Here's my slides from my session at #Identiverse 2025: Passkeys and Verifiable Digital Credentials: Friends or Foes?

Here's my slides from my session at #Identiverse 2025: Passkeys and Verifiable Digital Credentials: Friends or Foes?
Whoops I gave some money to ISO
@SwiftOnSecurity I can't retoot it hard enough. Another feather in the imaginary cap of #VerifiableCredentials.
Shouldn't the police be providing some kind of verifiable credential, a digital signature, to prove that it's really the police making these requests? Wouldn't that solve the problem? At the very least, use Pretty Good Privacy.
What creates the spark behind an illustration? There’s nothing I love better than playing idea ping-pong with a co-collaborator.
This illustration was created for a series of credentialing workshops with Badge guru Doug Belshaw for the N-TUTORR project.
> [Verifiable Credentials] allow for selective disclosure of information. For example, instead of handing over your entire driver’s license at a bar (which has a picture of you, your address, etc.), you can selectively disclose that you are of drinking age.
https://medium.com/@dfinity/introducing-verifiable-credentials-to-the-internet-computer-898f5538dcfb
My colleague Gertjan De Mulder is presenting the work on using #VerifiableCredentials in #Solid pods with #LinkedDataNotifications at the SDS Workshop! In this work, the proof of a credential is stored in Solid pods to allow proving if a patient has a medical subscription to buy certain medication or proof that a job applicant has a diploma or skills for the job they are applying to.
At our recent AC meeting in Hiroshima, Japan , Leonard Rosenthol, of Adobe, introduced the work of the Coalition for Content Provenance and Authenticity (C2PA).
The C2PA work leverages W3C standards and aims to develop technical specs for widespread content provenance and authenticity, allowing users to trace media origins. #VerifiableCredentials, #WebAnnotations,
Watch the video: https://youtu.be/tQDTvzjr5CQ
At the @w3c member meeting in #Hiroshima , Leonard Rosenthol, Adobe, introduced the work of the Coalition for Content Provenance and Authenticity (C2PA) that leverages W3C standards (#VerifiableCredentials, #WebAnnotations, etc.).
C2PA aims to develop technical specs for widespread content provenance and authenticity, allowing users to trace media origins.
Watch the video: https://youtu.be/tQDTvzjr5CQ
Securing Verifiable Credentials using JOSE and COSE is a @w3c #CandidateRecommendation !#timetoimplement https://www.w3.org/TR/vc-jose-cose/
#VerifiableCredentials enhance trust, privacy, and control in digital interactions by enabling owners to manage how their information is shared and verified. This specification outlines how JSON Web Tokens (JWTs) can secure #VerifiableCredentials using JOSE and COSE.
Feedback is welcome in #GitHub: https://github.com/w3c/vc-jose-cose/
Just hit the button on a post @dajb and I co-wrote. Actually, Doug did most of the work and I just said some random stuff and then it became this pretty awesome post about #FOSS #ideology #verifiablecredentials https://blog.weareopen.coop/examining-the-roots-248077d11c2b #openbadges #openrecognition #digitalcredentials
Data Integrity BBS Cryptosuites v1.0 has just been published as a #w3c Candidate Recommendation #timetoimplement !
https://www.w3.org/TR/2024/CR-vc-di-bbs-20240404/
This specification describes how to generate digital #signatures for ensuring the authenticity and integrity of #VerifiableCredentials using the BBS signature scheme ( BBS is the acronym of its creators: Boneh, Boyen and Shacham).
See also the "BBS Cryptosuite v2023 Explainer": https://github.com/w3c/vc-di-bbs/blob/main/EXPLAINER.md
Verifiable Credential Data Integrity 1.0 describes mechanisms for ensuring the authenticity and integrity of #VerifiableCredentials and similar types of constrained digital documents using #cryptography
https://www.w3.org/TR/vc-data-integrity/
Check out the explainer! https://github.com/w3c/vc-data-integrity/blob/main/EXPLAINER.md
The Verifiable Credentials JSON Schema specification provides a mechanism for the use of #JSON Schemas with VCs through a standardized mechanism called "Credential Schemas"
https://www.w3.org/TR/vc-json-schema/
Despite this wariness, the whitepaper makes good arguments, especially in the "issuer-always-up" approach as needed by Bit Strings. I worry about the effective loss of a persistent VC by the holder if an issuer disappears which the EBSI helps protect against. This worry about "issuer-always-up" is assuming the lack of an explicit revocation status is effectively a revocation.
I did read EBSI VC revocation report (https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/EBSI+Presents+on+New+Study+about+Verifiable+Credential+Revocation) and was also, in parallel, turned on to Bit Strings as a method of handling revocations.
https://w3c.github.io/vc-bitstring-status-list/ .
Unfortunately, I don't have enough background on the European Blockchain Service Infrastructure (EBSI) to form an opinion on it independent of VCs but I am always reticent that folks will conflate VCs and blockchains so anytime VC mechanisms tie into blockchains I am always a bit wary.
At #w3cTPAC, @p20n explained that several W3C groups are actively working on data-related Web standards: #RDFStar, #VerifiableCredentials, Dataset Exchange, #JSONLD, #WoT, etc.
Find out more at https://w3.org/2023/09/TPAC/ac-activities-data (w/ slides an transcript)
Visiting the NGDIL technology day. Think of #eIDAS, #digitalidentity, #wallets #vc #verifiablecredentials, #openbadge, #education
https://www.ngdil.com/?lng=en
Ugh, I heard whispers of this being the case but it's now confirmed: California's mDL requires use of a standalone app  https://www.dmv.ca.gov/portal/ca-dmv-wallet/
The issue with standalone apps is that you have to unlock your phone before pulling up the app to then hand to someone like, say, law enforcement who love it when you willingly enable them to clone your device if they decide to confiscate it.
Personally I'd rather they have supported adding it to Apple Wallet (and Google's equivalent, it's all implementing a standard spec afaik.) Maybe next year?
Some thoughts on #VerifiableCredentials and the problems of linking them to real people.
https://shkspr.mobi/blog/2021/06/how-do-you-link-verifiable-credentials-to-a-human/