index.html

<!DOCTYPE html>
<html>
  <head>
    <meta charset='utf-8'>
    <meta http-equiv="X-UA-Compatible" content="chrome=1">
    <link href='https://fonts.googleapis.com/css?family=Chivo:900' rel='stylesheet' type='text/css'>
    <link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen">
    <link rel="stylesheet" type="text/css" href="stylesheets/github-dark.css" media="screen">
    <link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print">
    <!--[if lt IE 9]>
    <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
    <title>Verifiable Claims Task Force</title>
  </head>

  <body>
    <div id="container">
      <div class="inner">

        <header>
          <h1>The Verifiable Claims Task Force</h1>
          <h2>A Task Force of the Web Payments Interest Group</h2>
        </header>


        <p style="font-size: 1.5em;">
The work of this Task Force completed in May of 2017 and resulted in the 
official launch of the 
<a href="https://www.w3.org/2017/vc/">W3C Verifiable Claims Working Group</a>. 
The 
<a href="https://w3c-ccg.github.io/">W3C Credentials Community Group</a> 
continues to incubate technology related to Verifiable Claims and Credentials.
        </p>

        <hr>

          <p style="font-size: 1.5em;">
The following page is <strong>HISTORICAL</strong> and is provided for 
archival purposes.
          </p>

<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
        <section id="welcome">
          <h3>Welcome to the Verifiable Claims Task Force</h3>
          <p>
The goal of this task force is to determine if a W3C Working Group should be
created to standardize technology around a
<a href="#verifiable-claim">verifiable claims</a> ecosystem
(aka: credentials, attestations).
          </p>

          <p>
The Task Force is actively engaging a diverse set of
participants<sup>1</sup> in a neutral group to discuss use cases
(such as enrollment) and the problem area in general. The group is documenting
and analyzing concerns raised in various fora around the value-add that W3C
could provide around verifiable claims that are user-centric.
          </p>

          <p>
<sup id="super-1">1</sup> <em>Participants are expected to be invited from
organizations like W3C, IETF, IMS Global, claims issuers, identity
providers, claims consumers, the Credentials CG, the general public, and a
variety of other organizations and individuals that have shown interest in
the space.</em>
          </p>
        </section>

        <section id="problem">
          <h3>Problem Statement</h3>
          <p>
There is currently no widely used <a href="#user-centric">user-centric</a>
standard for <strong>expressing and transacting verifiable claims</strong>
(aka: credentials, attestations) via the Web. Data has been gathered
demonstrating a
<a href="http://opencreds.org/presentations/2015/w3c-tpac/anonymized.html">
desire to create such an interoperable ecosystem</a>
around the expression and transmission of verifiable claims.
          </p>
          <p>
These problems exist today:
          </p>
          <ul>
            <li>
In existing service-centric architectures, identity services inject themselves
into every relationship in the ecosystem. This means users can't easily change
their service provider without losing their digital identity. This leads to
vendor lock-in, identity fragility, reduced competition in the marketplace,
and reduced privacy for all stakeholders.
            </li>
            <li>
There is no interoperable standard capable of expressing and transmitting rich
verifiable claims that cuts across industries (e.g., finance, retail,
education, and healthcare). This leads to industry-specific solutions that
are costly, inefficient, proprietary, and inhibit users' ability to manage
their digital identities in a cohesive way.
            </li>
            <li>
There is no standard that makes it easy for users to assert their
qualifications to a service provider (e.g. I am a citizen of the USA, I am a
board-certified doctor, etc.).
            </li>
          </ul>
        </section>

        <section>
          <h3 id="scope">Scope</h3>
          <p>
The following items are in scope:
          </p>
          <ul>
            <li>
Discussion related to the problem statement.
            </li>
            <li>
Background research and documentation on current technologies and approaches
used to address the problem statement.
            </li>
            <li>
Interviews with industry experts about the problem statement.
            </li>
            <li>
Formulation of plans for a W3C Working Group (if one is desired).
            </li>
          </ul>
          <p>
The following item has been identified as out of scope for the Task Force:
          </p>
          <ul>
            <li>
Making any decisions on the "correct" set of technologies to use to solve
the problem. However, discussion related to technologies that exist and how
they could be applied to the problem are in scope.
            </li>
          </ul>
          </p>
        </section>

        <section>
          <h3 id="success">Success Criteria</h3>
          <p>
The task force will be considered successful if:
          </p>
          <ul>
            <li>
it produces clear documentation demonstrating that W3C cannot add value in
this area, or
            </li>
            <li>
it produces clear documentation demonstrating that W3C can add value in this
area. The documentation should also support the creation of a W3C Working Group
charter to address the problem statement identified in this proposal.
            </li>
          </ul>
        </section>

        <section>
          <h3 id="telecons">Weekly Telecons</h3>
          <p>
The group meets regularly on Tuesdays at 11am ET
(<a href="meetings/">meeting archives</a>).
A typical meeting will have an agenda that is posted to the
<a href="https://lists.w3.org/Archives/Public/public-webpayments-ig/latest">mailing list</a>
at least 24 hours prior to the call. There are no costs associated with joining
the group or limitations on who may join the teleconference as long as they
agree to contribute productively to the discussion.
          </p>
          <p>
<strong><span class="icon icon-calendar"></span> Next Meeting</strong>:
<span id="meetingDate"></span><br>
<strong><span class="icon icon-clock"></span> Time</strong>:
1600 UTC / 8am San Francisco / 11am Boston / 4pm London<br>

<strong><span class="icon icon-mobile"></span> SIP</strong>:
<a href="sip:vctf@96.89.14.196">sip:vctf@96.89.14.196</a> (Windows / Mac OSX: use <a href="http://icanblink.com/">Blink</a>, Linux: use <a href="http://www.linphone.org/">Linphone</a>)<br>

<strong><span class="icon icon-phone-3"></span> Phone</strong>:
<a href="tel:+15409614469;postd=p6306">+1.540.961.4469 x6306</a><br>

<strong><span class="icon icon-bubble"></span> IRC</strong>:
<a href="irc://irc.w3.org:6665/#vctf">irc://irc.w3.org:6665/#vctf</a> (connect via <a href="http://irc.w3.org/?channels=vctf">Web IRC</a>)<br>

<strong><span class="icon icon-alarm"></span> Duration</strong>:
60 minutes
          </p>
          <p>
Make sure you have a good headset with a microphone as any background noise
is distracting to others during the call. If there is excessive noise on your
connection, you will be muted until you need to speak. If you cannot get SIP
to work for you, there is an emergency dial-in number. If you use this number
regularly, you will be expected to reimburse the group for call charges.
SIP is free for both the caller and the callee - use it. Emergency dial-in
number: <a href="tel:+15409614469;postd=p6306">+1.540.961.4469 x6306</a>
          </p>
        </section>

        <section id="definitions">
          <h3>Definitions</h3>
          <dl>
            <dt><strong id="verifiable-claim">verifiable claim</strong></dt>
            <dd>
a cryptographically non-repudiable set of statements made by an entity about
another entity.
            </dd>
            <dt><strong id="user-centric">user-centric</strong></dt>
            <dd>
a system that places people and organizations in the center of an ecosystem.
To understand more about this design choice, read about its
<a href="#design-approaches">ramifications</a>.
            </dd>
            <dt><strong id="service-centric">service-centric</strong></dt>
            <dd>
a system that places services in the center of an ecosystem. To understand
more about this design choice, read about its
<a href="#design-approaches">ramifications</a>.
            </dd>
          </dl>
        </section>

        <section id="design-approaches">
          <h3>Ramifications of User-Centric vs. Service-Centric Ecosystems</h3>

          <p>
A verifiable claims ecosystem that is <a href="#user-centric">user-centric</a>
has the following qualities:
          </p>

          <ul>
            <li>
Users are positioned in the middle between issuers and consumers.
            </li>
            <li>
Users receive and store verifiable claims from issuers through an agent that
the issuer does not need to trust.
            </li>
            <li>
Users provide verifiable claims to consumers through an agent that consumers
needn't trust; they only need to trust issuers.
            </li>
            <li>
Verifiable claims are associated with users, not particular services; users
can decide how to aggregate claims and manage their own digital identities.
            </li>
            <li>
Users can control and own their own identifiers.
            </li>
            <li>
Users can control which verifiable claims to use and when.
            </li>
            <li>
Users may freely choose and swap out the agents they employ to help them
manage and share their verifiable claims.
            </li>
            <li>
Does not require users that share verifiable claims to reveal the identity of
the consumer to their agent or to issuers.
            </li>
          </ul>

          <p>
A verifiable claims ecosystem that is
<a href="#service-centric">service-centric</a> has the following qualities:
          </p>

          <ul>
            <li>
Services are positioned in the middle between issuers, users, and consumers.
            </li>
            <li>
Users receive and store verifiable claims from issuers through an agent that
the issuer must trust, or they must be the same entity.
            </li>
            <li>
Users provide verifiable claims to consumers through an agent that consumers
must trust.
            </li>
            <li>
Verifiable claims must be associated with services, fracturing a user's
digital identity potentially against their desire.
            </li>
            <li>
Services control and own their user's identifiers.
            </li>
            <li>
User's verifiable claims are locked in agent silos.
            </li>
            <li>
Requires users that share verifiable claims to reveal the identity of the
consumer to their agent and issuers.
            </li>
            <li>
Consumers may have to register with user's agents to consume verifiable claims.
            </li>
          </ul>
        </section>

        <section id="benefits">
          <h3>Stakeholders and Benefits</h3>
          <p>
Stakeholder categories are listed below along with a few examples of
stakeholders that have expressed interest in participating in this work. The
benefits associated with each stakeholder given a user-centric system are
also provided.
          </p>
          <ul>
            <li id="issuer">
<strong>Issuers</strong> provide verifiable claims to people and organizations
(e.g. ETS, Pearson, Walmart, Verisys, Target, NACS (retailers), New Zealand
Government, Bloomberg, and IMS Global member companies). A user-centric system
provides the following benefits:
              <ul>
                <li>
Level competitive playing field (not just a few super-providers)
                </li>
                <li>
Ability to participate in a broader ecosystem resulting in common tooling to
issue verifiable claims
                </li>
                <li>
Avoidance of vendor-specific solutions and lock-in
                </li>
                <li>
Potential for reduced infrastructure needs due to user-centric architecture
                </li>
              </ul>
            </li>
            <li id="curator">
<strong>Curators</strong> store and curate verifiable claims on behalf of
people and organizations (e.g. Accreditrust, Verisys, Bill and Melinda Gates
Foundation, and Deutsche Telekom). A user-centric system provides the following
benefits:
              <ul>
                <li>
Level competitive playing field (not just a few super-providers)
                </li>
                <li>
Ability to participate in a broader ecosystem resulting in common tooling to
store verifiable claims
                </li>
                <li>
Higher-stakes verifiable claims being stored resulting in more value-added
services
                </li>
              </ul>
            </li>
            <li id="consumer">
<strong>Consumers</strong> request verifiable claims from people and organizations
in order to give them access to protected resources (e.g. Walmart, Target,
NACS (retailers), Bloomberg, New Zealand Government, Education Institutions
(IMS Global member companies), Financial Institutions, and customers of
Issuers today). A user-centric system provides the following benefits:
              <ul>
                <li>
Ability to participate in a broader ecosystem resulting in common tooling to
consume verifiable claims
                </li>
                <li>
Richer set of verifiable claims to choose from, resulting in better
understanding of the customer
                </li>
                <li>
Increased ability and choice to trust authenticity of verifiable claims
                </li>
              </ul>
            </li>
            <li id="person">
<strong>People</strong> receive verifiable claims from issuers, store them at
curators that they trust, and provide them to consumers in order to get access
to protected resources (e.g. Citizens, Employees, Professionals, Aid Recipients,
Legal Guardians, and Property Owners). A user-centric system provides the
following benefits:
              <ul>
                <li>
No identity provider lock-in
                </li>
                <li>
Digital claims that can be used in more than one location
                </li>
                <li>
Ability to aggregate verifiable claims as cohesive digital identities
                </li>
                <li>
Privacy-enhanced sharing mechanism
                </li>
                <li>
Control of confidential information
                </li>
                <li>
Elimination of repetitive input at websites
                </li>
                <li>
Reduction in the need to input personally identifiable information (PII)
                </li>
                <li>
Better usability for sites that need to collect data to perform checks
(regulatory compliance)
                </li>
                <li>
Cost-reductions through verifiable claim persistence and machine verifiability
                </li>
              </ul>
            </li>
          </ul>
        </section>

        <section id="operation">
          <h3>Task Force Operation</h3>

          <p>
The Verifiable Claims Task Force will:

          <ul>
            <li>
encourage participation from at least the stakeholders identified in this
proposal
            </li>
            <li>
ensure Task Force participation is open to the public; the only requirement is
constructive input
            </li>
            <li>
have individual recorded interview calls at times that work for the interviewees
            </li>
            <li>
have weekly calls starting on Tuesdays at 11am ET (but could be rescheduled
for other times that work better for participants)
            </li>
            <li>
work on completing the identified deliverables
            </li>
            <li>
will report its findings to the WPIG by early February
            </li>
          </ul>
        </section>

        <section id="deliverables">
          <h3>Deliverables</h3>

          <p>
At least the following deliverables have been identified by the Verifiable
Claims Task Force:
          </p>
          <ul>
            <li>
Recorded interviews around the problem statement with: Brad Hill, Dick Hardt,
Jeff Hodges, Karen O'Donahue, Harry Halpin, Tony Arcieri, David Chadwick,
David Singer/Magda, Mike Schwartz, Christopher Allen
            </li>
            <li>
Technology comparisons between at least these existing technologies:
OpenID Connect, SAML, Identity Credentials
            </li>
            <li>
Identify benefits to financial, education, and healthcare industries
            </li>
            <li>
A Verifiable Claims Use Cases document
            </li>
            <li>
A Verifiable Claims Vision document (optional)
            </li>
            </ul>
            <p>
If W3C can add value in the space, the WPIG will produce:
            </p>
            <ul>
            <li>
A widely socialized Verifiable Claims WG charter
            </li>
            <li>
A Verifiable Claims Roadmap document with phases (optional)
            </li>
          </ul>
        </section>

        <section id="github" class="clearfix">
<a href="https://github.com/w3c/vctf-minutes" id="view-on-github" class="button"><span>View on GitHub</span></a>
        </section>

        </section>

        <footer>
Tactile theme by <a href="https://twitter.com/jasonlong">Jason Long</a>.
        </footer>

      </div>
    </div>
    <script>
function nextTuesday() {
  var skipUntil = new Date('2016-01-12 11:00:00 EST');
  var date = new Date();
  date.setDate(date.getDate() + (9 - date.getDay()) % 7);
  if(date < skipUntil) {
    date = skipUntil;
  }
  return date.toISOString().slice(0, 10);
}
console.log(nextTuesday());
console.log(document.getElementById('meetingDate'));
document.getElementById('meetingDate').innerHTML = nextTuesday();
    </script>

  </body>
</html>