10O/ GS1 Digital Links, DIDs, and VCs…issuing from HTTPS

From IIW

GS1 Digital Links, Decentralized Identifiers & Verifiable Credentials


Wednesday 10O

Convener: Orie Steele (CTO @Transmute), Kevin Dean (GS1 CA), Phil Archer (GS1)

Notes-taker(s): Margo Johnson (Transmute)

Tags for the session - technology discussed/ideas considered:

GS1 Digital Link, Decentralized Identifiers, Verifiable Credentials,

Supply Chain Applications


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

GS1-1.jpg


GS1 Digital Link:


“The GS1 Digital Link standard extends the power and flexibility of GS1 identifiers by making them part of the web. That means that GS1 identifiers, such as the GTIN (the number in the barcode in almost every consumer item in the world), are now a gateway to consumer information that strengthens brand loyalty, improved supply chain traceability information, business partner APIs, patient safety information and more.”

TLDR:

GS1 Digital Links are URLs for exploring linked data related to products that have a barcode or QR Code.

https://www.gs1.org/standards/gs1-digital-link


Decentralized Identifiers:


“Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities.”

TLDR:

A decentralized identifier identifies a subject, and associates a set of verification methods and services for use related to that subject.

https://www.w3.org/TR/did-core


Verifiable Credentials:


“A verifiable credential can represent all of the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.”

TLDR:

A verifiable credential is set of tamper evident, authenticatable claims about a subject. For example: Drivers License, or Board Certified Physician or Certified Organic.

https://www.w3.org/TR/vc-data-model


What is the relationship between these three standards?

GS1-2.jpg

-Left side describes relationship between DIDs and verifiable credentials

-DIDs cryptographically self-certifying, used to present and prove control over keys

-Digital links have authoritative information after the “//”

-Web resources today make use of this, lots of value here

-Know that the issuer authoritatively controlled and intended to share access to

-Server is authoritative… and with DL the identifier is authoritative

GS1 DL can be used for authoritative issuance of VCs and VPs

Can create VCs that come from IRI

DID method resolution, example is Universal Resolver… but there are multiple resolvers

-Trusting that multiple web origins will return same DID doc, some trust here

GS1 DL resolution, can also take to multiple resolvers, same opportunity and challenge as DIDs

Question: Verifier missing from this picture… explain in simple terms, how as a verifier do I decide where to resolve a Verifiable Credential.

NOTE: GS1 DL standard also defines a data model and standard for link sets

Verifier reserves right to ignore whatever identifier is presented

Verifier can see either a DID or VC

And can see that they can verify the credential

Kevin: Think of DL as bridge between trusted and untrusted worlds

Question: How different from Certificate Authority?

Different from certificate authority because does not sign public keys

GS1 does issue identifiers, have done so for many years

Now for first time are making identifiers resolvable on the web, including option to link to Verifiable Credentials

GS1 Identifiers clarification: “GS1 is the largest system of identification for supply chains. Orgs, locations, assets, products, shipment. There is a key that may be used to define an individual to a service relationship, but in general - the system is not for the identification of people.” (Gena Morgan, GS1 US).

Right tool for the job? (Assessing pros and cons)

-Digital Link out of the box provides some details about the subject, type information, higher usability with systems today. Disadvantage of correlation.

-DIDs have little trust without Verifiable Credentials. Poor solution for discovery, but higher privacy. Most don’t reveal the type in the DID or DID document itself.

-Verifiable credentials can use both DIDs and Digital Links, VC very useful for confidentiality concerns, presentation and disclosure. Relies on trusting verification method.

GS1-3.jpg

GS1-4.jpg

GS1-5.jpg

GS1-6.jpg

GS1-7.jpg

https://www.gs1.org/gs1-web-vocabulary


Links:

GS1 Web Vocabulary - https://www.gs1.org/voc

GS1 Digital Link Standard - https://www.gs1.org/standards/gs1-digital-link, https://www.youtube.com/watch?v=9sDrk0bFBN0

Traceability Shared Vocabulary- https://w3c-ccg.github.io/traceability-vocab

Decentralized Identifiers - https://www.w3.org/TR/did-core

Verifiable Credentials - https://www.w3.org/TR/vc-data-model

Sidetree.js - https://github.com/transmute-industries/sidetree.js

vc.js - https://github.com/transmute-industries/vc.js

gs1-digital-link/vc.json


Example of Credential:

https://github.com/decentralized-identity/jsonld-document-loader/blob/master/src/__tests__/gs1-digital-link/vc.json


Where to get started for developers with GS1:

https://gs1.github.io/DigitalLinkDocs/

https://www.gs1.org/voc/

For deeper notes about traceability go to session notes from yesterday… “Moving Untrusted Data Across Untrusted Parties in Supply Chains” (Session 4, Breakout F)

Enhancement of existing IDs with DIDs

Questions of sensitivity apply just as much to contextualized identifiers (like DL) as they do to DIDs.

Place where public discovery ends


Zoom Chat:


From Adrian Gropper to Everyone: Digital Link is a Certificate Authority?

From JC Ebersbach to Everyone: yes, I was also wondering about the security aspect

From naga durga prasad to Everyone: is GS1 better for objects / things than for humans? A muggle asking question here?

From Gena Morgan to Everyone: GS1 is the largest system of identification for supply chains. Orgs, locations, assets, products, shipment. There is a key that may be used to define an individual to a service relationship, but in general - the system is not for the identification of people

From Adrian Gropper to Everyone: q+ to ask about DEA numbers

From Rouven Heck to Everyone: I guess slide 6 includes a lot of statements which are very depending on the context/use-case

From phil.archer@gs1.org to Everyone: Linkset is an advanced Internet Draft we're really hoping becomes an RFC soon https://tools.ietf.org/html/draft-wilde-linkset-07

From Lio Lunesu to Everyone: Q: Could GS1 links be resoled to a DID Doc?(resolved)

From phil.archer@gs1.org to Everyone: q+ to answer Lio

From Rouven Heck to Everyone: + trust in the x509 cert?

From Dmitri Z to Everyone: @naga - that’s a reasonable statement (that GS1 links are better for things and organizations rather than humans)

From phil.archer@gs1.org to Everyone: We're much more concerned with things (products, shipments, railway wagons) than we are people, yes

From Rouven Heck to Everyone: operational security seems like the same in all cases - if you send me your private key/password for your web-resource … :)

From Me to Everyone: https://www.gs1.org/gs1-web-vocabulary

From Dmitri Z to Everyone: q+ to ask about if there’s intentions to integrate with schema.org

From Gena Morgan to Everyone: It is an extension to Schema.org

From JC Ebersbach to Everyone: could you show the credential again?

From Orie Steele to Everyone: https://github.com/decentralized-identity/jsonld-document-loader/blob/master/src/__tests__/gs1-digital-link/vc.json

From JC Ebersbach to Everyone: thx

From Dmitri Z to Everyone: super useful vocabulary, thank you so much

From Orie Steele to Everyone: https://github.com/w3c-ccg/traceability-vocab ; https://w3c-ccg.github.io/traceability-vocab/

From phil.archer@gs1.org to Everyone: https://gs1.github.io/DigitalLinkDocs/principles/

From Simonas Karuzas to Everyone: Have you considered using "did:web"? "issuer": "https://id.gs1.org/gln/0614141123452" could be: "issuer": "did:web:id.gs1.org:gln:0614141123452"

From Melanie Nuce GS1 US to Everyone: DEA numbers are entity/provider identifiers

From Orie Steele to Everyone: Yes, I love did web https://did.actor/https://did-web.web.app/

From Gena Morgan to Everyone: For those dealing with Class 2 drugs.

From Orie Steele to Everyone: We are working on did:web, but there are a number of privacy issues were are still sorting out in the spec

From Gena Morgan to Everyone: We expect there to be creds from the DEA for those entities, and that will be used as one credential for identity, among many others

From phil.archer@gs1.org to Everyone: https://gs1.github.io/DigitalLinkDocs/

From Orie Steele to Everyone: https://www.gs1.org/voc/ Can someone from my team make the presentation available

From Adrian Gropper to Everyone: q+ to answer about OCA

From Me to Everyone: Most presentation slides and all of the links are in the IIW notes.

From Wayne Chang to Everyone: Just wanted to mention that Adrian has queued himself to add to this. Maybe hand raise?

From Dmitri Z to Everyone: w3c is not english-centric.. it has a ton of internationalization specs; also, JSON-LD specifically (over plain JSON) has excellent internationalization capability

From jonathan holt to Everyone: I should clarify, the vocabularies that we are creating in the w3c DID spec registries are English-focused due to the nature of the contributors. Obviously, w3c in general is very international.

From Dmitri Z to Everyone: @jonathan - yeah.. we should put out a call specifically, for translators etc or just add some PRs with non-english examples

From Leah Houston to Everyone: Come by table 12 to see what we are doing with HPEC!

From Joachim Lohkamp to Everyone: Thank you Orie, Phil and everyone for a great semantified session ;)

From Orie Steele to Everyone: Cheers!

From Swapna Radha to Everyone: Thank you for the great session

From Laura J to Everyone: Thanks!

From Paul DIetrich to Everyone: Thanks Orie

From JC Ebersbach to Everyone: great session, thanks a lot!

From John Walker to Everyone: +1 Orie, very informative

From Dmitri Z to Everyone: thanks Orie!

From JC Ebersbach to Everyone: That's a really great point: enhance existing IDs with DIDs!