W3C

Verifiable Claims Working Group Charter

It is currently difficult to express banking account information, education qualifications, healthcare data, and other sorts of machine-readable personal information that has been verified by a 3rd party on the Web. These sorts of data are often referred to as verifiable claims. The mission of the Verifiable Claims Working Group is to make expressing, exchanging, and verifying claims easier and more secure on the Web. This charter focuses on use cases for education.

Readers that are new to this work should examine the motivations that led to this charter. The Verifiable Claims Working Group Primer may be particularly helpful to W3C Members. In brief, the work will make it easier for users to assert their verifiable qualifications to a service provider (e.g. my loyalty card number is X, I have an account at Bank Y, I am over the age of 21, I am a citizen of country Z, I am a Chartered Financial Analyst, etc.).

Join the Verifiable Claims Working Group.

Start date 14 April 2017
End date 31 March 2019
Confidentiality Proceedings are public
Initial Chairs Matt Stone, Pearson;
Richard Varn, ETS
Daniel Burnett, Invited Expert
Initial Team Contacts
Liam Quin (FTE: 0.1)
Usual Meeting Schedule Teleconferences: Weekly
Face-to-face: 2 per year

Introduction

This working group is tasked with the standardization of a data model and syntax for the expression of verifiable claims. The work proposed by this charter has been incubated for over two years and has been demonstrated to be broadly supported by various industries. The Web Payments Interest Group has identified this work as being critical to achieving specific use cases related to commerce, education, and healthcare on the Web. A document is available to those that wish to understand the motivations behind the creation of this charter and how this work fits into a broader vision for a verifiable claims ecosystem.

This initial charter for the Verifiable Claims Working Group will focus on use cases for education, and will place a strong emphasis on security and privacy. In particular, the Working Group will make a detailed analysis of threats to privacy and how they may be mitigated. As experience is gained, it is expected that future revisions to this charter will expand the scope to a broader range of use cases.

Scope

The Working Group will:

  1. Recommend a data model and syntax(es) for the expression of verifiable claims, including one or more core vocabularies.
  2. Create a note specifying one or more of
    1. how these data models should be used with existing attribute exchange protocols;
    2. a suggestion that existing protocols be modified;
    3. a suggestion that a new protocol is required.
  3. Focus their efforts on the identified use cases with a particular focus on the education sector. As a secondary focus, the group may address use cases on digital offers, receipts, and loyalty programs; discussion of these topics is not exclusive to this Working Group. Use cases from other industries may be included if there is significant industry participation.

Out of Scope

The Working Group will not:

  1. Define browser-based APIs for interacting with verifiable claims. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
  2. Define a new protocol for attribute exchange. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.
  3. Attempt to lead the creation of a specific style of supporting infrastructure, other than a data model and syntax(es), for a verifiable claims ecosystem.
  4. Attempt to address the larger problem of "Identity on the Web/Internet".

Success Criteria

The Working Group will fulfill the implementation experience required by the W3C Process as follows:

Terminology

verifiable claim
A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).
credential (aka attestation)
A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.

Security and Privacy Considerations

In general, the issuers of verifiable claims want to ensure that their reputation is protected, the holders of verifiable claims want to ensure their data is protected, and the inspectors of verifiable claims want to be confident in their claims-based decisions. As a result, both security and privacy are critical for verifiable claims.

From a security perspective it is important that verifiable claims are protected from forgery and that interactions with verifiable claims are protected from bad actors at all stages of the lifecycle.

From a privacy perspective it is important that information that is intended to remain private is handled appropriately. Maintaining the trust of a verifiable claims ecosystem is important. Verifiable claims technology defined by this group should not disclose private details of the participants' identity or other sensitive information unless required for operational purposes, by legal or jurisdictional rules, or when deliberately consented to (e.g. as part of a request for information) by the holder of the information. The design of any data model and syntax(es) should guard against the unwanted leakage of such data.

The Working Group will work with the security and privacy organizations listed in the liaisons section of the charter to help ensure that both security and privacy are considered.

Internationalization and Accessibility Considerations

Verifiable claims are made throughout the world and are issued and used by a variety of organizations and people with varying languages and levels of disabilities. The technology developed by the working group must be able to express verifiable claims in a variety of languages and must be able to be used by people with a variety of disabilities.

The Working Group will work with the internationalization and accessibility organizations listed in the liaisons section of the charter to help ensure that both internationalization and accessibility are considered.

Deliverables

Verifiable Claims Use Cases & Requirements NOTE

The Working Group will develop a set of use cases and requirements to underpin its work. Abstract use cases will be supported by real world evidence of applicability. The document will include an analysis of gaps in existing solutions, notably OpenID Connect and SAML, that the new work will address. It will further take very careful note of the serious privacy risks associated with Verifiable Claims and the solutions offered by technologies such as U-Prove. NB. the Credentials Community Group and the Verifiable Claims Task Force of the Web Payments Interest Group has developed a set of use cases and requirements already.

Verifiable Claims Data Model and Syntax Recommendation

This Recommendation will define or identify:

Verifiable Claims Privacy NOTE

This NOTE will identify:

Verifiable Claims Implementation Guidance NOTE

This NOTE will define or identify:

Process and Planning

Preference for Community Developed Specifications

The Working Group will actively seek to base its deliverables on specifications that have been socialized in W3C Community Groups or contributed as W3C Member Submissions. The work of the Credentials Community Group and the Verifiable Claims Task Force of the Web Payments Interest Group are of direct relevance and will be the Working Group's starting point.

Milestones

Note: The group will document significant changes from this initial schedule on the group home page.
Specification FPWD CR PR Rec
Verifiable Claims Use Cases & Requirements June 2017 (NOTE) November 2017
Verifiable Claims Data Model and Syntax(es) June 2017 February 2018 September 2018 December 2018
Verifiable Claims Privacy Analysis June 2017 (NOTE) November 2018
Verifiable Claims Implementation Guidance March 2018 (NOTE) November 2018

Dependencies and Liaisons

W3C Groups

Web Payments Interest Group
Reviews with respect to Web Payments use cases.
Internationalization Core Working Group
Internationalization and localization review.
Privacy Interest Group
For privacy reviews.
Accessible Platform Architectures Working Group
To help ensure the protocols provide support for accessibility to people with disabilities.
Web Application Security
For security reviews. If the Working Group perceives the need for IETF review, W3C will arrange discussion through its IETF liaison.
Credentials Community Group
Research and incubation of ideas for consideration by this group.
Web Security Interest Group
For security reviews.
Permissions and Obligations Expression Working Group
To help ensure that data rights around verifiable claims can be expressed.

This group will also collaborate with future W3C Working Groups developing authentication protocols.

Groups Outside W3C

ASC (Accredited Standards Committee) X9
Coordination with X9 will help achieve broad interoperability of payment systems (e.g. through alignment between Web protocols and ISO 12812).
Credentials Transparency Initiative
Ensure that the credentials being modeled and expressed by CTI are compatible with the work of the Verifiable Claims WG.
Mozilla Open Badges
Ensure that the badges being modeled and expressed by the Open Badges community are compatible with the Verifiable Claims WG.

Participation

To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration. Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors this commitment may be higher.

The range of industries and sectors in which verifiable claims are important is very broad. For example, verification of a claim of a professional qualification is as important to potential employers and partners as it is to end users. Therefore, professions such as finance, insurance, medicine, legal, marketing and more will find this work relevant. A verifiable claim that a customer is over a minimum age will clearly be relevant to retailers of alcohol, movies and more. Providers of public services will be able to use the technology when verifying that a citizen is eligible for a given service or benefit etc.

Communication

This group primarily conducts its work on the public mailing list public-vc-wg@w3.org (archive). Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is available from the Verifiable Claims Working Group home page.

Decision Policy

As explained in the Process Document (section 3.3), this group will seek to make decisions when there is consensus. When a Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should put a question out for voting within the group (allowing for remote asynchronous participation -- using, for example, email and/or web-based survey techniques) and record a decision, along with any objections. The matter should then be considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day call for consensus on the mailing list) is to be considered provisional until 5 working days after the publication of the draft resolution. If no objections are raised on the mailing list within that time, the resolution will be considered to have consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

Research that went into the creation of this charter was performed by the Web Payments Interest Group via the Verifiable Claims Task Force. The research findings can be found in the Verifiable Claims Task Force Final Report. The Web Payments Interest Group recommended that the Task Force draft a charter to determine whether there is consensus within the community (including those interviewed) for the scope of work.

This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.


Originally based on text developed by participants of the Verifiable Claims Task Force, which is a Task Force of the Web Payments Interest Group.

$Id: charter.html,v 1.14 2017/04/14 05:28:49 liam Exp $