add claims metadata (how the identity claims were assured and how they are maintained)

[Sakurann]

Credentials section says that "the basic components of a verifiable credential" are credential metadata, claims, and proofs.

From the implementation experience, one gap is the absence of "claims metadata". Not the credential metadata, when the VC itself has been issued, but "information about the process conducted to verify a person's identity and bind the respective person data to a user account", which is super important is some use-cases.

Suggest re-using verification element defined in ekyc-ida specification.

probably in-scope for data model deliverable.

[TallTed]

I think what you're asking for may have already been dealt with, albeit imperfectly, as the Evidence property of the VC data model...

[RieksJ]

Claims meta-data can be a variety of things, see e.g. #248.

[TallTed]

@RieksJ -- It seems to me that #248 contemplates a wish for certificate metadata, as "Driving (a/k/a Driver's) License" would seem to be applicable to the entire VC, not to (a) specific claim(s) therein.

It also seems to me that the "claims meta-data" attributes satisfied by things like the "Driving (a/k/a Driver's) License" string mentioned there may already be satisfiable by simply describing the VC Type (or even the specific VC) appropriately [e.g., by using rdfs:label, skos:prefLabel, rdfs:comment, and/or dct:description, among others, for human-focused labels or descriptions at varying levels of detail].

In other words, there's nothing to prevent the issuer of, continuing with your example from #248, "Driving Licenses", including rdfs:label "RieksJ's Driving License"@en therein...

[nadalin]

Have you looked at the "evidence" claim that OIDF eKYC uses? https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html

[iherman]

The issue was discussed in a meeting on 2022-08-31

• no resolutions were taken

View the transcript

4.2. add claims metadata (issue vc-data-model#893)

See github issue vc-data-model#893.

Brent Zundel: kristina, can you walk us through this?.

Kristina Yasuda: the question was... where to put the metadata about "claims"....
… how do we know how to use "evidence"... can we keep this issue open until we can align with identity assurance.

Manu Sporny: the confusing word is "what is meant by metadata"..
… in theory you can add any metadata that you want, at any level....
… we should probably address this in a use case specific format... like the assurance example and evidence... in person, IAL... etc... we should be more specific.
… are "evidence" and "revocationStatus" metadata?.
… can't tell if this applies to other metadata properties not associated with assuancee.

Kristina Yasuda: was thinking mostly about trust frameworks, government and finance use cases... passport was used to verify the claims, etc....
… evidence seem like the correct place, but there is a vocabulary for assurance that the UK refers to... and the question is how to leverage / integrate the UK vocabulary with the W3C evidence vocabulary..

Oliver Terbu: I was involved in some projects related to this... european ssi framework... they have their own context and schemas, and they use evidence..
… they cover, what did the issuer verify prior to credential issuance..
… I think folks would want to define their own evidence type and register it..

Dave Longley: +1 to oliver.

Manu Sporny: Yes, exactly what Oliver just said -- +1.

Oliver Terbu: people need to evidence type to understand the evidence and the vocabulary it relies on.

Kristina Yasuda: @manu will update the issue to clarify what is meant by metadata in the issue.

Logan Porter: I think we are talking about 2 different things... the current evidence property is more like where the claims came from..
… like name came from passport or drivers license..
… but we are also talking about assurance, which is about how that is checked, in person, remote, etc....
… we might want to distinguish between these uses of the evidence property..

Antony Nadalin: I think I agree with Logan... there is evidence types and method types..

Manu Sporny: the evidence property is currently any information that the issuer can include to help the verifier decide..
… I see this as 2 entries in the evidence property, one speaking to IAL, the other speaking to trust framework..
… authenticators are another type of evidence.

Oliver Terbu: I wanted to add that folks should define their own evidence types as needed by their trust framework.

Manu Sporny: yep, +1 Oliver.

Dave Longley: +1.

[Sakurann]

to clarify in response to the WG conversation, what I meant by "metadata" was "information about how the identity claims were assured and how they are maintained".

[brentzundel]

to clarify in response to the WG conversation, what I meant by "metadata" was "information about how the identity claims were assured and how they are maintained".

I believe this is the original intent of the evidence property, so it may be good to adjust that rather than introduce another property.

[Sakurann]

Issue #919 seems related

[Sakurann]

https://docs.google.com/document/d/1htujrb-_1kh8tkV4MXYRmZ44m_D7yFrY09aFJkAz7io/edit

[added context on 2023-02-02]
This document was a submission to CCG and was mentioned during the call as a concrete mechanism that will help move this issue forward.

[iherman]

The issue was discussed in a meeting on 2023-01-18

• no resolutions were taken

View the transcript

4.4. add claims metadata (how the identity claims were assured and how they are maintained) (issue vc-data-model#893)

See github issue vc-data-model#893.

Kristina Yasuda: this is regarding evidence and assurance.
… there as not been much movement on this.
… chair hat off, I would be ok closing this, if we had better detail on the use of evidence property.

Manu Sporny: +1 for special topic call on Evidence..

Kristina Yasuda: there are several issues labeled evidence, it seems like a potential special topic call.

David Chadwick: W3C CCG is attempting to define a standard evidence property type.
… this new work item would create a standard evidence type for OIDC.
… the data structure would be controlled by OIDF.
… its a proposed item, it was very recently introduced.
… its written with arcaine.

Kristina Yasuda: please link to the issue.

David Chadwick: https://docs.google.com/document/d/1htujrb-_1kh8tkV4MXYRmZ44m_D7yFrY09aFJkAz7io/edit.

Kristina Yasuda: seems the CCG item could resolve the issue.

Manu Sporny: we should discuss here.

David Chadwick: we didn't think it was in scope for this WG, happy to move it here, if thats preferred.
… what I pointed out to the CCG, there were 2 features that were interesting....
… people change their names, and that can impact evidence....
… evidence can disagree with credentials.
… another issue was wrt selective disclosure....
… you can accidentally leak information through use of evidence.

Orie Steele: If we refer to this evidence type from our document, I don't believe we can point directly at a W3C CCG work item. We are compelled to provide testable solutions for the property or remove it from our specification, this feels further along, but we can adopt the work item as the WG, use the work item as one of the registered types, then we are protected by downref. I'm concerned about pointing to something that's not within the group and a different timeline. I'm excited about the work. I'm concerned about potential objections, there's process issues here that we might want to consider. There are potential objections that could come if we don't have a strong evidence type in our next spec..

Kristina Yasuda: please review the document that was been shared.
… lets end here today.

David Chadwick: @orie arcaine to Mark Haine.

---

[TallTed]

@Sakurann — I have significant concerns with the "Definition of Evidence Type for W3C Verifiable Credentials Data Model for High Assurance Individuals" Gdoc you linked above [ETA-2023-02-06: which did not have any contextualizing comment, when it was originally linked] —

• starting with the W3C logo at its head
• moving to its author, OpenID Foundation eKYC & IDA Working Group, which is not part of W3C in any way
• continuing into the garbled Copyright statement ("the Contributors to the A Template for W3C Credentials Community Group Specifications Specification, published by the Credentials Community Group under the W3C Community Contributor License Agreement (CLA). A human-readable summary is available.")
• and continuing through to the end of the meat of the Gdoc.

(If this Gdoc is not meant to be reviewed yet, that should be noted along with the link to it, above.)

[RieksJ]

to clarify in response to the WG conversation, what I meant by "metadata" was "information about how the identity claims were assured and how they are maintained".

It may be very important for a verifier to know how the identity claims were assured and how they are maintained. However, in such cases, I would think that the verifier would want to know this before it would have its applications request presentations for such claims. So I am not convinced that this kind of information would serve any purpose in real-world use cases.