W3C

VCWG Entity Recognition

5 May 2026

Attendees

Present
benjamin_young, Dave Longley, dmitri_zagidulin, kayode_ezike, kevin_dean, manu_sporny, parth_bhatt, Phillip Long, Steve Capell, ted_thibodeau_jr
Regrets
-
Chair
-
Scribe
transcriber

Meeting minutes

Manu_Sporny: Hey folks, we'll get started in a couple of minutes. Phil Archer sent his regrets. he's got travel tomorrow, so needed to head to bed early. We will start let's say in about two minutes and then Steve the agenda for today I think is just going over all the use cases you want to throw at us from the UN work that you're

Steve Capell: Sure.

Manu_Sporny: All welcome everyone to the call. Let's go ahead and get started with the front a reminder that this call is recorded and transcribed with the summary sent out to the mailing list on the same day of the call. if you are not okay with us, please let us know. we also operate under the W3C code of conduct as well as the intellectual property regime which basically means that they're be nice to each other is the code of conduct. We haven't had any issues on this call on that. And then the intellectual property regime is basically that you get the opportunity to withhold patents if your company has them at certain points in the process.

Manu_Sporny: Otherwise, the presumption is everything that we talk about and put into the specification will be released under a patent and royalty-free scheme for everyone in the world to implement without having to ask permission. all right. the agenda for today as we discussed last week is largely going to focus on use cases for UNCE CFAC the stuff that Steve has been working on with his colleagues over there.

Manu_Sporny: The goal there is to try and align what we're doing with what they're doing and vice versa as much as possible. So we need to make sure that what we're doing over here can cover the use cases they're doing over there specifically around the digital identity anchor stuff but there may be other things that overlap. Aside from that, we will process some poll requests today and once we get through those poll requests, we will switch over to talking about whatever Steve would like to take us through today.

Admin Updates

Manu_Sporny: That is the proposed agenda. Are there any other updates or changes to the agenda or anything else that we would like to discuss today? All right. So, let me go ahead and jump into the pull requests really quickly. and I guess quick real quickly before getting into those Avon we renamed the spec. We updated it. We did a publication. We got a static copy ready for first public working draft. Avon got it into the queue and it was approved seven hours later which is the fastest turnaround I've ever seen. It usually takes two weeks. So the right people were paying attention at the right time.

Manu_Sporny: or more likely Ivonne worked his magic behind the scenes to make sure it got through quickly. So, it means that we could have actually published it today, but we're going to wait until next Tuesday because that's the date that we put on the spec. it's already in place. The machinery will just do what it does and we will have our first public working draft published next Tuesday. what that does is it establishes the IPR date for the specification. Meaning it starts a six-month clock that basically says in you have the next six months to tell anyone if there's any kind of patents or anything that you know about, especially if your company wants to withhold any. And if you don't, then you automatically release whatever patents your organization has for use.

Manu_Sporny: I would be very surprised if there were any patents that covered what we were doing here, but they never underestimate the ability for any country to give out patents they shouldn't have given out anyway. so that is FPWD and once that goes out there we will be in an automated publication process meaning that we will reconfigure the spec so that every new pull request that comes in will automatically publish a new working draft to the W3C technical report space it will be marked as a working draft meaning it's not a final standard or anything and that is how we make sure that fresh copies of the specification are always available.

Manu_Sporny: for anyone in the world as we work through the specification. okay sorry all about that administrative machine show but it's all done and we should be in flight okay so let's take a look at some of the pull requests. here are the active ones that we have. there's one on revising the readme. Benjamin,…

Pull Request Review

Manu_Sporny: I forget where we are on this one. I think you raised this and maybe I held it because it might need to be updated.

Benjamin_Young: It's waiting on the final renaming…

Benjamin_Young: which we did last week.

Manu_Sporny: Okay.

Benjamin_Young: So yeah it can be finished up now.

Manu_Sporny: finished up as in we should okay right so you need to go through here and…

Benjamin_Young: Wow the names are wrong. Yeah. Yeah,…

Manu_Sporny: update the names and then once that's done we can just merge okay and…

Benjamin_Young: it was just a timing issue.

Manu_Sporny: then I think we can just give the group fair warning this is the editorial we're going to merge it as soon as you get those fixes in okay all right and…

Benjamin_Young: Yeah, it's just a reading. Manu Sporny:

Manu_Sporny: I should have subtopic this apologies we don't have an editorial lab. what? We might have an editorial label. If we don't, let's just create one editorial. no. I could have pressed the easy button and I did not. create new label. it picked Nice. let's change. All right, there we go. It's marked as editorial.

Manu_Sporny: And then decided that that can be merged as soon as dates the PR2 reflects the new name change. All right, that is that one. Thank you, We raised this issue in the main group about potentially removing digest SRRI or just saying just use digest melt multibbase for everything. from now on that discussion needs to finish in the main VCWG before we can move on. So this one's a bit on hold.

Recognized Entity Credential Naming

Manu_Sporny: This is issue 69 subtopic. So as soon as that one is resolved in the main working group we will reflect the change in this document. next item is pull request 75. This was a terminology fix. I will suggest that this is largely editorial. because all it does is it uses the new name we picked. So actually this is wrong recognized entity.

Manu_Sporny: So we're basically changing the class name to recognized entity credential and we're changing what we call it a recognized entity credential in pros. that is what this PR does. So we're moving from verifiable recognition credential to R recognized entity credential singular but you can have multiple entities in that credential which matches what we do for the rest of the ecosystem all the other specs and as you can see fairly boring set of changes made here.

Manu_Sporny: So, let me ask, is there anyone that would object to us merging this? editorial. It's only been out there for 3 days. I would be surprised to hear if there are any objections, thoughts. let me ask, would there be any objections to merging this hearing none and seeing one plus one to merge. let's go ahead and rebase and merge this All right, another plus one from Dmitri. All right, thank you. And then we've got plus ones from Phil and Phil Archer and Dave Longley and Phil Long.

Manu_Sporny: All right, Thank you everyone. this is fragment error. no, this is probably incorrect. One second. where is the change? Here we go. C data map model property. This is almost certainly because of respspec or maybe it's not.

Manu_Sporny: I thought we defined it. Maybe we looks like we don't say We we should fix this in the main spec if it's part of the output validation part. Wait a second. I'm very confused. no, sorry.

Manu_Sporny: I'm getting confused between the render method one. yeah, I guess we undefined this. So, we should fix this in the main spec. which I guess maybe he does. Took me a while to figure out what Avon was doing here, but he's doing the right thing. Of course, this one we can probably merge right away because it's very clearly editorial in a bug. would there be any objections to that?

UN DIA Identity Anchor Use Cases

Manu_Sporny: Then I'd probably need a couple more reviews in there if folks can jump in. So effectively we're linking to a fragment identifier that doesn't exist in the VC data model anymore. We replaced it with something else. All while that's happening, hopefully folks can click through to that and provide plus one. Thank you, Dmitri. let's go ahead and switch over, Steve, to you. What would you like to call this? I guess what? We do have a topic for this, don't we? One second.

Manu_Sporny: Which this one. All right. So this is the UN grid DIA identity anchor use case,…

Steve Capell:

Manu_Sporny: but it's really as many use cases as you want to discuss, Steve. And if you could kind of focus on here are the core ones you want to make sure that we cover. over to you. What would you like us to discuss?

Steve Capell: thanks First of all, apologies that I haven't raised a PR with the shape of the use case, but it's probably better we chat about it first anyway. and secondarily, although we're talking about my use cases today, I do understand that there will be others, right, that are not necessarily the same shape. but I'm not sure how the best way to approach this. I could work through that ticket. there is also a little video I recorded yesterday.

Steve Capell: it's only six minutes long that we're going to use as a kind of an explainer for what the UN's trying to do. I don't know if anyone wants to suffer through six minutes of that that will give you an idea of how verifiable credentials and linked entities matter.

Manu_Sporny: I mean, I think it'd be fine if you feel like the video would be a better way other than kind of you talking through it.

Steve Capell: Maybe I'll just talk through it. I put a link to the video. I don't like listening to my own voice anyway, so people can play it if they want to. all right. Let me see if I can share screen to that ticket. Chrome tab. Is that working?

Manu_Sporny: Yeah, we can see it. Although you might need to make it a bit bigger so we can read it.

Steve Capell: I'm just wondering let's walk through this app and this mid days haven't had enough sleep because I had a meeting late last night and now I'm up early for this one. there are two categories of use case I think we'll talk about the one first which is the idea of authoritative registers and by that I mean any existing system or governance process by which some member

Steve Capell: state legally authorized register creates an identifier under some process and the most obvious ones are things like national business registers or state level business registers you go through a process and at the end of it you get your business registration certificate and you get some ID in the US it's state level in Australia it's fed federal level but each country does it slightly differently, but they're long established. and other types of registers in that same category of registers that are enshrined into a country legal framework are usually land registers. ownership of land and IP registers and maybe one or two others, sometimes asset registers, right?

Authoritative Registers And Global Trade

Steve Capell: So these are things that already exist all over the world. There's at least a thousand of them. and enshrine some sort of reasonably well-governed, well doumented process for issuing identifiers. And there is a lot of scenarios where there's business value to the subject or the member that has that identifier in proving ownership of that identifier. Right? So, if I'm an Australian business, I want to facilitate trade across borders and an importing customs authority cares about who packed the box and will streamline clearance if they've got more confidence about identity, then I don't have a problem attaching proof of my Australian business registration to my crossber transaction, for example.

Steve Capell: There's the same pattern of I've got my DID but I want to DID to some authoritative registered identifier occurs in a few different scenarios right so one is crossber commercial transactions like invoice issued by did XY Z

Steve Capell: as a VC but did XY Z is pretty much unknown to a counterparty especially in another country. and therefore attaching evidence that did XY Z is also known as Australian business number 123 adds a identity integrity to the crossber transaction. and so that's a case of two credentials and you're really verifying that the issuer one is the subject of another to confirm that the sender of that invoice is this genuine Australian business or US registered business or whatever.

Steve Capell: On top of that, given that there are thousands of these types of registers, and it's probably unreasonable to expect that every verifier in the world will be aware of all of them and know the identifiers, a priority of the registers themselves. then there is another register of registers which is the UN grid project that will say through the member state kind of participation process in each member state has a delegate that tells the UN that these are the authoritative registers and their identifiers in my country and so the UN builds a list.

Steve Capell: We already do this for passports, and the authorized list of issuing countries of passports is an example of this governance process working already. so the idea is to do it for business registers and IP registers as one example if the Spanish business register were to have a did web that the registars's did web most people in the world would probably not know what the authoritative ID of the Spanish business register It's actually register.org. It's not even a.gov in Spain and register.org without the s is an available domain.

Steve Capell: you can buy it if you spend enough. so you can see that the risk with all this architecture is that people will start to masquerade as the authoritative registers and that's the purpose of the directory of registers. So that means there's a kind of a linked chain of trusted ident registrations from the commercial transaction like an invoice to the business registration credential issued by let's say UN credential issued to the Australian tax office that says they're on the country list of whitelisted registers.

Steve Capell: So there's a verification process there that is multihop and that same pattern applies in other sort of linked global architectures. So another one for example is a conformity assessment body which you might call an auditor issues a verifiable credential saying I certify that your cotton is organic right that your product meets European safety requirements or whatever it is. but one of the key anti-fraud and integrity measures is that the auditor isn't just any old, ID, it's not my brother attesting to that my product is meets European safety requirements. It has to be an accredited auditor.

Steve Capell: So there's an accreditation process where most countries have one national accredititation authority that will issue a credential to an auditing firm or individual saying you've been assessed as authorized to issue let's say ISO 9000 assessment. So the scope is you're accredited and you're accredited for this particular standard or process. Right?

Steve Capell: But again there's 200 countries a bit and how do you know who is the author accredititation authority in that country and there can be several of them there is a global mutual recognition organization used to be called IAC and now it's called something else whose name I forget that is if you like the club of accredititation authorities so this same pattern of and this has existed for decades so it's nothing new here this is in fact none of

Steve Capell: This is new in any business process sense. It's all nothing more than making existing business processes and relationships digitally veri so that pattern of some credential issued by some party who is a member of some sort of authoritative club who in turn is a member of some global mutual recognition exists in several places. and what we want to do is have a simple way for these national registers to issue their members with a credential that they can use to prove their membership. But of course, that issuing process has to confirm that the member is genuinely the controller of the private key that they're going to use that's linked to their did. Right?

Steve Capell: So there's a sort of a verification obligation on the issuer of identity anchor to say I'm declaring that this Australian business has prove proven control of their bid and is this So there's the subject of the digital identity anchor must be aid and the issuer must verify controlling that the subject controls that did. It's an important part of it otherwise the whole thing breaks down. so that's the kind of pattern of use cases and you can replicate it for lots of different document types and lots of different register types.

Steve Capell: So for example, European deforestation regulation coming into force will block market access for whole class of products like timber and soybeans and so on and so forth. livestock etc that have come from properties that have removed native forest or deforested since I think 2020 is the threshold year. it's an easy thing to say and a hard thing to verify, right? Because now you need to have some information about land boundaries. otherwise a farmer is going to say, "Yeah, yeah, I cleared some forest in the corner of my plot over there, but I'm not talking about that. You see, the rest of it is fine." so national land registers become important trust anchors there, right?

Steve Capell: to say the producer of this farmed product is the owner or operator of this defined land boundary. So there's a national land register coming into play again. So there's just so many use cases like this. Then there's sort of slightly less formal ones, So the same shape but not a government entity that is issuing identifiers under some legal framework. But for example Monica honey is a New Zealand brand of honey that is apparently nice honey and very specially prepared or something like this.

Steve Capell: And evidently there's more Monica honey sold in the world than New Zealand produces. So there's a fair bit of fakery around the place. And Monica honey producers are proud members of the Monica honey industry member association. Right. So proving that you are really a Monica honey producer in your trades has some value. So now we got a non-authoritative register. It's just really a member association of Monica honey farmers in New Zealand and some in Australia issuing a credential saying this farmer is a genuine Monica honey member, Same pattern but not the same regist because hasn't got the same national legal governance. Does that make sense?

Steve Capell: So the pattern is pretty consistent. Subject of one did is the issuer of another. and the verification has to follow the chain until it reaches something So a bit like passports. some countries in their smart gates rely on the UN list of issuing countries when they check the signature and check that the public key on the signature on the passport budget really was issued by an issuing country and not another just created by my brother. and other countries say I don't trust the UN list I'm going to maintain my own list. US is one of those right and one or two others.

Steve Capell: But generally the verification process in these things will just walk up this chain until it hits something that it already knows and trusts which might stop at the country level or might go to the UN level. brother sounds. so that this is the general pattern and I think reading the draft entity recognition spec have I called it the right thing. Recognized entity spec it looks like a fairly good fit.

Steve Capell: The things that if I remember right, I'm just scrolling through this, that I questioned were the subject of the d the recognized entity ID is pretty loose at the moment. it's could be a DID, but in our scenario, it kind of needs to be a DID and a DID that's been verified in terms of controllership. Another thing is that really important in all this is when I'm presented with that invoice and I go and verify it by finding the DI document, how do I then find if it exists, maybe it doesn't, the authority issued digital identity anchor or recognized entity VC.

Steve Capell: So some sort of consistent way to discover it for us is a fairly important part of the process because it goes to how are these things consistently verified. I mean obviously I could share both here's my invoice and here's my business registration please verify both. The trouble with that is that it will get lost in the chain, Because take just a commercial invoice in crossber trade, which you think when you listen to the name of it is a demand for payment, Most invoices are from a seller to a buyer, please pay me. But a crossber invoice isn't really like that. It's more evidence of value, and it gets used by up to 12 different parties. So an insurer will want the invoice in order to ensure that the shipment at the right value.

Steve Capell: Two different banks who are correspondent banks in both countries will want the invoice to issue a documentary letter of credit for trade finance, cash flow finance basically and confident payment for that for the goods and let's what else? A chamber of commerce will want the invoice to issue a preferential certificate of origin to confirm that the goods are entitled to the terms of a free trade agreement and so on. both customs authorities may well want the invoice one to verify this really national statistics usually import permits are much more controlled but duties are attached obviously to imports.

Steve Capell: So lots of different parties and many of the parties are unknown to the issuer of the invoice right certainly no direct relationship. So Australian exporter says here's my invoice sends let's say the US importer who gives it to a US customs broker who passes it on to US customs. so that's what three relationship hops away. Now it's US customs that says thanks for that invoice. it's a That aligns with my strategy. Right. US Customs has been one of the most vocal in their support for verifiable credentials. but if all he's got is the invoice, what he knows is there's a crossber trade for goods of a certain value, but we really don't know who the sender is because it's just a did of an Australian company and I haven't previously encountered that or registered it or confirmed its identity in any way.

Steve Capell: So if CBP can given an invoice have a consistent way to discover if it exists the digital identity anchor then they can without relying on that digital identity anchor being passed with the invoice through those four different hands which is very likely to get dropped. you actually really need to be able to discover the identity anchor through the invoice and the proposal in DIA is you do that through what's it called service endpoint in the DID document.

Steve Capell: So the discovery process would be I got an invoice. it's signed by There's a service endpoint of a particular type. I think did webb calls it who is this sort of thing. and go and I can discover the digital identity anchor credential. and I could even follow the chain again. So let's say it's issued by register.org and I'm a bit unsure who is that. then the anchor credential itself might have a service endpointing to another digital identity an anchor credential issued by the UN saying yeah this is a national business register so that discovery flow I think if there isn't some sort of fairly conventional protocol around that it's just going to break down so I noticed

Steve Capell: that this recognized entity spec is a bit silent about how you find the recognized entity credential and brass would like to see some more guidance on that I suppose. So I could document this as one pattern or as four or five much more concrete use cases that fit much the same pattern. How would you prefer to see it?

Manu_Sporny: So sorry I was waiting for the organizer to act me and I forgot I was the organizer. yeah, I mean plus one to all of these use cases, or at least the general ones that you mentioned, high level. I do agree with what Dave said in the chat channel, which is that it feels like a combination of things that we have could address the use cases. there's another use case that Phil raised around GS1 that has kind of this hierarchical nature of the registries.

Manu_Sporny: So for GS1 there's the GS1 international and then there's a GS1 that operates in each nation state and then delegates down these are the GLN GS1 prefixes, right? So you've got an international and they identify all of the GS1s in all of the different countries in the world and then those ones they get subidentifiers and then further down each GS1 I forget what they call them local organization issues GS1 prefixes to any of the organizations in their country.

Manu_Sporny: So they had this kind of hierarchical mechanism and they've built a solution around that. your business registry case I think effectively it's the same kind of structure. I don't know if it operates in the same way. So I think that's one of the things I'd like to figure out if we can tease apart. I do think things like the grid at the top level, can be composed of recognized entities and then the business registries maybe at each level down could be its own level of recognized entities.

Manu_Sporny: And then those business registries would issue millions of PCs themselves maybe through second or third parties. So I think each layer of the hierarchy can be a recognized entity credential. I see how that could work and I see how a recognized entity credential can be given to one of these organizations in a way where they could publish it who is document or make it scover So it's dynamically discoverable. You don't always have to go, top down through the hierarchy.

Manu_Sporny: you can literally just go did webvh who is and then get the credential. so I see how that could work but we haven't said anything about that in the spec. So there's an example of we would have to say something in the spec hey you should be able to publish these under a did who is endpoint. what I don't think that we've quite figured out yet is how to establish or…

Steve Capell: Yes. No,

Manu_Sporny: verify the entire chain at verification time to I guess you could follow it back through the recognized in properties Maybe. So, I think we need to talk through that. But for everything else, I didn't really see any gaps. I don't know, Steve, if you see these are any gaps other than those things. so, for example, we need to figure out how we hand these things to a business and then they assert it on their who is and then we need to specify how you kind of chain backwards to go all the way up to the grid, right?

Manu_Sporny: you want to go from something the business hands you or something you get from who is and you want to be able to travel all the way back up to the grid.

Manu_Sporny: And this is very much what X509 is designed to do, but we're trying to do it in a more kind of dynamically discoverable way, I think. let me stop there.

Steve Capell: Yeah, X9 gets very fragile,…

Steve Capell: right, when you change keys and things break down and Yes. So in that story the Australian tax office would recognized entity credential to an Australian business and the UN would issue a recognized entity credential to the Australian tax office.

Steve Capell: That's fairly straightforward in terms of how do you do it and I think you put your finger on the biggest issue which is how do you set up expectations that this is a normal part of the verification process where today almost every verifier will verify a credential and stop there because that's what everyone expects to do. Yes, it's a valid driver's license or it's a technically valid school certificate. but as you all know there's a lot of university degree fakery out there. So how do you know it's a real university and so on so forth. I see Phil Philip Long's just asked a something like that. So a lot of these registers are quite large, right?

Steve Capell: So a small e medium-sized economy Australia has around 2 million registered businesses Australian business numbers. and the changes on any given day new businesses are registered. Existing business are dregistered. existing businesses have change of status from a soul trader to a limited company to whatever or various other sort of registar managed changes and so because there's 2 million of them it do the math and most of them are small businesses and most small businesses don't survive more than 5 to 10 years and

Steve Capell: So there's a lot of changes every day. That's Yes. So from the perspective of any one business of course my credential is fairly longived but because I might be a small business corner shop or something for and maybe I don't change status during that. So I lived for 10 years and I got dregistered. But from the perspective of the registar I'm issuing or revoking or changing hundreds every day.

Dave Longley: So, you had asked the question, you said,…

Dave Longley: "Would you like me to submit this information as with the specifics or in a more genu general way?" I think that was what your question was. it seems that if I misinterpreted that, go ahead.

Steve Capell: I know that's right.

Dave Longley: Okay. Yeah,…

Steve Capell: And I'm thinking about it as I asked the question. I think we should probably be fairly specific in a few use cases to make them real and then maybe group them into patterns.

Dave Longley: I was going to suggest the same thing.

Steve Capell: There is another one.

Dave Longley: I was going to suggest that let's start specific and…

Steve Capell: Yeah, there is.

Dave Longley: we can get more general as we notice as they come in. Yeah.

Steve Capell: Yes, Exactly. It's always the way, right? With architecture, it's not a pattern until you found three of them.

Peer Observation Use Cases

Steve Capell: So there is one other use case that I is less well thought out and I'm not sure exactly even how to implement it yet, but there are cases where important supply chain integrity measures are nothing to do with well-governed registers and are more to do with human relationships. So for example, there's an awful lot of cases where of course labor conditions in let's say Democratic Republic of Congo cobalt mine are happening all the time. an auditor will come along once a year and have a look and all the slaves are behind the tree and say here's your certificate everything looks fine.

Steve Capell: So there you have a governed process that isn't solving the problem. and what you want actually is more like to-peer observation. Right? So there I'm confident that the conditions in this factory are meet a minimum requirement because lots of workers have reported it to be so to some sort of not for profofit in the country or I don't know the chief of the local

Steve Capell: community asserts and many others assert that the labor conditions in this working area are good or there's a relatively low number of dobins or this sort of thing. Right? This is more like peer relationship evidence. So there are important use cases in this area that we haven't thought through so well and I don't have a good picture in my mind of exactly how you'd even implement it in these sort of places. But it's still about attested relationships really and may fit this specification.

Steve Capell: I'm less certain about that, but I just thought I'd drop it in there as another kind of problem to solve.

Phillip Long: Manu, can I speak?

Manu_Sporny: Yes, Sorry, I'm doing a terrible job with the queue.

Phillip Long: This is a pattern that's very common in the context of documenting things like delivery of emergency supplies to an area that's experienced a natural disaster. and the U organizations that are providing those supplies want confirmation that the stuff that they've sent there has arrived andor being distributed as they intend. and that use case is one that has been approached from the perspective of those that want to have that information actually need to have people who visit there or designate people who check that and selfissue a credential…

Steve Capell: Yes, that seems like a similar pattern.

Phillip Long: which is then connected back to the credential that you're referring to to the organization that's supposedly has the responsibility for that product. and so there is a way to do that. we were talking about doing that with hashlinks to connect the observation of the individual which includes whatever evidence they want to collect to verify the assertion that they're claiming is accurate. could be a video, could be recordings of interviews, whatever it might be that's appropriate to confirm the truth of whatever the qu issue in question is.

Phillip Long: But that's a pattern that could be used

Steve Capell: Yeah, it be photos or…

Steve Capell: sometimes sensor evidence or something like this, right? that attests to the truth you want to hear. that that particular use case has some challenges too around filtering noise from truth, right? There could be malicious actors that have a grudge against a government factory that's actually behaving pretty well and kind of dobbing them in maliciously.

Steve Capell: So, when you don't have a governance process like a national business register how do you in the soup of claims, how do you distinguish claims that are genuine from ones that aren't? I don't know the answer to that one. Right. But anyway, it's a whole area that is, if you like, at the other end of the scale of authoritative well-governed processes. It's more community observation, right? And that one I'd like to be more of a listener here and see what other use cases you guys come up with and go, " that could fit this forced labor conditions in, garment factories or artisal miners." Okay. People checking themselves need to be vetted. Yeah. All right.

Steve Capell: And that I think I've covered our use cases. I just added yesterday if you can bring yourself to listen to six minutes of me talking there's a little YouTube video there that tries to explain this is not targeted at you guys but it's targeted at the kind of business audience because one thing that's interesting about this whole space is that these authoritative registers serve genuine generally they serve a public good purpose right land registers

Steve Capell: and business registers and so They're there for a reason, To protect people's land rights, to manage fraud, all these sort of things. and they've been around for decades, sometimes centuries. and they're almost exclusively and entirely not participating in the digital verifiable world. They're issuing paper certificates of membership. they're getting used fraudulently all the time. And the important thing is the awareness of the opportunity is barely a millimeter off the ground. that so many of these quite significant registers are not aware of the opportunity that's under their nose to issue digital verifiable evidence of membership. And in fact, some of them are being sold

Steve Capell: thought of snake oil. by informal registers that say, " I'm going to solve the global trade identity problem by issuing every business in the world my own identifier and then you should recommend your businesses to your, Spanish business who or whoever to get one of our identifiers so they can participate in global trade." And it's nonsense, Because who is the authority really? it's the existing establishment that's been there for a century. and most of them are just not aware that they've done 99% of the heavy lifting. You can imagine that the hard work of maintaining a business register in Australia with two million entries and managing 500 changes a day. That's the hard work, Issuing the evidence of membership as a PDF or a VC is like spare change.

Steve Capell: effort but the total global value it can release is measured in multiple trillions right so the other thing I haven't spoken about is and whether we want to put this in technical specs or not I don't know what right you can do this national business reg can issue a business verifiable agreement but what value is released right and there's quite a few examples of eye wateringly large values, right? the trade finance gap, that's about $3 trillion globally. This is banks that have money to lend to smaller businesses who are doing crossber Smaller businesses want the money, but the bank says no. Half the time it's because of lack of confidence in identity integrity and document integrity.

Steve Capell: And also it's partly because the cost of the due diligence of trade finance for crossber trade is such that it's not worth doing unless the trade is above a certain value. So 80% of global trade 80% of 25 trillion is trade finance but it's only about 10% by volume. It's 80% by value. So basically the high value shipments are financed the low value ones are not. And that's a blocker to trade because it imposes a risk that I might not get paid, And access to trade finance for small businesses is challenging. So this sort of stuff means the bank that traditionally wants to see the paper invoice and then goes is it real? If somebody added a zero to the 100,000 to make it a million, am I going to loan a million and then the recipient's going to run away? and who are they really?

Steve Capell: All these sort of questions are part of the due diligence for trade finance, which is a cumbersome manual process today. But if you can automate the due diligence, it'll release I guess around two trillion of global trade fun. That's only one of about 10 value propositions for this stuff. So the cost is nothing, right? I mean, I'm doing that hard work for 2 million businesses. I'm issuing PDFs at a VC trivial cost. the once adopted at scale the material benefits to the global economy are measured in trillions. So you ask yourself why isn't everybody doing this and it's largely because they don't know it's possible

Manu_Sporny: All right, plus one to that. And on that note, we're at the top of the hour. Steve, I think the next step here is to just raise a PR and…

Manu_Sporny: put these use cases, into the spec. if you feel like there's enough of a delta,…

Steve Capell: All right.

Steve Capell: Is there No,…

Manu_Sporny: what do you feel like the next step is here?

Steve Capell: that does seem like the next step. I just got to know where to put it in the spec.

Steve Capell: Is there an obvious placeholder for use cases or I just create one?

Manu_Sporny: There is let me see recognized I thought we had a section for …

Manu_Sporny: what no we don't that's the thing we need a use cases section and we have some use cases that are elaborated in the recognized identity credential section so how about this can you raise the PR to add a use cases section and…

Steve Capell: Okay.

Manu_Sporny: just add your two into it for now and we'll add the other ones as we need to. And then once those are in there and then once those are in there, I think we're going to want to concretely demonstrate how the use cases are achieved using the spec and where the gaps are…

Steve Capell: Yeah. Yeah.

Manu_Sporny: because I'm not hearing anyone go like these are not valid use cases that we want to solve, right? …

Steve Capell: Okay, I will do that before the next meeting.

Manu_Sporny: all right. So, let's say that's the next step. Awesome. Even better. Thank you very much, Steve. and thank you for presenting on all of this. your deep experience in the space is very much appreciated. to make sure that we create a technology that works for not only but everyone else and when I say you I know it's everyone that is doing supply chain trade finance type stuff. okay that's our call for this week.

Manu_Sporny: We will meet again next week to take a look at the PR that's raised and then we may spend a bit of time if Phil's here to talk about the overlap with the GS1 use cases. I'm pretty sure there's very heavy overlap and after that we will focus on making sure that techn the use cases are technically achievable. also the other thing that we need to do is ensure that the threat model we make some advancements on the threat model so that we can kick off the horizontal review.

Steve Capell: Yes.

Manu_Sporny: Okay that's it for this week. thank you everyone and we will chat again next week. Take care. Bye. Meeting ended after 01:08:51 👋 This editable transcript was computer generated and might contain errors. People can also change the text after it was created.

This transcription was generated by a large language model (LLM) and might contain errors. When in doubt, check the audio recording. This page was formatted by scribe.perl version 248 (Mon Oct 27 20:04:16 2025 UTC).