... Member States are primary stakeholders, must be valid across EU, 40 year lifetime, privacy protecting but not self-sovereign, interoperable, no changes to existing legislation, diploma-mill proof
... components of framework are open standards, services, and software based on eIDAS, Europass, and W3C VC
... issues identified - VCs have a preference for JSON, eIDAS provides implementations for XML and PDF but not JSON
... challenge to express VCs as XML by using XADES-LTA enveloped proof
... example of XML verifiable credential on slide 13
... IDs and URIs are expressed as attributes
... Can a VC XSD be adopted? Suggestion provided on slide 16 for discussion.
... Europass Learning Model as new VC data model on slide 17
... Specifications, opportunities, and credentials make up the Learning Model
... Learning Credential contains Metadata about issuer and credential type; claim about the person, achievement, assessment, activity, and entitlement; and proof containing eIDAS eSeal and other proofs
... other proofs are accepted but not legally admissible
... Example of an XML Verifiable Presentation on slide 19
... Designed to be easy for verification
... results in slightly different workflow
... Issuance, storage in repository, verification by repository, and two more steps
... verification check steps on slide 21
... integrations are required for all of these, therefore a verification check is offered within the presentation
... summary - Europass is the only framework for legally valid digital learning credentials across the EU, fully free and mainly open source, 27 languages
... Overview of implementation foundations
... Additional information links on slide 24
... timing has been moved forward
... open questions - How might we engage with W3C for an official XML spec
... how long should the verification within the presentation be trusted, subject to revocation?
Anthony Camilleri: Validity of credential 2-3 years based on certificate. Presentation is valid for as long as the person wants to share it - tied to expiry date they set. ✪
Nate Otto: How does this work over the 40 year goal? ✪
Anthony Camilleri: There is a maximum of 7 year validity, this requires XML. They would like recipients to be able to download and store for 40 years. ✪
... eIDAS constrains the length but this is being worked on as well
I just wanted to hear more about the revocation infrastructure-- 1 per issuer? 1 for all of europe? something in between? any specifics? ✪
Kim Hamilton Duffy: I like that you started with the Data Model. Maybe we can start with Data Models that include XML. What are your highest priority items? ✪
Anthony Camilleri: Data Model is high priority, would appreciate namespace for VCs that are XML ✪
You're in good company when it comes to that particular embarassment! ✪
Anthony Camilleri: Will launch revocation structure this summer. EU will maintain its own revocation list for Europass, will also allow member states to have their own revocation lists ✪
... for example, a court could publish a revocation list
... issuers can themselves point to a revocation list within the credential
Kim Hamilton Duffy: Within VC data model, the URI is being used as an identifier. How are you approaching identity with this implementation? DID-web... ✪
Anthony Camilleri: Current version - eIDAS provides a scheme for identifiers for legal and natural persons ✪
... relevant data for each person type published in URI (not dereferencable)
... would like to be able to offer DIDs that are linked to eIDAS
Kim Hamilton Duffy: Outreach is compelling though this approach ✪