Quarterly Standards and Working Groups Update
To champion open-source, interoperable solutions that help create a more privacy-forward, user-centric internet, Spruce participates in various working groups of global standards bodies and foundations. Here are our highlights for the second quarter of 2023.
As we move into the third quarter of 2023, we take a moment to reflect on our efforts in the ongoing mission of digital identity standardization and enhancement.
The majority of our daily interactions, both physical and digital, depend on the concept of identity, making it a critical area of focus. Yet, the absence of a native identity layer in the structure of the Internet demands careful coordination and collaboration.
To address this, SpruceID has been actively involved in various working groups of international standards bodies and foundations. We aim to contribute to open-source, interoperable solutions that will foster a user-centric, privacy-oriented internet applicable across diverse sectors. As part of this effort, we've been involved in developing key identity standards like the Verifiable Credentials 2.0 standard, the SD-JWT VC specification, and more.
The following are some key highlights of our work in the past quarter:
ISO Working Groups
- SpruceID is hosting the first fully remote ISO/IEC 18013:7 mDL interoperability test event for online presentment in cooperation with AAMVA, Austroads, and ISO/IEC JTC1/SC17 members. The event is open for registrations until August 7th at 11:59 UTC and will take place over two weeks at the end of August. The results will inform the ISO/IEC 18013-7 specification process.
- We contributed to the ISO/IEC TS 23220-3 mdoc issuance specification and demonstrated how OpenID for Verifiable Credential Issuance (OID4VCI) can be used to securely issuance mdocs, and helped to shape the OID4VP mdoc profile in ISO/IEC TS 203220-4.
W3C Working Groups
- We continued our work in W3C as editors and contributors to the upcoming Verifiable Credential Data Model (VCDM) 2.0 standard. The VCDM 2.0 will supersede VCDM 1.1 and will be accompanied by a series of other specifications, such as Data Integrity and Securing Verifiable Credentials using JOSE and COSE.
- We started the horizontal review process of the VCDM 2.0 standard and created the first self-reviews on architecture, security, privacy, accessibility, and internationalization. In this course, we work with the W3C TAG (Technical Architecture Group), PING (Privacy and Security Interest Group), Internationalization Working Group, and Accessible Platform Architectures Working Group.
- We continued to be engaged in the RDF-related working groups in W3C. Finally, we helped transition the proposed W3C Verifiable Credentials Confidence Method vocabulary to W3C CCG.
Internet Engineering Task Force (IETF)
- We are spearheading the SD-JWT VC specification in IETF that describes using Selective Disclosure JWTs (SD-JWT) to secure JSON-based Verifiable Credentials here. The High-Assurance Profile in the OpenID Foundation (OIDF) selected this SD-JWT VC as their preferred credential format. It is also under consideration by the eIDAS 2.0 Architecture Reference Framework (ARF). The specification will also be presented at IETF 117 before the OAuth2 Working Group.
- We are also closely following the development of the SCITT working group in IETF.
OpenID Foundation Working Groups
- We continued contributing to the OpenID for Verifiable Credentials (OID4VC) series as editors of the specifications and as contributors. Amongst others, OID4VC includes OpenID for Verifiable Presentations (OID4VP) and OpenID for Verifiable Credential Issuance (OID4VCI).
- We also helped set up a new working group in the OIDF on Digital Credentials Protocols.
OpenWallet Foundation (OWF)
- We continued our engagement in several OWF working or interest groups, such as on Architecture, OID4VC, and credential comparisons.
Web3 Standards
- We worked with wallet vendors to address their feedback on EIP-4361 so the specification gives better guidance on how domain binding has to be implemented. The updates are already published in the Ethereum EIP repository.
- We contributed to the UCAN working group regarding consistency with timestamps, signature types, and header entry restrictions.
- We also contributed to the CACAO (CAIP-196) working group regarding consistent timestamp representations and paths to supporting W3C WebAuthn for signature generation and verification.
- Finally, we contributed a definition for did:pkh representations to the MultiDID specification in CASA.
Additional Working Groups
- Together with other subject matter experts in the World Economic Forum (WEF) identity working group, we published a whitepaper on Reimaging Digital Identity.
We fundamentally believe this work to champion global standards is core to the success of further adoption of digital identity, allowing for more secure and privacy-preserving yet seamless interactions that build digital trust across the web.
If you're interested in discussing or contributing to any of our work outlined above, please contact our team.
About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.