The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group


Welcome to the Verifiable Claims Task Force

The goal of this task force is to determine if a W3C Working Group should be created to standardize technology around a verifiable claims ecosystem (aka: credentials, attestations).

The Task Force is actively engaging a diverse set of participants1 in a neutral group to discuss use cases (such as enrollment) and the problem area in general. The group is documenting and analyzing concerns raised in various fora around the value-add that W3C could provide around verifiable claims that are user-centric.

1 Participants are expected to be invited from organizations like W3C, IETF, IMS Global, claims issuers, identity providers, claims consumers, the Credentials CG, the general public, and a variety of other organizations and individuals that have shown interest in the space.

Problem Statement

There is currently no widely used user-centric standard for expressing and transacting verifiable claims (aka: credentials, attestations) via the Web. Data has been gathered demonstrating a desire to create such an interoperable ecosystem around the expression and transmission of verifiable claims.

These problems exist today:

  • In existing service-centric architectures, identity services inject themselves into every relationship in the ecosystem. This means users can't easily change their service provider without losing their digital identity. This leads to vendor lock-in, identity fragility, reduced competition in the marketplace, and reduced privacy for all stakeholders.
  • There is no interoperable standard capable of expressing and transmitting rich verifiable claims that cuts across industries (e.g., finance, retail, education, and healthcare). This leads to industry-specific solutions that are costly, inefficient, proprietary, and inhibit users' ability to manage their digital identities in a cohesive way.
  • There is no standard that makes it easy for users to assert their qualifications to a service provider (e.g. I am a citizen of the USA, I am a board-certified doctor, etc.).

Scope

The following items are in scope:

  • Discussion related to the problem statement.
  • Background research and documentation on current technologies and approaches used to address the problem statement.
  • Interviews with industry experts about the problem statement.
  • Formulation of plans for a W3C Working Group (if one is desired).

The following item has been identified as out of scope for the Task Force:

  • Making any decisions on the "correct" set of technologies to use to solve the problem. However, discussion related to technologies that exist and how they could be applied to the problem are in scope.

Success Criteria

The task force will be considered successful if:

  • it produces clear documentation demonstrating that W3C cannot add value in this area, or
  • it produces clear documentation demonstrating that W3C can add value in this area. The documentation should also support the creation of a W3C Working Group charter to address the problem statement identified in this proposal.

Weekly Telecons

The group meets regularly on Tuesdays at 11am ET (meeting archives). A typical meeting will have an agenda that is posted to the mailing list at least 24 hours prior to the call. There are no costs associated with joining the group or limitations on who may join the teleconference as long as they agree to contribute productively to the discussion.

Next Meeting:
Time: 1600 UTC / 8am San Francisco / 11am Boston / 4pm London
SIP: sip:vctf@96.89.14.196 (Windows / Mac OSX: use Blink, Linux: use Linphone)
Phone: +1.540.961.4469 x6306
IRC: irc://irc.w3.org:6665/#vctf (connect via Web IRC)
Duration: 60 minutes

Make sure you have a good headset with a microphone as any background noise is distracting to others during the call. If there is excessive noise on your connection, you will be muted until you need to speak. If you cannot get SIP to work for you, there is an emergency dial-in number. If you use this number regularly, you will be expected to reimburse the group for call charges. SIP is free for both the caller and the callee - use it. Emergency dial-in number: +1.540.961.4469 x6306

Definitions

verifiable claim
a cryptographically non-repudiable set of statements made by an entity about another entity.
user-centric
a system that places people and organizations in the center of an ecosystem. To understand more about this design choice, read about its ramifications.
service-centric
a system that places services in the center of an ecosystem. To understand more about this design choice, read about its ramifications.

Ramifications of User-Centric vs. Service-Centric Ecosystems

A verifiable claims ecosystem that is user-centric has the following qualities:

  • Users are positioned in the middle between issuers and consumers.
  • Users receive and store verifiable claims from issuers through an agent that the issuer does not need to trust.
  • Users provide verifiable claims to consumers through an agent that consumers needn't trust; they only need to trust issuers.
  • Verifiable claims are associated with users, not particular services; users can decide how to aggregate claims and manage their own digital identities.
  • Users can control and own their own identifiers.
  • Users can control which verifiable claims to use and when.
  • Users may freely choose and swap out the agents they employ to help them manage and share their verifiable claims.
  • Does not require users that share verifiable claims to reveal the identity of the consumer to their agent or to issuers.

A verifiable claims ecosystem that is service-centric has the following qualities:

  • Services are positioned in the middle between issuers, users, and consumers.
  • Users receive and store verifiable claims from issuers through an agent that the issuer must trust, or they must be the same entity.
  • Users provide verifiable claims to consumers through an agent that consumers must trust.
  • Verifiable claims must be associated with services, fracturing a user's digital identity potentially against their desire.
  • Services control and own their user's identifiers.
  • User's verifiable claims are locked in agent silos.
  • Requires users that share verifiable claims to reveal the identity of the consumer to their agent and issuers.
  • Consumers may have to register with user's agents to consume verifiable claims.

Stakeholders and Benefits

Stakeholder categories are listed below along with a few examples of stakeholders that have expressed interest in participating in this work. The benefits associated with each stakeholder given a user-centric system are also provided.

  • Issuers provide verifiable claims to people and organizations (e.g. ETS, Pearson, Walmart, Verisys, Target, NACS (retailers), New Zealand Government, Bloomberg, and IMS Global member companies). A user-centric system provides the following benefits:
    • Level competitive playing field (not just a few super-providers)
    • Ability to participate in a broader ecosystem resulting in common tooling to issue verifiable claims
    • Avoidance of vendor-specific solutions and lock-in
    • Potential for reduced infrastructure needs due to user-centric architecture
  • Curators store and curate verifiable claims on behalf of people and organizations (e.g. Accreditrust, Verisys, Bill and Melinda Gates Foundation, and Deutsche Telekom). A user-centric system provides the following benefits:
    • Level competitive playing field (not just a few super-providers)
    • Ability to participate in a broader ecosystem resulting in common tooling to store verifiable claims
    • Higher-stakes verifiable claims being stored resulting in more value-added services
  • Consumers request verifiable claims from people and organizations in order to give them access to protected resources (e.g. Walmart, Target, NACS (retailers), Bloomberg, New Zealand Government, Education Institutions (IMS Global member companies), Financial Institutions, and customers of Issuers today). A user-centric system provides the following benefits:
    • Ability to participate in a broader ecosystem resulting in common tooling to consume verifiable claims
    • Richer set of verifiable claims to choose from, resulting in better understanding of the customer
    • Increased ability and choice to trust authenticity of verifiable claims
  • People receive verifiable claims from issuers, store them at curators that they trust, and provide them to consumers in order to get access to protected resources (e.g. Citizens, Employees, Professionals, Aid Recipients, Legal Guardians, and Property Owners). A user-centric system provides the following benefits:
    • No identity provider lock-in
    • Digital claims that can be used in more than one location
    • Ability to aggregate verifiable claims as cohesive digital identities
    • Privacy-enhanced sharing mechanism
    • Control of confidential information
    • Elimination of repetitive input at websites
    • Reduction in the need to input personally identifiable information (PII)
    • Better usability for sites that need to collect data to perform checks (regulatory compliance)
    • Cost-reductions through verifiable claim persistence and machine verifiability

Task Force Operation

The Verifiable Claims Task Force will:

  • encourage participation from at least the stakeholders identified in this proposal
  • ensure Task Force participation is open to the public; the only requirement is constructive input
  • have individual recorded interview calls at times that work for the interviewees
  • have weekly calls starting on Tuesdays at 11am ET (but could be rescheduled for other times that work better for participants)
  • work on completing the identified deliverables
  • will report its findings to the WPIG by early February

Deliverables

At least the following deliverables have been identified by the Verifiable Claims Task Force:

  • Recorded interviews around the problem statement with: Brad Hill, Dick Hardt, Jeff Hodges, Karen O'Donahue, Harry Halpin, Tony Arcieri, David Chadwick, David Singer/Magda, Mike Schwartz, Christopher Allen
  • Technology comparisons between at least these existing technologies: OpenID Connect, SAML, Identity Credentials
  • Identify benefits to financial, education, and healthcare industries
  • A Verifiable Claims Use Cases document
  • A Verifiable Claims Vision document (optional)

If W3C can add value in the space, the WPIG will produce:

  • A widely socialized Verifiable Claims WG charter
  • A Verifiable Claims Roadmap document with phases (optional)
View on GitHub