decentralized-id.github.io/_posts/identosphere-dump/open-standards/standards.md

354 lines
33 KiB
Markdown
Raw Normal View History

2022-10-28 02:36:46 -04:00
---
published: false
---
# Standards
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [DIDs are not enough - we need an Authoriziation standard too](https://medium.com/energy-web-insights/api-access-security-for-dapps-cfcfa928623c) Energy Web
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
If you are a developer and want to write a DApp [...] you probably are using API-Keys in your front-end. If this is the case, then you should consider the security risk the publication of the API-Key in your front end represents and ask yourself if it would make sense to switch to a user authentication scheme.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
## In general
* [FYI: What makes a standard world class?](https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0213.html) Michael Herman (Trusted Digital Web) (Saturday, 14 August)
> - A world class standard should have well-defined objectives that respond to real needs in a timely manner.
> - Its technical content should be complete and accurate.
> - It should be easy to understand (or as easy as the subject matter allows!) and easy to implement.
> - Its requirements should be expressed clearly and unambiguously.
> - It should be validated.
> - It should be well-maintained.
>
> Reference: [A Guide To Writing World Class Standards](https://www.etsi.org/images/files/Brochures/AGuideToWritingWorldClassStandards.pdf)
* [Trust Frameworks? Standards Matter](https://medium.com/@trbouma/trust-frameworks-standards-matter-47c946992f44) Tim Bouma
> He points at the NIST documents about it [Developing Trust Frameworks to Support Identity Federations](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8149.pdf) published in 2018. He also points at the Canadian governments definition of standards.
>
> “a document that provides a set of agreed-upon rules, guidelines or characteristics for activities or their results. Standards establish accepted practices, technical requirements, and terminologies for diverse fields.”  He goes on to highlight a lot of the work being done in Canada and where it all sits relative to being a standard - “In closing, there are lots of trust frameworks being developed today. But to be truly trusted, a trust framework needs to either apply existing standards or become a standard itself.”
* [Open standards should be developed openly](https://blog.weareopen.coop/open-standards-should-be-developed-openly-1f0cf552308d) WeAreOpen
> Open standards should be developed openly because not enough people work to ensure that equity is central to innovation and development. We believe that openness is an attitude, and one which bears fruit over time from which everyone can benefit.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [Global Standards Mapping Initiative](https://www.continuumloop.com/global-standards-mapping-initiative/) ContinuumLoop
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
This past November, the GBBC released [The Global Standards Mapping Initiative 2.0](https://gbbcouncil.org/wp-content/uploads/2021/11/GBBC-GSMI-2.0-Report-1.pdf), updating the [standards published in 2020](https://gbbcouncil.org/wp-content/uploads/2020/10/GSMI-Legal-Regulatory-Report.pdf). The GBBC is a strong proponent of standardization and intends to serve as a baseline for establishing frameworks and standards that will allow for adoption and innovation.
* [Premature Standardization & Interoperability](https://www.continuumloop.com/premature-standardization-interoperability/) Continuum Loop
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
Heres my premise we dont have standards nor interoperability at least not as people really need. We have been through a process that is powerful and good but what we have is what I call “premature standardization.” Its a great start but nowhere near where things will be.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [Trinsic Basics: What Are SSI Standards?](https://trinsic.id/what-are-ssi-standards/)
> There are two kinds of standards that Trinsic implements to enable interoperability and avoid vendor lock-in: data model standards and protocol standards.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [Manifesto: Rules for standards-makers](http://scripting.com/2017/05/09/rulesForStandardsmakers.html)
> I've used all kinds of formats and protocols in a long career as a software developer, even created a few. My new manifesto summarizes what I've learned about what works and what doesn't.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
## Formal Objection
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [Re: historical background regarding success of responses to formal objections](https://lists.w3.org/Archives/Public/public-credentials/2021Sep/0076.html) Liam R. E. Quin (Monday, 13 September)
> In the 17 years i worked at W3C, the formal objections were
>
> (1) "we [the objector] wanted to be on record as saying this but go ahead and publish" (the most common);\
> (2) we [the objector] have a product, or are about to ship a product, and the feature(s) in  this spec would cause problems in the short-term for our product, and that's more important to us than the Web (no-one will ever admit to this but it's not uncommon)\
> (3) we object to this spec, we prefer another approach, so here's a bunch of fake objections to slow things down because we can't share our actual business strategy\
> (4) we believe there's a technical problem with this spec, but we didn't notice it over the past four years despite a last call  review (this one is actually rare but does happen)\
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
## New
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
* [What's New in Passwordless Standards, 2021 edition!](https://techcommunity.microsoft.com/t5/identity-standards-blog/what-s-new-in-passwordless-standards-2021-edition/ba-p/2124136) (Microsoft)
> The Web Authentication API (WebAuthn) Level 2 specification is currently a Candidate Recommendation at the W3C. "Level 2" essentially means major version number 2.
>
> The version 2.1 of the[Client to Authenticator Protocol (CTAP)](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html) specification is a Release Draft at the FIDO Alliance. This means the spec is in a public review period before final publication.
> We think you might want to hear about what we think is especially fun about WebAuthn L2 and CTAP 2.1.
2022-12-02 04:30:37 -05:00
2022-12-11 05:42:56 -05:00
## Big Pic
2022-10-28 02:36:46 -04:00
* [Decentralised Identity: Whats at Stake?](https://inatba.org/wp-content/uploads/2020/11/2020-11-INATBA-Decentralised-Identity-001.pdf) A Position Paper by the INATBA Identity Working Group
> INATBA has a specific Standards Committee to liaison with relevant standardisation committees and bodies. Some relevant standardisation committee and bodies include:
2022-12-11 05:42:56 -05:00
> - [ISO/TC 307 “Blockchain and distributed ledger technologies”](https://www.iso.org/committee/6266604.html)
> - [CEN/CENELEC JTC 19 “Blockchain and Distributed Ledger Technologies”](https://standards.iteh.ai/catalog/tc/cen/d96ab6b7-aac8-49e9-9ac5-b391bbd2abdc/cen-clc-jtc-19)
> - [Decentralised Identifiers (DIDs)](https://w3c.github.io/did-core/)
> - [DID Resolution](https://w3c-ccg.github.io/did-resolution/)
> - [Verifiable Credentials (VCs)](https://www.w3.org/TR/vc-data-model/)
> - “[Issuer](https://github.com/w3c-ccg/vc-issuer-http-api)” and “[Verifier](https://github.com/w3c-ccg/vc-verifier-http-api)” API, [Linked Data Vocabulary](https://digitalbazaar.github.io/citizenship-vocab/)
> - [Credential Handler API](https://w3c-ccg.github.io/credential-handler-api/)
> - [DID SIOP](https://identity.foundation/did-siop/)
> - [DID Comm](https://github.com/decentralized-identity/didcomm-messaging)
> - [Trust over IP Foundation](https://trustoverip.org/)
2022-10-28 02:36:46 -04:00
* [distributed ID learning path](https://translate.google.com/translate?sl=auto&tl=en&u=https://kristinayasuda.com/posts/decentralized-identity-catch-up-path/) Christina Yasuda based on [VC-Spec](https://github.com/decentralized-identity/vc-spec-map) Map by Michael Ruminer
2022-12-11 05:42:56 -05:00
> first describes pre-requisite knowledge, including JSON, JSON-LD, JWT, JWS, JWK, JWA, and sometimes CBOR. She then goes on to break down knowledge areas beginning with the basics: DID-Core, DID-Resolution, DID-Spec, DID Use-Cases. Next, she covers Verifiable Credentials with VC-Data Model, VC Use-Cases, and VC-Implementors Guide, and also Transport, Credential Presentation, and Other Data Formats.
* [Linked Data Security](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0134.html) ([slide deck](https://lists.w3.org/Archives/Public/public-credentials/2021Feb/att-0134/2021-Linked-Data-Security.pdf)
> The attached slide deck provides a basic overview (with examples) of Linked Data Security as well as the specifications in that orbit. The W3C CCG is  actively developing a number of these specifications.
2022-10-28 02:36:46 -04:00
* [Roadmap: Verifiable Trust Standards](https://lists.w3.org/Archives/Public/public-credentials/2021Mar/0014.html)
2022-12-11 05:42:56 -05:00
> Green - General data format standards
> Yellow - Vocabulary standards (I the mislabeled VC work)
> Magenta - Protocol standards (I mislabeled DID Resolution)
> Red - Low-level cryptographic primitives
> Purple - General crypto packaging/protocol standards
> Orange - Application layer standards
* [An overview of blockchain technical standards](https://www.weforum.org/whitepapers/global-standards-mapping-initiative-an-overview-of-blockchain-technical-standards)
> This October report is the most comprehensive review of global standards around blockchain tech that weve seen. Heres a list of standards bodies included in a chart towards the end:
> - [IEEE](https://standards.ieee.org/) (IoT; Cryptocurrency exchange & payment; tokens; energy; digital assets)
> - [ISO](https://www.iso.org/standards.html) (Security; identity)
> - [W3C](https://www.w3.org/standards/) (Identity)
> - [IRTF](https://irtf.org/) (Identity; digital assets)
> - [IEC](https://www.iec.ch/) (IoT)
> - [IETF](https://www.ietf.org/standards/) (Cryptocurrency payment)
> - [ITU-T](https://www.itu.int/en/ITU-T/publications/Pages/default.aspx) (Security; IoT; identity; DLT requirements)
> - [BSI](https://www.bsigroup.com/en-GB/standards/) (DLT requirements)
> - [CEN](https://www.cen.eu/Pages/default.aspx); [CENELEC](https://www.cenelec.eu/) (Security)
> - [Standards Australia](https://www.standards.org.au/) (Security; DLT taxonomy)
> - [WIPO](http://www.wipo.int/) (Blockchain for intellectual property)
> - [ETSI](https://www.etsi.org/standards) (Permissioned ledgers)
> - [SAC](http://www.sac.gov.cn/sacen/) (DLT requirements)
> - [BRIBA](https://www.beltandroadblockchain.org/) (DLT requirements)
> - [CESI](http://www.cc.cesi.cn/english.aspx) (Tokens; security)
> - [DCSA](https://dcsa.org/) (Interoperability)
> - [International Chamber of Commerce](https://iccwbo.org/) (Interoperability)
> - [EEA](https://entethalliance.org/) (Interoperability; tokens)
> - [Hyperledger](https://www.hyperledger.org/) (Interoperability; tokens)
> - [IWA](https://interwork.org/) (Tokens; analytics)
> - [JWG](https://intervasp.org/) (Tokens)
> - [National Blockchain and Distributed Accounting Technology Standardization Technical Committee](https://tech.sina.com.cn/it/2018-05-10/doc-ihaichqz3607998.shtml) (DLT requirements\terminology)
> - [CDC](https://digitalchamber.org/initiatives/) (Digital assets)
> - [MOBI](https://dlt.mobi/) (Vehicle identity; usage-based insurance; electric vehicle grid integration; connected mobility and data marketplace; supply chain and finance; securitization and smart contracts)
> - [GDF](https://www.gdfi.io/) (DLT requirements)
> - [BIG](https://blockchainindustrygroup.org/) (DLT requirements)
> - [BIA](https://bialliance.io/) (Interoperability)
> - [BiTA](https://www.bita.studio/) (Interoperability; DLT requirements)
### Verifier Universal Interface
2022-10-28 02:36:46 -04:00
* [Verifier Universal Interface by Gataca España S.L.](https://essif-lab.eu/verifier-universal-interface-by-gataca-espana-s-l/)
> This draft version can be found at [https://gataca-io.github.io/verifier-apis/](https://gataca-io.github.io/verifier-apis/) and has been built using ReSpec.
> This draft version for VUI includes today 6 APIs:
>
> - Presentation Exchange
> - Consent Management
> - Schema resolution
> - Issuer resolution
> - ID resolution
> - Credential status resolution
2022-12-03 02:23:23 -05:00
2022-12-11 05:42:56 -05:00
### WebAuthn
2022-12-02 03:40:42 -05:00
2022-10-28 02:36:46 -04:00
* [W3C WebAuthn V2 Now a Standard](https://self-issued.info/?p%3D2160) Mike Jones
> While remaining compatible with the original standard, this second version adds additional features, among them for user verification enhancements, manageability, enterprise features, and an Apple attestation format. ([Recommendation](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/)) ([CTAP also approaching standardization](https://self-issued.info/?p%3D2155).
2022-12-11 05:42:56 -05:00
* [Web Authentication: An API for accessing Public Key Credentials Level 2](https://www.w3.org/TR/2021/PR-webauthn-2-20210225/). This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
* [Second Version of W3C Web Authentication (WebAuthn) advances to Proposed Recommendation (PR)](https://self-issued.info/?p%3D2149)
> The World Wide Web Consortium (W3C) has published this [Proposed Recommendation (PR)](https://www.w3.org/TR/2021/PR-webauthn-2-20210225/) Level 2 specification, bringing the second version of WebAuthn one step closer to becoming a completed standard. While remaining compatible with the original standard, this second version adds additional features, among them for user verification enhancements, manageability, enterprise features, and an Apple attestation format.
* [Near-Final Second W3C WebAuthn and FIDO2 CTAP Specifications](https://self-issued.info/?p=2143)
> The [W3C WebAuthn](https://www.w3.org/blog/webauthn/) and [FIDO2](https://fidoalliance.org/fido2/) working groups have been busy this year preparing to finish second versions of the W3C Web Authentication (WebAuthn) and FIDO2 Client to Authenticator Protocol (CTAP) specifications
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
### KMIP
2022-10-28 02:36:46 -04:00
* [OASIS releases KMIP 2.1](https://www.oasis-open.org/2020/12/18/key-management-interoperability-protocol-specification-and-key-management-interoperability-protocol-profiles-oasis-standards-published/)
> The Key Management Interoperability Protocol (KMIP) is a single, comprehensive protocol for communication between clients that request any of a wide range of encryption keys and servers that store and manage those keys. By replacing redundant, incompatible key management protocols, KMIP provides better data security while at the same time reducing expenditures on multiple products.
2022-12-11 05:42:56 -05:00
### OMG
2022-10-28 02:36:46 -04:00
* [OMG ISSUES RFI FOR DISPOSABLE SELF-SOVEREIGN IDENTITY STANDARD](https://www.omg.org/news/releases/pr2021/01-21-21.htm)
> This RFI aims to gain a better understanding of the self-sovereign identity space. In particular, the Blockchain PSIG is exploring the potential for standards setting in the area of contextually constrained or disposable self-sovereign identity arrangements, building on top of existing W3C standards for self-sovereign identity [DID] and verifiable credentials [VC]. The aim of this RFI is to determine whether new standards for this specific aspect of self-sovereign identity are necessary, desirable and timely, and are not already being developed elsewhere. (The RFI)
A [public presentation on the Disposable Self-sovereign Identity RFI](https://www.brighttalk.com/webcast/12231/461001) will be held on February 3, 2021 at 11:00 AM ET.
> The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium, founded in 1989. OMG standards are driven by vendors, end-users, academic institutions and government agencies. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries.
2022-12-11 05:42:56 -05:00
## Agents
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
* [Agent Frameworks & Infrastructure (“Layer 2”)](https://identity.foundation/faq/#agent-frameworks-infrastructure-layer-2)
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
* [Mobile Agent Development FAQ](https://iiw.idcommons.net/1L/_Mobile_Agent_Development_FAQ) by Horacio Nunez
> - Whats the best place to start creating your own mobile agent?
> - How do you get updates once you ship your first version?
> - Do I actually have to support a fork for every mobile agent I create?
> - Do I need to use a Mediator?
2022-12-04 02:46:02 -05:00
2022-12-11 05:42:56 -05:00
## Schema.org
2022-10-28 02:36:46 -04:00
* [Schema.org is ten!](http://blog.schema.org/2021/06/schemaorg-is-ten.html)
Schema.org was founded on the idea of making it easier and simpler for the ordinary, everyday sites that make up the web to use machine-readable data, and for that data to enable an ecosystem of applications used by millions of people. While it's hard to predict exactly what the next decade will bring, if we can all keep these founding concerns in mind as we improve, refine and curate our growing collection of schemas, we'll be doing our part to continue improving the web.
2022-12-11 05:42:56 -05:00
## Identiverse
2022-10-28 02:36:46 -04:00
* [Reflections from Identiverse: Identity Security Threats & Trends](https://www.secureauth.com/blog/reflections-from-identiverse-identity-security-threats-and-trends/) SecureAuth
2022-12-11 05:42:56 -05:00
> talks like [“Simplify Your Least-Privilege Journey with Access Analysis”](https://identiverse.com/idv2021/session/SESCI5F77RW8COIGZ/) and [“Managing and governing workload identities”](https://identiverse.com/idv2021/session/SESTZ5WNB1OMKD9EV/) definitively provide greater insight. [...] UberEther showed in [“User Behavior Analytics: Marrying Identity and the SOC Like Peanut Butter and Jelly”](https://pheedloop.com/identiverse2021/virtual/?page%3Dsessions%26section%3DSESKWZML7NBJX42P3) how UBA (User Behavior Analytics) and UEBA (User Events Behavior Analysis) deliver additional value to help avoid threats in real-time and provide visibility to analysts.
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
## Oasis
2022-10-28 02:36:46 -04:00
* [Managed Open Projects: A New Way For Open Source and Open Standards To Collaborate](https://www.oasis-open.org/2021/09/08/managed-open-projects/)
I recently pointed out in a [TechCrunch contribution](https://techcrunch.com/2021/06/09/a-revival-at-the-intersection-of-open-source-and-open-standards/) that the open source and open standards communities need to find ways to team up if they are to continue driving innovation and  development of transformative technologies to push our society forward.
2022-12-11 05:42:56 -05:00
## JSON
2022-10-28 02:36:46 -04:00
* [JSON is Robot Barf](https://www.windley.com/archives/2021/09/json_is_robot_barf.shtml) Windley
JSON has its place. But I think we're overusing it in places where a good notation would serve us better.
2022-12-11 05:42:56 -05:00
## DIF
2022-10-28 02:36:46 -04:00
* [Q&A: The Potential of Decentralized ID in Travel](https://www.webintravel.com/qa-the-potential-of-decentralized-digital-id-in-travel/) WebInTravel
2022-12-11 05:42:56 -05:00
> Since February he has also been the informal chair of the [Hospitality and Travel Special Interest Group](https://www.notion.so/dif/HOSPITALITY-TRAVEL-SIG-242105321e1747f8bce776bf634a55b3), a subset within the Decentralized Identity Foundation, an organization creating technical specifications and reference implementations for decentralized identity and working with industries for commercial applications of such technologies.
* [Bloom donates WACI](https://medium.com/decentralized-identity/bloom-donates-waci-790f902ac9bd)
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
At its core, WACI can be thought of as a handshake using classic, industry-standard [JWT](https://datatracker.ietf.org/doc/html/rfc7519)s: the “Relying Party” signs a token given to the end-users wallet, and the wallet signs over a “challenge” contained within it, proving ownership of a DID.
* [DIF Monthly #28](https://blog.identity.foundation/dif-monthly-28/)
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
Table of contents: 1. [Foundation News](https://blog.identity.foundation/dif-monthly-28/%23foundation); 2. [Group Updates](https://blog.identity.foundation/dif-monthly-28/%23groups); 3. [Member Updates](https://blog.identity.foundation/dif-monthly-28/%23members); 4. [Digital Identity Community](https://blog.identity.foundation/dif-monthly-28/%23Community); .5. [Funding](https://blog.identity.foundation/dif-monthly-28/%23funding); 6. [Events](https://blog.identity.foundation/dif-monthly-28/%23community); 7. [Hackathons](https://blog.identity.foundation/dif-monthly-28/%23hackathons); 8. [Jobs](https://blog.identity.foundation/dif-monthly-28/%23jobs); 9. [Metrics](https://blog.identity.foundation/dif-monthly-28/%23metrics); 10. [Get involved! Join DIF](https://blog.identity.foundation/dif-monthly-28/%23join)
2022-12-02 03:40:42 -05:00
2022-12-11 05:42:56 -05:00
## Spruce
2022-10-28 02:36:46 -04:00
* [Sign in with Ethereum](https://login.xyz/) is being developed by Spruce
Already used throughout web3, this is an effort to standardize the method with best practices and to make it easier for web2 services to adopt it.
2022-12-11 05:42:56 -05:00
## ISO 27001
2022-10-28 02:36:46 -04:00
* [WAYF certificeret efter ISO 27001](https://www.wayf.dk/en/node/317)
WAYF has now been certified according to the standard for information security ISO 27001. This is the result of the audit that DNV conducted at WAYF on 23 September 2021. Language Danish Read more about WAYF certified according to ISO 27001
2022-12-11 05:42:56 -05:00
* [What Is ISO 27001:2013? A Guide for Businesses](https://auth0.com/blog/what-is-iso-27001-2013-a-guide-for-businesses/)
> ISO 27001 is also the cornerstone of a growing international consensus about data security best practices. Australia based its federal Digital Security Policy on ISO 27001. Likewise, ISO 27001 can provide guidance on how to meet the standards of other data privacy laws, such as the GDPR, which often direct companies to it as an example of universal best practices. So if you abide by ISO 27001s recommendations, youre on the right track for legal compliance, not to mention improved data security.
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
## OpenBadges
2022-10-28 02:36:46 -04:00
* [Keep Badges Weird…](https://blog.weareopen.coop/keep-badges-weird-e26a1b055ff5) at the Badge Summit
2022-12-11 05:42:56 -05:00
> We have a new suite of badges to encourage participation, create value for others, and reflect on that experience. Participants will be able to both earn AND award badges, so theyll have a chance to prove that theyve understood the theory surrounding CoPs and badges as well as put those theories into practice.
2022-10-28 02:36:46 -04:00
* [Discover Open Badges 3.0!](https://app.participate.com/communities/keep-badges-weird/62003f3f-a7ba-4f6a-990a-64d6f893016d/announcements/0bc15852-0f91-48c8-a7ca-478b246b553c) Keep Badges Weird
2022-12-11 05:42:56 -05:00
> 1. Check out the (accepted) [Open Badges 3.0 proposal](https://github.com/IMSGlobal/openbadges-specification/files/6977048/Proposal-Open-Badges-3.0-update-08-11-2021.pdf)
> 2. [Watch a video](https://www.youtube.com/watch?v%3DQDGPwR1F3FY%26t%3D1357s) from the ePIC conference giving an overview of what Open Badges 3.0 will enable (or view the [slide deck](https://docs.google.com/presentation/d/1NEJoQaI9b6KC1EFDDhR3MGybGVoa0R3bQh0xuKtUKkY)
> 3. Discuss what this means for you, your organisation, or your community in [this thread](https://app.participate.com/discussions/open-badges-3-0/68917656-db8f-4932-88fd-153fdb54e285)
2022-10-28 02:36:46 -04:00
* [Reflecting on the Evolving Badges and Credentials Ecosystem](https://blog.weareopen.coop/reflecting-on-the-evolving-badges-and-credentials-ecosystem-6efac4d673d3)
2022-12-11 05:42:56 -05:00
> Recently, the WAO team took the opportunity to update the badge platforms page on Badge Wiki, a knowledgebase for the Open Badge community. As the ecosystem continues to evolve were seeing some early platforms fall by the wayside and new platforms emerge.
* [What is Open Recognition, anyway?](https://blog.weareopen.coop/what-is-open-recognition-anyway-9f38ec1f8629) Going beyond credentialing and the formal/informal divide
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
Badges as credentials includes approaches that are well understood and largely replace or augment existing certification practices. Badges for recognition, however, include approaches that remain somewhat confusing to many people.
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
## Blockcerts
2022-10-28 02:36:46 -04:00
* [Blockcerts V3 release](https://community.blockcerts.org/t/blockcerts-v3-release/3022)
The main change is the alignment with the [W3C Verifiable Credentials specification 3](https://www.w3.org/TR/vc-data-model/).
Regarding the standard itself metadata and display are entering the default standard. metadata comes in replacement of metadataJson and remains a stringified JSON that will allow consumers to register specific data which are too unique for issuances to be defined in the context.
display brings in [a little bit of novelty 2](https://github.com/blockchain-certificates/cert-schema/blob/master/cert_schema/3.0/displaySchema.json%23L6) images or pdfs, in addition to the more classic HTML.
2022-12-11 05:42:56 -05:00
### XSL SDI
2022-12-03 00:15:04 -05:00
2022-12-10 03:01:12 -05:00
* [XSL Labs: Your Data Belongs to You](https://www.xsl-labs.io/whitepaper/white_paper_en.pdf)
The SDI technology constitutes a very important example of decentralized counter-power to the web giants. The SDI maintains to keep the practicality of a unique identifier while guaranteeing the security of the data and the user's sovereignty over it.
2022-12-03 00:15:04 -05:00
2022-12-11 05:42:56 -05:00
### CCI
2022-10-28 02:36:46 -04:00
* [Use Case Implementation Workstream](https://covidcreds.groups.io/g/usecaseCCI) [usecaseCCI@covidcreds.groups.io](mailto:usecaseCCI@covidcreds.groups.io)
This is the Use Case Implementation Workstream of the [COVID Credentials Initiative (CCI)](https://www.covidcreds.com/). This workstream identifies privacy-preserving verifiable credentials (VCs) that are most useful to the COVID-19 response and provides a forum and platform for those who are implementing COVID VCs to present their projects/solutions.
2022-12-11 05:42:56 -05:00
### VON\ION
2022-10-28 02:36:46 -04:00
* [@csuwildcat](https://twitter.com/csuwildcat) shares
> As of Friday, we believe v1 of ION is functionally code complete, and the Sidetree Working Group at DIF (@DecentralizedID) should have a v1 spec candidate ready for the underlying protocol by Jan 21st. Public v1 launch of the ION network on Bitcoin mainnet is just weeks away.
### Data Privacy Vocab
* [https://kantarainitiative.org/confluence/collector/pages.action?key=WA&src=sidebar-pages](https://kantarainitiative.org/confluence/collector/pages.action?key%3DWA%26src%3Dsidebar-pages)
W3C Data Privacy Vocabulary Control
* [https://dpvcg.github.io/dpv/#Representative](https://dpvcg.github.io/dpv/%23Representative)
2022-12-11 05:42:56 -05:00
* [Primer] [Data Privacy Vocabulary (DPV)](https://w3c.github.io/dpv/primer/%23core-taxonomy) w3c
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
Call for Comments/Feedbacks for DPV v1.0 release
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
Please provide your comments by 15-OCT-2022 via [GitHub](https://github.com/w3c/dpv/issues/50) or [public-dpvcg@w3.org](https://lists.w3.org/Archives/Public/public-dpvcg/) (mailing list).
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
## Oberon protocol
2022-10-28 02:36:46 -04:00
* [Better and more secure methods for API authentication](https://iiw.idcommons.net/1D/_Better_and_more_secure_methods_for_API_authentication) by Michael Lodder
Presentation slides: [https://docs.google.com/presentation/d/1UO25DzVmq25ya2S4_tV5UKTSP6NtBggln9vP1TEXSzE/edit](https://docs.google.com/presentation/d/1UO25DzVmq25ya2S4_tV5UKTSP6NtBggln9vP1TEXSzE/edit)
Goal of the Oberon protocol when building an API:
- Super effective: no separate session token to required for accessing the API; very fast to issue and verify tokens; 128 bytes required per message
- Privacy preserving
- No new crypto, uses BLS signature keys and Pointecheval saunders Construction
2022-12-11 05:42:56 -05:00
### Timestamping
2022-10-28 02:36:46 -04:00
* [Trusted Timestamping Part 3: Family of Standards](https://medium.com/finema/trusted-timestamping-part-3-family-of-standards-f0c89a5e97ab) Nunnaphat Songmanee Finema
Read more about timestamping and its concepts at [Trusted Timestamping Part 1: Scenarios](https://medium.com/finema/trusted-timestamping-part-1-scenarios-9bf4a7cc2364) and [Trusted Timestamping Part 2: Process and Safeguards](https://medium.com/finema/trusted-timestamping-part-2-process-and-safeguards-f75286a0c370).
Family of standards related to timestamping
2022-12-11 05:42:56 -05:00
### Verfiable presentation
2022-10-28 02:36:46 -04:00
* [Verifiable Presentation Personas: Certifiers, Consolidators, & Submitters](https://medium.com/@Transmute/verifiable-presentation-personas-certifiers-consolidators-submitters-b38a281eb92f) Transmute
The arrow for “Issue Credentials” is exactly the same as “Send Presentation,” leading us to believe these activities are similar, but how are they similar? We cant adequately answer these questions by looking at the above picture and the specification doesnt provide a ton of help either…
2022-12-11 05:42:56 -05:00
## GAIN
2022-10-28 02:36:46 -04:00
2022-12-03 04:05:47 -05:00
- [Nat has a presentation](https://nat.sakimura.org/2021/09/14/announcing-gain/)
- There is a [linked in Group](https://www.linkedin.com/groups/12559000/)
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
### QR Code
2022-10-28 02:36:46 -04:00
* [Secure QR Code Authentication v1.0 from ESAT TC approved as a Committee Specification](https://www.oasis-open.org/2022/07/12/secure-qr-code-authentication-v1-0-from-esat-tc-approved-as-a-committee-specification/)
An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.
2022-12-11 05:42:56 -05:00
## PICO
2022-10-28 02:36:46 -04:00
* [The Most Inventive Thing I've Done](https://www.windley.com/archives/2022/07/the_most_inventive_thing_ive_done.shtml) Phil Windley
every pico is serverless and cloud-native, presenting an API that can be fully customized by developers. Because they're persistent, picos support databaseless programming with intuitive data isolation. As an actor-model programming system, different picos can operate concurrently without the need for locks, making them a natural choice for easily building decentralized systems.
W3C Press Release - [Decentralized Identifiers (DIDs) v1.0 becomes a W3C Recommendation](https://www.w3.org/2022/07/pressrelease-did-rec) worth reading to see who contributed comments (and notice who didnt)
For individuals in particular, DIDs can put them back in control of their personal data and consent, and also enable more respectful bi-directional trust relationships where forgery is prevented, privacy is honored, and usability is enhanced.
2022-12-11 05:42:56 -05:00
## Verification
2022-10-28 02:36:46 -04:00
* [Verification Patterns, Part 1](https://docs.centre.io/blog/verification-patterns-1) Verite
Since verification is off-chain (and generally fast/inexpensive, depending on the provider), and since this avoids on-chain storage of potentially correlatable data, this is often the preferred solution.
2022-12-11 05:42:56 -05:00
## JWP
2022-10-28 02:36:46 -04:00
* [JSON Web Proofs BoF at IETF 114 in Philadelphia](https://self-issued.info/?p%3D2286)
- [Chair Slides](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-json-web-proofs-chair-drafts-00)  [Karen ODonoghue](https://twitter.com/kodonog) and [John Bradley](https://twitter.com/ve7jtb)
- [The need: Standards for selective disclosure and zero-knowledge proofs](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-the-need-standards-for-selective-disclosure-and-zero-knowledge-proofs-00)  [Mike Jones](https://twitter.com/selfissued)
- [What Would JOSE Do? Why re-form the JOSE working group to meet the need?](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-the-need-standards-for-selective-disclosure-and-zero-knowledge-proofs-00)  [Mike Jones](https://twitter.com/selfissued)
- [A Look Under the Covers: The JSON Web Proofs specifications](https://datatracker.ietf.org/meeting/114/materials/slides-114-jwp-json-web-proofs-initial-drafts-00)  Jeremie Miller
2022-12-03 00:15:04 -05:00
2022-12-11 05:42:56 -05:00
## Trust Registries
2022-10-28 02:36:46 -04:00
* [Managing Trust and Reputation via Trust Registries](https://www.continuumloop.com/managing-trust-and-reputation-via-trust-registries/) Continuum Loop
The concept behind a Trust Registry is that a Wallet needs to know which decentralized identifiers (DIDs) to “trust” as a source of truth. At many levels, this “trust” translates to “authority” knowing that somebody, centralized or decentralized, is responsible for maintaining a list of trusted DIDs.
2022-12-11 05:42:56 -05:00
### ONDC
2022-10-28 02:36:46 -04:00
* [ONDC: An Open Network for Ecommerce](https://www.windley.com/archives/2022/08/ondc_an_open_network_for_ecommerce.shtml) Phil Windley
* [Open Network for Digital Commerce](https://en.wikipedia.org/wiki/Open_Network_for_Digital_Commerce) is a non-profit established by the Indian government to develop open ecommerce. The goal is to end platform monopolies in ecommerce using an open protocol called [Beckn](https://developers.becknprotocol.io/). I'd never heard of Beckn before. From the reaction on the VRM mailing list, not many there had either.
2022-12-11 05:42:56 -05:00
## Apple \ Google
2022-10-28 02:36:46 -04:00
* [Apple, with support from Google, just announced the Mobile Document Request API](https://github.com/WICG/proposals/issues/67) Web Incubator CG
2022-12-03 04:05:47 -05:00
> The API is concerning because it lists "Define the native communication between the User Agent and the application holding the mdoc." as out of scope. That is, digital wallet selection is out of scope. Also out of scope is "issuing" and "provisioning". The specification focuses on delivery from a digital wallet to a website.
2022-10-28 02:36:46 -04:00
2022-12-11 05:42:56 -05:00
## JWT
2022-10-28 02:36:46 -04:00
* [Podcast] [Privacy-preserving measures and SD-JWT with Daniel Fett](https://identityunlocked.auth0.com/public/49/Identity%252C-Unlocked.--bed7fada/3bbcbab8) IdentityUnlocked Auth0
The discussion gets very concrete when Daniel describes selective disclosure JWT, or SD-JWT, a new IETF specification he is coauthoring that offers a simple and easy-to-adopt approach to produce JWTs capable of supporting selective disclosure. Here at Identity, Unlocked, we are huge fans of this new specification, and we hope this episode will help you get started!
2022-12-11 05:42:56 -05:00
### BBS Creds
2022-10-28 02:36:46 -04:00
- [aries-rfcs/0646-bbs-credentials#drawbacks](https://github.com/hyperledger/aries-rfcs/tree/main/features/0646-bbs-credentials%23drawbacks)
- [Zero-Knowledge Proofs Do Not Solve the Privacy-Trust Problem of Attribute-Based Credentials: What if Alice Is Evil?](https://ieeexplore.ieee.org/document/9031545) IEEE
2022-12-02 05:56:45 -05:00
2022-12-11 05:42:56 -05:00
## C2PA
2022-12-02 05:56:45 -05:00
* [FYI: C2PA Releases Specification of Worlds First Industry Standard for Content Provenance](https://lists.w3.org/Archives/Public/public-credentials/2022Jan/0207.html)  Leonard Rosenthol (Wednesday, 26 January)
Just wanted to update folks here that the C2PA has released version 1.0 of their specification at [https://c2pa.org/specifications/specifications/1.0/index.html](https://c2pa.org/specifications/specifications/1.0/index.html).  As previously mentioned, it includes native support for VCs for use in identification of actors (be they human, organizations, etc.).  Thanks to everyone here for their input on our work and helping us to deliver.