CR Snapshot Update Request for Verifiable Credential Data Integrity 1.0, EdDSA and ECDSA Cryptosuites - vc-data-integrity, vc-di-ecdsa, vc-di-eddsa

[iherman]

Document URLs

• Verifiable Credential Data Integrity 1.0
  • https://w3c.github.io/vc-data-integrity/transitions/2024/CR2/ (not yet in place on /TR)
  • Editors' draft: https://w3c.github.io/vc-data-integrity/
• Data Integrity EdDSA Cryptosuites v1.0
  • https://w3c.github.io/vc-di-eddsa/transitions/2024/CR2/ (not yet in place on /TR)
  • Editors' draft: https://w3c.github.io/vc-di-eddsa/
• Data Integrity ECDSA Cryptosuites v1.0
  • https://w3c.github.io/vc-di-ecdsa/transitions/2024/CR2/ (not yet in place on /TR)
  • Editors' draft: https://w3c.github.io/vc-di-ecdsa/
• Proposed publication date: 2024-11-05

Link to group's decision to request transition

https://www.w3.org/2017/vc/WG/Meetings/Minutes/2024-09-27-vcwg#resolution2

Link to previous Candidate Recommendation transition or update request

#573

Substantive changes

See "Changes since the First Candidate Recommendation" at each link below:

• First item of https://w3c.github.io/vc-data-integrity/transitions/2024/CR2/#revision-history
• First item of https://w3c.github.io/vc-di-eddsa/transitions/2024/CR2/#revision-history
• First item of https://w3c.github.io/vc-di-ecdsa/transitions/2024/CR2/#revision-history

Any changes in requirements?

None

Wide Review of substantive changes

None of the substantive changes since CR1 are related to Accessibility, Internationalization, Architecture, or Privacy. Some Security-related changes have been made, but the Security review is pending the creation of Security Interest Group. We have written to each group above to get confirmation on if they concur with our analysis.

With respect to wide review, changes to each specification has been circulated on a weekly basis to the W3C Credentials Community Group, which contains over 560+ individuals, with a number of them providing continued feedback since CR1. For example:

https://lists.w3.org/Archives/Public/public-credentials/2024Oct/0031.html

The test suites run on a weekly basis and implementers actively track how their implementations are performing. Ecosystem reports are also available and are tracked and commented on by organizations adopting vendor solutions:

https://canivc.com/

Multiple implementers have also reviewed changes and have confirmed that they will implement or plan to implement all substantive changes since CR1.

Issues status

See, respectively:

• https://github.com/w3c/vc-data-integrity/issues/
• https://github.com/w3c/vc-di-eddsa/issues/
• https://github.com/w3c/vc-di-ecdsa/issues/

Formal Objections

None

Any changes in implementation information?

Seven more implementations have been added to the test suites since CR1, bringing the total implementations registered to thirteen (13) across all data integrity cryptographic suites:

https://github.com/w3c/vc-test-suite-implementations/tree/main/implementations

Deadline for further comments

30 days

Any changes in patent disclosures?

None

cc: @msporny @brentzundel @Wind4Greg @dlongley

---

(Edited 2024.10.26 by IH: updated the wide review section)

[plehegar]

I don't see any wide review requests for those changes, including horizontal reviews. Some changes impact security/privacy and would be good to get a review of those.

[iherman]

Raised w3cping/privacy-request#146 and w3c/security-request#78.

[iherman]

Raised w3cping/privacy-request#146 and w3c/security-request#78.

Request deadline has passed without any reactions.

[plehegar]

Approved.

With the understanding that security folks will keep looking at this (#58).

[iherman]

Documents published and announced, see, e.g., https://www.w3.org/news/2024/five-candidate-recommendation-snapshots-published-by-the-verifiable-credentials-working-group/. Closing.