[EDITOR'S DRAFT] Verifiable Claims Working Group Charter

It is currently difficult to ~~transmit~~ express banking account information, education qualifications, healthcare data, and other sorts of machine-readable personal information that has been verified by a 3rd party ~~via~~ on the Web. These sorts of data are often referred to as verifiable claims . The mission of the Verifiable Claims Working Group is to make expressing, exchanging, and verifying claims easier and more secure on the Web.

This draft charter is intended for discussion within the Web Payments Interest Group. It is not yet under consideration by the W3C Membership.

Please send comments to public-webpayments-comments@w3.org

Start date	1 ~~September~~ October 2016
End date	31 ~~December 2017~~ March 2018
Confidentiality	Proceedings are public
Initial Chairs	TBD; TBD
Initial Team Contacts (FTE %: 50%)	TBD
Usual Meeting Schedule	Teleconferences: Weekly Face-to-face: ~~2-3~~ 2 per year

Join the Verifiable Claims Working Group .

Problem Statement

There is currently no ~~widely used~~ self-sovereign and privacy-enhancing standard for expressing ~~and transacting~~ verifiable claims (aka: credentials, attestations) via the Web.

These problems exist today:

There is no standard that makes it easy for users to assert their verifiable qualifications to a service provider (e.g. my loyalty card number is X, I have an account at Bank Y, I am over the age of 21, I am a citizen of the USA, I am a Chartered Financial Analyst, etc.). As a result, manual input and fraud on the Web are higher than desired.
In existing attribute exchange architectures (like SAML, OpenID Connect, Login with SuperProviderX, etc.), users, and their verifiable claims, do not independently exist from service providers. This means users can't easily change their service provider without losing or fragmenting their digital identity. This leads to vendor lock-in, identity fragility (duplication, confusion, and inaccuracy), reduced competition in the marketplace, and reduced privacy for all stakeholders.
There is no interoperable standard capable of expressing ~~and transmitting~~ verifiable claims that cuts across industries (e.g., finance, retail, education, and healthcare). This leads to industry-specific solutions that are costly, inefficient, proprietary, and inhibit users' ability to manage their digital identities in a cohesive way.

Note that while the problem statement above is meant to provide the motivation for the work, that the asserted scope of this proposed charter is more narrow, focusing on the data model and syntax(es). Specifically, the scope has been narrowed by:

Asserting that new transaction protocols for verfiaible claims are out of scope.
Acknowledging that the creation of supporting infrastructure for self-sovereign verifiable claims, other than data model and syntax(es), is out of scope.
Focusing the group on Working Group participant use cases which are expected to center on the education and payments industries.

While the scope is narrow, the Working Group is also expected to not prevent future work that may more fully address the Problem Statement.

Goals

If successful, the Recommendations from this Working Group will increase some areas of interoperability between the entities that issue, store, and inspect verifiable claims.

The first goal is to create a standard way for users to assert their verifiable qualifications to a service provider, producing benefits such as:

Enhancing website usability by removing the need to manually enter verifiable claims.
Improving the detection of fraud, such as false claims and identity theft, by establishing a standard way to cryptographically verify 3rd party ~~claims.~~ claims with respect to the identified use cases .

The second goal is to ensure that users and their claims can be independent from service providers, producing benefits such as:

Improving operational efficiency, by reducing operating costs (for example), for verifiable claim issuers and inspectors as a result of a common set of technology for expressing and verifying claims.
Reducing vendor lock-in by ensuring that verifiable claims are portable from one claims repository to another.
Enhancing some aspects of privacy and unlinkability for the subject of a verifiable claim.

The third goal is to ensure that there is an interoperable standard capable of expressing ~~and transmitting~~ verifiable claims that cuts across at least two industries, producing benefits such as:

Reusability of the machine-readable language that expresses verifiable claims (aka vocabularies) so that a single vocabulary may suit the needs of a ~~broad~~ broader set of stakeholders, and
Extensibility of the vocabularies so that a particular industry vertical may build extensions on top of existing vocabularies to suit their industry-specific needs.
Composability of verifiable claims to express an aspect of one's identity in a granular way.

The standardized technologies will, to the extent to which it is technically feasible, level the playing field for verifiable claims so that small actors or individuals can make use of the technology on the same basis as larger corporations, government, or institutions, without undue or unnecessary barriers.

For more background information about this group, please see the FAQ . There are also a set of focused use cases that are suggested as input to the group.

Scope

The Working Group will Recommend:

a data model and syntax(es) for the expression of verifiable claims, including one or more core vocabularies.
a note specifying how these data models should be used with existing attribute exchange protocols, a recommendation that existing protocols should be modified, or a recommendation that a new protocol is required to address the problems stated earlier in this document.

The Working Group will not:

Define browser-based APIs for interacting with verifiable claims. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
Define a new protocol for attribute exchange. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
Attempt to create supporting infrastructure, other than a data model and syntax(es), for a self-soverign verifiable claims ecosystem.
Attempt to address the larger problem of "Identity on the Web/Internet".

Terminology

verifiable claim: A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).
credential (aka attestation): A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.
self-sovereign: A design principle for verifiable claims where the holder of a verifiable claim is in complete control of their identifier, where their verifiable claims are stored, and how they are used.

Security and Privacy Considerations

In general, the issuers of verifiable claims want to ensure that their reputation is protected, the holders of verifiable claims want to ensure their data is protected, and the inspectors of verifiable claims want to be confident in their claims-based decisions. As a result, both security and privacy are critical for verifiable claims.

From a security perspective it is important that verifiable claims are protected from forgery and that interactions with verifiable claims are protected from bad actors at all stages of the lifecycle.

From a privacy perspective it is important that information that is intended to remain private is handled appropriately. Maintaining the trust of a verifiable claims ecosystem is important. Verifiable claims technology defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a request for information) by the holder of the information. The design of any data model and ~~format~~ syntax(es) should guard against the unwanted leakage of such data.

The Working Group will work with the security and privacy organizations listed in the liaisons section of the charter to help ensure that both security and privacy are considered.

Verifiable claims are made throughout the world and are issued and used by a variety of organizations and people with varying languages and levels of disabilities. The technology developed by the working group must be able to express verifiable claims in a variety of languages and must be able to be used by people with a variety of disabilities.

The Working Group will work with the internationalization and accessibility organizations listed in the liaisons section of the charter to help ensure that both internationalization and accessibility are considered.

Deliverables

Verifiable Claims Data Model and Syntax Recommendation

This Recommendation will define or identify:

A Data Model and Core Vocabularies : for expressing verifiable claims in a semantically extensible way.
Syntax(es) : that are machine-readable and capable of expressing the data model across a variety of formats.
Signature Mechanism(s) : that are capable of protecting the verifiable claims from attack such that the claims can be trusted by consumers of those claims.

Verifiable Claims Implementation Guidance

This NOTE will define or identify:

How the data model and syntax can be used with existing attribute exchange architectures to address all of the problems stated in this document, or
How the data model and syntax can be used with a set of modifications to existing attribute exchange architectures, or
If a new attribute exchange protocol is needed and if so, requirements for that protocol to address the problems identified in this document.

Process and Planning

Preference for Community Developed Specifications

The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions .

Interoperability Success Criteria

The Working Group will fulfill the implementation experience required by the W3C Process as follows:

The Working Group will develop test suites for Recommendation-track specifications.
The group will seek independent interoperable implementations by two software libraries.
For any implementation cited to establish interoperability success, the Working Group will work with the WAI Protocols and Formats Working Group (or its successor) to help communicate accessibility issues to the developers.

Milestones

Specification	FPWD	CR	PR	Rec
Note: The group will document significant changes from this initial schedule on the group home page.
Verifiable Claims Data Model and Syntax(es)	~~October~~ December 2016	~~March~~ July 2017	~~June~~ November 2017	~~November 2017~~ March 2018
Verifiable Claims Implementation Guidance	~~March~~ November 2017			(NOTE) November 2017

Dependencies and Liaisons

W3C Groups

Web Payments Interest Group: Reviews with respect to Web Payments use cases.
Internationalization Core Working Group: Internationalization and localization review.
Privacy Interest Group: For privacy reviews.
~~Protocols and Formats~~ Accessible Platform Architectures Working Group ~~(and successor)~~: To help ensure the protocols provide support for accessibility to people with disabilities.
Web Application Security: For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
Credentials Community Group: Research and incubation of ideas for consideration by this group.
Web Security Interest Group: For security reviews.
Permissions and Obligations Expression Working Group: To help ensure that data rights around verifiable claims can be ~~expressed and properly enforced.~~ expressed.

This group will also collaborate with future W3C Working Groups developing authentication protocols.

Groups Outside W3C

ASC (Accredited Standards Committee) X9: Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).
Credentials Transparency Initiative: Ensure that the credentials being modeled and expressed by CTI are compatible with the work of the Verifiable Claims WG.
Mozilla Open Badges: Ensure that the badges being modeled and expressed by the Open Badges community are compatible with the Verifiable Claims WG.

Participation

To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration. Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.

Communication

This group primarily conducts its work on the public mailing list public-@@@-wg@w3.org ( archive ). Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Verifiable Claims Working Group home page.

Decision Policy

As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

Research that went into the creation of this charter was performed by the Web Payments Interest Group via the Verifiable Claims Task Force . The research findings can be found in the Verifiable Claims Task Force Final Report . The Web Payments Interest Group recommended that the Task Force draft a charter to determine whether there is consensus within the community (including those interviewed) for the scope of work.

This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

~~Participants~~ Written by participants of the Verifiable Claims Task Force, which is a Task Force of the Web Payments Interest Group. ~~See the the Editor's Draft of the charter .~~

$Date: 2016/01/25 21:44:58 $