10O/ GS1 Digital Links, DIDs, and VCs…issuing from HTTPS
GS1 Digital Links, Decentralized Identifiers & Verifiable Credentials
Wednesday 10O
Convener: Orie Steele (CTO @Transmute), Kevin Dean (GS1 CA), Phil Archer (GS1)
Notes-taker(s): Margo Johnson (Transmute)
Tags for the session - technology discussed/ideas considered:
GS1 Digital Link, Decentralized Identifiers, Verifiable Credentials,
Supply Chain Applications
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
GS1 Digital Link:
“The GS1 Digital Link standard extends the power and flexibility of GS1 identifiers by making them part of the web. That means that GS1 identifiers, such as the GTIN (the number in the barcode in almost every consumer item in the world), are now a gateway to consumer information that strengthens brand loyalty, improved supply chain traceability information, business partner APIs, patient safety information and more.”
TLDR:
GS1 Digital Links are URLs for exploring linked data related to products that have a barcode or QR Code.
https://www.gs1.org/standards/gs1-digital-link
Decentralized Identifiers:
“Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities.”
TLDR:
A decentralized identifier identifies a subject, and associates a set of verification methods and services for use related to that subject.
https://www.w3.org/TR/did-core
Verifiable Credentials:
“A verifiable credential can represent all of the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.”
TLDR:
A verifiable credential is set of tamper evident, authenticatable claims about a subject. For example: Drivers License, or Board Certified Physician or Certified Organic.
https://www.w3.org/TR/vc-data-model
What is the relationship between these three standards?
-Left side describes relationship between DIDs and verifiable credentials
-DIDs cryptographically self-certifying, used to present and prove control over keys
-Digital links have authoritative information after the “//”
-Web resources today make use of this, lots of value here
-Know that the issuer authoritatively controlled and intended to share access to
-Server is authoritative… and with DL the identifier is authoritative
GS1 DL can be used for authoritative issuance of VCs and VPs
Can create VCs that come from IRI
DID method resolution, example is Universal Resolver… but there are multiple resolvers
-Trusting that multiple web origins will return same DID doc, some trust here
GS1 DL resolution, can also take to multiple resolvers, same opportunity and challenge as DIDs
Question: Verifier missing from this picture… explain in simple terms, how as a verifier do I decide where to resolve a Verifiable Credential.
NOTE: GS1 DL standard also defines a data model and standard for link sets
Verifier reserves right to ignore whatever identifier is presented
Verifier can see either a DID or VC
And can see that they can verify the credential
Kevin: Think of DL as bridge between trusted and untrusted worlds
Question: How different from Certificate Authority?
Different from certificate authority because does not sign public keys
GS1 does issue identifiers, have done so for many years
Now for first time are making identifiers resolvable on the web, including option to link to Verifiable Credentials
GS1 Identifiers clarification: “GS1 is the largest system of identification for supply chains. Orgs, locations, assets, products, shipment. There is a key that may be used to define an individual to a service relationship, but in general - the system is not for the identification of people.” (Gena Morgan, GS1 US).
Right tool for the job? (Assessing pros and cons)
-Digital Link out of the box provides some details about the subject, type information, higher usability with systems today. Disadvantage of correlation.
-DIDs have little trust without Verifiable Credentials. Poor solution for discovery, but higher privacy. Most don’t reveal the type in the DID or DID document itself.
-Verifiable credentials can use both DIDs and Digital Links, VC very useful for confidentiality concerns, presentation and disclosure. Relies on trusting verification method.
https://www.gs1.org/gs1-web-vocabulary
Links:
GS1 Web Vocabulary - https://www.gs1.org/voc
GS1 Digital Link Standard - https://www.gs1.org/standards/gs1-digital-link, https://www.youtube.com/watch?v=9sDrk0bFBN0
Traceability Shared Vocabulary- https://w3c-ccg.github.io/traceability-vocab
Decentralized Identifiers - https://www.w3.org/TR/did-core
Verifiable Credentials - https://www.w3.org/TR/vc-data-model
Sidetree.js - https://github.com/transmute-industries/sidetree.js
vc.js - https://github.com/transmute-industries/vc.js
gs1-digital-link/vc.json
Example of Credential:
Where to get started for developers with GS1:
https://gs1.github.io/DigitalLinkDocs/
For deeper notes about traceability go to session notes from yesterday… “Moving Untrusted Data Across Untrusted Parties in Supply Chains” (Session 4, Breakout F)
Enhancement of existing IDs with DIDs
Questions of sensitivity apply just as much to contextualized identifiers (like DL) as they do to DIDs.
Place where public discovery ends
Zoom Chat:
From Adrian Gropper to Everyone: Digital Link is a Certificate Authority?
From JC Ebersbach to Everyone: yes, I was also wondering about the security aspect
From naga durga prasad to Everyone: is GS1 better for objects / things than for humans? A muggle asking question here?
From Gena Morgan to Everyone: GS1 is the largest system of identification for supply chains. Orgs, locations, assets, products, shipment. There is a key that may be used to define an individual to a service relationship, but in general - the system is not for the identification of people
From Adrian Gropper to Everyone: q+ to ask about DEA numbers
From Rouven Heck to Everyone: I guess slide 6 includes a lot of statements which are very depending on the context/use-case
From phil.archer@gs1.org to Everyone: Linkset is an advanced Internet Draft we're really hoping becomes an RFC soon https://tools.ietf.org/html/draft-wilde-linkset-07
From Lio Lunesu to Everyone: Q: Could GS1 links be resoled to a DID Doc?(resolved)
From phil.archer@gs1.org to Everyone: q+ to answer Lio
From Rouven Heck to Everyone: + trust in the x509 cert?
From Dmitri Z to Everyone: @naga - that’s a reasonable statement (that GS1 links are better for things and organizations rather than humans)
From phil.archer@gs1.org to Everyone: We're much more concerned with things (products, shipments, railway wagons) than we are people, yes
From Rouven Heck to Everyone: operational security seems like the same in all cases - if you send me your private key/password for your web-resource … :)
From Me to Everyone: https://www.gs1.org/gs1-web-vocabulary
From Dmitri Z to Everyone: q+ to ask about if there’s intentions to integrate with schema.org
From Gena Morgan to Everyone: It is an extension to Schema.org
From JC Ebersbach to Everyone: could you show the credential again?
From Orie Steele to Everyone: https://github.com/decentralized-identity/jsonld-document-loader/blob/master/src/__tests__/gs1-digital-link/vc.json
From JC Ebersbach to Everyone: thx
From Dmitri Z to Everyone: super useful vocabulary, thank you so much
From Orie Steele to Everyone: https://github.com/w3c-ccg/traceability-vocab ; https://w3c-ccg.github.io/traceability-vocab/
From phil.archer@gs1.org to Everyone: https://gs1.github.io/DigitalLinkDocs/principles/
From Simonas Karuzas to Everyone: Have you considered using "did:web"? "issuer": "https://id.gs1.org/gln/0614141123452" could be: "issuer": "did:web:id.gs1.org:gln:0614141123452"
From Melanie Nuce GS1 US to Everyone: DEA numbers are entity/provider identifiers
From Orie Steele to Everyone: Yes, I love did web https://did.actor/https://did-web.web.app/
From Gena Morgan to Everyone: For those dealing with Class 2 drugs.
From Orie Steele to Everyone: We are working on did:web, but there are a number of privacy issues were are still sorting out in the spec
From Gena Morgan to Everyone: We expect there to be creds from the DEA for those entities, and that will be used as one credential for identity, among many others
From phil.archer@gs1.org to Everyone: https://gs1.github.io/DigitalLinkDocs/
From Orie Steele to Everyone: https://www.gs1.org/voc/ Can someone from my team make the presentation available
From Adrian Gropper to Everyone: q+ to answer about OCA
From Me to Everyone: Most presentation slides and all of the links are in the IIW notes.
From Wayne Chang to Everyone: Just wanted to mention that Adrian has queued himself to add to this. Maybe hand raise?
From Dmitri Z to Everyone: w3c is not english-centric.. it has a ton of internationalization specs; also, JSON-LD specifically (over plain JSON) has excellent internationalization capability
From jonathan holt to Everyone: I should clarify, the vocabularies that we are creating in the w3c DID spec registries are English-focused due to the nature of the contributors. Obviously, w3c in general is very international.
From Dmitri Z to Everyone: @jonathan - yeah.. we should put out a call specifically, for translators etc or just add some PRs with non-english examples
From Leah Houston to Everyone: Come by table 12 to see what we are doing with HPEC!
From Joachim Lohkamp to Everyone: Thank you Orie, Phil and everyone for a great semantified session ;)
From Orie Steele to Everyone: Cheers!
From Swapna Radha to Everyone: Thank you for the great session
From Laura J to Everyone: Thanks!
From Paul DIetrich to Everyone: Thanks Orie
From JC Ebersbach to Everyone: great session, thanks a lot!
From John Walker to Everyone: +1 Orie, very informative
From Dmitri Z to Everyone: thanks Orie!
From JC Ebersbach to Everyone: That's a really great point: enhance existing IDs with DIDs!