The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2020-07-21

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2020Jul/0062.html
Topics
  1. Introductions and Re-Introductions?
  2. Action Items
  3. Credentials not in JSON
  4. Updates on Secure Data Storage on DIDComm
Organizer
Wayne Chang, Heather Vescent, Kim Hamilton Duffy
Scribe
Markus Sabadello
Present
Wayne Chang, Markus Sabadello, Heather Vescent, Joe Andrieu, Sam Curren, Geun Hyung, Simone Ravaoli, Dmitri Zagidulin, Christopher Allen, Manu Sporny, Kim Hamilton Duffy, Dave Longley, James Chartrand, Brent Zundel, Nacho Alamillo, Juan Caballero, Kerri Lemoie, Lluís Alfons Ariño, Jonathan Holt, William OKeefe, Anthony Camilleri, William Claxton, Adam Lemmon, Ganesh Annan, Jeff Orgel, Nate Otto, Orie Steele, Anil John, Kaliya Young, Chris Winczewski, Erica Connell, Adrian Gropper
Audio Log
Manu Sporny: Also, Kim did all of the work.
Juan Caballero: Big thanks to markus for scribing
Markus Sabadello: Scribe+
Heather Vescent: Thanks to the scribe on last week's call [scribe assist by Markus Sabadello]

Topic: Introductions and Re-Introductions?

Juan Caballero: Nacho alamillo
Nacho Alamillo: I'm on a team working on eIDAS, now part of a legal team looking at signatures on VCs. [scribe assist by Markus Sabadello]
Heather Vescent: Jonathan_holt do you want to re-introduce yourself? [scribe assist by Markus Sabadello]
Nacho Alamillo: Thanks, Chris
Jonathan Holt: I'm a physician by training, trained in clinical informatics. Worked on a series of companies. Now CMIO at Consensys Health. [scribe assist by Markus Sabadello]
William Claxton: William from Brussels, project manager on project EuroPass, run by the E.U. commission. Some of my colleagues are also on this call today. We are interested in cooperation between EuroPass and W3C [scribe assist by Markus Sabadello]
Manu Sporny: So awesome to have Nacho and William here on the call today! :)
William Claxton: EuroPass is project related to skills and qualifications, building tools and standards to implement skills and qualifications across the E.U. [scribe assist by Markus Sabadello]
William Claxton: Our guiding principle is that what we do should be W3C compliant. [scribe assist by Markus Sabadello]
William Claxton: Thanks for inviting us to the call. [scribe assist by Markus Sabadello]
Lluís Alfons Ariño: Lluís Ariño
Lluís Alfons Ariño: I am one of the two convenors of the diploma use case. Related to what William introduced, we will use EuroPass. [scribe assist by Markus Sabadello]
Heather Vescent: Topic: Announcements and reminders. [scribe assist by Markus Sabadello]
Markus Sabadello is scribing.
Heather Vescent: This is the 6th weeks of Identiverse, I just recorded a video for that. It will go on for another 2 weeks. Registration is free. There are a lot of really cool sessions.
Jeff Orgel: Amen to the Henry point of view!!
Heather Vescent: We have a few recurring CCG meetings. This here is our regular CCG call.
Heather Vescent: We also have a VC for Education Task Force call, headed by dmitriz and kimhd
Heather Vescent: We also have DID Resolution calls on Mondays.
Dmitri Zagidulin: I think Heather means someone else - I am merely attending the VC Edu calls occasionally
Heather Vescent: And the third one is the Secure Data Storage call, on Thursdays.
Dmitri Zagidulin: Yeah that's em!
Dmitri Zagidulin: Me
Heather Vescent: Sorry dmitriz you are on the Secure Data Storage call, not VC for Education Task Force.

Topic: Action Items

Heather Vescent: Kimhd do you want to give an update on Action Items?
Kim Hamilton Duffy: Regarding https://github.com/w3c-ccg/community/issues/143, we closed that on last week's call, chairs will act on it this week.
Kim Hamilton Duffy: Thanks to Orie_ , we got some insight into community group licenses.
Kim Hamilton Duffy: There are two take aways: 1. We have an increasing amount of work items related on sample implementations. The community license doesn't really cover work like this.
Kim Hamilton Duffy: This license is about specs and test suite, but may not be suitable for all implementations
Kim Hamilton Duffy: Orie_ suggested Apache2, the chairs need to follow up on this
Kim Hamilton Duffy: The default LICENSE.md we include in repos is missing the full text of the W3C's recommend CG license
Kim Hamilton Duffy: We need to update all the existing repos accordingly
Kim Hamilton Duffy: We will try to make it easier to do the right thing going forward, so things are set up correctly
Orie Steele: Yes, thanks to Kim for tracking this down!
Heather Vescent: Thanks kimhd for your diligent follow-up on the licensing topic, this is hard work that gives clarity
Heather Vescent: We will start now with the "Credentials not in JSON topic"

Topic: Credentials not in JSON

Kim Hamilton Duffy: I will go through my slide deck quickly, so we can then get everyone to contribute their part
Kim Hamilton Duffy: Please open above link, I will walk through it
Kim Hamilton Duffy: We had subject matter expects Ignacio Alamillo and Anthony Camilleri who have been very active in this space.
S/expects/experts/
Manu Sporny: Slide 2
Heather Vescent: Noise?
Kim Hamilton Duffy: We have the VC in Educations task force. One of our topics is to come up with examples that can be used in pilots.
Heather Vescent: Voip noise?
Kim Hamilton Duffy: There is however a lot prior work on educational data standards.
Kim Hamilton Duffy: But for using these, one challenge is that we need to work with XML
Kim Hamilton Duffy: The goal is to try to find possible solutions
Kim Hamilton Duffy: In contrast to other use cases, in this are there is a lot of precedent of Linked Data use, e.g. for competencies definitions.
Kim Hamilton Duffy: All of this work enables alignment and transferability
Kim Hamilton Duffy: One example application is Credential Finder
Kim Hamilton Duffy: There is also a lot of precedent in the European Qualification Framework, there is a lot of work on alignment of different levels of achievements.
Kim Hamilton Duffy: There is also LER Hub, which is gathering resources.
Kim Hamilton Duffy: If your degree data is outdated, it limits your capabilities, so this is about empowering people.
Kim Hamilton Duffy: The idea that records need to be portable is becoming more important.
Kim Hamilton Duffy: There is a lot of existing work in XML, what do we do with it? Two examples.
Kim Hamilton Duffy: Example 1: EDCI... Mapped the VC data model to XML.
Kim Hamilton Duffy: Currently VC has two serializations, but it should be possible to support others.
Manu Sporny: Very happy that EDCI authors are on the call today so we can talk about this... think there is a better solution.
Manu Sporny: (That is just a slight change from what they're doing)
Kim Hamilton Duffy: Why did they do it? There are eIDAS digital signature requirements. There's a need to use XML.
Kim Hamilton Duffy: VC data model does not currently define an XML serialization.
Manu Sporny: Noooo, XML jamming!
Kim Hamilton Duffy: Example 2: A common way to express transcripts on the college and high school level. Done in XML.
Manu Sporny: I mean, XML Jamming works...
Kim Hamilton Duffy: In our VC for Education group, what guidance do we give? What's okay as a short time measure?
Kim Hamilton Duffy: Other options we have not seen yet are mapping XML to JSON or JSON-LD. We haven't seen this yet but it has been discussed. This needs discussion by the standards group.
Kim Hamilton Duffy: Given there are different requirements, e.g. in the case of eIDAS, this may support one solution over another.
Kim Hamilton Duffy: (Showing slide 8 now)
Kim Hamilton Duffy: Say that we did support XML as a VC serialization. Then what about the legal signature requirements?
Kim Hamilton Duffy: I'd like to invite our legal experts to give context.
Kim Hamilton Duffy: NachoAlamillo and larinyo ?
Kaliya Young: Present_
Lluís Alfons Ariño: Nacho speaking
Kaliya Young: Can you please re-share the link to she slides :)
Nacho Alamillo: In the EU we have the regulation that supports the movement of legal documents between member states. There is a regulation that define the syntax formats. There are specifications for advanced signatures. If you use any format in the E.U. decision, any member state will recognize it.
Nacho Alamillo: Right now, we have 4 technical formats which are recognized.
Lluís Alfons Ariño: CADES
Lluís Alfons Ariño: PADES
Lluís Alfons Ariño: I know Nacho ;-)
Nacho Alamillo: You have a lot of freedom to use these profiles with respect to content. You don't have to go through XML serialization.
Nacho Alamillo: (Discussing features of the different formats)
Nacho Alamillo: It doesn't preclude you from using non-XML formats for the signatures.
Manu Sporny: JADES
Nacho Alamillo: We are also working in EBSI, inside the technical committee, we are working on a new technical specification (JADES - JSON Advanced Electronic Signatures)
Juan Caballero: !!!
Nacho Alamillo: This specification is still non-public, but it may be possible to share it in a limited scope
Nacho Alamillo: This is eIDAS in JSON format. We extends JSON Web Signatures by defining additional header parameters.
Lluís Alfons Ariño: Jades is been work in ETSI (not in EBSI)
Nacho Alamillo: We are doing something similar for JWS as we have already done with XML.
Orie Steele: You can use JWS in LD Proofs..
Nacho Alamillo: We can align JWS with eIDAS
Orie Steele: https://github.com/w3c-ccg/lds-jws2020 ( this used detached JWS, which does support a JWS header)
Nacho Alamillo: You can use JADES to sign the VC, without transforming it to XML.
Nacho Alamillo: You can also use JADES with a special transformation method
Nacho Alamillo: We have to wait for JADES to get approved
Nacho Alamillo: Hopefully we will have a first version of it this year.
Lluís Alfons Ariño: EBSI eIdas Bridge
Nacho Alamillo: In the regulation, it's also possible to support different methods to validate signatures. We have explored this in the EBSI project, there is work happening on an eIDAS bridge. I have written about this is in my legal report.
Lluís Alfons Ariño: Anthony speaking now
Lluís Alfons Ariño: There is a different between draft standards and it actually being available to public administrations. You would probably talk about 3-5 years of lag before this hits the type of production we are talking about.
Lluís Alfons Ariño: In the meantime, in the meantime, Europe has built its educational infrastructure on XML, e.g. for exchanging student data in XML.
Lluís Alfons Ariño: I've been heading one of those, trying to express VCs and XML
Lluís Alfons Ariño: 4 Signature formats: Digital signature : XAdES, CAdES, PAdES and ASiC-S/ASiC-E
Lluís Alfons Ariño: The reason I'm giving this information, this is all standardization work. We are aiming for two things. We hope to have an XML recommendation from VC Task Force that would allow us to say that we can be in line using XML, but probably will want to change to JSON over time.
Lluís Alfons Ariño: We are talking about issuing credentials in the millions.
Lluís Alfons Ariño: We woud like an XML namespace dedicated to VCs.
Lluís Alfons Ariño: Second, it would be very very nice to be able to have a schema definition file that says this is a recommended implementation of VCs in XML.
Lluís Alfons Ariño: I'm not technical enough to talk about XML vs. RDF/XML, but a high level message is that it will be preferable to have a schema definition recommended by the CG.
Kim Hamilton Duffy: Back to you heathervescent for queue management
Orie Steele: This is really exciting work, I have done some experiments converting JSON-LD VCs to XML and back. Depending on your tolerance, there are mechanisms for converting. There are similar mechanisms for binary representations.
Orie Steele: We can rely on JSON-LD vocabularies, and then convert to other serializations. The advantage is that you don't have to repeat vocabularies in each seralization, but only have to do it once.
@Orie we are seeing similar things dealing with conversions between xml and jsonld in particular for supply chain and retail legacy formats
Manu Sporny: First, thank you William NachoAlamillo larinyo for being here, this is very important and this group cares deeply. Second, this is the right place, there is a lot of experience in this group, please continue to engage with it.
Manu Sporny: Also, work that happens here (e.g. XML serialization of VCs) can then go into the VC Maintenance WG.
Manu Sporny: Regarding what to specifically work on, I heard each of you mention two primary thigns.
Manu Sporny: One is a requirement for a clean XML representation. The second has to do with digital signature formats that you just outlined.
Manu Sporny: Ideally we would provide a profile that matches well with XML. One failure scenario would be to try to support absolutely everything.
Manu Sporny: There would be too many options, we should reduce optionality.
Manu Sporny: The other important thing, as Orie_ mentioned, a few of us have been working on converting VCs into other formats, e.g. CBOR or XML.
Nacho Alamillo: Agree. In fact, the idea of having advanced electronic signature "baseline" profiles is to reduce complexity, yes
Manu Sporny: There are some common design patterns we can use for full round-tripping.
Manu Sporny: What we would need to know is feedback on the XML format, what should it look like. And we need to understand the exact requirements for the digital signatures.
Manu Sporny: Yes, let's keep it simple!
Kim Hamilton Duffy: I don't have anything, I was just wanting to queue up Nacho and Anthony before they have to drop :)
Lluís Alfons Ariño: If there is openness to support XML, it may actually be quite simple.
Manu Sporny: For example: Go to XML, use XADES.
Lluís Alfons Ariño: We have a lot of documentation on all of this
Nacho Alamillo: We should go for JADES for the baseline standard.
Nacho Alamillo: We don't believe in issuing VCs in PDF (using PADES)
Xml .... lots of possibilities...
Manu Sporny: Thanks a lot to kimhd for putting the slide deck together
Heather Vescent: +1 Thank you Kimhd!
Manu Sporny: If we can take PADES off the table, that's good since it's one option less we need to consider.
Manu Sporny: Did you say XADES or JADES are already a standard? If we can focus on of those, it should be achievable.
Manu Sporny: Potentially we could even get it on standard track.
Juan Caballero: XADES = standard, JADES = coming soon
Nacho Alamillo: Yes, today's solution should be based in XAdES
Juan Caballero: If i understood currently
Lluís Alfons Ariño: Right, today: XML+Xades
Manu Sporny: I'm hearing a strong requirement to encode in XML. If that's a hard requiement, then maybe what we should do is an XML serialization. I'm not sure if this is the preference
Juan Caballero: (Also Manu's explicit pronunciation of X-ADES is helpful :D )
Lluís Alfons Ariño: This was my preference
Nacho Alamillo: Mine too
Anil John: I want to get a sense from you kimhd if there are any current examples of education credentials, e.g. a university degree.
Anil John: We are about to come out with a prize competition for a digital wallet UI, I've been talking to U.S. Department of Education.
Anil John: I'm a student looking for an employer. The employer needs both a Permanent Resident Card, and a University degree.
Anil John: We have already worked on the Permanent Resident Card, but I'm looking for an example of a university degree.
Kim Hamilton Duffy: Unfortunately no good examples exist yet, but see this document above.
Kim Hamilton Duffy: People from the relevant bodies are very supportive and are helping us going through the data modeling process. The understanding has to be that anything in here is a draft.
Kim Hamilton Duffy: The other goal is allow pilots to be unblocked and get started.
Heather Vescent: Also thank you from my part to everyone who spoke and contributed today.

Topic: Updates on Secure Data Storage on DIDComm

Sam Curren: Yes
Orie Steele: The SDS Working Group is a joint effort between W3C and DIF. The purpose is to support the concept of data storage that's associated with DIDs.
Orie Steele: The use cases are things like storing wallet contents, storing things associated with a DID, sharing access between DIDs.
Orie Steele: It's a generic data structure, not limited to DIDs.
Orie Steele: The work is ongoing, there have been two primary input documents. 1. Encrypted Data Vault spec at W3C CCG, 2. Identity Hub spec developed at DIF.
Orie Steele: Those are similar in some ways, different in other ways. The SDS Working Group is still working through the differences, the interfaces, etc.
Orie Steele: EDVs are for storing encrypted data. Identity Hubs have a lot of public data use cases.
Orie Steele: We will eventually see deeper integration between those interfaces and other standards happening out there.
Sam Curren: See this link for a quick overview of the DIDComm Working Group
Sam Curren: Provide secure communication with trust rooted in DIDs. This originated in Hyperledger Aries.
Sam Curren: We've made good progress. See slide 4 for a layer map.
Sam Curren: Related work includes JWM, ECDH-1PU
Sam Curren: It's transport-agnostic, can work via HTTP, WebSocket, QR Code.
Sam Curren: Last slide, join us on our calls, we have recordings.
Heather Vescent: Thanks all for the call, next week we will have a presentation by GS1.