? We'd love to hear from Yes, Wilmer,
please.

Wilmer Daza: Yeah. Hi guys. I'm new to this group. I'm starting to get
involved in other groups around standards in identity especially from def.
But yeah, I understood that this is a good group to follow and to
contribute as well because of the subjects I'm interested in a phrase I
will try to introduce myself. So I'm the founder of my one place which is a
company where we're starting and we want to create a unified layer of
identity and compliance for the tokenization of the real world assets in
the blockchain. So that's the one price of what we're trying to do. So
reusable KYC knowledge proofs of course and things like that.

Will Abramson: Thanks, great to see you here, too. I know you've joined the
did working groups as So, welcome.

Carsten Stöcker: I missed that.

Will Abramson: And if you have any questions, just reach out to me. I'd be
happy to help.

Wilmer Daza: Thank you, Will.

Will Abramson: I'm not seeing anyone else on the call, but if I've missed
you, do say hi. okay, last thing, announcements and Are there any
announcements or reminders for the community today that people want to
share? Okay, not hearing any. hi
00:05:00

Kaliya Identity Woman: Hi. we have the digital identity unconference Europe
coming up which it's an IIW inspired regional event and it's happening June
22nd to 24th in Copenhagen. Monday is a half day with some speakers just so
new folks can orient and some updates on European things like the European
business wall. It's one of the things people will be talking about on that
first day and then two days of open space technology where we create our
agenda live in the morning on Tuesday and Wednesday. So the URL is
diceidentity.org.

Kaliya Identity Woman: Yeah. And always, we're committed to accessibility.
If people really want to be there, you can reach out. ain't.

Will Abramson: Thanks, sounds like a great event. I'm just Copenhagen, too.
I'm not hearing anybody else on the agenda, but does anyone else have any
announcements or reminders before I hand over to Carson? over to you,…

Will Abramson: And you go first.

Carsten Stöcker: Yeah, maybe short introduction.

Carsten Stöcker: My name is Casten, founder of Sity. And so basically we
started engaging with the community back I think in 2018. There was an
rebooting web of trust event in Toronto. And since then we are very close
to WCC in terms of the did working groups verifiable credentials. We
adopted a lot of the stuff. So we are now as a company WCC member as well
and at SP we do things we look into primarily European business wallets
because is this huge legislation in terms of eed 2.0

Carsten Stöcker: zero then now we have a European business wallet
regulation I will share a bit kind of let's say what's in scope of the
regulation then my colleague Ingro is doing a lot of WCC work as well so we
spun off a task force in terms of the verifiable credential business wallet
vocabulary so we also a little bit talk about this and for us it's about an
interoperability play so a lot of people have done natural person identity

Carsten Stöcker: and business wallets and oil wallets and natural person
wallets and oil wallets and smartphone wallets and we are pretty much kind
of fully convinced that the microeconomic kind of value is not in Bpeer C2C
or whatever it's in B2B business to government and this is a huge
macroeconomic value in terms of supply chain industry for machine economy
trusted AI for B2B and so on and This is where we think we need kind of
cryptographic trust chains. We need semantic interoperability with
vocabulary. So we are very very convinced there different credential
formats. Yeah, the SD jaws and the MDOS but WC verifiable credential data
model and the JSON ID, SIBO ID, three things.

Carsten Stöcker: It's an advantageous model for semantically rich let's say
vocabul vocabularies and use cases and that's why we pretty much kind of
let's say support this let me quickly show you or maybe Ingo you introduce
yourself and…

Ingo Wolf: Perfect. Yeah,…

Carsten Stöcker: then I will first show the WCC verifiable credential
working group charter not sure if you have all seen this and after this
maybe we can explain what the European business wallet is, do a little bit
of a demo and discuss vocabulary, but maybe Ingo over to you for an
introduction.

Ingo Wolf: thank you Carson. yeah, so my name is Igu. I'm leading the
engineering department at spherity and joined the company almost one year
ago so I also joined verify the credential working group first time my
meeting also here and we started already with the preparatory task I would
say together use cases and requirements around the topics of
00:10:00

Ingo Wolf: Yeah, vocabularies for business wallets and vocabularies for one
area where we are quite active concerning DPPS is battery passports. So
yeah, we could bring also our semantic model of the battery passport as an
example of how we could relate then to the ontologies to be specified here
in the working group.

Ingo Wolf: And maybe another interesting side aspect we are also involved
in a funded project u currently ongoing in Europe called rebuild where most
of those semantic works I would say happen and we would like to transfer
the insights from that project to the business vocabulary specification and…

Ingo Wolf: yeah That's the short words from my side. Then back to Carson
maybe.

Carsten Stöcker: Yeah. Yeah.

Carsten Stöcker: So, let me quickly share. We first start with the WSVC.
and I guess you interrupt us with questions. Yeah. No worries. so this is
what happened. This was a big coincidence because I reached out to Manu Spy
and then one week before the end of the voting for the new verifiable
credential working group charter because we wanted to push WCC semantic
work that we do have been done in Vbu. maybe I quickly switch over to
Vbuild. I should have it here.

Carsten Stöcker: So rebuild what is a large scale pilot that Ingo mentioned
and this has whatever I think now 190 plus participating organizations and
the f core focus is in the business wallet. I think there's always a little
bit of legacy. So in this case kind of most of the participating
organizations are coming from the natural person smartphone wallet let's
say domain. So there's always a big kind of let's say discussions and
conversations about should the business wallet kind of be done on a
smartphone for freelancers, solo entrepreneurs or should we focus on let's
say small medium enterprises cooperatives big associations and so on and so
there this big of two mental models.

Carsten Stöcker: Yeah, a lot of people are focusing let's say on the solo
entrepreneurs and this has also to do with voting. I think this is So when
we talk to politicians and I think that's very important to understand they
say as a politicians I'm interested of the people who vote for me. Yeah. So
a legal person does not vote for me. For that reason I'm more interested in
the private citizen vote for me. If I can provide the private citizens a
better digital experience, they might vote for me. But if I provide a
better experience for legal persons, that's different story. Yeah. who are
the legal person vote for me?

Carsten Stöcker: For that reason, politicians always have in mind natural
persons and then the next step is solo entrepreneurs because there are
orders of magnitude more zolo entrepreneurs than large corporates. but if
you look in the microeconomic value, global chemical supply chain,
manufacturing, smart cities, critical infrastructure, cyber physical
systems. So this is where the microeconomic value of a digital backbone is
and the politicians are more kind of saying my god let's forget about the
legal person identity for the big corporate let's more focus on the kind of
the people who vote for me and I think the community started with SA SSI
self-s sovereign identity cyber punk manifesto to protect the data so as a
person can control my data and this is of

Carsten Stöcker: was extremely important terms of privacy in the age of AI
and total so we are all abused by big platforms terms of our data so that
don't get me wrong so data privacy is of utmost importance but also from a
microecur perspective there's this B2B play yeah and this is also always
discussion in the vbuild we focus on solar entrepreneurs on the big
corporates and big supply chains and automation and reporting application
automation and so on. so this is what we do in vbuild and okay, this is now
a picture from only the KYC KS working group, but if you see the entire
project consortium and there's all hands meeting, then it's unbelievable
amount of Good. And in build I want to say this is the structure. So
there's a couple of business model use cases. One it's called working
package 2.
00:15:00

Carsten Stöcker: There's KY K by S and K by B as know your supplier, your
customer, know your business, due diligence. Then there is create a company
branch, power and text declaration, micro credentials, business access,
whatever. I don't even know what OS is anyway, a company representative
acting above my company. so all the use cases when I have a digital
identity, there's always an onboarding. And when you think about I think
you all know KYC as a private person as a bank but as a legal person as a
bank then there is something called anti-money laundering for legal persons
highly regulated there's a due diligence on the control structures the
ultimate beneficial owners legal representatives financial data master data
stock exchange data

Ingo Wolf: Thanks.

Carsten Stöcker: BR industry domain codes and so on. This could be hundreds
and hundreds of data and kind of doing a due dilig. It can take months to
onboard a supplier to a whatever to big corporates and of course it can
take months when we talk about export control goods dual use goods defense
goods and so on takes always ages.

Carsten Stöcker: What is interesting if you have your full KYC record and
this is what we do. we basically use a full KYC record of a company and
this comes back to the vocabulary but also from a value proposition…

Ingo Wolf: Okay.

Carsten Stöcker: then it's fully verifiable. It's linked to the authentic
source to the business to transparency registry I can do I don't know this
in the presentation I must show it to you. I can do basically an onboarding
of a company in milliseconds. Yeah. And this is what McKenzie calls do I
have it here? No. This is what McKenzie calls straight through processing.
This is what McKenzie calls straight through of KYC processes. And do I
have it here? Yeah. And I think this could be done with enterprise wallets,
legal persons, verifiable control structure of the company.

Carsten Stöcker: And it's the holy grail of enterprise KYC straight through
you do it in milliseconds and especially when you think about agent
eiccommerce and cyber physical systems and dynamically defined markets and
on demand markets dynamically defined value chains So it must be on demand
in real time. the KYC straight through posting and this is now possible
with the wallet and that's something that we work in the rebuild project.
Yeah. Now I got lost in my presentation but I guess we might have a
question. Do you have a question on the KC?

Wilmer Daza: Yeah. Yeah. when you say full cowboy, I'm wondering because
sometimes Kawi means different things from different institutions,…

Wilmer Daza: right? So I mean to my understanding you have a common set of
criteria identity things like that are going to be the same across
different companies and institutions but it so happens that depending of
the context maybe the checks and the way k is done is going to be
different. so…

Carsten Stöcker: Yeah. when you look I think there's always let's say a
base vocabulary for KYC and…

Wilmer Daza: how you guys in that business wallet thought about

Carsten Stöcker: base requirements. Yeah. So if you basically look into the
U E European Union then where do I have the data? I will show you a KYC
records here from it's a high level. So in European Union we have a
European anti-money laundering directive. Yeah.

Carsten Stöcker: And under the anti-money laundering directive, it's pretty
standardized. Then of course anti-money laundering directive in Europe is
kind of translated into national law. And then there are differences
between Austria, Germany, France, Spain, Sweden and so on. But it's pretty
consistent how it works. You have to go to the company registry. You have
to go to transparency registry to identify the U's ultimate beneficial
owner. you have to fully identify the control structure. This is a simple
control structure because the publicly traded stock on a stock exchange
company and when it's publicly traded then basically the ownership is
completely fragmented and distributed and then you work with fictional
ultimate beneficial owner. It's pretty simple. Yeah. But this is in Europe
it's simple.
00:20:00

Carsten Stöcker: globally there also some consistencies how it's being done
in Hong Kong in US control structure ultimate beneficial owners but of
course in Germany it's different yeah and there's a kind of a common base
in Europe for that reason there are reusable things and I want to show you
one thing this is really flabbergasting and this is the reason why it takes
sometimes ages and years this is this one how do I need to

Carsten Stöcker: think about how best open it. Aldi is a big retailer.
Yeah. And let's have a quick look on Where am I? Here. This is a control
structure of endless one company. And of course, it's an extreme edge case.
Yeah. and this is super extreme.

Carsten Stöcker: this doesn't happen so much but this control structure you
have to do full due diligence if you onboard Aldi this is really bad luck
for you because then you have to work quite a lot yeah this is all the
subsidiaries the ownerships how people kind of let's say work with whatever
they do yeah for that reason this is a very tough task to look at the
control structure you have to do it but if you have this as a verifiable

Carsten Stöcker: credentials and you then have a proof that it was kind of
issued the full control structure by an authentic source in terms of the
control structure the ultimate beneficial owners then you can verify it in
milliseconds this is due diligence of course then you have some deviations
and edge cases maybe you flex something and you have to do something
manually but if it's more simple structure like ivonic I showed you at the
beginning then you can fully automate this and this is what McKenzie says
as the holy grail. Of course, if you do wholesale banking with any money
laundering, it's a little bit tougher. If you only onboard a supplier, it's
whatever the requirements are less strict. It's easier to onboard is and
then you can do the straight proof and that's basically the holy grail. so
we think that there's a lot of value. I do have some numbers here.

Carsten Stöcker: I'm mixing around with my presentations. Unfortunately,
that's a little bit mess. But here I have some numbers only to tell you
kind of the economic impact. So this is a study by SGN This C only in
wholesale banking, whatever payment processing, only enterprise banking.
Yeah. Only periodic and event driven revenue of the KC records. The cost
base in Germany alone is 2.3 billion. Yeah. So this is unbelievable high
cost base. It's not the onboarding, it's only the revenue process.
Unbelievable high cost base.

Carsten Stöcker: This is another estimate from the European school of
management technology in Berlin and they estimate for know your supplier in
the German industry alone for master data management. Yeah. the cost is 80
billion. Yeah. And let's say basic master data about your counterparty your
supplier. So it's not sophisticated KYC records. Yeah. only basic mass only
Germany alone costbased is estimated to 80 billion even if they did a
mistake it's just 40 billion doesn't matter but when companies then have
their KYC credentials the European company certificates in their wallet
they can present them and then the entire cost base or a lot of the cost
base maybe 90% or whatever 80% so we are also working on some business case
is fully automated and this is of course a big benefit and that's what one
of the key use cases

Carsten Stöcker: Course in rebuild this is just a oneoff use case. onboard
once I do revenue once a year or every three years depending on the risk
tiering of my customer or supplier. If it's high risk I do it every year.
If it's low risk I maybe do it every three years depending on my risk
strategy in the company. And this just kind of a one-off. But then there is
kind of repetitive kind of processes especially in data spaces.

Carsten Stöcker: So data spaces also very important kind of let's say
domain and not sure if you guys are aware of data spaces but in data spaces
basically in a supply chain and industry in manufacturing aerospace
chemical ecosystem with digital product passports with whatever there's
data sharing and there is a data provider and a data consumer and the data
consu consumer is supposed to authenticate and authorize at the data
provider. This is the use case of the data space and this is a high value
use case.
00:25:00

Carsten Stöcker: So where I need to know is the system on the other side of
the internet is it really Bosch and is this whatever this domain in Bosch
really which is a legal person of Bosch by the way it's not Bosch.com like
this big corporate I think in Germany alone but I don't know the number
correct I think it was Germany alone Bosch have 80 subsidiaries 80 legal
persons which means bosch.com with the PKI so doesn't help me when it comes
to liability I need to know the legal person of Bosch And then I need
wallet and in a data space use case, then the subsidiary within let's say
Bosch Automotive, Mobility or whatever.

Carsten Stöcker: are just making up a name but they have to authenticate
against another data space participant in real time high volume high
throughput for data when they ask for services for API access for an AI
service access whatever but they push write data whatever so this is high
volume use case data spaces and this is where the legal person identity has
also big

Carsten Stöcker: ific let's say yeah benefit of course authentic access for
transport public procurement invoicing public tendering the digital product
passport is one of the most important use case unfortunately two companies
dropped out and then this was put on hold but we are working on digital
product passports outside the project and then some other consumer opening
bank accounts and consumer payments and business payments and so on but I
want to say There's some architecture and wallet working groups, but
there's also semantic working group. And maybe Ingo will dive deeper into
this. And the semantic working group where we work on the vocabulary of a
KYC record inverifiable credentials.

Carsten Stöcker: And then I give over to Ingo. But this is what when I
first mentioned hey we reached out to Manu the verifiable credential
working group charter then basically we did something we added to the
working group Carter and got this approved pantative deliverables. And now
we have a task force whatever in this very credential working group we have
task force for what is this deeper for digital product passports and
business wallets yeah as mentioned so we are pushing a lot of the
vocabulary from vbuild but now we would like kind of to separate the vbuilt
vocabulary from what is truly European what's super detailed in terms terms
of AML and what is the base vocabulary that can be reused in APEC in US.

Carsten Stöcker: So we reached out to US Chamber of Commerce. we reached
out to companies in APEC for YTSO and so on. And because we are now here in
the WCCCCG, so whoever is interested to contribute this, you can contribute
this full amount of your time.

Carsten Stöcker: But only if you have minimal invasive tiny contribution,
this would be highly welcomed. So if the one or the other person in this
group also interested in the business wallets in the vocabulary kind of to
contribute to this. maybe Ingo I hand over to you now. Yeah.

Ingo Wolf: Yeah, thanks Carson.

Ingo Wolf: Yeah, so I can say a little bit about the current state of
vocabulary development. Maybe I just post the URL to the chat here. when
you go to the site you will see it's an early version.

Ingo Wolf: So the works are still ongoing and maturing there but yeah this
unofficial draft reflects already yeah who's working on that. So our
colleague Ronald Kernish is part of this demantic modeling working group so
for example we concentrated on name spaces and technologies that are common
in W3C.

Ingo Wolf: So the use of RDFS, Dublin core, XNL schema credentials name
spaces are visible here so the data model is available in a first version
0.1 and you see there are class diagrams also available as a SVG standalone
graphics. But interestingly, there is also a link to the vocabulary I think
at least there will be yeah.
00:30:00

Carsten Stöcker: share and

Ingo Wolf: Yeah. Yes. Of course. just a moment.

Ingo Wolf: Yeah, you should see it. yeah. So maybe I start again. yeah. So
as I mentioned the structure is already the one that we are familiar with
from W3C specification. So respect is used as a tool and as I mentioned the
name spaces show already what is used technology wise for defining this
vocabulary.

Ingo Wolf: Then a data model is shown here with graphics and there is also
a link at the beginning of the section 3.1 where this vocabulary can be
browsed with ontology browser from web file so basically that's the
starting point the class diagrams for example for a European company
certificate vocabulary as seen here. Additional class diagrams of the terms
and entities used and there is already a quite long list of terms almost
100 listed here that are used currently in this vocabulary and also data
type definitions and individuals.

Ingo Wolf: So that's the current state of development. and you are welcome
to comment on that. It's an public process and…

Carsten Stöcker: customer.

Ingo Wolf: also public comments can be filed over GitHub I think. Yes. My
northwest.

Manu Sporny: This is all wonderful work. Thank you so much to both of you
and the whole team for working on it. It's really exciting to see this done
so well. my question is around how do we test this what so for example we
have something called the VC playground and we could take some of these
objects and put it into the VC playground and…

Ingo Wolf: Yeah.

Manu Sporny: get it to start issuing and verifying these. I mean, it's
certainly not a full-blown business process flow, but it would demonstrate
that there are already multiple implementations that can, support the
vocabulary and things of that nature. What's the timing around doing that?
I guess the two questions. Is there interest in doing something like that
is the first question. And if so, what's the best timing around doing
something like

Ingo Wolf: I think it's very welcomed since we use the playground already
for validation of examples and visualization sometimes also and Ron Kernik
is the one that would be part of this working group as well as part of the
rebuild semantics group and yeah I think we can coordinate about that what
would make sense I think the work group charter is for one year,…

Ingo Wolf: So, the earlier the better I would say that we try to enhance
the playground maybe. yeah, else of course we are using JSON LD libraries
for validation of our example artifacts. but yeah, very good suggestion.
Thank you.

Carsten Stöcker: I think Manu,…

Carsten Stöcker: what would be good if I think we have to separate a bit
what super detailed out what's the base vocabulary and then to align it a
bit what are requirements from US and APEC. so we might get a big corporate
from Japan supporting the working group. Then as you know we are also
reached out to US people to really kind of let's say bring it to the next
level on a more international level and I think then we can start this and
I would expect that we have the base structure and the base vocabulary
maybe after the summer vacation period. Yeah.
00:35:00

Carsten Stöcker: And I think Manu, you mentioned the Chamber of Commerce.
this looks also very interesting to do some very base vocabulary work with
them. And this should then go on the playground and then we could have a
digital corridor between North America and Europe based on a common
vocabulary. I think this would be the utmost preference. Yeah. Then

Manu Sporny: Completely agreed. I'm thinking that there may be something
faster that we can do. So we Digital Bazaar are involved in some retail
pilot programs where we do need to identify the business at just a high
level. So, it wouldn't be very complicated, but it would be a way of kind
of starting to deploy in pilot situations. I do want to make sure we don't
do that before you're ready for it,…

Carsten Stöcker: No, no. Yeah.

Manu Sporny: we don't want to destabilize it by pushing something too early
out into pilot. So, by end of the summer is fine. we can kind of work with
some of these retailers in the United States, to get them ready, like point
them at this and say, "Hey, it's going to be more generalized than just
European businesses. We're trying to do a global vocabulary here." Get them
used to the idea of using this. And then when you say you feel like it has
some level of stability that we can build on for a pilot then we could work
with them on it. Understanding that the pilot is going into production
we're going to do a pilot and then see if it works. that's the step that
we're doing before the production thing. So it would be an attempt to take
this and deploy it into some kind of production setting by the end of this
year.

Carsten Stöcker: Excellent.

Manu Sporny: And we can share details, later on, but I wanted to make sure
to just make it very clear, we're very interested in using this and
deploying it in very real situations in the United

Carsten Stöcker: This is good news.

Carsten Stöcker: Ingo any further thought because then I would like to
share some tiny details to give a flavor.

Ingo Wolf: Yeah, please go ahead.

Ingo Wolf: That was it from my side to introduce the current state?

Carsten Stöcker: I would like to show two more things.

Ingo Wolf: Back to you.

Carsten Stöcker: One is and this is really wonderful because we are WBC we
have shared objectives we have shared values we have shared thinking and
methodology here and there are people that are close to our community and
this and we really act in concert even if we have never met before and I
would like to show you something it just gives you a flavor what personally
that surprises me all the

Carsten Stöcker: time because I don't know the people that do this. But of
course over time we get to know them. So I don't anyway it's a draft. this
is a European telecommunication standards institute. Yeah. Whatever goes
into law in Europe in terms of digital identity EDS 1.02.0 needs to
reference a standard. And there is very important standardization working
on. One is the electronic signatures and trust infrastructure.

Carsten Stöcker: Easy additional wallet interfaces part three and there's
another one I don't know which one is this and then interface and format
cataloges at stationation rule books blah blah blah and this is basically
where people define credential formats and manu also know that we had
people in Germany pushing back WC credentials at the very origin of all
these legal documents there was only verifiable credential data

Carsten Stöcker: model being mentioned and then a couple of the other
people pushed out WBC hardcore but now people bring it back in the
standardization work in the legal text and maybe you see it here it's
basically a credential format you have of course the SJ WC credential and
now the big kind of contribution that we are all doing WCC fans in Europe

Carsten Stöcker: is to make sure that WC credentials so of course goes in
the standardization documents but they also go in a definition because in
Europe we don't call it credentials we call it electronic attestations of
attributes EAA and then we have qualified electronic attestations of
attributes and what the SD job people did they pushed out WC credentials
for the A EA
00:40:00

Carsten Stöcker: And even in some texts for the EAAS and now kind of let's
say the WCC friends are pushing back to make sure WC credential can be on
the same level like endoc SD jot WC credential and then the use case can
decide what's the best credential format and this is really sometimes a
little bit ridiculous because SD jot you can do a personal identity card
with 10 attributes but if you're a semantically rich industry with hundreds
of attrib utes KYC KC records with hundreds or thousands of attributes for
digital product passports for complex industrial products. Yeah, the
industry needs vocabulary. The industry uses du JSON LD they and add
context in the schemas. They use it in the data spaces in electronics
industries in whatever in the automotive industries in a lot of projects.

Carsten Stöcker: And here we are really closing the loop because when we
are now moving from natural person to legal persons we must support
semantically rich use cases. We must have verifiable credentials and here
you see it in different standards documents. That's a base work we are
doing. maybe it's the grassroot work to make sure it's referenced in all
the standardization documents. There are a lot of them and it's not only us
from spirit. a lot of other people. I don't even know them all in France,
Spain, in Netherlands, everywhere. And it's a good grassroot movement. But
then the ultimate kind of goal is to make sure in the legal text it is a WC
make it to the Q qualified electronic atistation of attributes. I think
that's the ultimate goal. and in addition to this, people are discussing
something a high assurance interoperability profile.

Carsten Stöcker: This is basically you can use direct sequence for high
issuance use cases in critical infrastructures in anti-money laundering in
use cases where terrorist financing is involved and all this kind of stuff.
This is high assurance use cases and for that reason we must make sure
verifiable credentials make it there and this is in some degree defining
the profiles defining the test cases defining what a semantic supply chain
is of at context schema how to secure it and that's the kind of work that
is ongoing and the moment we're trying to identify the people that are
working on this in Europe in the different whatever initiatives and making
sure

Carsten Stöcker: we act in concert to get the ultimate outcome. But that's
really part of our work now. And yeah, I think it's pretty amazing to see
the level of detail where people push WC in the legal text and in the
standardization text and really push back when SD people try to block them.
That's also something that's ongoing. There's a question.

Manu Sporny: Carsten, is there any discussion in the EU that is talking
about the postquantum issues around things like SDJ and MDOCK? So, as

Carsten Stöcker: We are doing this. Manu I can tell you. So we pushed this
to the European Commission and told them whatever we build it must be
cryptoagile and postquantum secure.

Carsten Stöcker: Maybe that's also a follow-up discussion. So we believe we
need postquantum resilient digital corridors let's say between Germany and…

Manu Sporny: Mhm. Yep.

Carsten Stöcker: US or Finland and Japan to connect two jurisdictions to
agree on the standards the multi key management when you do the hybrid
signatures and whatever the trust chains how to secure the trust list and
so on. So there is not much going on at the moment. I think PQC people
let's say it's a denial. my god, it takes too long. Of course, now they all
know the Google prediction with the Bitcoin, but I think how they spun at
the Google my god, Bitcoin is a problem. I think this was for the wrong
narrative. They should have all identity solutions have a problem when
quant computing can break digital signatures.

Carsten Stöcker: I think with the Bitcoin it really landed in the wrong
understanding. So in the legal text there is of the European business
wallet it's highlighted it must be um secure or postquantum resilient with
hybrid signatures supporting crypto agility but there's not much work
ongoing however having said this in vertic forum there is a working group
called the quantum application hub and there we are basically working with
the vertical forum on putting an education tool in place. What does it
mean? Postquantum resilient, let's call them resilient because they're
never safe. postquantum resilient wallets.
00:45:00

Carsten Stöcker: It's not only a technical problem. It's a governance
problem. It's a coordination problem. It's a standards problem. It's not
only for harvest now on the encryption. It's also digital signatures. But
right now there is not being done enough work.

Ingo Wolf: Peace.

Carsten Stöcker: I think it goes in the DI documents in the VDS and the
qualified VDRs and the multi key management for hybrid signatures and…

Carsten Stöcker: so I think this is just beginning and there is not much
momentum. it's small community.

Manu Sporny: Yeah. and…

Manu Sporny: to add to that, Karsten, I think I'm specifically talking
about the transition. So going from something like ECDSA to a postquantum
signature,…

Carsten Stöcker: It's Yeah.

Manu Sporny: I think one of the things that's underappreciated with the W3C
verifiable credential data model in the data integrity approach is that
with the W3C data model you can dual sign or triple sign the payload. So
you can use a postquantum signature and if you do that that makes the
entire ecosystem resilient. We don't know when a cryptographically relevant
quantum, supercomputer is going to break things. And so this is a
preventative mechanism. You can use a W3C verifiable credential, put a
postquantum signature on it,…

Carsten Stöcker: Absolutely. No,…

Manu Sporny: and have both of those live in the European business wallet
and be completely covered. You cannot do that with MDO, and you cannot do
that with SDJ, right?

Carsten Stöcker: absolutely. this is what we are fully educating. So, we're
currently building this as an educational tool for the world's economic
forum. Yeah. And here it's like okay we don't even call it Europe we call
business wallet and the idea is together with vertical form we would like
to build a PQC resilient digital corridor between two jurisdictions let's
say Turkey and Germany because there's a lot of Turkish German business and
Turkey is pretty much leading the postquantum crypto whatever transition
Canada is also leading Germany is leading Ger everyone is leading Germany
but anyway

Carsten Stöcker: could also be Spain and Canada, whatever. We don't care.
so this is what we're basically doing. We're building this with little bit
of an education what is it learn the key concepts and then we explain a bit
what does quantum computer break today's encryption and the signing and
identity and hybrid keys blah blah blah and then the idea is to show what
is quantum resilient and quantum safe and then to show a bit what's going
on there. s so we are trying to build an educational tool for the world
economic forum. so in the end you have a wallet and then you have even an
address book.

Carsten Stöcker: I don't know if we see the address book now and then you
see whatever post Deutsche far Nova healthcare legacy only and Deutsche far
they have multi keys and hybrid keys for PQC resilient encryption and
signing and that's a bit what we're kind of building at an educational tool
and the next step is what you said kind of to really implement it between
two jurisdictions and show how it works because we believe and that's also
very important the GLE people are now doing a call for paper and they talk
about interoperability and I think interoperability is a big misleading
mental model when you try to have full interoperability in the identity
space. So we believe we need to distinguish between a microecosystem or
micro yeah level a mro level and the macro level.

Carsten Stöcker: The macro level would be if you try to solve
interoperability for all industrial domains, for all use cases, for all
jurisdictions at the same time. And this is true for PQC transition, but
also for identity deployment in general. And we think so we need kind of to
think more on a micro level. For example, in Cartina X at the moment in
Katina, it's a big ecosystem. they just have one I think that's a problem
in itself. so in Cina X, it would be fully acceptable to have three wallet
solution providers. Of course, other right now there's not a big market for
wallet providers.
00:50:00

Carsten Stöcker: three are now for but if the three can demonstrate in a
use case interoperability in one mazo ecosystem then in another mazo
ecosystem let's say or the chemical industry the energy industry or
whatever they also show interoperability and then there's
interoperabilities being sorted out on the European Union level and then on
a global level I think then it's up to the implementers if there are tiny
changes let's say three wallet providers have done it for cartina

Carsten Stöcker: and others three have done it for whatever the retail
ecosystem US and then they find out my god there's another standard so the
business case everything is working we implement the new standard we change
the protocol so we bring it on a higher level of interoperability so this
is how we see it we cannot solve interoperability top down we have to do it
more on a micro or mo level in an ecosystem with a smaller number of
service providers they are fully in how department security also has done
it.

Carsten Stöcker: I think they have done it with eight or two 4x4 what four
four but anyway I think this could be done and this is same for PQC we
think we need the PQC corridors between let's say US and Germany then we
can demonstrate it it's an early sign of success it's already working and
then it can be expanded a bit if standards are kind of dropping in the
implementers can bring to the next level and our ability

Carsten Stöcker: to work a little bit more bottom up. This is a much more
pragmatic approach and that's the reason why we do a lot of advocating for
building PQC resilient corridors based on WCC technology.

Carsten Stöcker: So this is a bit our strategy.

Ingo Wolf: very good cast.

Ingo Wolf: I think we could talk much more about the topic…

Carsten Stöcker: I need to know one more thing.

Ingo Wolf: but looking at the time we are already a bit over.

Carsten Stöcker: I need to show one more thing if you don't mind.

Carsten Stöcker: But I would like to show something. It's a playground. I
know Why can I check?

Will Abramson: Yeah, it's okay.

Will Abramson: I think we got time. I mean, if anyone has questions, please
jump on the queue so we can get through them. But in the meantime, Carson
and Cobra

Carsten Stöcker: I can't share now because what happens now with my am I
still sharing or why can't I share? let's try again.

Ingo Wolf: No, you're not sharing.

Carsten Stöcker: I can share again. But where is it? I think it's here. So
this is a very very simple playground. Is in German? No, it's not. Let me
quickly go back. I hope I can Okay. The playground basically It's a
business wallet connected to the so-called authentic source. And maybe I go
back to this one because we believe in terms of authentic sources that this
German anyway doesn't matter no German it's a German ch I have it also in
English but unfortunately in this presentation it's pretty German. So when
a person is being born gort means per birth. Yeah. Then there is an initial
legal event. Yeah.

Carsten Stöcker: It's being you get your birth certificate and then you get
your identity card and from the identity card you can derive a personal
identifier pit in Europe and we think the same is true also for legal
persons but the legal event is a company's being born or founded then it's
registered in a business registry and the entry in the business registry is
a legal proof of existence so the legal proof of existence a birth
certificate and then

Carsten Stöcker: get whatever your identity card or in US you might get
your driver license or your passport and the legal proof is the entry in
the business regist and this is why we did a partnership with Bunes and
Saga Falak it's a German company registry Germany is the biggest member
state and we pushed hard Bunus Saga Falak as a German company registry is
now being in the process of being a W3C member and…

Will Abramson: Mhm.

Carsten Stöcker: this is important because this was being called authentic
source where the legal proof of existence is registered about a company and
we derive a cryptographic verifiable credentials from We inherit the legal
proof of existence from the business register in a business wallet. Yeah.

Carsten Stöcker: And this is how trust is being established in B2B and
business to government use cases when you have a cryptographic verifiable
whatever records trust chains into the business regist where the legal
proof existence is. So this is what we do with the bonus and saga falak and
there is in Europe there so-called abraas the European business registry
association and there are six business registries in vbuild they all apply
the same principle so that we can do this and this also why together with
manu we reached out to the US chamber of commerce to really derive the
legal person identity of a company from the legal process in the business
registry and here you see it in a couple of step like a
00:55:00

Carsten Stöcker: What is a company? Maybe I do You all know LEGO. So, of
course, there's LEGO in Denmark, but there's also LEGO GmbH in Germany
maybe do this and then we say, "Hey, I pretend I'm Lego." And then
basically we're live on the data space on the data bank of Bonus and Saga
Falak and of the German company registry. it's a demo. We don't use eid or
the oil wallet for ident for authenticating the natural person and we don't
use video. All of this is possible here in the demo. We skip this.

Carsten Stöcker: We basically pretend this are basically the legal
representatives of Lego live from the German registry. you're looking into
this and here you also see problems with registries. Here's a quality
problem because Christopher Belts has two spellings. Yeah, this is also
kind of an edge case and implementation challenge. How to deal with these
edge cases if there's a data inconsistency? this is what's called global
you can trust what'sever in this business registry you have legal trust
into this if you have a damage because of this then you can file a lawsuit
against Germany to fix this so here we have this now we pretend we are Ulia
and by the way there are no GDPR issues because this is all of this public
data and we're live on the registry now and then

Carsten Stöcker: we issuing a credential. So basically Ulia has been
authenticated by an identity authentication of the natural person. the
business registry bonus looked up is Ulia a legal representative.

Will Abramson: Okay.

Carsten Stöcker: Can she represent Lego game behind? So in this simple
demonstrator she can do it alone because we can represent it a business
wallet's being set up of course a qualified business wallet and then right
now we have a European business wallet owner identification data credential
natural person credential and now Ulia as whatever is requesting a European
company certificate and the European company certificate is basically an
identity card of a company and then as next

Carsten Stöcker: tab. Ulia can request KYC records. Ulia can do power of
attorney. So we are working on power of attorney semantic schemas. Even we
would in rebuild we would also push this in the WCC verifiable credential
task force for business wallets because then Ulia can delegate with power
of attorney a treasury poor, a procurement poor, whatever. And then people
can prove they're authorized to act on behalf of the legal person as
natural person the poor to do this for natural person and…

Carsten Stöcker: of course also of other persons and that's a bit what
we're doing here in this very very easy and simple live demonstration on
the register

Will Abramson: Yep. Thanks,…

Will Abramson: I just want to cut you off because we are at time, but this
is a very comprehensive overview of many things that you're working on. I
mean I thank you for all the work you're doing in this space to I think
it's really important focusing on business case and the legal persons and I
look forward to seeing more. Thanks everybody for today's call.

Carsten Stöcker: No. And will whoever wants to join the vocabulary task
force on business wallets just drop us a note and…

Will Abramson: Have a great rest of your week. I'll see you soon. Cheers.
Great.

Carsten Stöcker: man and I will be very happy.

Will Abramson: Great. Cheers.

Wilmer Daza: How? So,…

Wilmer Daza: so on LinkedIn or how can we get in touch,…

Ingo Wolf: Thank you everybody. Thanks

Wilmer Daza: custom? Okay,…

Carsten Stöcker: Yeah. Yeah.

Carsten Stöcker: Maybe do it on LinkedIn. Yeah. Yeah.

Wilmer Daza: I'll let you

Carsten Stöcker: And of course would be beneficial if you're WCC members as
a person, as a company. That simplifies the process. Okay guys, take care.
Bye-bye.
Meeting ended after 01:02:02 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Wednesday, 13 May 2026 01:27:51 UTC