Verifiable Credentials Working Group Charter

The mission of the Verifiable Credentials Working Group is to make expressing, exchanging, and verifying credentials easier and more secure on the web.

Readers that are new to this work should read the latest Verifiable Credentials Data Model. The Introduction and Terminology may be particularly helpful to W3C Members seeking to better understand some the terminology used in this charter e.g., Credentials vs. Verifiable Credentials and Presentations vs. Verifiable Presentations.

Join the Verifiable Credentials Working Group.

Charter Status See the group status page and detailed change history.
Start date 13 June 2022
End date 30 June 2024
Chairs Brent Zundel (Avast)
Kristina Yasuda (Microsoft)
Team Contacts Ivan Herman (0.15 FTE)
Meeting Schedule Teleconferences: 1-hour calls will be held weekly, plus additional special-topic calls as needed
Face-to-face: We will meet during the W3C's annual Technical Plenary week; additional face-to-face meetings may be scheduled by consent of the participants, usually no more than 3 per year.

Scope

Building on the experience gained through implementation, deployment and usage of Verifiable Credentials (VCs), this Working Group will extend Verifiable Credential foundations with new standardized technologies to improve the use of this technology on the Web.

The scope of the Verifiable Credentials Working Group is:

It is explicitly not a requirement that the new specifications be fully compatible with related past specifications.

Out of Scope

The following features are out of scope, and will not be addressed by the Verifiable Credentials Working group:

  • The mandate of any specific style of supporting infrastructure, such as a Distributed Ledger (DLT), for a Verifiable Credentials ecosystem
  • The specification of new cryptographic primitives
  • The normative specification of APIs or protocols

Deliverables

Updated document status is available on the group publication status page.

Draft state indicates the state of the deliverable at the time of the charter approval. Expected completion indicates when the deliverable is projected to become a Recommendation, or otherwise reach a stable state.

Normative Specifications

The Working Group will deliver the following W3C normative specifications:

Verifiable Credentials Data Model (VCDM) 2.0

This specification defines the Verifiable Credentials Data Model 2.0 along with serializations of that data model. It will replace the current Verifiable Credentials Data Model 1.1 Recommendation.

Draft state: Editor's Draft

Expected completion: 30 June 2024

Adopted Draft: Verifiable Credentials Data Model 1.1

Exclusion Draft: Verifiable Credentials Data Model 1.1 Exclusion period began 11 November 2021; Exclusion period ended 08 January 2022.

Other Charter: https://www.w3.org/2020/12/verifiable-credentials-wg-charter.html

Securing Verifiable Credentials (SVC) 1.0

This family of specifications consists of documents that each define how to express and associate proofs of integrity for Verifiable Credentials and concrete serializations for each of the defined syntaxes. The Working Group would welcome the usage of these techniques for data in general, but its scope will be to solve Verifiable Credentials use cases. The specific set of concrete serializations included will be determined by the Working Group. The following are a non-exhaustive selection of expected input documents:

Cryptosuites for VC-JSON Web Token (JWT): IANA JOSE Algorithms Registry

Cryptosuites for Data Integrity: JSON Web Signature 2020, EdDSA, NIST ECDSA, Koblitz ECDSA

Expected completion:30 June 2024

Conditional Normative Specifications

Depending on progress in the W3C Credentials Community Group, the IETF, and the DIF, the Working Group may also produce W3C Recommendations based on the following documents:

Specification Description Input Documents
PGP Cryptosuite A cryptographic digital signature suite that utilizes Pretty Good Privacy [RFC4880]. PGP Cryptosuite
BBS+ Cryptosuite A cryptographic digital signature suite supporting selective disclosure. BBS+ Cryptosuite
Verifiable Credential Protection Using JWPs A cryptographic container format for expressing JWT-like proofs for selective disclosure and other modern cryptographic schemes. VC-JSON Web Proof (JWP)
Koblitz ECDSA Recovery Cryptosuite A cryptographic digital signature suite supporting elliptic curve public key recovery. Secp256k1 Recovery Cryptosuite

Other cryptographic suites for NIST RSA, EASC DSA, SM9 IBSA, NIST post-quantum cryptography, or other externally standardized cryptographic primitives may be produced under the same conditions as the table above.

Registries

The Working Group may create a set of registries including registry definitions and registry tables to support extension points in the above normative deliverables. Registries for extension points that are mandatory to use, for any of the above normative deliverables (for example, Verifiable Credential properties that MUST be included in a Verifiable Credential), must have at least one standardized entry.

Other Deliverables

Other non-normative documents may be created as time, attention, and resources permit. The following list is a non-exhaustive selection of documents the Working Group may wish to produce. The Working Group will use its discretion to decide which, if any, to work on, and may publish WG Notes or other documents not listed here.

  • Test suites for all normative deliverables
  • Presentation Request Data Model
  • Storage and Sharing of Verifiable Credentials
  • Privacy Guidance for Verifiable Credentials
  • Extensions for binding multilingual resources for localized user interfaces
  • A Developer Guide consisting of one or more notes related to general implementation guidance and best practices for working with Verifiable Credentials, including but not limited to:
  • Guidance to enhance Verifiable Credential interoperability:
    • Verifiable Credential Extension Vocabularies (e.g., ISO 18013-5 Mobile Driver's License)
    • Implementation Guides
    • Test Suites

The Working Group may also update Notes published under previous charters.

Timeline

  • June 2022: First teleconference
  • September 2022: FPWD for VCDM 2.0
  • September 2022: First face-to-face meeting
  • January 2023: FPWD for SVC 1.0
  • September 2023: CR for VCDM 2.0
  • January 2024: CR for SVC 1.0
  • June 2024: REC for all standards-track documents

Success Criteria

In order to advance to Proposed Recommendation, each normative specification is expected to have at least two independent implementations of every feature defined in the specification.

Each specification should contain separate sections detailing all known security and privacy implications for implementers, Web authors, and end users.

There should be testing plans for each specification, starting from the earliest drafts.

In order to advance to Proposed Recommendation, each normative specification must have an open test suite that tests every feature defined in the specification. Additionally, two or more implementations should demonstrate interoperability for each feature by passing these open test suites, and by showing that these implementations may interoperate with each other. For example Verifiable Credentials produced by implementations must be consumed by other implementations and behave as specified.

A feature should be understood as a property or set of properties that are normatively required.

Coordination

For all specifications, this Working Group will seek horizontal review for accessibility, internationalization, performance, privacy, and security with the relevant Working and Interest Groups, and with the TAG. Invitation for review must be issued during each major standards-track document transition, including FPWD. The Working Group is encouraged to engage collaboratively with the horizontal review groups throughout development of each specification. The Working Group is advised to seek a review at least 3 months before first entering CR and is encouraged to proactively notify the horizontal review groups when major changes occur in a specification following a review.

Additional technical coordination with the following Groups will be made, per the W3C Process Document:

W3C Groups

RDF Canonicalization and Hashing Working Group
To synchronize on canonicalization output expression mechanisms that might be used by the VC Data Integrity specification.
Decentralized Identifier Working Group
To synchronize on cryptography-related vocabularies and definitions.
Web of Things Working Group
To synchronize on the needs and requirements of the WoT community, in particular on the subject of WoT Thing Descriptions, regarding digital signatures.
Credentials Community Group
Coordination on other specifications incubated by the Credentials Community Group that might utilize the output of this Working Group.
Accessible Platform Architecture (APA) Working Group
Coordinate on accessibility use cases for verifiable credentials, and work jointly on a successor publication to inaccessible CAPTCHAs.

External Organizations

Internet Engineering Task Force
The Working Group will seek security review from the IETF, coordinated through the Liaison.
Internet Engineering Task Force Crypto Forum Research Group
To perform broad horizontal reviews on the output of the Working Group and to ensure that new pairing-based and post-quantum cryptographic algorithms and parameters can be integrated into the Data Integrity ecosystem.
National Institute of Standards and Technology, U.S. Department of Commerce
To coordinate in ensuring that new pairing-based and post-quantum cryptographic algorithms and parameters can be integrated into the Data Integrity ecosystem.
Hyperledger Aries
To coordinate on broad horizontal reviews and implementations related to the specifications developed by the Working Group.
The American Civil Liberties Union
To coordinate on ensuring that the deliverables of the Working Group are a net positive for civil liberties.
Decentralized Identity Foundation Interoperability Working Group
To coordinate on broad horizontal review and integration of the specifications developed by the Working Group into the Decentralized Identity Foundation's ecosystem.
European Telecommunications Standards Institute - Electronic Signatures and Infrastructure Technical Committee
To coordinate in ensuring that eIDAS-compliant systems can be built on top of the specifications developed by the Working Group.
IMS Global
Ensure that the badges being modeled and expressed by the Open Badges community are compatible with the Verifiable Credentials WG.
ISO/IEC JTC 1/SC 17/WG 10
Ensure that the mobile driving licenses being modeled and expressed by the ISO SC17 WG10 community are compatible with the work of the Verifiable Credentials WG.
ISO/IEC JTC 1/SC 17/WG 4
Ensure that the 23220-2 data model expressed by the ISO SC17 WG4 community is compatible with the work of the Verifiable Credentials WG.

Participation

To be successful, this Working Group is expected to have 6 or more active participants for its duration, including representatives from the key implementors of this specification, and active Editors and Test Leads for each specification. The Chairs, specification Editors, and Test Leads are expected to contribute half of a working day per week towards the Working Group. There is no minimum requirement for other Participants.

The group encourages questions, comments and issues on its public mailing lists and document repositories, as described in Communication.

The group also welcomes non-Members to contribute technical submissions for consideration upon their agreement to the terms of the W3C Patent Policy.

Participants in the group are required (by the W3C Process) to follow the W3C Code of Ethics and Professional Conduct.

Communication

Technical discussions for this Working Group are conducted in public: the meeting minutes from teleconference and face-to-face meetings will be archived for public review, and technical discussions and issue tracking will be conducted in a manner that can be both read and written to by the general public. Working Drafts and Editor's Drafts of specifications will be developed in public repositories and may permit direct public contribution requests. The meetings themselves are not open to public participation, however.

Information about the group (including details about deliverables, issues, actions, status, participants, and meetings) will be available from the Verifiable Credentials Working Group home page.

Most Verifiable Credentials Working Group teleconferences will focus on discussion of particular specifications, and will be conducted on an as-needed basis.

This group primarily conducts its technical work on the public mailing list public-vc-wg@w3.org (archive) or on GitHub issues (and specification-specific GitHub repositories and issue trackers). The public is invited to review, discuss and contribute to this work.

The group may use a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and members of the group, for member-only discussions in special cases when a participant requests such a discussion.

The group will publish minutes for each teleconference on the Group's home page.

Decision Policy

This group will seek to make decisions through consensus and due process, per the W3C Process Document (section 3.3). Typically, an editor or other participant makes an initial proposal, which is then refined in discussion with members of the group and other reviewers, and consensus emerges with little formal voting being required.

However, if a decision is necessary for timely progress and consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a group vote and record a decision along with any objections.

To afford asynchronous decisions and organizational deliberation, any resolution (including publication decisions) taken in a face-to-face meeting or teleconference will be considered provisional. A call for consensus (CfC) will be issued for all resolutions (for example, via email, GitHub issue or web-based survey), with a response period of 1 week, depending on the chair's evaluation of the group consensus on the issue. If no objections are raised by the end of the response period, the resolution will be considered to have consensus as a resolution of the Working Group.

All decisions made by the group should be considered resolved unless and until new information becomes available or unless reopened at the discretion of the Chairs or the Director.

This charter is written in accordance with the W3C Process Document (Section 5.2.3, Deciding by Vote) and includes no voting procedures beyond what the Process Document requires.

Patent Policy

This Working Group operates under the W3C Patent Policy (Version of 15 September 2020). To promote the widest adoption of Web standards, W3C seeks to issue Web specifications that can be implemented, according to this policy, on a Royalty-Free basis. For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

Licensing

This Working Group will use the W3C Software and Document license for all its deliverables.

About this Charter

This charter has been created according to section 3.4 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

Charter History

The following table lists details of all changes from the initial charter, per the W3C Process Document (section 4.3, Advisory Committee Review of a Charter):

Charter Period Start Date End Date Changes
Initial Charter 14 April 2017 31 March 2019
Update 2018-08-01 (plh): Updated Chairs and Team Contacts
Update 2018-09-12 (coralie): Updated Chairs
Charter Extension 1 April 2019 30 September 2019 2019-03-29 (kaz): Charter period extended till 30 September 2019
Proposed 15 November 2019 30 December 2021

(plh): AC vote for maintenance mode charter

Initial charter for maintenance mode WG 20 January 2020 30 December 2021

2020-01-10 (ivan): The Group is in maintenance mode (AC Vote ended)

Update

2020-06-15 (ivan): Removed Matt Stone as a co-chair.

Update

2020-07-24 (xueyuan): Daniel Burnett re-appointed as group Chair.

Rechartered 15 December 2020 30 December 2021 New Patent Policy
Charter Extension 30 December 2021 30 April 2022 2021-12-20: Charter extended till 30 April 2022
New charter work started 20 December 2021 05 May 2022 2021-12-20 (Ivan): Proposed work on an update of the VC Data model, and a new deliverable on VC Data Integrity. See the Advanced Notice, and the changes on the proposed charter in the advanced notice period.
New charter proposed 06 May 2022 03 June 2022 2022-05-05 (Ivan): AC Vote for the new charter
Work starts with new charter 13 June 2022 15 June 2024 2022-06-13 (Ivan): AC Vote ends, WG is not in maintenance mode any more; Kristina Yasuda replaces Wayne Chang as co-chair.