Re: Deprecation of termsOfUse in VCDM v2.0 from Alen Horvat on 2024-08-01 (public-vc-wg@w3.org from August 2024)

From: Alen Horvat <alen.horvat@netis.si>
Date: Thu, 01 Aug 2024 09:08:49 +0000
To: Brent Zundel <brent.zundel@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, LAMPADARIOS Symeon <Symeon.LAMPADARIOS@ext.ec.europa.eu>, W3C Verifiable Credentials Working Group <public-vc-wg@w3.org>
Message-Id: <C0C8509D-0B5D-416A-9D94-F627E648EFBB@netis.si>

Dear,

Please find the examples in the attachment. There are 3 distinct use cases
- specify the legal framework
- specify another VC
- specify the presentation rules and policies (wallet acts as a policy enforcement point)

Feel free to include examples that help the community. Everything was modelled so that it can be reused by other frameworks, solutions are not limited to EBSI.

Note that these designs also meet the requirements of EUDI section 9, Article 45f: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02014R0910-20240520 and the referenced Annex. 
In summary:

Requirements for electronic attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source

1.   An electronic attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source shall meet the following requirements:
(a) 
those set out in Annex VII;
(b) 
the qualified certificate supporting the qualified electronic signature or qualified electronic seal of the public sector body referred to in Article 3, point (46), identified as the issuer referred to in point (b), of Annex VII, containing a specific set of certified attributes in a form suitable for automated processing and:
(i) 
indicating that the issuing body is established in accordance with Union or national law as the responsible for the authentic source on the basis of which the electronic attestation of attributes is issued or as the body designated to act on its behalf;
(ii) 
providing a set of data unambiguously representing the authentic source referred to in point (i); and
(iii) 
identifying the Union or national law referred to in point (i).

FOR AN AUTHENTIC SOURCE

An electronic attestation of attributes issued by or on behalf of a public body responsible for an authentic source shall contain:
(a) 
an indication, at least in a form suitable for automated processing, that the attestation has been issued as an electronic attestation of attributes issued by or on behalf of a public body responsible for an authentic source;
(b) 
a set of data unambiguously representing the public body issuing the electronic attestation of attributes, including at least, the Member State in which that public body is established and its name and, where applicable, its registration number as stated in the official records;
(c) 
a set of data unambiguously representing the entity to which the attested attributes refer; if a pseudonym is used, it shall be clearly indicated;

With the verifier trust model one can also preform RP/Verifier authentication.

BR, Alen

> On 29 Jul 2024, at 22:20, Brent Zundel <brent.zundel@gmail.com> wrote:
> 
> Hello, following up on this.
>  Can we still look forward to getting those examples?
> 
> On Mon, Jul 22, 2024 at 10:11 PM Alen Horvat <alen.horvat@netis.si <mailto:alen.horvat@netis.si>> wrote:
>> Hi,
>> 
>> Happy to hear!
>> 
>> With Symeon we’ll try to provide examples for all the cases in the following 2 days (by Tuesday EOD).
>> 
>> BR, Alen
>> 
>> > On 21 Jul 2024, at 15:47, Manu Sporny <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>> wrote:
>> > 
>> > On Sun, Jul 21, 2024 at 1:17 AM Alen Horvat <alen.horvat@netis.si <mailto:alen.horvat@netis.si>> wrote:
>> >> I believe this case is currently not defined in the specs.
>> > 
>> > Thank  you for the documentation and links Alen, speaking as an
>> > Editor, I believe that what you have provided makes a solid case for
>> > keeping the section in the specification. I'll try to drive consensus
>> > in the WG around that goal.
>> > 
>> > At a quick glance, I was struggling to find a concrete example that we
>> > could include in the specification and while I could try to construct
>> > one from the JSON Schema provided, I'd rather depend on EBSI to
>> > provide a correct VCDM v2 example. Perhaps I missed an example in the
>> > documentation you provided?
>> > 
>> > That said, the direction the WG needs to take feels clear at this
>> > point. We should close PR 1498 and, instead, focus on updating the
>> > Terms of Use section to use an EBSI TrustFrameworkPolicy or
>> > AccreditationPolicy example. I'll raise a PR and tag you so you can
>> > provide further guidance.
>> > 
>> > Apologies for interrupting your vacation; you don't need to respond
>> > until you get back, now that we have a direction we have a month or so
>> > to finalize the text.
>> > 
>> > -- manu
>> > 
>> > -- 
>> > Manu Sporny - https://www.linkedin.com/in/manusporny/
>> > Founder/CEO - Digital Bazaar, Inc.
>> > https://www.digitalbazaar.com/
>> 
>> 
>>

Attachments

text/html attachment: stored
application/pdf attachment: ebsi-examples.pdf
text/html attachment: stored
application/vnd.openxmlformats-officedocument.wordprocessingml.document attachment: ebsi-examples.docx
text/html attachment: stored

Received on Friday, 2 August 2024 14:52:34 UTC