[DRAFT] Verifiable Claims Working Group Charter
The mission of the Verifiable Claims Working Group is to make expressing, exchanging, and verifying claims easier and more secure on the Web.
| Start date | 1 August 2016 |
|---|---|
| End date | 31 December 2017 |
| Confidentiality | Proceedings are public |
| Initial Chairs | TBD; TBD |
| Initial Team Contacts
(FTE %: 50%) |
TBD |
| Usual Meeting Schedule | Teleconferences: Weekly
Face-to-face: 2-3 per year |
Problem Statement
There is currently no widely used user-centric and privacy-enhancing standard for expressing and transacting verifiable claims (aka: credentials, attestations) via the Web.
These problems exist today:
- There is no standard that makes it easy for users to assert their verifiable qualifications to a service provider (e.g. my loyalty card number is X, I have an account at Bank Y, I am over the age of 21, I am a citizen of the USA, I am a Chartered Financial Analyst, etc.).
- In existing attribute exchange architectures (like SAML, OpenID Connect, Login with SuperProviderX, etc.), users do not independently exist from service providers. This means users can't easily change their service provider without losing their digital identity. This leads to vendor lock-in, identity fragility, reduced competition in the marketplace, and reduced privacy for all stakeholders.
- There is no interoperable standard capable of expressing and transmitting rich verifiable claims that cuts across industries (e.g., finance, retail, education, and healthcare). This leads to industry-specific solutions that are costly, inefficient, proprietary, and inhibit users' ability to manage their digital identities in a cohesive way.
Goals
Research into this problem was performed by the Web Payments Interest Group via the Verifiable Claims Task Force. The research findings can be found in the Verifiable Claims Task Force Final Report. The findings suggest that there is consensus to address a @@@narrow set of use cases@@@ around the data model and syntax(es) for expressing verifiable claims as well as an analysis of how the data model and syntax(es) could be combined with existing technology to address the problems listed above.
For more background information about this group, please see @@@the FAQ@@@.
Scope
The Working Group will Recommend:
- a data model and syntax(es) for the expression of rich verifiable claims
- a note specifying how these data models should be used with existing attribute exchange protocols, a recommendation that existing protocols should be modified, or a recommendation that a new protocol is required to address the problems stated earlier in this document.
The Working Group will not:
- Define a new protocol for attribute exchange.
Definitions
- verifiable claim
- A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).
- credential (aka attestation)
- A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.
Security and Privacy Considerations
Security is obviously critical for verifiable claims.
The Working Group will work with the organizations listed in the liaisons section of the charter to help ensure data model and document security.
Protection of the privacy of all participants in a credentials ecosystem is essential to maintaining the trust that credential systems are dependent upon to function. A credential format defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a loyalty program) by the owner of the information. The design of any data model and format should guard against the unwanted leakage of such data through exploitation of the API.
Deliverables
Verifiable Claims Data Model and Syntax Recommendation
This Recommendation will define or identify a:
- Data Model: for expressing rich verifiable claims in a semantically extensible way.
- Syntax(es): that are machine-readable and capable of expressing the data model across a variety of formats.
- Signature Mechanism(s): that are capable of protecting the verifiable claims from attack such that the claims can be trusted by consumers of those claims.
Verifiable Claims Implementation Guidance
This NOTE will define or identify:
- How the data model and syntax can be used with existing attribute exchange architectures to address all of the problems stated in this document, or
- How the data model and syntax can be used with a set of modifications to existing attribute exchange architectures, or
- If a new attribute exchange protocol is needed and if so, requirements for that protocol to address the problems identified in this document.
Process and Planning
Preference for Community Developed Specifications
The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions.
Interoperability Success Criteria
The Working Group will fulfill the implementation experience required by the W3C Process as follows:
- The Working Group will develop test suites for Recommendation-track specifications.
- The group will seek independent interoperable implementations by two software libraries..
- For any implementation cited to establish interoperability success, the Working Group will work with the WAI Protocols and Formats Working Group (or its successor) to help communicate accessibility issues to the developers.
Milestones
| Note: The group will document significant changes from this initial schedule on the group home page. | ||||||
| Specification | FPWD | CR | PR | Rec | ||
|---|---|---|---|---|---|---|
| Verifiable Claims Data Model and Syntax(es) | October 2016 | March 2016 | June 2017 | November 2017 | ||
| Verifiable Claims Implementation Guidance | March 2016 | (NOTE) November 2017 | ||||
Dependencies and Liaisons
Web Payments Interest Group
Other W3C Groups
- Internationalization Core Working Group
- Internationalization and localization review.
- Privacy Interest Group
- For privacy reviews.
- Protocols and Formats Working Group (and successor)
- To help ensure the protocols provide support for accessibility to people with disabilities.
- Web Application Security
- For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
- Web Applications Working Group (and successor)
- For review of JavaScript APIs.
- Credentials Community Group
- Research and incubation of ideas for consideration by this group.
- Web Security Interest Group
- For security reviews.
This group will also collaborate with future W3C Working Groups developing authentication protocols.
Groups Outside W3C
- ASC (Accredited Standards Committee) X9
- Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).
Participation
To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration. Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.
Communication
This group primarily conducts its work on the public mailing list public-@@@-wg@w3.org (archive). Administrative tasks may be conducted in Member-only communications.
Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Verifiable Claims Working Group home page.
Decision Policy
As explained in the Process Document (section 3.3), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.
Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.
Patent Policy
This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.
For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.
Licensing
This Working Group will use the W3C Software and Document license for all its deliverables.
About this Charter
This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
Development of this charter was supported in part by the European Union's 7th Research Framework Programme (FP7/ 2013-2015) under grant agreement nº611327 - HTML5 Apps.
Participants of the Verifiable Claims Interest Group
See the the Editor's Draft of the charter.
Copyright © 2015 W3C ® (MIT, ERCIM, Keio, Beihang), All Rights Reserved.
$Date: 2016/01/25 21:44:58 $