W3C

[EDITOR'S DRAFT] Verifiable Claims Working Group Charter

It is currently difficult to transmit express banking account information, education qualifications, healthcare data, and other sorts of machine-readable personal information that has been verified by a 3rd party via on the Web. These sorts of data are often referred to as verifiable claims . The mission of the Verifiable Claims Working Group is to make expressing, exchanging, and verifying claims easier and more secure on the Web.

This draft charter is intended for discussion within the Web Payments Interest Group. It is not yet under consideration by the W3C Membership.

Please send comments to public-webpayments-comments@w3.org

Start date 1 September October 2016
End date 31 December 2017 March 2018
Confidentiality Proceedings are public
Initial Chairs TBD; TBD
Initial Team Contacts
(FTE %: 50%)
TBD
Usual Meeting Schedule Teleconferences: Weekly
Face-to-face: 2-3 2 per year

Join the Verifiable Claims Working Group .

Problem Statement

There is currently no widely used self-sovereign and privacy-enhancing standard for expressing and transacting verifiable claims (aka: credentials, attestations) via the Web.

These problems exist today:

Note that while the problem statement above is meant to provide the motivation for the work, that the asserted scope of this proposed charter is more narrow, focusing on the data model and syntax(es). Specifically, the scope has been narrowed by:

While the scope is narrow, the Working Group is also expected to not prevent future work that may more fully address the Problem Statement.

Goals

If successful, the Recommendations from this Working Group will increase some areas of interoperability between the entities that issue, store, and inspect verifiable claims.

The first goal is to create a standard way for users to assert their verifiable qualifications to a service provider, producing benefits such as:

The second goal is to ensure that users and their claims can be independent from service providers, producing benefits such as:

The third goal is to ensure that there is an interoperable standard capable of expressing and transmitting verifiable claims that cuts across at least two industries, producing benefits such as:

The standardized technologies will, to the extent to which it is technically feasible, level the playing field for verifiable claims so that small actors or individuals can make use of the technology on the same basis as larger corporations, government, or institutions, without undue or unnecessary barriers.

For more background information about this group, please see the FAQ . There are also a set of focused use cases that are suggested as input to the group.

Scope

The Working Group will Recommend:

  1. a data model and syntax(es) for the expression of verifiable claims, including one or more core vocabularies.
  2. a note specifying how these data models should be used with existing attribute exchange protocols, a recommendation that existing protocols should be modified, or a recommendation that a new protocol is required to address the problems stated earlier in this document.

The Working Group will not:

  1. Define browser-based APIs for interacting with verifiable claims. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
  2. Define a new protocol for attribute exchange. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
  3. Attempt to create supporting infrastructure, other than a data model and syntax(es), for a self-soverign verifiable claims ecosystem.
  4. Attempt to address the larger problem of "Identity on the Web/Internet".

Terminology

verifiable claim
A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).
credential (aka attestation)
A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.
self-sovereign
A design principle for verifiable claims where the holder of a verifiable claim is in complete control of their identifier, where their verifiable claims are stored, and how they are used.

Security and Privacy Considerations

In general, the issuers of verifiable claims want to ensure that their reputation is protected, the holders of verifiable claims want to ensure their data is protected, and the inspectors of verifiable claims want to be confident in their claims-based decisions. As a result, both security and privacy are critical for verifiable claims.

From a security perspective it is important that verifiable claims are protected from forgery and that interactions with verifiable claims are protected from bad actors at all stages of the lifecycle.

From a privacy perspective it is important that information that is intended to remain private is handled appropriately. Maintaining the trust of a verifiable claims ecosystem is important. Verifiable claims technology defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a request for information) by the holder of the information. The design of any data model and format syntax(es) should guard against the unwanted leakage of such data.

The Working Group will work with the security and privacy organizations listed in the liaisons section of the charter to help ensure that both security and privacy are considered.

Internationalization and Accessibility Considerations

Verifiable claims are made throughout the world and are issued and used by a variety of organizations and people with varying languages and levels of disabilities. The technology developed by the working group must be able to express verifiable claims in a variety of languages and must be able to be used by people with a variety of disabilities.

The Working Group will work with the internationalization and accessibility organizations listed in the liaisons section of the charter to help ensure that both internationalization and accessibility are considered.

Deliverables

Verifiable Claims Data Model and Syntax Recommendation

This Recommendation will define or identify:

Verifiable Claims Implementation Guidance

This NOTE will define or identify:

Process and Planning

Preference for Community Developed Specifications

The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions .

Interoperability Success Criteria

The Working Group will fulfill the implementation experience required by the W3C Process as follows:

Milestones

Note: The group will document significant changes from this initial schedule on the group home page.
Specification FPWD CR PR Rec
Verifiable Claims Data Model and Syntax(es) October December 2016 March July 2017 June November 2017 November 2017 March 2018
Verifiable Claims Implementation Guidance March November 2017 (NOTE) November 2017

Dependencies and Liaisons

W3C Groups

Web Payments Interest Group
Reviews with respect to Web Payments use cases.
Internationalization Core Working Group
Internationalization and localization review.
Privacy Interest Group
For privacy reviews.
Protocols and Formats Accessible Platform Architectures Working Group (and successor)
To help ensure the protocols provide support for accessibility to people with disabilities.
Web Application Security
For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
Credentials Community Group
Research and incubation of ideas for consideration by this group.
Web Security Interest Group
For security reviews.
Permissions and Obligations Expression Working Group
To help ensure that data rights around verifiable claims can be expressed and properly enforced. expressed.

This group will also collaborate with future W3C Working Groups developing authentication protocols.

Groups Outside W3C

ASC (Accredited Standards Committee) X9
Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).
Credentials Transparency Initiative
Ensure that the credentials being modeled and expressed by CTI are compatible with the work of the Verifiable Claims WG.
Mozilla Open Badges
Ensure that the badges being modeled and expressed by the Open Badges community are compatible with the Verifiable Claims WG.

Participation

To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration. Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.

Communication

This group primarily conducts its work on the public mailing list public-@@@-wg@w3.org ( archive ). Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Verifiable Claims Working Group home page.

Decision Policy

As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

Research that went into the creation of this charter was performed by the Web Payments Interest Group via the Verifiable Claims Task Force . The research findings can be found in the Verifiable Claims Task Force Final Report . The Web Payments Interest Group recommended that the Task Force draft a charter to determine whether there is consensus within the community (including those interviewed) for the scope of work.

This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.


Participants Written by participants of the Verifiable Claims Task Force, which is a Task Force of the Web Payments Interest Group. See the the Editor's Draft of the charter .

$Date: 2016/01/25 21:44:58 $