Leaving slide mode.
What's Next for Verifiable Credentials
Wesley Smith
Mandy Venables
TPAC 2024
Anaheim CA, USA
hybrid meeting
23–27 SEPTEMBER 2024
What should go into a new charter? (1/3)
Features
- RenderMethod
- ConfidenceMethod
- Unlinkable ECDSA Cryptosuite
What should go into a new charter? (2/3)
Protocols
- Verifiable Credentials API
- Verifiable Credentials over Bluetooth
- Verifiable Credentials over NFC
What should go into a new charter? (3/3)
Applications
- Verifiable Credential Barcodes
-
Vocabulary Work
- Verifiable Driver's Licenses
- Citizenship Vocabulary (Employment Authorization Documents etc.)
- Verifiable Vehicle Titles
renderMethod (1/2)
A secure way for issuers to convey how they want their credentials displayed
- Represent Verifiable Credential through visual, auditory, or haptic medium
- Experimenting with SVG, PDF, and other text-based template formats
renderMethod (2/2)
A secure way for issuers to convey how they want their credentials displayed
- Production deployments in Singapore for Open Attestation Renderer
- Examples deployed in Playground, standardization ETA 6-12 months
- Multiple implementations (none interoperable yet)
renderMethod example
"renderMethod": [{
"id":
"https://example.edu/credentials/BachelorDegree.svg",
"type": "SvgRenderingTemplate",
"name": "Portrait Mode",
"css3MediaQuery": "@media (orientation: portrait)",
"digestMultibase":
"zQmAPdhyxzznFCwYxAp2dRerWC85Wg6wFl9G270iEu5h6JqW"
}]
confidenceMethod
Increase credential accuracy and trustworthiness
- Gives confidence the entity presenting the credential is the one that picked it up
- Can be bound to a hardware key
- Can use other unlinkable and non-correlatable methods
confidenceMethod example
"confidenceMethod": [{
"type": "VerificationKeyConfirmation",
"publicKeyJwk": {
"kty": "EC",
"crv": "P-256",
"x": "f83OJ3D2xFzv3SKnli_J9i7Fy1oD2m5wdJGJVAOzvZ0",
"y": "x_FEzRu9-4sM8c4JLAuO4ZF2_CfAhFb6tkcU8QpF9Ck"
}}]
Unlinkable ECDSA Cryptosuite
Adding unlinkability to traditional signature mechanisms
- Traditional ECDSA signatures strongly linkable
- Working with expert cryptographers to add unlinkability
- Unlinkability can be achieved with other signature mechanisms, but you lose good properties of ECDSA:
- FIPS compliance
- Wide hardware/software support
- Early phases of work, specification draft within a year
Verifiable Credentials API (1/3)
An API for performing Verifiable Credential lifecycle management
- Complete credential lifecycle management framework, supports:
- Issuance
- Verification
- Presentation
- Status Modification
Verifiable Credentials API (2/3)
An API for performing Verifiable Credential lifecycle management
- Agnostic to delivery mechanism:
- DIDComm
- OID4
- Workflows/Exchanges
- Conexxus API
Verifiable Credentials API (3/3)
An API for performing Verifiable Credential lifecycle management
- 11 implementations (varying levels of interoperability)
- Used extensively in VCWG for test suites and canivc.com
- Production deployments (TruAge, CA DMV/OpenCred)
Verifiable Credentials over Wireless NFC (1/2)
Protocols for in-person VC Presentation
- Mechanisms:
- Specification draft
Verifiable Credentials over Wireless NFC (2/2)
Protocols for in-person VC Presentation
Applications:
- First responder on-site presentation
- Border crossing
- Retail or venue interactions
Verifiable Credential Barcodes (1/2)
Cryptographic security for physical credentials
- Barcodes encode VCs into easily consumable format
- Uses new Data Integrity cryptosuite to digitally sign both VC, optically readable data on card
- MRZ on Employment Authorization Doc.
- PDF417 on Driver's License
Verifiable Credential Barcodes (2/2)
Cryptographic security for physical credentials
- Multiple implementations in progress
- Test vectors available in VCB specification
- Deployments in progress:
- California Department of Motor Vehicles
- Department of Homeland Security
Citizenship Vocabulary
A Linked Data vocabulary for expressing attributes related to citizenship
- Use case: VCs for representing citizenship as recognized by an issuing organization (e.g. a federal government)
- Deployment in progress with USCIS
Verifiable Driver's License Vocabulary
A Linked Data vocabulary for expressing attributes related to digital driver's licenses
- Use case: VCs for digital driver's licenses
- Deployed in production with CA DMV
Verifiable Vehicle Titles Vocabulary
A Linked Data vocabulary for expressing attributes related to vehicle titling and ownership
- Use case: VCs for provable ownership of a vehicle as recognized by an issuing organization (e.g. a state government)
- Deployment in progress with CA DMV
Summary
Three main categories of proposed work:
-
Features
- Protocols
- Applications
Standardization timelines for proposed items vary based on maturity
Lots of exciting work to be done :)
