W3C

VCWG Product and Wallet Vocabularies

1 June 2026

Attendees

Present
carsten_stöcker, eva_blomqvist, fireflies.ai_notetaker_miguel, ingo_wolf, monika_nowicki, Phillip Long, robert_david, ronald_koenig, ted_guild
Regrets
-
Chair
-
Scribe
transcriber

Meeting minutes

VCWG Product and Wallet Vocabularies Meeting

Ingo_Wolf: I don't in Amsterdam.

Carsten_Stöcker: Engage. Speech. foreign.

Ingo_Wolf: Okay. Hello. What?

Carsten_Stöcker: Hello Monica in Amsterdam.

Monika_Nowicki: Hello in Amsterdam.

Carsten_Stöcker: Is it?

Monika_Nowicki: Fore. All right. Hi.

Carsten_Stöcker: Okay. Hello.

Ingo_Wolf: Imposses. She has one.

Robert_David: I don't know.

<Fireflies.ai_Notetaker_Miguel> Miguel Ángel invited Fireflies.ai here to record & take notes.

Carsten_Stöcker: Hi, Robert. How are you doing?

Ingo_Wolf: Speech.

Carsten_Stöcker: I think maybe we had a smaller team today. Yeah. Hey, Robert. I don't know if you have met. so…

Carsten_Stöcker: where are you coming from?

Monika_Nowicki: What's the

Carsten_Stöcker: What are you doing in the DPP and business wallet ecosystem?

Robert_David: Okay. foreign. Yeah.

Ingo_Wolf: Sure.

Carsten_Stöcker: H file.

Robert_David: Verifiable credentials. Yeah. Yeah. Yeah.

Carsten_Stöcker: Thank you. Yeah.

Robert_David: can be covered in. So, the group back.

Carsten_Stöcker: experts. Yeah. Mega Ah,…

Robert_David: Yeah. Gra is the merger onto the semantic web company as the health in Bulgarian.

Carsten_Stöcker: Cool.

Carsten_Stöcker: vocabment. Foreidential game. Yeah.

Robert_David: Yep.

Carsten_Stöcker: But in business. yes.

Ingo_Wolf: Let's switch to English maybe…

Robert_David: Yeah, thanks.

Ingo_Wolf: since we have a few more guests now.

Introduction of Robert David

Carsten_Stöcker: Sorry. Who joined? Ha. Yeah.

Robert_David: Thanks for theation.

Eva_Blomqvist: If you want us to understand anything,…

Robert_David: Yeah, sorry everywhere. A pious German speaking around before…

Carsten_Stöcker: I was just explaining to Robert.

Robert_David: but not

Eva_Blomqvist: no problem.

Carsten_Stöcker: Robert joined from graph wise. so where we are in the task force and that we kind of have two independent streams business wallets and DPP and of course there will be convergence of the two and that's a second step activity. Yeah.

Carsten_Stöcker: I think most of the people are kind of let's say either commuting to Brussels or preparing for Brussels or have other activities and I think tomorrow there's a face toface meeting in Brussels with the verifiable credential community and I think there's lot of norming and forming because we have independent streams on the one hand side and on the other hand side it's really kind of a working session to narrow down the scope for the DPPs and the business wallets and I think that to flesh out the timeline. I think that's…

Carsten_Stöcker: what we do tomorrow. Maybe Ingo you have an update about what we do with the business wallets. Is there any further updates?

Carsten_Stöcker: Anything from your side? Yes, please.

SC2 Work and EAA Issuance

Ingo_Wolf: I could talk a little bit about our SC2 work in we build.

Ingo_Wolf: So currently we are looking there at the issuance of EAA so electronic atestistation of attributes for hip for data space initiatives and probably also later on a data sharing credential but this is the option optional extension. so for the membership credentials we foresee to provide membership credentials in a mocked scenario since we don't have connection to authentic sources in the partners states.

Ingo_Wolf: So this is Romania and Belgium for this Agri foot use case so the Finnish tax authority would be the only authentic source for a VAT credential for example. So therefore we decided to go with mocked credentials. So the issuance will be mocked, those credentials will be made available in the business wallet instances as a prerequisite. And we decided to go for supporting both formats like there is this discussion about W3C format or…

Carsten_Stöcker: Thank you.

Ingo_Wolf: for related to JSON LD data and SD jot format. as an alternative and since most of the partners already work with JSON LD they made a strong opinion to support JSONLDD credentials based on W3C specifications as well and therefore asked also for an exception to be able to do that in the project since many other participants focus on SD jot and MDO form

Ingo_Wolf: formats for credentials. but yeah, in the business wallet context, I think it makes a lot of sense to go with a credential formats that support JSONLD natively. And, therefore, we committed to, contribute the two formats to try it out in this agree use case.

Carsten_Stöcker: Yeah.

Ingo_Wolf: So data space for agriculture with the participants from Finland, Belgium and Slovenia. So that's the current state there. We are still preparing for this setup but implementation wise this is what we contribute to the project.

Simplified Governance and Semantic Vocabulary

Carsten_Stöcker: And I think for us we have a simplified governance so we use a lot of activities maybe Ronard can explain it in vbuild that kind of end up in a vocabulary and that's what we step by step also bring into the W3C credentials and in the second step and I think whatever in other step this is also what we would like to figure out then in Brussels we would like to align it with some international activities especially in US.

Carsten_Stöcker: So I think Fuyutsu is also supporting from Japan but then we might extend it via some international artifacts the vocabulary but right now we collect what's being done in the labs pilot in the EU and promote this to the vocabulary and take it from there of course and there also gaps but we will close the gaps and step by step maybe Ronard you might want to share some updates from rebuild how the process is going kind of to provide more semantic whatever requirements.

Ronald_Koenig: Yes I can do this. from the semantic perspective in vuild what we are doing as a semantic group is that we provide the European business vocabulary. So that means we are supporting every use case by describing the terminology as well as the ontology based on RDFS and OEL and SCOS so that we have a complete semantic description of the vocabulary which can be used to express the different credentials.

Ronald_Koenig: But on the other hand we have the decision from the lead of rebuild that they want as a preferred format to use SG. VCs and only as the exception JSON ID if the use case owner is explicitly asking for Nevertheless, JSON ID is automatically supported because we generate automatically also the context files and everything we need to describe the credentials and if use case owner wants to use SDVC then they have to do it manually generate a JSON schema file and defining the data structure for ST jots and then for SGP PCs and then going forward with this

Ronald_Koenig: That's currently the status. I'm a little bit surprised I know that SDVC should be supported by the data spaces because the latest information I got is that maybe it will be dropped SDVC because otherwise you have to go into the connectors and have to modify them that they are supporting a credential format which is completely unknown to the connectors. But this is I think currently something which is still in discussion that we are doing it. So what is the status currently? I think we have a vocabulary available using this YAML to woke up tooling generating also the vocabulary.

Graphwise and LLM Integration

Ronald_Koenig: is available at W3 ID or European business wallet as a EBW. and we are going forward and integrating all the different credentials which are currently defined inside the D project. But Robert, this would be interesting also for me is how I think graph wise is dealing with artificial intelligence and grave data integrating into the large language models, right?

Ronald_Koenig: This would be interesting for us because we have already more or less craft data and how we handle this one and how we can integrate this one also for generating on the fly for example KYC data which are pretty complex or have spark then as a language to specify which information you need from an issuer and can put into credential and so on. means but I'm not really sure Robert what is your interest in the discussion here is it more DPP or more in RTON identity European business identities

Ronald_Koenig: for

Robert_David: So originally we came from the DBP side.

Robert_David: So we did a lot of work and we are confident that semantic technologies are the right way to go for the digital product but because of this interoperability topic. So we did quite some work in that direction. So I mean my colleague did also work for verifiable credentials but myself not so much. So we were mostly interested in this interoperability topic. but I mean these two topics need to go together. because of the publishing requirements and the identity requirements this is somehow connected. Yeah.

Robert_David: So yeah I mean regarding how we integrate with large language models I mean a general statement that I would make is that everything is going very strongly in the direction of MCP. So we're not exchanging the data so much anymore via prompts or such things but rather integrating them via MCP and I think this makes it also a bit more easy to keep the confidentiality requirements…

Robert_David: but of course you need even a stronger identity management then if you go for such an architecture but just

Carsten_Stöcker: Interesting.

Claude Zero Trust Paper Analysis

Carsten_Stöcker: Robert, maybe have you seen the claude zero trust papers was just published because this is interesting. They also talk about MCP and some other things and trust and I think they're describing wallet like infrastructure but they're not mentioning it. They're describing it with other words. And they're describing the policies and they call cryptographic identity and using lot term credentials and uses for zero trust.

Carsten_Stöcker: I think it's very interesting Robert what you said let's say kind of moving to Gen AI the semantic interoperability and then the MCP and we are just kind of trying to analyze the cloud code paper because they have a maturity model like what basic enterprise and then advanced and under advanced they open up a lot of questions how it could be solved but then the business wallets in the semantic inter will definitely solve it. Yeah, and that's kind of interesting for us to see how it was positioned by Claude in the zero trust paper. I'm not sure if you have seen it, but I think that's very important kind of to follow up especially with your comment on the MCP.

Carsten_Stöcker: I would say yeah,…

Robert_David: I haven't seen it,…

Robert_David: but So, I will take a look.

Carsten_Stöcker: I will try to share the link if I can just find it. I think I found it. I will share the link. Yeah.

W3C Credentials Requirements for Banks

Carsten_Stöcker: And Ronard what was also interesting we need to make sure that I spoke with or let's say Yos gave some feedback Ronald in rebuild and he was asking that more companies file a requirements to use W3C credentials for example SBB that they have a formal requirements or some of the banks they formally kind of articulate their W3C support.

<Carsten_Stöcker> https://cdn.prod.website-files.com/6889473510b50328dbb70ae6/6a1611a04085d7cd3dadc924_Claude-eBook-Zero-Trust-for-AI-Agents-05182026.pdf

Carsten_Stöcker: I think that's something we need to facilitate because right now I think this is not for formally done.

Ronald_Koenig: already doing it.

Ronald_Koenig: I'm working together with Dominic and have encouraged him to make a official request to do so.

Carsten_Stöcker: Great.

Ronald_Koenig: that we get this done because currently we have the situation that the project management has decided to not support W33 credential and saying the use case owner have to express their need for W33 credentials…

Carsten_Stöcker: Yes. interest.

Ronald_Koenig: but the use case owner are in the impression got the impression that W3C will not support it at all and therefore not requesting it And therefore I asked them if you really needs it for example SC2 for data spaces it doesn't make any sense to fall back from C for data spaces. Then we start over with connectors and doing all this stuff. The same is for supply chain.

Ronald_Koenig: Dominic is describing this SPB supply chain use case we have implemented together with them and pressing forward so that DB cargo for example and also with Alpine which we have in this supply chain use case making a request that they get their identity credentials besides the SJPC also in W6 LD and…

Carsten_Stöcker: Where?

Ronald_Koenig: the reason for us is the same we need semantic interoperability because our credential are too complex and it's not a flat list of name value pairs. Let me say it this way that it's linked data where we have up to 200 300 credentials which are linked with each other and have a certain semantic and…

Robert_David: Yeah. Yeah. Mhm.

Ronald_Koenig: expressing them the overall organizational structure for example for a big company with a lot of shareholders and…

Carsten_Stöcker: Okay,…

Ronald_Koenig: and all this stuff and therefore we are going into this direction and therefore we are also driving forward this European business wallet vocabulary. Can I know this activity from Dominic tomorrow we have a meeting with him and…

Carsten_Stöcker: Cool.

Ronald_Koenig: discussing it again how we can go forward and who can contribute to it and by the way for your customer information Dominic is also driving that he wants for his use case and this is his B1 that they want testing with WSD3 credentials and if the ITB is not supporting this test then we will set up our own test with interested parties and…

Carsten_Stöcker: That's great.

Carsten_Stöcker: And I think in addition to SBB, we will also maybe talk with one of the banks and then one of the banks should also articulate WCC. But that's something we follow up then independently. But sounds good.

Ronald_Koenig: this was also the reason why I read this email where art said that maybe they can drop the requirement to support SGBC for the SC2 for this agriculture data space because what is the need if they don't use it then really inside the data space and I'm not aware of any connector on policy engine which is supporting SDC currently you are muted

Ingo_Wolf: They were just discussing it this afternoon and the statement was we go with Jason LD definitely first and if there is a need and…

Carsten_Stöcker: That's difficult. What?

Ingo_Wolf: desire from other partners to support SD Jot we might do that on top but yeah definitely the JSONLDD credential formats are needed That's like this.

Data Spaces and Policy Engine Support

Ronald_Koenig: Yeah, because you have the membership credential and this data usage credential and both credential needs to be processed by the policy engine of the data provider and for both you need W3C3 VCDM format. Okay, but you will see at least it's good news that they have decided now to send the request directly to the project management either to your and Robert you you said that you are working directly with DPPS which DPPS are already prepared from your site with semantic vocabularies.

Robert_David: No, no. I mean we looked at the different data models and did some work in a previous project called champions…

Ronald_Koenig: Okay.

Robert_David: which was an Austrian Germany bilateral project and a bit of work in C++ 2. Yeah. But nothing more. So yeah we did work for this textiles mainly in super 2 looked at that part but there was still a lot of work going on for the core ontology part yeah so it was not clear yeah what what we did is more like a bit from the practical side because in the champions project we have a supply chain which is a data

Robert_David: base and we looked two First how we can implement roles and ro specific filtering of the data which is probably a very common requirement for PBPs because some roles are allowed to see more than others. Actually we presented that at the workshop at ESWC. and u other work was about check and validating ESPR requirements via shackle constraints like formalizing the ESBR requirements

Robert_David: ments in the form of shapes and then auto validating it which I think is I mean it doesn't work for order regulations but for the ESPR it's u…

Robert_David: because it's quite concrete on what you must have and what is optional so you can formulate they did quite well yeah so this is basically the work we work we did and yeah …

Ronald_Koenig: It's also so didn't want to interrupt.

Ronald_Koenig: I thought you were sorry.

Robert_David: just to mention that we worked in an ID data space. semantic web company graph did many projects in the data space domain. In the last years I think five or so. so we built up a lot of expertise there but also seeing the difficulties of course but I mean I think they are really good fit for this supply chain topic.

Robert_David: Yeah, because you have this selected group of persons. Yeah. And they want to check their identity and then have specific agreements…

Robert_David: who is allowed to see which parts of the DPPS. So this went very well together I would say.

Ronald_Koenig: Okay, sounds good.

Ronald_Koenig: We are also discussing but for the time being we have excluded this one. We said okay we are providing first the ontology and then if we need then a shekele valid data with respect to a certain credential or assertion whatever we call it or atestation. Then we will provide the shekele file on top of the ontology to make the additional constraints to the ontology which is already defined. And therefore for the time being we said the constraints are not our The first thing what we have to get right is the ontology and then if we need additional constraints like cardinality or…

Ronald_Koenig: regular expression for string parameters or the list of attributes which are allowed in this context and so on then we will provide it later on top of the ontology.

Robert_David: Yeah, I think that makes totally sense.

Robert_David: So it's not ontology or shackle but rather both. And yeah in the DBP context check is even a bit more than just checking the consistency of the data model but also a bit who is responsible that the regulation requirements are met. Yeah. So Is it some person? Yeah. Then you always need a legal expert to decide that. But if you can formulate parts of it at least Yeah.

Surpass 2 Updates and Transparency Protocol

Ronald_Koenig: All right. Thanks.

Robert_David: you might reduce the needs for and then this is what was interesting for us. But of course for data consistency and I mean with this data made public there's of course the need to check if everything is there, if it's consistent. Yeah. definitely.

Carsten_Stöcker: do you know what kind of updates are going on in surpass 2 at the moment because I think there is much more stakeholders and then there's a human transparency protocol alignment and some other vocabularies and there's some ontology work going on in cell pass 2. Maybe you have some updates from your side.

Robert_David: I'm sorry. You mean from my side? I think

Carsten_Stöcker: Yeah. Or a I don't know…

Carsten_Stöcker: who is the better updates. Yeah. But I was just looking. Yeah.

Eva_Blomqvist: I'm also not actually in SAS 2. But I did have various meetings with Caroline and there is this work ongoing on kind of comparing all of these standards and…

Eva_Blomqvist: vocabularies and I see it as a kind of basic investigation that will feed into this work as well to understand…

Carsten_Stöcker: Okay.

Eva_Blomqvist: how all of these things are different and then we can see what can be reused and so forth and in parallel of course they are also updating ontologies in sass themselves but that work I don't know so much about Yeah. Yep.

Carsten_Stöcker: So I think but that's good. Then we do basically a baselining and based on this you do the next steps. So okay I think that's a little bit more kind of let's say more work because in the business wallet there's not so much ontology compared to the DPPS for that reason you have to do the baseline.

Carsten_Stöcker: you don't need to do so much of it. Of course, there's also some work but that's good to understand. But I guess then we don't have any other updates. So I think some of us are meeting in Brussels tomorrow and then we take it from there and I guess that we then have kind of let's say an updated implementation path going forward after the Brussels meeting looking forward to it. Yeah. Cool.

Carsten_Stöcker: Okie dokie. I think I will…

Eva_Blomqvist: Yeah.

Carsten_Stöcker: then reconnect next week I guess. Yeah. Okay. Thank you guys.

Ingo_Wolf: Sounds good.

Robert_David: Thank you.

Carsten_Stöcker: Speak soon. Cheers. Bye-bye.

Ingo_Wolf: Thank you. Bye. Meeting ended after 00:35:45 👋 This editable transcript was computer generated and might contain errors. People can also change the text after it was created.

This transcription was generated by a large language model (LLM) and might contain errors. When in doubt, check the audio recording. This page was formatted by scribe.perl version 248 (Mon Oct 27 20:04:16 2025 UTC).