Add `dpv:AgeVerification` as a purpose concept

[besteves4]

It would be nice to have dpv:AgeVerification as a purpose concept for websites that need age data to ensure minors are not exposed to inappropriate online content.

I'm not sure if it should be narrower than dpv:IdentityVerification or if it should be at the same level and thus narrower than dpv:EnforceSecurity.

[bact]

Do we need to differentiate between these two?:

1) dpv:AgeVerification: to verify if an age is at a specific value

• Need to know age data 2) dpv:AgeRequirementVerification: to verify if an age meets an age requirement (higher / lower / in range of specific value(s))
• Don't have to know age data

For example, if one have a driving license it can be infer that that person is at least X years old. This fact of a person possesses something (which itself has an age requirement) can be use for age requirement verification without the need to ask for age data.

[besteves4]

I don't think we need both, you can specify whether you want generic age data or a specific value or range with DPV-PD using Age, AgeExact or AgeRange. The purpose will always be to do age verification even if you infer the age from a piece of data that is not "age data". That way the purpose stands on its own -- does not depend on whether you use a certain data type.

[TallTed]

Most attempts at age verification are problematic. The best I've yet seen is currently running as TruAge in the US, which is primarily focused on and driven by convenience stores (that commonly sell age-restricted things like alcohol, pornography, cigarettes, etc.). I don't know that this is currently adaptable/adapted for online use by arbitrary web surfers, but perhaps it could be... @msporny might be able to provide some insight on this.

[coolharsh55]

Hi, I agree with @besteves4 comment about the purpose. To include what @bact describes as the distinction between exact age (e.g. 21) verification and age status (e.g. adult), we can have text in the description of the purpose. I also propose we have Verification be a purpose under which InformationVerification and AgeVerification can be situated. Other verifications will also arise in due time, e.g. accuracy verification - so this would be the way to organise them.

Term: AgeVerification Subtype of: Verification Description: Purposes associated with verification of age whether as an exact number (e.g. 21 years) or a condition (e.g. above 18 years) or through evidence associated with age (e.g. has a driver's license)

This is a placeholder description. I think ISO is currently working on an age assurance standard - so I'll see the final definitions once they have been published.

[besteves4]

@coolharsh55 agreed! You meant that IdentityVerification and AgeVerification would be a type of Verification right? Also, would Verification be a type of EnforceSecurity or a high level concept just below Purpose? Looking at the definition of EnforceSecurity it seems to make sense to maintain the Verification concepts under it.

[coolharsh55]

Also, would Verification be a type of EnforceSecurity or a high level concept just below Purpose?

Yes, for now it should be under EnforceSecurity. Re-organisation of the entire taxonomy structure (e.g. adding a Governance high-level purpose) can be for the next major version. Also gives us time to have these discussions about what we're trying to do exactly.

[msporny]

@TallTed wrote:

Most attempts at age verification are problematic.

Yes, agreed, please tread carefully... some of the vocabulary terms you're defining here are known anti-patterns. I'm one of the Chief Architects of the TruAge system and the open standards work (standardized at Conexxus).

https://www.conexxus.org/resources/age-verification-initiative

Retail standard specification available here:

https://www.conexxus.org/resources/conexxus-age-verification-specification-v11

The TruAge digital age verification went into production in January 2023 (over a year ago) and covers 150,000 retail locations in the US. It is designed to be strongly privacy preserving, even to the point of preventing a retailer from being able to track an individual from store to store (even within the same retail brand). The standards WG discussed some of the concepts that you seem to be defining above and came to the conclusion that some of them are privacy anti-patterns (like asking for a specific age).

We do have an RDF vocabulary defined here (if you're interested in the concepts that we did end up standardizing):

https://w3id.org/age/

I don't know that this is currently adaptable/adapted for online use by arbitrary web surfers, but perhaps it could be... @msporny might be able to provide some insight on this.

It is usable in online scenarios.

In a more broad sense, this is the first I've heard of this CG, but it looks like you're doing interesting and relevant work. Specifically, the W3C Verifiable Credentials Working Group would be looking for something like DPV for use in a Verifiable Credential query language (like Verifiable Presentation Request). Is that something this group is looking into?

[coolharsh55]

Hi. Thanks for the caution. For DPV, we are really only looking to provide a single term for 'purpose' stating the goal is to do age verification. We can point to this and other works for further description/implementation.

Other groups like ODRL or Verifiable Credential are orthogonal to this work in the sense that they can use DPV to represent information in their respective data structures, and yes we would like to have some alignment or links between them.

[coolharsh55]

Hi. I have added the following as a proposed concept:

• Term: AgeVerification
• Label: Age Verification
• Description: Purposes associated with verifying or authenticating age or age related information as a form of security
• Parent: dpv:Verification
• Type: dpv:Purpose
• Comment: Age Verification can include verification of the exact age, e.g. being 21 years old, a date, e.g. birth date is 01 January 1969, or a condition, e.g. age is over 21 years and the person is an adult. Specific dedicated resources should be used to further express information and processes associated with Age Verification, for example the Age Verification Vocabulary https://w3id.org/age/

[msporny]

I have added the following as a proposed concept

Excellent, that looks good. Thank you! :)

[bact]

Maybe of interest for people in this issue. A study on age verification and fundamental rights.

https://www.greens-efa.eu/en/article/document/trustworthy-age-assurance