It's been a while since I wrote a post about #OpenBadges on my personal blog. This one is simply me writing down something I noticed about a decade ago - and which hasn't really changed:
I've been an evangelist for #OpenBadges for 13 years at this point. The latest version of the spec has just come out (v3) which aligns with the #VerifiableCredentials data model
At our recent AC meeting in Hiroshima, Japan 🇯🇵, Leonard Rosenthol, of Adobe, introduced the work of the Coalition for Content Provenance and Authenticity (C2PA).
The C2PA work leverages W3C standards and aims to develop technical specs for widespread content provenance and authenticity, allowing users to trace media origins. #VerifiableCredentials, #WebAnnotations,
This specification describes how to generate digital #signatures for ensuring the authenticity and integrity of #VerifiableCredentials using the BBS signature scheme (👀 BBS is the acronym of its creators: Boneh, Boyen and Shacham).
⟨ " The main one is being able to disclose our identity/claims without issuers knowing. It is a civil liberty; it is a right. As more of our life moves online, we should be able to express our identity like we do it offline.
Then, users having VCs in their wallet will be very powerful for verifiers. They don't have to deal with the issuance, revocation, and recovery of those credentials, and they get high assurance claims about subjects with relatively low friction for many use cases.
And finally, systems using VCs can more easily achieve the massive scale that is required as more interactions move online. From an architecture perspective, all users' wallets work as a distributed cache for the issuer. Unlike OpenID connect authorization servers, the issuer will not typically need to support high scale scenarios that might correlate to online events like ticket sales or streaming episodes premiers. Users will typically already have credentials in their wallets and verifiers will simply need to verify them, in a (mostly) stateless fashion. " ⟩
The final blog post by the late Vittorio Bertocci on Verifiable Credentials looks to be absolutely on-point regarding both the misconceptions and the value of the #3PartyIdentityModel of #W3C#VerifiableCredentials
While I use and support the narratives around #SelectiveDisclosure and Individual Agency, the non-negotiable core of my support of this technology is its ability to mitigate the #PhoneHome issue, and its support for open web vocabularies, without the need for a centrally controlled dictionary, to enable massive scalability.
Federated Identity to 3 Party (Issuer-Holder-Verifier) Multiverse of Identity
❖ There exists SOAP, SAML and OIDC for standardized federated identity exchanges.
❖ In Nov 2019, the W3C Verifiable Credentials Data Model (VCDM) 1.0 introduced the 3 party identity model with significant privacy enhancements and individual control.
❖ In the latter half of 2020, with the success and global traction for W3C VCDM, the OpenID community starts working on approaches (DID-SIOP) that implement the 3 party identity model.
❖ Between early 2021 - late 2022, there was both desire and good-faith work by many community members to ensure interoperability between the W3C work and the OpenID/IETF work on the 3 party identity model.
❖ At this time (late 2023), interoperability is no longer a priority (regrettably) and the future looks similar to what currently exists with SAML and OIDC; co-existence and not interoperability.