- From: Sebastian Elfors <sebastian.elfors@idnow.de>
- Date: Mon, 18 Sep 2023 15:46:03 +0000
- To: Sebastian Crane <seabass-labrax@gmx.com>, Brent Zundel <Brent.Zundel@gendigital.com>
- CC: W3C VC Working Group <public-vc-wg@w3.org>, Ivan Herman <ivan@w3.org>, Kristina Yasuda <Kristina.Yasuda@microsoft.com>, Wayne Cutler <wcutler@gsma.com>, "Liaisons," <team-liaisons@w3.org>, Helene Vigue <hvigue@gsma.com>
Dear Sebastian C, all, There are a couple of additional pieces of information to be considered for the GSMA liaison request. ETSI has recently published the ETSI TR 119 476 technical report on selective disclosure (see https://www.etsi.org/deliver/etsi_tr/119400_119499/119476/01.01.01_60/tr_119476v010101p.pdf). This has been discussed in a different mail thread at W3C VC WG but it's worthwhile to bring to everyones attention also in this mail thread for completeness and visibility. This ETSI report describes in detail why and how IETF SD-JWT and ISO mDL MSO have been chosen as formats for selective disclosure of PIDs in the Type 1 configuration of the EUDI Wallet. The report was authored by Peter Altmann and me, and we are still open to receive feedback on it. GSMA has created an issue in the EUDI Wallet GitHub repository to discuss the use of BBS+ as ZKP for the EUDI Wallet (https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/66). It's an informative read, and there are comments made by Paul Bastian (Bundesdruckerei) and Peter Altmann (member of the EUDIW Toolbox Expert Group), which explains why the EUDIW Toolbox Group decided to not choose BBS+, AnonCreds or Idemix as PID for the EUDI Wallet Type 1 configuration. In a nutshell, the EU public sector will only accept SOG-IS approved cryptographic algorithms when issuing the PID for the EUDI Wallet Type 1 configuration, hence the choices of ISO mDL MSO and IETF SD-JWT. However, the EUDI Wallet ARF allows for other cryptos and formats for Type 2 configurations of the EUDI Wallet, and here BBS+ and similar ZKP schemes could be of interest. So GSMA could focus on certifying hardware-based solutions with BBS+ support, such as a SIM-cards with embedded BBS+ algorithms. Peter and I are happy to join a meeting with GSMA to discuss this, if possible. Kind regards, Sebastian -----Original Message----- From: Sebastian Crane <seabass-labrax@gmx.com> Sent: Friday, 15 September 2023 18:22 To: Brent Zundel <Brent.Zundel@gendigital.com> Cc: W3C VC Working Group <public-vc-wg@w3.org>; Ivan Herman <ivan@w3.org>; Kristina Yasuda <Kristina.Yasuda@microsoft.com>; Wayne Cutler <wcutler@gsma.com>; Liaisons, <team-liaisons@w3.org>; Helene Vigue <hvigue@gsma.com> Subject: Response to GSMA from the W3C [You don't often get email from seabass-labrax@gmx.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Dear Brent, Thank you for finding time during the TPAC meeting to discuss the GSMA liaison request. Since I was on the queue to speak when the meeting closed, I shall instead write my thoughts below. The GSMA's offer for collaboration in our BBS-based data integrity specification is a significant vote of confidence in the ability of Verifiable Credentials to provide the desired privacy enhancements for the EU's Digital Identity programme. The resources that will become available to the VCWG from this collaboration are to be considerable. I believe it would be appropriate for the VCWG to collaboratively form a response for you to send, as this will give us the opportunity to present the diversity of expertise that we possess as a group, and as a result will best communicate to the GSMA which of our participants are able to inform them in specific areas of interest. Considering the saturation of our available meeting time, I suggest a CryptPad or GitHub document could be used for this purpose in order to conclude such drafting efficiently. Additionally, as a European myself and a keen advocate of the Self-Sovereign Identity efforts, I would like to volunteer myself as an individual who will be able to help guide their collaboration in a way which is effective between the stakeholders (in this case, primarily the W3C, IETF, GSMA, European Commission and of course the citizens and residents of Europe who stand to benefit from this work). I would be grateful if you could include my offer directly in your correspondence with the GSMA's contacts. Best wishes, Sebastian
Received on Monday, 18 September 2023 15:46:27 UTC