search

w3c-ccg / community

COMMUNITY: W3C Credentials Community Group Community Repo
https://w3c-ccg.github.io/community
Other
42 stars 6 forks source link

Define a Verifiable Credential Evidence property for the OpenID Connect Identity Assurance specification #239

Open David-Chadwick opened 1 year ago

David-Chadwick commented 1 year ago

New Work Item Proposal

Include Link to Abstract or Draft

The current draft specification is available here

https://docs.google.com/document/d/1htujrb-_1kh8tkV4MXYRmZ44m_D7yFrY09aFJkAz7io/

List Owners

The people who will be responsible for progressing this work item are

David Chadwick, Crossword Cybersecurity david.chadwick@crosswordcybersecurity.com Mark Haine, Considrd.Consulting mark@considrd.consulting

Work Item Questions

  1. Explain what you are trying to do using no jargon or acronyms.

The W3C Verifiable Credentials Data Model defines the Evidence property as "Evidence can be included by an issuer to provide the verifier with additional supporting information in a verifiable credential. This could be used by the verifier to establish the confidence with which it relies on the claims in the verifiable credential." Each Evidence property is specified by defining its globally unique type (specified as a URI) followed by any specific properties required by this type.

The OIDF "OpenID Connect for Identity Assurance 1.0" draft specification, available here: https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html has defined the data model for making statements about the verification status of the claims transferred in OpenID Connect.

This proposal will use the verification statements defined by OpenID for Identity Assurance to apply to the claims made by the verifiable credential issuer about the subject of the verifiable credential. This will require a unique Evidence type to be defined for OpenID4IA, followed by the verification statements.

  1. How is it done today, and what are the limits of the current practice?

This is not being done today as no Evidence property types have been defined.

  1. What is new in your approach and why do you think it will be successful?

This proposal is taking two standards, namely W3C Verifiable Credentials Data Model and OIDF OpenID Connect for Identity Assurance, and defining how the latter can be used to provide Evidence about the verifiable credential subject's claims that are being asserted by the VC issuer.

  1. How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: the Americas, APAC, Europe, Middle East.)

Many different experts from a wide range of organisations have been involved in specifying the OpenID Connect for Identity Assurance draft specification. Appendix B (https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#section-appendix.b) of this document lists over 25 experts.

Similarly many different experts have been involved in specifying the W3C Verifiable Credentials Data Model.

The current work item welcomes any of the above, and indeed anyone from the CCG, to contribute to how these two standards might leverage each other, as is being proposed here.

  1. What actions are you taking to make this work item accessible to a non-technical audience?

Both standards have already been widely publicised at conferences such as EIC 2022 and Identiverse (e.g. see https://www.youtube.com/watch?v=ZSGyav5w34U). Furthermore the OIDF has widely publicised its call for action, available here: https://openid.net/2022/08/25/oidc4ida-overview-call-to-action/

mprorock commented 1 year ago

Once we can review the draft of what you are thinking we will review and get some thoughts back in

David-Chadwick commented 1 year ago

Oops! Sorry I thought the google doc was already public read access. Working on it now

creatornader commented 1 year ago

Hey just checking in if a formal work item has been established yet? @David-Chadwick mentioned it on the meeting minutes and wasn't sure if I missed something.

David-Chadwick commented 1 year ago 
You have not missed anything. No progress has been made since
  then
Kind regards
David

On 08/03/2023 17:45, Nader Helmy wrote:

  Hey just checking in if a formal work item has been
    established yet? @David-Chadwick mentioned it on the
    meeting minutes and wasn't sure if I missed something.
  —
    Reply to this email directly, view it on GitHub, or unsubscribe.
    You are receiving this because you were mentioned.Message
      ID: ***@***.***>
  [

{ @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/w3c-ccg/community/issues/239#issuecomment-1459460257", "url": "https://github.com/w3c-ccg/community/issues/239#issuecomment-1459460257", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

wip-abramson commented 5 months ago

What is the status of this proposal currently @David-Chadwick, is it still active?

David-Chadwick commented 4 months ago

Yes it is still active. The extension has been added to the VC Specifications Directory, but it needs a W3C CCG spec to point to, rather than a private document

wip-abramson commented 4 months ago

So this is an in progress work item? Or is it a proposed work item that is looking for CCG member support?

Just checking the tags are correct. Perhaps we can discuss it at the start of one of our meetings

David-Chadwick commented 4 months ago

I believe it is the latter - a proposed work item that is looking for CCG member support