[EDITOR'S DRAFT] Verifiable Claims Working Group Charter
It is currently difficult to express banking account information, education qualifications, healthcare data, and other sorts of machine-readable personal information that has been verified by a 3rd party on the Web. These sorts of data are often referred to as verifiable claims . The mission of the Verifiable Claims Working Group is to make expressing, exchanging, and verifying claims easier and more secure on the Web.
Readers that are new to this work should examine the motivations that led to this charter . The Verifiable Claims Working Group Primer may be particularly helpful to W3C Members.
This
draft
charter
is
intended
for
discussion
within
the
Web
Payments
Interest
Group.
W3C
Management.
It
is
not
yet
under
consideration
by
the
W3C
Membership.
Please
send
comments
to
public-webpayments-comments@w3.org
@@@
.
| Start date |
|
|---|---|
| End date |
31
|
| Confidentiality | Proceedings are public |
| Initial Chairs | TBD; TBD |
|
Initial
Team
Contacts
(FTE %: |
TBD |
| Usual Meeting Schedule |
Teleconferences:
Weekly
Face-to-face: 2 per year |
Introduction
There
is
currently
no
self-sovereign
and
privacy-enhancing
standard
for
expressing
verifiable
claims
(aka:
credentials,
attestations)
via
the
Web.
These
problems
exist
today:
There
is
no
standard
that
makes
it
easy
for
users
to
assert
their
verifiable
qualifications
to
a
service
provider
(e.g.
my
loyalty
card
number
This
working
group
is
X,
I
have
an
account
at
Bank
Y,
I
am
over
the
age
of
21,
I
am
a
citizen
of
the
USA,
I
am
a
Chartered
Financial
Analyst,
etc.).
As
a
result,
manual
input
and
fraud
on
the
Web
are
higher
than
desired.
In
existing
attribute
exchange
architectures
(like
SAML,
OpenID
Connect,
Login
tasked
with
SuperProviderX,
etc.),
users,
and
their
verifiable
claims,
do
not
independently
exist
from
service
providers.
This
means
users
can't
easily
change
their
service
provider
without
losing
or
fragmenting
their
digital
identity.
This
leads
to
vendor
lock-in,
identity
fragility
(duplication,
confusion,
and
inaccuracy),
reduced
competition
in
the
marketplace,
and
reduced
privacy
for
all
stakeholders.
There
is
no
interoperable
standard
capable
standardization
of
expressing
verifiable
claims
that
cuts
across
industries
(e.g.,
finance,
retail,
education,
and
healthcare).
This
leads
to
industry-specific
solutions
that
are
costly,
inefficient,
proprietary,
and
inhibit
users'
ability
to
manage
their
digital
identities
in
a
cohesive
way.
Note
that
while
the
problem
statement
above
is
meant
to
provide
the
motivation
for
the
work,
that
the
asserted
scope
of
this
proposed
charter
is
more
narrow,
focusing
on
the
data
model
and
syntax(es).
Specifically,
the
scope
has
been
narrowed
by:
Asserting
that
new
transaction
protocols
syntax
for
verfiaible
claims
are
out
of
scope.
Acknowledging
that
the
creation
of
supporting
infrastructure
for
self-sovereign
verifiable
claims,
other
than
data
model
and
syntax(es),
is
out
of
scope.
Focusing
the
group
on
Working
Group
participant
use
cases
which
are
expected
to
center
on
the
education
and
payments
industries.
While
the
scope
is
narrow,
the
Working
Group
is
also
expected
to
not
prevent
future
work
that
may
more
fully
address
the
Problem
Statement.
Goals
If
successful,
the
Recommendations
from
this
Working
Group
will
increase
some
areas
expression
of
interoperability
between
the
entities
that
issue,
store,
and
inspect
verifiable
claims.
The
first
goal
is
to
create
a
standard
way
work
proposed
by
this
charter
has
been
incubated
for
users
to
assert
their
verifiable
qualifications
over
two
years
and
has
been
demonstrated
to
a
service
provider,
producing
benefits
such
as:
Enhancing
website
usability
be
broadly
supported
by
removing
the
need
to
manually
enter
verifiable
claims.
Improving
the
detection
of
fraud,
such
various
industries
.
The
Web
Payments
Interest
Group
has
identified
this
work
as
false
claims
and
identity
theft,
by
establishing
a
standard
way
to
cryptographically
verify
3rd
party
claims
with
respect
being
critical
to
the
identified
achieving
specific
use
cases
.
The
second
goal
is
to
ensure
that
users
and
their
claims
can
be
independent
from
service
providers,
producing
benefits
such
as:
Improving
operational
efficiency,
by
reducing
operating
costs
(for
example),
for
verifiable
claim
issuers
and
inspectors
as
a
result
of
a
common
set
of
technology
for
expressing
and
verifying
claims.
Reducing
vendor
lock-in
by
ensuring
that
verifiable
claims
are
portable
from
one
claims
repository
related
to
another.
Enhancing
some
aspects
of
privacy
commerce,
education,
and
unlinkability
for
healthcare
on
the
subject
of
a
verifiable
claim.
The
third
goal
Web.
A
document
is
available
to
ensure
that
there
is
an
interoperable
standard
capable
of
expressing
verifiable
claims
those
that
cuts
across
at
least
two
industries,
producing
benefits
such
as:
Reusability
of
wish
to
understand
the
machine-readable
language
that
expresses
verifiable
claims
(aka
vocabularies)
so
that
a
single
vocabulary
may
suit
motivations
behind
the
needs
of
a
broader
set
creation
of
stakeholders,
this
charter
and
Extensibility
of
the
vocabularies
so
that
a
particular
industry
vertical
may
build
extensions
on
top
of
existing
vocabularies
to
suit
their
industry-specific
needs.
Composability
of
verifiable
claims
to
express
an
aspect
of
one's
identity
in
how
this
work
fits
into
a
granular
way.
The
standardized
technologies
will,
to
the
extent
to
which
it
is
technically
feasible,
level
the
playing
field
broader
vision
for
a
verifiable
claims
so
that
small
actors
or
individuals
can
make
use
of
the
technology
on
the
same
basis
as
larger
corporations,
government,
or
institutions,
without
undue
or
unnecessary
barriers.
For
more
background
information
about
this
group,
please
see
the
FAQ
ecosystem
.
There
are
also
a
set
of
focused
use
cases
that
are
suggested
as
input
to
the
group.
Scope
The
Working
Group
will
Recommend:
will:
- Recommend a data model and syntax(es) for the expression of verifiable claims, including one or more core vocabularies.
-
Create
a
note
specifying
how
these
data
models
should
be
used
with
existing
attribute
exchange
protocols,
a
recommendationsuggestion that existing protocols should be modified, or arecommendationsuggestion that a new protocol is required to address the problems stated earlier in this document. - Focus their efforts on the identified use cases with a particular focus on the payments and education sectors. Use cases from other industries may be included if there is significant industry participation.
The Working Group will not:
- Define browser-based APIs for interacting with verifiable claims. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
- Define a new protocol for attribute exchange. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
-
Attempt
to
create
supporting
infrastructure,
other
than
a
data
model
and
syntax(es),
for
a
self-soverignverifiable claims ecosystem. - Attempt to address the larger problem of "Identity on the Web/Internet".
Terminology
- verifiable claim
- A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).
- credential (aka attestation)
- A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.
Security and Privacy Considerations
In general, the issuers of verifiable claims want to ensure that their reputation is protected, the holders of verifiable claims want to ensure their data is protected, and the inspectors of verifiable claims want to be confident in their claims-based decisions. As a result, both security and privacy are critical for verifiable claims.
From a security perspective it is important that verifiable claims are protected from forgery and that interactions with verifiable claims are protected from bad actors at all stages of the lifecycle.
From a privacy perspective it is important that information that is intended to remain private is handled appropriately. Maintaining the trust of a verifiable claims ecosystem is important. Verifiable claims technology defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a request for information) by the holder of the information. The design of any data model and syntax(es) should guard against the unwanted leakage of such data.
The Working Group will work with the security and privacy organizations listed in the liaisons section of the charter to help ensure that both security and privacy are considered.
Internationalization and Accessibility Considerations
Verifiable claims are made throughout the world and are issued and used by a variety of organizations and people with varying languages and levels of disabilities. The technology developed by the working group must be able to express verifiable claims in a variety of languages and must be able to be used by people with a variety of disabilities.
The Working Group will work with the internationalization and accessibility organizations listed in the liaisons section of the charter to help ensure that both internationalization and accessibility are considered.
Deliverables
Verifiable Claims Data Model and Syntax Recommendation
This Recommendation will define or identify:
- A Data Model and Core Vocabularies : for expressing verifiable claims in a semantically extensible way.
- Syntax(es) : that are machine-readable and capable of expressing the data model across a variety of formats.
- Signature Mechanism(s) : that are capable of protecting the verifiable claims from attack such that the claims can be trusted by consumers of those claims.
Verifiable Claims Implementation Guidance
This NOTE will define or identify:
- How the data model and syntax can be used with existing attribute exchange architectures to address all of the problems stated in this document, or
- How the data model and syntax can be used with a set of modifications to existing attribute exchange architectures, or
- If a new attribute exchange protocol is needed and if so, requirements for that protocol to address the problems identified in this document.
Process and Planning
Preference for Community Developed Specifications
The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions .
Interoperability Success Criteria
The Working Group will fulfill the implementation experience required by the W3C Process as follows:
- The Working Group will develop test suites for Recommendation-track specifications.
- The group will seek independent interoperable implementations by two software libraries.
- For any implementation cited to establish interoperability success, the Working Group will work with the WAI Protocols and Formats Working Group (or its successor) to help communicate accessibility issues to the developers.
Milestones
| Note: The group will document significant changes from this initial schedule on the group home page. | ||||||
| Specification | FPWD | CR | PR | Rec | ||
|---|---|---|---|---|---|---|
| Verifiable Claims Data Model and Syntax(es) |
|
|
|
|
||
| Verifiable Claims Implementation Guidance |
|
(NOTE)
November
|
||||
Dependencies and Liaisons
W3C Groups
- Web Payments Interest Group
- Reviews with respect to Web Payments use cases.
- Internationalization Core Working Group
- Internationalization and localization review.
- Privacy Interest Group
- For privacy reviews.
- Accessible Platform Architectures Working Group
- To help ensure the protocols provide support for accessibility to people with disabilities.
- Web Application Security
- For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
- Credentials Community Group
- Research and incubation of ideas for consideration by this group.
- Web Security Interest Group
- For security reviews.
- Permissions and Obligations Expression Working Group
- To help ensure that data rights around verifiable claims can be expressed.
This group will also collaborate with future W3C Working Groups developing authentication protocols.
Groups Outside W3C
- ASC (Accredited Standards Committee) X9
- Coordination with X9 will help achieve broad interoperability of payment systems (e.g., through alignment between Web protocols and ISO 12812).
- Credentials Transparency Initiative
- Ensure that the credentials being modeled and expressed by CTI are compatible with the work of the Verifiable Claims WG.
- Mozilla Open Badges
- Ensure that the badges being modeled and expressed by the Open Badges community are compatible with the Verifiable Claims WG.
Participation
To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration. Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.
Communication
This group primarily conducts its work on the public mailing list public-@@@-wg@w3.org ( archive ). Administrative tasks may be conducted in Member-only communications.
Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Verifiable Claims Working Group home page.
Decision Policy
As explained in the Process Document ( section 3.3 ), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.
Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.
Patent Policy
This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.
For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .
Licensing
This Working Group will use the W3C Software and Document license for all its deliverables.
About this Charter
Research that went into the creation of this charter was performed by the Web Payments Interest Group via the Verifiable Claims Task Force . The research findings can be found in the Verifiable Claims Task Force Final Report . The Web Payments Interest Group recommended that the Task Force draft a charter to determine whether there is consensus within the community (including those interviewed) for the scope of work.
This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.
Written by participants of the Verifiable Claims Task Force, which is a Task Force of the Web Payments Interest Group.
Copyright © 2015 W3C ® ( MIT , ERCIM , Keio , Beihang ), All Rights Reserved.
$Date: 2016/01/25 21:44:58 $