1 of 20

LinkedClaims for Endorsements &

Binding Digital Objects

Phillip Long, Ph.D., : T3, ASU Enterprise Technology Advisor, Georgetown University, CNDLS p hil@rhzconsulting.com

Dmitri Zagidulin: T3, Interop, Digital Credential Consortium, dzagidulin@gmail.com

Karen Passmore: CEO, Predictive UX, karen@predictiveux.com

Golda Velez: Founder, WhatsCookin, gvelez17@gmail.com

2 of 20

What makes an LER/VC useful to the recipient?

Tamper evidence? (verification)
Certainty of the wallet holder’s identity?*
Clear descriptions of claimed skills?
Structured data?
LD references to standards frameworks?
Ease of asking for what’s sought in what’s sent?**
Other attributes?

*This is in fact something for which the issuer’s KYC practices determine as nothing inherent in the DID methods currently address this.��** The mechanism by which credentials are requested by current APIs such as VP-API or OIDC4VP begins with the relying party making a query that selects the credential types sought by the Relying Party. The Holder can accept or reject the request to include each credential requested. But they cannot replace a requested credential with one of their own choosing, nor add additional credentials not in the original Relying Party’s query. This gives some agency to the Holder. But unlike the discretion given by posting the required and preferred documentation as well as skills and competencies the Relying Party wishes to receive in the application, the current API designs favor the Relying Party.

3 of 20

Current State of VC/LERs

You can send individual LERs, or group them into a ‘stack’ and send them as a Verifiable Presentation to an endpoint, e.g., a digital credential wallet.

On arrival they are an independent unordered set of credentials. The relying party choses the order in which they view them…. or not.

4 of 20

Current State of VC/LERs

You can send a compound credential, credentials embedded within a credential.

This is the model for the CLRv2. The outer credential, the envelope, can contain metadata and be signed. Each embedded credential, an OBv3, can be individually signed or not. The set is a compound object and persists as an object after it is received.

5 of 20

Composed Credentials

Neither of these approaches gives the Holder, or job/school applicant, the ability to orchestrate the sequencing of their credentials to the relying party highlighting what the Holder wants the emphasized. ��

6 of 20

Why do we need LC now?

Distinguishing what’s ”real” and what’s fraudulent is getting harder.��29% of employers report discovering fake references (Zippia,Jun.14,2023)

21% of Americans have admitted to using fake references (IBID)]

Verifying claimed work histories is expensive (employment verification, note:MS offers LinkedIn Entra Verified Workplace IDs, ’free’ if you have a cooperating employer)

What do those who are self-employed, have non-traditional work histories, or are in small businesses who aren’t able to afford the cost of issuing & processing LER VCs?

240,000 Instagram followers; The Washington Post to Lena Dunham’s Lenny Letter have written about the quandary in interpreting this avatar “

(sim) singer Miquela

https://tinyurl.com/7j26ajh7

Anywhere from 10- to 30 percent of candidates are fake”, Emmanuel Toutain, founder and CEO of Terefic, https://tinyurl.com/3mbafn3u

7 of 20

Supporting Skills-based Hiring & Advancement

Put assertions of endorsement in the same secure, verifiable context as assertions of achievements, licenses, or degrees

Mirror the pattern of social recommendations currently used for job applications and resumes using the LER VC framework

Require bona fides of the recommender so the relying party can judge their (the recommender’s) knowledge and value to predict the applicant’s ability to do work the job requires.

8 of 20

For Recommendations We Need

Links to bind of 2 (or more) digital objects together

Tamper evident binding of one credential to another
Binding tamper evident links from a credential to any digital object on the internet (e.g. evidence)

A method to provide confidence the credential subject is from the self issuer (KYC)*�

9 of 20

LinkedClaims for Endorsements & Binding Credentials

Rebooting the Web of Trust

Create a proofed hashlink that is signed between two credentials - either to the second credential, or anchored to id’s in each.

Or create a proofed hashlink from a credential to any external digital object

(The Linking bit…)

10 of 20

Requirements for

LinkedClaims

1. W3C Verifiable Credentials (v2) envelope data model

2. Refer to (make a statement about) an external object, such as:

- Another VC

- A URL (web page, PDF, image, etc)

- A subsection of another VC.

3. A mechanism for tamper evident binding VCs or between a VC and another a digital object linked by URL. (the “hashlink”).

4. Performative evidence.

10

11 of 20

What’s it look like?

12 of 20

LinkedClaims:

LERs Bound Together

1

2

Linked Claims

Multibase hashlinks

"@context": [

"type":[“Verifiable Credential”]

"issuer": {

"credentialSubject": {

"type": "AchievementSubject",

…

"achievement": {

"id": "urn:uuid:e8096060….",

"Name":"UAV Drone Navigation”,

"proof": {

// Signature goes here}...

Self-issued credential by job seeker

PL

"@context": [

"type": [

"issuer": {

"credentialSubject": {

"id": "urn:uuid:e8096060… "digestMultibase":"zb1B1M6Bve5JEaNqeJSmuE"

"recommendation": {

"statement": ”recommendation statement..”

"recommender": {

"id": "did:web:bob.example.com",same as issuer

"relevance": [

"id": "https://SmartResume.com",

"type": "SmartResumeProfile”

"id": "https://a-journal.com/article.pdf"

Recommendation

13 of 20

……

"recommendation": {

"statement": ”recommendation statement..”

"recommender": {

"id": "did:web:bob.example.com",same as issuer

"relevance": [

"id": "https://SmartResume.com",

"type": "SmartResumeProfile”

"id": "https://a-journal.com/article.pdf"

"digestMultibase":"zQmdfTbBqBPQ7VN…

"name": "Control Systems in UAV Flight",

"citation": "...",

Hashlink to external Web Resource

Self-assserted LER/VC Credential

"id": "https://a-journal.com/article.pdf"

digestMultibase":"zQmdfTbBqBPQ7VN…

"name": "Control Systems in UAV Flight",

"citation": "...",

Blah blah blah

Web Journal on Internet

14 of 20

What's New Here

ePIC 2023 - Vienna

4. The core methods used in Composable Credentials with

LinkedClaims via Cryptographic bindings are not novel.

In production use of cryptographic hashes can be found in:

the TruAge credential https://www.mytruage.org/
the C2PA implementation of Truepic. The C2PA spec has a section describing the us of VCs as one method for storing image data.

5. What is new is the introduction of hashlinks, & its

application to the social network use cases described here

14

PL

15 of 20

Summary

ePIC 2023 - Vienna

LinkedClaims provide an on-ramp for incorporating unsigned data into complex proofed claims
Hash-based linking (url + multibase hash) allows cryptographically binding to any permanent digital object
Use of LinkedClaims implements the pattern human social recommendations as networked connected VCs

15

16 of 20

At present credential storage options are primarily focused on:

the mobile credential wallet
cloud custodial wallet (typically associated with a platform)

A hybrid approach is needed using wallet attached storage

Future Work

Wallet Attached Storage

Mobile Wallet

17 of 20

The narrative credential is a like a manifest to a set of boxes in a shipping container.

Or think of it as the text in a journal article that is supported by references or footnotes. Click on the footnote, and you’re brought to the citation that substantiates the claim.

Click on linked text in the narrative credential & you’re brought to the LER/VC supporting claim made

WHAT’S NEXT?

The ‘Missing’ Narrative Credential

These credentials could all be in a wallet, anywhere on the web that has a stable URL address (e.g., a Google Drive of the holder or Ceramic node) ��Note the structure persists after the VP transport to an employer

Future Work

18 of 20

Notary VC confirming didkey is Bob’s

RON Service

Self issuing LinkedClaim App

Notary Bona fides

Verifiable Governance

Verified

Notary Registry

REMOTE NOTARY SERVICE

{

"@context": [

"https://www.w3.org/2018/credentials/v1",

"https://w3id.org/openbadges/v3"

],

"type": [

"VerifiableCredential",

"OpenBadgeCredential"

],

"issuer": {

"id": "did:key:z6MkrHKzgsahxBLyNAbLQyB1pcWNYC9GmywiWPgkrvntAZcj",

"name": "Alice Jones"

},

"issuanceDate": "2022-05-01T00:00:00Z",

"credentialSubject": {

"type": "AchievementSubject",

// Note that the subject of the VC is the issuer, hence self-issued

"id": "did:key:z6MkrHKzgsahxBLyNAbLQyB1pcWNYC9GmywiWPgkrvntAZcj",

"achievement": {

"id": "urn:uuid:e8096060-ce7c-47b3-a682-57098685d48d",

"type": "Achievement",

"name": "UAV Control System for Drone Navigation",

"description": "<description goes here>",

"criteria": {

"type": "Criteria",

"narrative": "<narrative>"

}

Future Work

19 of 20

Other Use Cases

Review of a submitted paper/report (e.g. PDF) e.g., to a customer, academic conference, etc.
Ownership of reputation reviews (e.g., 5-star rankings)\
Assertion that an image/video taken by a camera crew has not been altered since image capture
Verification of disaster recovery funds distribution and outcomes
A person is harmed by an entity
A claim that attests to the provenance of an article posted in a published news service

19

PL

20 of 20

Linked Claims Resources

Disaster Recovery Applications in the W3C Verifiable Credential Ecosystem

LinkedTrust - WhatCookin Communities and Coupons for Good

Composing Credentials via LinkedClaims and Cryptographic Bindin gs

Thanks!

e: phil@rhzconsulting.com