Re: decentralised VC renderer question from Steve Capell on 2021-06-30 (public-credentials@w3.org from June 2021)

From: Steve Capell <steve.capell@gmail.com>
Date: Thu, 1 Jul 2021 04:39:54 +1000
To: Juan Caballero <caballerojuan@pm.me>
Cc: Leonard Rosenthol <lrosenth@adobe.com>, Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
Message-Id: <1FEA5AB3-E462-4CBD-9BA0-63BC2D58B81E@gmail.com>
Thank you all for your responses

Juan or Leonard - do you have a link to the presentation on the “proper way” to embed a VC into a PDF?  my (limited) understanding of the way structured data is embedded into PDF such at under the EU e-invoicing model is that it’s basically a separate blob of data and it’s up to the issuer to ensure that the values in the XML are the same as the values in the PDF - leaving a fraud vector where the machine readable and human readable data are quite different ?

I instinctively prefer an approach where the VC data is the only source of truth and where human readability is achieved using an issuer signed tendering template and not some kind of separate binary version of the data

Kind regards 

Steven Capell
Mob: 0410 437854

> On 30 Jun 2021, at 10:40 pm, Juan Caballero <caballerojuan@pm.me> wrote:
> 
> 
> For what it's worth, I've submitted grant proposals over here in Europaland trying to find govt sponsorship to develop an open-source library for embedding VCs into PDFs the proper way (based on a detailed presentation by Leonard to the VC-EDU) group with, as yet, no success.  Third time's a charm?
> 
> On 6/30/2021 1:27 PM, Leonard Rosenthol wrote:
>> Also worth noting that in the VC-EDU space, where the primary focus is on the human readable scenarios, they’ve explored embedding the VC into a PDF as well.
>>  
>> Leonard
>>  
>> From: Manu Sporny <msporny@digitalbazaar.com>
>> Date: Tuesday, June 29, 2021 at 9:44 AM
>> To: public-credentials@w3.org <public-credentials@w3.org>
>> Subject: Re: decentralised VC renderer question
>> 
>> On 6/28/21 10:23 PM, steve capell wrote:
>> > if it hasn't been a topic for the group then maybe it's something to add 
>> > somewhere on the long list of future to-do's?
>> 
>> It's been discussed over the years, and yes, the solution is something along
>> the lines of what you suggest. The following technologies have been explored,
>> but with no firm resolution yet... we're all still very much experimenting
>> with all of this now:
>> 
>> * A static image embedded as a data: URL in the VC. This
>>   includes SVGs.
>> 
>> * A content-protected link to an external image in the VC.
>>   This also includes SVGs.
>> 
>> * HTML iframe to HTML-rendered credential that is
>>   specified in the VC.
>> 
>> * Fully encapsulated HTML+CSS embedded in the VC.
>> 
>> * Web Component[1] referred to in the VC.
>> 
>> All of the solutions have non-trivial privacy, payload size, and security
>> implications. It's certainly a solvable problem... but the ecosystem seems to
>> be focused on getting the foundation right at present and not rushing ahead to
>> address the rendering problem.
>> 
>> If you take a look at wallet today, they seem to be plucking values like
>> "image", "title", and "description" and doing generic rendering for the other
>> fields in the VC. Note that this is possible because the semantic meaning of
>> each claim is globally known.
>> 
>> It's all a work in progress... yes, people are working on it... but not in any
>> coordination CCG fashion, yet.
>> 
>> -- manu
>> 
>> [1] https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FWeb_Components&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cf8333d366f4d48f45a0b08d93b03fe07%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637605710616971474%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=jdSGP%2B7MRYGDdczJksC8jfaJbCcdt4MPt%2FvfV7ye7Fg%3D&amp;reserved=0
>> 
>> -- 
>> Manu Sporny - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmanusporny%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cf8333d366f4d48f45a0b08d93b03fe07%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637605710616981425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=AmV4teKlxUumRcitn5XMqHCF53hUABGU9u4IYF12M2I%3D&amp;reserved=0
>> Founder/CEO - Digital Bazaar, Inc.
>> News: Digital Bazaar Announces New Case Studies (2021)
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.digitalbazaar.com%2F&amp;data=04%7C01%7Clrosenth%40adobe.com%7Cf8333d366f4d48f45a0b08d93b03fe07%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637605710616981425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=fVAJyjlWv8RsXjSBm6qIbnu0Z%2Fobd16i01VOhwM%2F1%2B8%3D&amp;reserved=0
>> 
>> 
> -- 
> Juan Caballero, PhD. Freelance Identity Researcher & Community Manager Signal/whatsapp: +1 415-3101351 Berlin-based: +49 1573 5994525
Received on Wednesday, 30 June 2021 18:40:10 UTC