- From: Kerri Lemoie <klemoie@concentricsky.com>
- Date: Thu, 21 Apr 2022 13:55:40 -0400
- To: public-vc-edu@w3.org
- Message-Id: <997D2199-750B-41B4-A46B-8EBFB988AAFF@concentricsky.com>
> Begin forwarded message: > > From: CCG Minutes Bot <minutes@w3c-ccg.org> > Subject: [MINUTES] W3C CCG Verifiable Credentials for Education Task Force Call - 2022-04-18 > Date: April 21, 2022 at 1:53:36 PM EDT > To: public-credentials@w3.org > Resent-From: public-credentials@w3.org > > Thanks to Our Robot Overlords for scribing this week! > > The transcript for the call is now available here: > > https://w3c-ccg.github.io/meetings/2022-04-18-vc-education/ > > Full text of the discussion follows for W3C archival purposes. > Audio of the meeting is available at the following location: > > https://w3c-ccg.github.io/meetings/2022-04-18-vc-education/audio.ogg > > ---------------------------------------------------------------- > VC for Education Task Force Transcript for 2022-04-18 > > Agenda: > https://lists.w3.org/Archives/Public/public-vc-edu/2022Apr/0020.html > Topics: > 1. IP Note > 2. Call Notes > 3. Introductions & Reintroductions > 4. Announcements & Reminders > 5. VC Governance > 6. PDFS as VCs with James Chartrand from McMaster University > 7. Credential Display in Wallets Discussion > Organizer: > Kerri Lemoie > Scribe: > Our Robot Overlords > Present: > Kerri Lemoie, James Chartrand, Stuart Freeman, Deb Everhart, > Brandon Muramatsu, JeffO Real-IT, Geun-Hyung, Simone Ravaoli, > Marty Reed, Dmitri Zagidulin, John Kuo, Andy Miller, Keith, Phil > L (P1), Nikos Fotiou, Yashwardhan, Leon, yashwardhan, G, Alan > Davies, Colin (LEF), Kayode Ezike, David Chadwick, Jim Goodell, > Kaliya, Timothy Summers > > Our Robot Overlords are scribing. > Kerri Lemoie: Hello welcome to the VC edu task force call on > Monday April 18th I'm today we are going to be discussing > credential display in the wallets including PDFs and also a quick > touch base on VC and VC Edu governance. > > Topic: IP Note > > Kerri Lemoie: I'm for we get started let's start with the IP > note anyone can participate in these calls everyone is welcome > however any substitutive contributors to any of the ccg work > items including this task force must be done by members of the > ccg with full IP our agreement signed in you can learn more about > this at this link that I'm going to put in the chat right now. > Kerri Lemoie: https://www.w3.org/community/credentials/join > > Topic: Call Notes > > Kerri Lemoie: Hey for call notes these minutes well this isn't > that these meetings are recorded an audio recording done for > every call as much as we can do this but they're also transcribed > by the robot overlords and you will see in the chat the job that > they are doing as we speak if you see that there is anything that > could be corrected that's being transcribed improperly please do > us a favor and. > Kerri Lemoie: You see it do a. > Kerri Lemoie: Substitution and the chat and you can do that by > typing s /i'm phrased to fix or word and then fix phrase I'll put > that in the chat as an example. > Kerri Lemoie: Example: s/phrase to fix/fixed phrase/ > Kerri Lemoie: I'm sure that as I speak robot overlords and I > don't always get along well so I'm sure we will see lots of > examples of that please note that we do use a cue system and > these calls so if you have something to say or question to say > please type Q the letter Q & A plus sign farewell adieu to the Q > and if you feel as though your kids your mind you can type Q - > and I will remove you from the queue by doing. > Kerri Lemoie: I'm this we will. > Kerri Lemoie: At the Q and then call on you in order. > > Topic: Introductions & Reintroductions > > Kerri Lemoie: Okay why don't we see first is there anyone here > who's new to the call or who like to make an introduction of > themselves today or anyone who's been in the call for a while and > would like to reintroduce themselves or have some news to share > Dimitri you're in the cube. > Dmitri Zagidulin: Hi can you hear me okay. > Dmitri Zagidulin: So yeah I thought I'd do a quick > reintroduction only because one of my hats has changed so I have > recently reduced my work with digital bizarre do I'm still in > close collaboration with Angela's our team and have stepped up my > involvement in virtual reality and augmented reality so I'm still > doing the same things verifiable credential. > Dmitri Zagidulin: Decentralized identifiers Secure Storage just > bringing that toolbox to the AR and VR world still also involved > in digital credentials Consortium and the learner wallet there > that's it. > Kerri Lemoie: Thanks Dimitri that sounds incredibly exciting > that's awesome. > Kerri Lemoie: Anybody else have would like to make an > introduction or update us on your current work. > > Topic: Announcements & Reminders > > Kerri Lemoie: So next we have announcements and reminders keep > in mind that every Tuesday at noon Eastern is the ccg call and > that is always worth checking out if you have time to do so to > stay up to date on what is going on overall in this community. > Kerri Lemoie: I'm also next week is the internet identity > workshop and that starts on Tuesday this Tuesday through > Wednesday or is this Tuesday Wednesday I think but it's next week > and that means that we will not have a call next week so next > Monday there will be no VC I'd you call I'll send an email > reminder out but I just want to let you know they were going to > skip next week because some of us will be at that meeting and > we'll be able to do this as well are we traveling that day. > <jeffo_real-it> IIW is Tues, Wed Thurs - Sodl out apparently. > Kerri Lemoie: Just check the queue here see if we have. > Kerri Lemoie: I'm sorry I let sold out incredible thank you. > <jeffo_real-it> 250 cap > > Topic: VC Governance > > Kerri Lemoie: So before we get started with James we have Jim > chartered in here who's been doing some interesting work on PDFs > as we seize I was here from McMaster University and I'm just > going to fill us in on that work you may have seen some > descriptions of this and the mailing list and we thought it would > make a lot of sense to ask him to come tell us and every CH you > you know what how they've gone about doing this PDFs is something > that open badges has discussed for a long time it also has come > up quite a bit in this community. > Kerri Lemoie: You before there's a whole lot of reasons to use > PDFs in education. > <jeffo_real-it> If anyone wants IIW ticket check in any case just > in case. > Kerri Lemoie: I'm there there are well understood format and you > know and can be secured and have embedded data in such as James > will tell you and then we're going to talk more about a > credential display and wallets and then I'm gonna have to meet > you just helped lead that discussion to you because he has some > things in mind but before we get started if you don't mind I just > I wanted to ask you all to take a look. > Kerri Lemoie: At this mirror board. > Kerri Lemoie: https://miro.com/app/board/uXjVO8bG_9s=/ > Kerri Lemoie: The chat and I will share my screen when one thing > that we have been talking about or thinking about a lot is what > is governance right what is governance in this space. > Kerri Lemoie: A lot of misconceptions and a lot of questions and > I really hope to be able to push on this topic more at internet > at the iaw next week and so I'm hoping that I could do some > research with folks in this community before we go to see what > kind of assumptions and questions and understandings that you > have about about what governance is so although I'm not a huge > fan of Mero I feel like this is a good place to do this because. > Kerri Lemoie: You can bring it whatever you'd like whenever you > want if. > Kerri Lemoie: We need another section other than assumptions and > questions go ahead and create that you could do what you want > with this board and then we'll take a look at it at the end of > the week or early next week and and see what we're learning in > here and what you know of questions and assumptions we should be > addressing. > Kerri Lemoie: And before I move on I sort of want to check in to > see if anybody would like to talk about that now if they have > anyone has any questions about this or any sort of like it's up > to some questions you'd like to bring up right now before we even > get into our main topic. > Kerri Lemoie: You I will start an email thread on this later > today and then feel free to respond to that and add whatever > you'd like to this board also feel free to reach out to me > directly if you'd like to just talk about it some more I am I > don't have a lot of understanding of what governance is I've seen > it implemented in various ways and I've heard of some really > interesting ideas for Registries Registries and things of that > nature I've also heard a lot of. > Kerri Lemoie: Fusion between what accreditation is and what VC > governance is and so I thought it would be a good idea for us to > really gather as many questions that assumptions as we could so > we can start tackling this over the next couple of months. > Kerri Lemoie: Critic you some tea so James like to write you to > participate and and present what you have for us I will stop > sharing my screen so you can do that like you. > > Topic: PDFS as VCs with James Chartrand from McMaster University > > Kerri Lemoie: How you doing James nice to see you. > James Chartrand: Okay thank you I'm good yeah. > Kerri Lemoie: One thing you might want to do James's turn off > your video because we've been having some problems with memory > issues the jitsi and I'd love to record as much of this as > possible so. > Kerri Lemoie: Awesome yes thank you. > James Chartrand: Yeah I just turned it on for a sec so people > can see what I look like here we go sure so share my screen. > James Chartrand: Sorry I'm looks like I'm having to go through > and. > James Chartrand: So it's I'm going to have to restart but I will > be right back. > Kerri Lemoie: Okay Dimitri while we're waiting for James to come > back to you want to sort of approach to subjective credentials > displays and wallets. > Dmitri Zagidulin: Sure yeah so with invisi edu here we've got > two pressing problems that we need to solve we've got to pain > points one is so we have these verifiable credentials that are > going to be displayed in wallets but we also would like. > Dmitri Zagidulin: To bind them to more traditional display > artifacts such as PDFs and that's what James is going to be > talking about and then the second one is also on the subject of > display slightly different somewhat related we want issuers to be > able to specify exactly or at least advised to wallets verifiers > and other software how to display the credential because at the > moment every single wallet everything would be so. > Dmitri Zagidulin: A soft fire. > Dmitri Zagidulin: On in the DC world is some way out now there > have been precedents in for example open Badges and and some > other VC projects that have used things like embedded images to > specify how the credential should be displayed and that's that's > the other topic that would like to touch on today but James is > back so over to you. > James Chartrand: Okay so maybe I'll just get a very quick bit of > background so this is a project at McMaster University and it's a > joint project between the faculty of engineering and the office > of the registrar there they got into SSI a couple of years ago > and started out with lock certs so kind of one of the precursors > to I guess verifiable credentials and we at the time started out > with a very. > James Chartrand: It's a relatively small pilot. > James Chartrand: Like like 50 students where we issued > certificates so not degrees and they were issued to the students > as a batch and went into the block search wallet and that's where > the student held the certificate and they would share it from > there and it was all Json that went very well we then went and > decided to do degrees so issued for very small cohort of students > maybe 50 students in the faculty of engineering their actual > degrees again they. > James Chartrand: They lived in the block search wallet and the > students shared their. > James Chartrand: That also went very well and then when covid > hit the registrar thought and so when covid hit there were a lot > of problems Distributing will they were alone all sorts of > problems but among them was Distributing the degrees the paper > copies of degrees to students so rather than mail out all of the > copies the university decided to also offer the option to get the > digital copy of the block. > James Chartrand: Shorts and they open that up to. > James Chartrand: And remarkably that went very well as well and > there was massive uptake it was 80 something percent of students > chose to download a copy of their degree everybody was super > happy with it blocks Arts was great but at that time as a result > of our work we kind of got introduced to the DCC and eventually > joined the DCC and from there we're introduced a verifiable > credentials and. > James Chartrand: Centralized identifiers so wanted to move. > James Chartrand: Our prior blocks our system to verify with > pensions and decentralized identifiers we also wanted to move off > of the Bitcoin blockchain which is where we've been just where > our blocks our system anchored hashes of the credentials and we > wanted to move off for a couple of reasons one is gdpr and > similar kinds of privacy laws where it seems It's not entirely > clear but it seems at times as though even hashes aren't allowed > on a blockchain. > James Chartrand: For us with the degrees it was fine. > James Chartrand: As the degree information is public information > and so the fact that somebody got a degree from McMasters public > information and so you know we thought it was decided that that > was okay to put that up permanently on the Bitcoin blockchain > even even though it was just a hash anyhow also wanted to get off > the Bitcoin blockchain because we wanted to move from a batch > issuance which is what we're doing with blocks hurts where you > know the entire cohort at graduation time so thousand. > James Chartrand: It's whatever would all get their degrees at > once. > James Chartrand: It was all a Merkel took all the credentials > were hashed together into a Merkel and the Merkel was put up on > the Bitcoin blockchain and so that made it you know affordable > but with Rising transaction costs on blockchains like Bitcoin and > fact that we wanted to move to an on-demand issuance system where > a student could request and get their credential or degree > immediately but if we were to Anchor every one of those on the > Bitcoin blockchain. > James Chartrand: The cost would become likely. > James Chartrand: Exorbitant so anyhow we wanted to move to > verify the credentials decentralized identifiers talked to the > registrar thought maybe we should start with a pilot again she > suggested this is Melissa pool is the Registrar of McMaster very > forward-thinking registrar she suggested that we take a look at > letters that the registrar's office issues to students to confirm > basically student status in different ways so like the letter > that you see up there on the left which control confirms the > enrollment details. > James Chartrand: Or student so these are letters that students > use say when they're applying. > James Chartrand: Job if the letter say says that they've earned > their degree they are also used but things like getting a better > student bank account freeing up money from your student savings > plan or incoming foreign students might use one of these letters > when they're applying for a Visa coming into the country. > James Chartrand: And so we thought great and initially we > thought okay we'll just do it the same way will issue Json copies > so you know the actual verifiable credential as Json to the > student and it will live in a wallet but we in talking to some of > the people in the registrar's office realized that just wasn't > feasible because these letters are often they pretty much need to > be PDFs because of how they're used so. > James Chartrand: In some cases they're uploaded as. > James Chartrand: Application process say if you are applying for > a Visa and you need to upload a letter confirming your status the > system will only take you know an image or a PDF and that's later > reviewed by somebody who looks at it so if it had been Json they > wouldn't you know it would be nonsensical to them and they > wouldn't know what to do with it also sometimes the letters do > need to be printed off and handed to somebody like say when a > foreign student is riding in the country and the way it works in > Canada is you. > James Chartrand: To process your visa application as you as you > step off the airplane. > James Chartrand: Typically you've got all your papers you know > you know folder and you present them to the agent the agent goes > through them and reviews from them decides yay or nay so it had > to be printable as a paper copy okay so I will take you very > quickly through what we've built here this is totally integrated > into the Microsoft Azure authentication system on campus and > draws data from a back-end PeopleSoft system. > James Chartrand: Go to this web browser on the right this is > where the student would write this again is just a pilot nothing > here is in production and the dire warnings there are because > rightfully so the registrar is concerned that we don't want > anybody to think that this is the system that's being used at > McMaster University because then you could imagine scenarios like > the student arrived a student arriving at. > James Chartrand: The border agent of the. > James Chartrand: Thanks this is what they should thinks that > they should be getting a copy of a letter like this with a QR you > know and then doesn't accept one without a QR so we're being > extra careful not to make anyone think that this is a production > system okay yeah so I am here I'm a student I will login. > James Chartrand: I will request a letter we've got the red star > chose four different letters I'll choose confirmation of status > so that kicked off a dynamic process in the background it pulls > the information from the PeopleSoft system based on the student > login ID assembles the PDF letter I'm using I think Jace PDF some > kind of JavaScript PDF library to construct it on the Fly insert > the information at the same time. > James Chartrand: I turn the information into. > James Chartrand: The information into a verifiable credential > then into a verifiable presentation then use digital bazaars > amazing libraries and be pqr to produce the QR code which I then > insert into the PDF which you can see down in the bottom right > hand corner of the letter on the left hand side and then return > it to the student so it's been downloaded and it's in my > downloads there I will show you a and so anyhow it corresponds > exactly to the letter that you see on the left here. > James Chartrand: Now the student can of course take. > James Chartrand: In email it to somebody that can text message > it to somebody they can do whatever they want to with it they can > use it as many times as they want to so say they emailed it to me > and I'm an employer I can come to this website potential Sonic > Master don't see a pretty much have to know in advance that > that's the website to which I should go and of course you know > I'm sure people rightfully point out here that there are > significant problems with this among them are that. > James Chartrand: Um somebody can fake the verification website > but I think that's a general problem in any case assuming I know > to go to credentials dot McMaster C.C a I arrived there I choose > verify letter I will choose to upload a letter file I choose the > file upload and it does its verification on you know the usual > way of extracting the BC from the qur an and then doing the > verification one kind of interesting thing that happened there is > that. > James Chartrand: What I did what the code did and first of all. > James Chartrand: That code is running entirely in the web > browser there's there was no call back to the server there so it > took the it was another JavaScript library that took the PDF > opened it up found the QR image inside the PDF and then from > there and vote the digital bizarre libraries to extract the VC > and run the normal verification okay so that was one kind of > verification now I will show you. > James Chartrand: Printed copy of that letter the sitting on my > desk here and I've got my phone hooked up which you can see on > the left so I will choose sorry so I'm going to go over here to > my phone and it's the same webpage this time I will choose her if > I let her again and I will choose scan QR on letter L. > James Chartrand: And again at 35 exactly the same way and that's > it that's it's a super simple system which you know we kind of > figures one of the appealing parts of it there's it's dead simple > so extremely easy to use some of the challenges that we still > face or that I guess we Face our somebody could fake the PDF so > they could change some of the details that are within the PDF we > kind. > James Chartrand: Dove deal with that a little. > James Chartrand: By virtue of the fact that the entire that > sorry what's in the BC that's in that QR code contains the > critical information that somebody would want to verify so up > there on the left and my phone you can see that the down below it > says undefined undefined because we're blanking out student > information for this and it says is registered at McMaster > University is a full-time undergraduate student for the 2028 term > so it. > James Chartrand: I was there what was inside the veritable > verifiable credential So what had been signed and you know > doesn't show. > James Chartrand: What was in the PDF nessus I mean it is what's > in the PF but it's only what was in the verifiable credentialing > confirmed but of course somebody could take the entire PDF and > they could put a fake QR code on there and they could provide a > fake link and if somebody didn't know to go to the McMaster web > page to verify this they would they could very easily be fooled > the other thing that we would very much like to do is to start to > move. > James Chartrand: From these letters. > James Chartrand: Towards something more like a student ID > because what we've got here is effectively a student ID I mean it > declares the student status but we'd like to take a you know a > little step further and start to use it within a wallet like the > DCCC wallet as a replacement for the plastic student card in > which case we would have to put more information into it and in > particular would have to put a student photo into it and at that > point. > James Chartrand: Point the verifiable credential would be. > James Chartrand: It inside a QR code so this is where I think > Dimitri was talking about this a little bit before I got started > that we need to start to think about how we can transfer some of > that information and one way is maybe to create a kind of > ephemeral storage for the full DC and the QR code simply points > to that storage and it might be encrypted as well and we passed > the key to the verifier so anyhow different kinds of things to > start to look at after that and that works out well because I'm > done no I. > James Chartrand: I know it's great you're going to restart it > but. > Kerri Lemoie: Sorry about that I'm not going to start the > recording but the transcriber we'll keep going so we'll take it > from there thanks. > James Chartrand: So I am is so any questions that anybody has > feel free. > Kerri Lemoie: Don't see any questions in the queue right now > James what are some common questions that you've gotten besides > say the QR code issues and the faking of PD PDFs. > Kerri Lemoie: Or have you already covered those terms of what > you told us excuse me. > James Chartrand: Yeah I think I covered them. > Kerri Lemoie: Okay I do see Phil Long in the queue so I'm gonna > call in fill her. > <yashwardhan> what was the acceptance level of administration? > <keith> I think its a great solution bridging the legacy world > with the new digital world. > Kerri Lemoie: Phil Long you have a give the floor if you can > hear us. > Dmitri Zagidulin: And you're speaking you're muted. > Kerri Lemoie: Yes okay why don't I call on Marty Marty you have > the floor and can come back we'll add them back to the queue. > Marty Reed: Sure thanks James for this question a couple > questions one you know how do you how do you handle revocation > or. > Marty Reed: Or how do you handle versioning or do you is that > part of this. > <kerri_lemoie> @yashwardhan - I'll ask your question next > James Chartrand: The simple answer is it's not part of it the > idea with these legs and this is one of the reasons that we chose > the letters as kind of a starting point is that they in a sense > it expire then the other way where are they. > James Chartrand: Dated letters and so--. > James Chartrand: Are no longer useful after a given day so > exactly the same way the paper letter would have you know become > dated at some point it would be very nice to be able to revoke > them and at some point I mean once we have a relocation system in > place we would do that and I think at that point it would just > work like any other room relocation system for credentials. > Kerri Lemoie: I feel before you go I'm sorry I'm going to call > and I yes I'm going to ask you a short answer question what was > the acceptance level of administration. > James Chartrand: It probably depends with part of the > administration the registrar has been incredibly supportive and > as I said before is very very forward-thinking I don't know that > at other universities registrar's would look at it quite the same > way however generally we found that whenever we've shown this to > anybody within the administration you know they pretty quickly. > James Chartrand: We see the benefits of it. > James Chartrand: And the fact that it's extremely easy to use > you get instant verification so I would say it's almost it's > almost always the case that we get very very positive feedback > from everybody within Administration and I suppose another way of > looking at it is they've continued to fund this so that's a > pretty good indication that people can see the value of it. > Kerri Lemoie: Yeah totally alright Phil on you have the floor. > Phil_L_(P1): Yeah apologies can you hear me. > Phil_L_(P1): Okay I was curious that you mentioned that you did > internally decided that the need to use sort of existing > processes and systems which were PDF depend if you will lead you > at this stage to focus on encompassing the verifiable credential > as an attachment to the PDF through the QR code but I was > wondering is. > Phil_L_(P1): And some sense looking at the rendering of the data > in a Json file into something that could be more approximating a > fully rendered text document of the sort to PDFs generate as a > second phase so that you didn't have to deal with that particular > problem that I suspect Dimitri's going to be talking about in > later in the session or was there some other reason beyond that > other than the not wanting to have to. > Phil_L_(P1): Icon building a renderer that could make it look > pretty for. > James Chartrand: Yes so initially we thought that we would send > these credentials down into our what a digital wallet you know on > somebody's phone and then from there they would share it and you > know possibly even at that point PDF could be automatically > generated from the wallet directly but. > James Chartrand: Talking to the registrar's office they made it > pretty clear that students expect at the moment a PDF and that's > almost always how they use this thing and so kind of introducing > a wallet into it just overcomplicate it they basically just need > to go to this website Download a pdf and then use the PDF if it > went into a wallet and then they had to do something from the > wallet then they'd have to install the wallet app today. > James Chartrand: Deal with what was in the wallet so. > James Chartrand: Only just that for this pilot it's what made > the most sense I don't know if that answers your question. > <deb_everhart> but isn't the wallet the way the person controls > the record? > James Chartrand: Yes yes exactly. > Phil_L_(P1): No it does it I think that you're making a very > Salient point that there's only so much transition you can make > in one jump and at and the bigger problem isn't the technology so > in so much as it is the humans that need to be able to feel > comfortable with it so I think that's a very good observation > thank you. > James Chartrand: Yeah and it was also very very easy well it was > relatively easy to do what we did you know the amazing libraries > that digital bizarre provides and they you know the amazing all > of the amazing libraries that are in mpm just made it pretty easy > to put this thing together and produce something that's actually > is immediately usable. > Phil_L_(P1): Got it understood. > > Topic: Credential Display in Wallets Discussion > > Dmitri Zagidulin: Thanks so I wanted to respond to Phil's > question real quick and then touch on the two points that Marty > brought up in terms of your question Phil. > Dmitri Zagidulin: And why the approach of the PDF rather than > being able to embed the display logic in the VC we need both we > definitely need both will be talking about the display logic part > are shortly but I wanted to highlight that one very important > point. > Dmitri Zagidulin: In a way. > Dmitri Zagidulin: Producing a PDF or rather binding. > Dmitri Zagidulin: From a PDF to a credential shortcuts the need > for a widely deployed verifier architecture and widely deployed > wallet and display architecture because everybody from students > too. > Dmitri Zagidulin: Admission counselors to border guards knows > what to do with either PDFs or paper. > Dmitri Zagidulin: A binding from PDF to credential your you > doing sort of progressive layering your you bootstrapping the > whole ecosystem oh Natasha real quick on the two points that > Marty brought up which is about revocation and about versioning. > Dmitri Zagidulin: Put lipstick revocation first one thing that I > want to highlight is and James touched on this already. > Dmitri Zagidulin: Separation is an alternative mechanism to > versioning so Ian a couple of use cases such as when you have a > printed piece of paper or a generated PDF with the student hens > over. > Dmitri Zagidulin: There's no way to do revocation there or if > there is it's very crude like putting a footer down down at the > bottom that says before accepting this please pick up the phone > and call this admission officer to make sure that's still valid > right that's that has both privacy implications and is incredibly > awkward usability wise so what what that project does is use > expiration. > Dmitri Zagidulin: As a risk mitigation mechanism. > Dmitri Zagidulin: Same way that replication is used so just > wanted to highlight in those cases where you can't do revocation > the forget that exploration plays the same. > <kerri_lemoie> I've been working on an LER interoperablity > spectrum that is open for input/opinions: > https://docs.google.com/document/d/1fwMNbrFL78bVWnZ0BmObFBJnj0uGnFHhR00frybUiTA/edit > Dmitri Zagidulin: Same method the other thing that I wanted to > talk John or a rather ask a clarifying question about is > versioning can you tell us a little more what are what do you > mean by versioning of of credentials what are some use cases > where you would immersion it thanks. > Marty Reed: That a question for me. > Dmitri Zagidulin: Yes if you don't mind. > Marty Reed: Oh yeah sure so well at least in the open credential > publisher project we have the idea that transcripts can be issued > as verifiable credentials to a student however they may change > until the official transcript is released and so we're just > thinking about you know versioning. > Marty Reed: As far. > <john_kuo> Wouldn't that be more of a lineage of revocation and > re-issuance? > Marty Reed: You know as that transcript is updated do we need to > replace the existing credential in the wallet do we need to call > home and and check for a new version of that credential so into > your to your expiration point you know that is one one thing that > we've definitely you know looked at. > Marty Reed: From a from a verification standpoint but that's > that's the use cases like the the transcript may be issued to a > wallet prior to its being quote unquote official and so in that > case you know the desired functionality would be that you know a > student would go in look at their credential and it would say hey > there's a new version of your credential would you like to > download that now. > Marty Reed: And also. > <dmitri_zagidulin> @John - revocation (of previous versions) > might not be needed or appropriate. Because each VC says "at this > point in time the following is true" > <dmitri_zagidulin> revoking such a VC says "actually, that VC > WASN'T valid at that point in time" > Marty Reed: For like a teacher teacher license a teacher could > have a license with multiple endorsements attached to it that > license can be updated over time to add and subtract endorsements > and so for professional licenses there's this idea of you know > versioning and updating endorsements within the existing > credential. > Dmitri Zagidulin: Got it I think if I can jump the queue real > quick so that makes a lot of sense and this sounds like a great > topic for a future call the particular question of versioning of > long-run credentials such as a medical history employment record > or transcript sounds like there's a lot that we want to discuss > their. > Dmitri Zagidulin: I do want to touch on. > Dmitri Zagidulin: Something that was brought up a question by > John and Chad of would you be able to implement versioning as a > series of revocation and reissuance and as I pointed out in chat > that. > Dmitri Zagidulin: Visions yes revocation might not be required > or even even allowed there because essentially each one of those > success of their fiber credentials are snapshots of something > that is true at that point in time so much by the way our paper > existing paper credentials already have this notion of versioning > intuitively such as a bank statement that says this is what we > know to be true as of this point in time. > Dmitri Zagidulin: And then later if. > Dmitri Zagidulin: If another transaction comes in or if the bank > changes something. > Dmitri Zagidulin: The bank statement looks different but at that > point in time that was the views similarly what we're saying with > the transcript is at this point in time this was the snapshot and > by revoking such a verifiable credential we're essentially saying > no that wasn't true of that time right revocation doesn't mean > there is a newer version available it means whatever was said > then is not true thanks. > Kerri Lemoie: Thank you Phil you have the floor. > Phil_L_(P1): Thank you I didn't that I think Dimitri is what I > was asked about in the versioning system that Marty was > describing which is if let's say that a new version is available > when the individual opens their wallet to look at a particular > credential presumably the credential the wallet has been has been > informed that there is a new version available to prompt them to > do that if the individual. > Phil_L_(P1): chose not to I'm. > <marty_reed> On the revocation discussion, I'd love to hear/see > any demonstrations of revocation. > Dmitri Zagidulin: Wicked can you ask that again about the Third. > <marty_reed> currently validation fails if there is a new version > in the parent system > Phil_L_(P1): Assuming that you would you're saying that the > validation would fail when if they decided to send it to a third > party and I just wanted to verify that that's what the intent in > the current thinking would be and I guess sure yes that you know > the way in which the question was posed to the person holding the > wall at the holder is that there's a new version the credential > available. > Phil_L_(P1): I presume you. > Phil_L_(P1): Declined to accept that and just send the existing > one you have because it is signed and the like the question is is > the presumption that the verifier knows the new exhibit new > version is available somehow and therefore would decline > verification of the one that was sent to a an employer or some > other entity and they then chose to verify try to verify that > one. > Kerri Lemoie: Feels bad I'm question who is that question > directed Up. > Phil_L_(P1): Well it to put to full 12 Marty because he talked > about it in the ocp but I'm also interested in McMaster case > because it sounds like the way it's currently designed the coming > back to the Mother Ship so to speak as part of the current > designs of the system which would potentially allow them to be > able to decline a credential that's been updated and the > individual has failed to download the newest version so I just > want to verify that too. > Kerri Lemoie: Okay to be introduced by and holding in the queue > for one moment so James and Marty could reply. > Dmitri Zagidulin: Not at all sure though I do want to reply to > that as well. > Kerri Lemoie: Okay great tips. > James Chartrand: Um so this is actually something that we've > talked about a lot of Ink Master in the context the context of > transcripts which is something that we would like to issue this > way but my suspicion is that different registrars will have > different policies and some might be fine with the kind of the > snapshot in time and having a whole load of those circulating > around and it's up to whoever's you know verifying the transcript > to make sure they've got the latest and greatest. > James Chartrand: You know as they would. > James Chartrand: Copies before but I suspect in some cases the > registrar would like to have more control over that and make sure > that people are getting the latest copy fill you asked if at > McMaster we might exert some control at verification time over > what's available what's you know considered the latest and > greatest and I mean we're not anywhere near there this is the > pilot that I showed is pretty much what we've got for this. > James Chartrand: So we. > James Chartrand: Have anything beyond that however my guess is > that at McMaster. > James Chartrand: They would want to indicate in some way that a > newer version was available so you know so which is another way > that it could work is simply that when you come to verify a check > is made against a relocation list which might also show not just > that something had been you know there might be different levels > of relocation or different types of relocations so. > James Chartrand: You know as Dimitri said you. > James Chartrand: Means that the credential is no longer valid > but you could imagine having a different type that's Ed's the > credential is old and there's a newer version so that's a > possibility and that I also wanted to just say quickly that yes > the verification does come back to McMaster at the moment but > only in the sense that you load the web page the actual > verification is happening entirely within the web browser within > the JavaScript so there's no phone home going on there. > James Chartrand: We could so any kind of you know check on the > validity of a transcript would have to check a re vocation or > status list of some sort hopefully that answers your question. > Kerri Lemoie: Thanks James Marty. > Marty Reed: So I kind of have a layered answer one is that in > the simplest form that verification fails if the issuer decides > that that credential is no longer valid so it's a call home to > the publishing service that that request that verification now I > will say publishing to Sovereign base wallet. > Marty Reed: Lisa the VC. > Marty Reed: It's you know again not elegant I'm not known for > Elegance but the VC that is issued to the wallet is verifiable > and then the payload itself must be verified to the issuer as > it's basically a self-published or self issued VC at that point > so there's there's two layers to the approach but we're exploring > different different methods but that's how it works right now. > <deb_everhart> don't registrars already submit "in progress" > student data, such as NSC PDP data reporting and current > enrollment requests from students and others, such as the > enrollment letter shown? > Kerri Lemoie: Thanks Marty Dimitri you have the floor. > <deb_everhart> I thought in progress reporting was a common use > case > Dmitri Zagidulin: Thanks so I wanted to add to the discussion > that so one I think versioning is a really useful mechanism we > should an issue on it on the PC you do you repo and discuss it > continue the discussion in depth on a future call I just want to > say we already use something like this. > Dmitri Zagidulin: SeaWorld but in the w3c spec World each draft > of the spec says here's the snapshot as of this date but go check > over here here's the canonical location of the spec please check > to see if it's it's been updated so it might make sense for us to > explicitly able to specify this is a version where fiber > credential and this is not a version where fiber credential the > example of non version verify. > Dmitri Zagidulin: Credentials for example. > Dmitri Zagidulin: Here's an age verification credential that > somebody is over 21. > Dmitri Zagidulin: That statement is never going to change the > thing that can change is that it could be revoked. > Dmitri Zagidulin: They used fake ID or whatever however there's > no there's not going to be an updated version like they're always > going to be over 21 until they die is ETC but that's a different > problem so let's open an issue this might be a really useful item > for this group to work on. > Kerri Lemoie: Yeah I agree let's definitely do that does anyone > else have any other questions for James or James you have > anything else you'd like to add. > James Chartrand: No I think I'll take a look at this time so I'm > good thanks thank you very much for having me. > <phil_l_(p1)> Thank you James. Great work! > Kerri Lemoie: Now we appreciate it we appreciate it thank you > very much doing chairman and hand things over to you so you can > talk to us more about the while it display just continue on that > discussion. > Dmitri Zagidulin: Thanks Kerri okay so let's look at thank you > again very much James and let's look at late logic short of it > is. > <deb_everhart> thank you James! > Kerri Lemoie: +1 Great work! > Dmitri Zagidulin: Pretty much all the while the projects are up > against this this use case this need we need to be able to > specify how to display the credential either HUD specify to the > pixel or give some suggestions. > Dmitri Zagidulin: https://github.com/w3c-ccg/vc-ed/issues/16 > Dmitri Zagidulin: So this is perfect group to make a > recommendation test it out and then make a proposal to Upstream > to the ccg and to the verifiable credential working group so I'm > going to have issued number 16 on our repo talking about this I > add a couple of notes of use cases. > Dmitri Zagidulin: And so I'd like to ask people disease did he > sound reasonable are there. > Dmitri Zagidulin: Either use cases to this display specifying > the display logic that we should add and then we can propose a > mechanism in the next calls and get dry so essentially. > Dmitri Zagidulin: I was not able to pull up the credentials the > GitHub issue. > Dmitri Zagidulin: We need to specify or advise. > Dmitri Zagidulin: Any sort of VC consuming software how to > display that VC. > Dmitri Zagidulin: We need to support both cases. > Dmitri Zagidulin: Display logic is completely embedded in the > credential or. > Dmitri Zagidulin: Display logical if somewhere else so you we're > linking to an image file or an SVG file or an HTML template > somewhere else and we just linking to it from the credential so > that when it comes time to display it display software go use > that template. > Dmitri Zagidulin: Obviously when we're embedding the display its > Integrity texted by the verifiable credential signature itself. > Dmitri Zagidulin: Always we're using linking we definitely want > to recommend using a digest hash like the anchored resource > mechanism. > Dmitri Zagidulin: We probably should be able to specify the > content type of the logic but this link or this embedded logic is > PDF and HTML and so on. > <phil_l_(p1)> The anchored resource mechanism has greater > applicability to other cases where the size of the "thing" is too > big to be included within the credential itself. > Dmitri Zagidulin: And we should talk about the preference of the > credential display being cross-platform right if we're going to > we're going to have a template if we're going to have an image > you'd be great if we could just specify one and it would work > across all platforms mobile desktop and so on but is anybody who > works in web design knows that is an almost on achievable dream > so given that as a second step we should provide mechanisms. > Dmitri Zagidulin: That say okay if you're using this. > Dmitri Zagidulin: Of device use this Logic for using a much more > constrained device or a much bigger screen then use this logic > fortunately we have prior art for both images and stylesheets in > general so lot of HTML world has the technology that says if > you're viewing this page on a mobile phone display this way to > using it on desktop display this way if you printing it then use > this way so we should we should be mindful of that. > Dmitri Zagidulin: Let's see we got six minutes. > Dmitri Zagidulin: Love to hear from from the group are there > other considerations are there other input requirements for this > item. > Dmitri Zagidulin: Keith go ahead. > Keith: I think maybe I can just dig deeper on display because I > think that there can be differences in how well it's display > information like what's it take Atticus talk about what kind of > information like typically I mean other while it's that I've been > involved in you just say things like issue or info like contact > support info and then the contents of the VC itself and maybe > images so like I've often thought that while it vendors can > independently choose how to show that information but I do I mean > I totally agree with you. > Keith: a point that when you want to display things like issuer > logo. > Keith: This PDF image then you need ways that wallets you know > you don't want to get a crop properly you want to be able to get > it sized properly as you can display it properly is that what you > mean by this because is that what you mean by display a my > capturing it correctly or are you mean other things as well. > Dmitri Zagidulin: Yes yes no that's it and you're absolutely > right that it should be optional. > Keith: And I just like it's up to wallet that I mean that's kind > of the beauty of the market is that the the wallet with the best > presentation kind of will you know be preferred be preferred by > consumers is that rather than some sort of like trying to do > static what is it often like display will be one of the key areas > of differentiation between wallets how well they do display. > Dmitri Zagidulin: So you're absolutely right though I do want to > say that they're still in need to be able to do this optionally > as well James go ahead Joe. > James Chartrand: Yeah so I mean just one of those needs to do it > statically is as I mentioned before one of the things we'd like > to do at McMaster is how the student basically. > James Chartrand: Create the plastic student card inside a wallet > and we want to try to make it initially you know as kind of a > progressive introduction of this to make it backwards compatible > and so therefore we want to include the barcode that's on the > plastic student card and possibly also a QR code that somebody > could use to similarly scan their student ID so you know it's > unlikely that a wallet will know how to. > James Chartrand: A show those kinds of things or even know to > show. > James Chartrand: So if we could instead just provide a single > image that's shown in the wallet or a student card or for a > student ID it could be pre you know pretty constructed with the > barcode down at the bottom with the student image on it with the > logo of the University so basically again recreating the pretty > much the same image image that's printed on the plastic card. > Dmitri Zagidulin: Thanks James you've got a couple minutes left > Andy go ahead. > <kaliya> QR codes that are static with VC s dangerous > Andy Miller: I was wondering your thoughts about the use case of > where the VC is actually embedded in the image or PDF that's > centrally how open badges that's it now I'm baked badges is a PNG > or SVG that has the credential in baked into it using the > structured data. > Dmitri Zagidulin: Great question that that should not should be > another item of discussion Phil go ahead. > Phil_L_(P1): Yes I guess what I wanted to say that it seems to me > that the hash link approach that you described is actually a > broadly applicable to any kind of circumstance where the content > of an object is bigger than is reasonable to include in the in > the VC itself and so by you know focusing on how you would apply > that to different circumstances such as the image on a card and > what's presented when it's displayed. > <kaliya> Very dangerous because the can be super easily copied > and replyed > Phil_L_(P1): then is the composite of the polled image from > wherever the Third. > <dmitri_zagidulin> @Kaliya - great point > <dmitri_zagidulin> which suggests the need for templating (rather > than static image) > Phil_L_(P1): And the rendering of the thing of the way it's done > traditionally on the plastic would be indistinguishable from the > plastic itself so I think that's the probably the most productive > approach and the one I would urge us to consider the biggest > problem that that and UND just described is the the same problem > of payload size you can do that for small DC's but you can't do > it for VCS that contain much like evidence and things like that. > Phil_L_(P1): that thanks. > Dmitri Zagidulin: Thank you two minutees left James go ahead. > James Chartrand: So just about the of the idea of using a hash > link for I think there might be privacy concerns there so we > might not want to have the student information so and in > particular say their photo at a URL you know available add URL we > would want to keep an entirely embedded within the credential the > so that's just one concern possible concern. > Dmitri Zagidulin: Thanks James and Kalia. > <phil_l_(p1)> are there privacy concerns there if the destination > is itself encrypted? > Kaliya: I'll just say what I said in chat stata QR codes. > Kaliya: And I guess the same is true for barcodes but you know > static QR codes with verifiable credentials within them that are > signed are very very very dangerous the reason being is that they > are entirely copyable and replayable. > <phil_l_(p1)> Excellent point Kaliya > Kaliya: Is this not true of verifiable presentations that are you > can't copy and replace because their presentations not the > original credential so I have an unfinished but readable paper > about this largely written by John Jordan that I think I'll try > and send a list I'm sick right now otherwise I'd send it to chat > right now but. > Dmitri Zagidulin: https://github.com/w3c-ccg/vc-ed/issues/16 > <kerri_lemoie> Thank you! > Dmitri Zagidulin: Thank you so much Kelly and we hope you feel > better soon alright so everyone please let's continue the > discussion on issue 16. > Dmitri Zagidulin: And a quick questions before we adjourn go > ahead. > Dmitri Zagidulin: Thank you everyone. > Kerri Lemoie: It sounds good nope I would just say and that's > good that's take a look at that issue and keep it going we can > revisit this in the near future thank you so much James and > Dimitri appreciate it all thank you. > <phil_l_(p1)> Thanks! > >
Received on Thursday, 21 April 2022 17:55:58 UTC