- From: <msporny@digitalbazaar.com>
- Date: Tue, 21 Oct 2014 14:35:50 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes for this week's Credentials CG telecon are now available: http://opencreds.org/minutes/2014-10-21/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials Community Group Telecon Minutes for 2014-10-21 Agenda: http://lists.w3.org/Archives/Public/public-credentials/2014Oct/0041.html Topics: 1. Intro from Dale McCrory from Courseload 2. Introduction to Nate Otto from Concentric Sky 3. Review Credentials CG Presentation to Web Payments IG 4. Review Credentials CG F2F Agenda 5. Review Credentials Use Cases vote status 6. Open Badges and JSON-LD Organizer: Manu Sporny Scribe: Dave Longley Present: Dave Longley, Manu Sporny, Mark Leuba, Dale McCrory, Nate Otto, Bill Gebert, Mary Bold, David I. Lehn Audio: http://opencreds.org/minutes/2014-10-21/audio.ogg Dave Longley is scribing. Manu Sporny: Anything to add to the agenda? No additions to agenda. Mark Leuba: In transit today, can't scribe, but invited Dale to the call. Manu Sporny: Dale, would you mind giving a quick intro? Topic: Intro from Dale McCrory from Courseload Dale McCrory: In the enterprise space, for 8-9 years, historically, I've been in the integration space, as the principle ? manager for tech sales force. The 360-degree view of an individual was important for us. How you bring together information about an individual who has a lot of different online identities was an important question. As directory of production management, "how do we follow educational experiences, etc. as they move around, eg: if one person comes back at 20s, 30s, and 50s getting an education there's no easy way to coordinate that. Identity is really important." Manu Sporny: Thanks for the intro, Dale. We loved hearing it, lots of stuff in common with what we're working on here. Manu Sporny: Nate, could you give a quick intro? Topic: Introduction to Nate Otto from Concentric Sky Nate Otto: I come here from the Open Badges community. I've been working with them for 2 years. I just took a job with Concentric Sky to work on badges. Manu Sporny: For those that don't know, Nate is working on badges/JSON-LD/etc and is very active in the community. Manu Sporny: Today's Agenda is mostly about prep-work for W3C TPAC next week. Topic: Review Credentials CG Presentation to Web Payments IG Manu Sporny: http://opencreds.org/presentations/2014/tpac-wpig-ccg/ Manu Sporny: This is a very rough draft of a presentation we're doing on Monday to the WPIG. We're trying to convince W3C that credentialing should be taken standards track sooner rather than later. Before we talk about the proposals we have on the table we need to make the case to the W3C membership. TPAC is happening next week in Santa Clara, CA. We're going to take every advantage we can to make the case for Credentials. Our first presentation will be at noon. Manu Sporny: We're trying to get people interested in the Credentials CG as well. Manu Sporny: We're taking this approach because of KYC and anti-money laundering is an important problem to solve on the Web and in finance in general, we have people from the education space on the call today and we're also looking at it from healthcare, and if we can get those 3 verticals on the same page that would be great. Manu Sporny: The presentation is designed to be a very high-level overview of credentials and badging. Manu Sporny: The second slide we just define what a credential is, that's the definition the CG agreed to in the charter. Manu Sporny: I talked to Sunny Lee and Chris McAvoy about the video that's in the presentation, etc. we'll talk about Badge Alliance. Manu Sporny: ACDT will talk about high stakes credentials and signatures, etc. Manu Sporny: We'll have ETS talk about how they are a big player in this space and they want it to succeed, etc. Manu Sporny: We're outlining that there's a really strong desire from the educational space to make this work. Manu Sporny: We don't have to talk about the financial space because those people will be there and know of the issues. Manu Sporny: The healthcare people should be able to put two and two together from that. Manu Sporny: I've got some details about the CCG there -- transparency, that we discuss tech/specs, etc. Manu Sporny: Just to get people to understand what the CG works on. Manu Sporny: Does anyone feel uncomfortable with the order or what we're presenting? Nate Otto: Is someone from ETS going to be presenting with you? Manu Sporny: Bill Gebhart from ETS will be presenting Manu Sporny: The other folks we'll have in the room will be from, for example, Bloomberg, National Association of Convenience Stores, others I can't mention, about 50 people in the room, about 70% of top tech companies in the world will be in the room. Manu Sporny: Next slide covers history and where the specs come from, etc. I should add the Badge Alliance there. Nate Otto: To do: add Badge Alliance founding (Feb 2014) to Brief History slide Manu Sporny: Next slide we outline clear, narrow focus, don't want to "solve the whole identity on the Web problem." Manu Sporny: That means different things to different people and there's a rich history of failure around those sorts of initiatives. We want to keep our focus tight. Manu Sporny: Next we talk about design criteria and link to use cases. Manu Sporny: Then we show the technology stack we're using today. Manu Sporny: Anything not clear? Group feels the presentation is acceptable, but images can't be viewed in recent version of Google Chrome. Dale McCrory: I can't see them either (and in Chrome) Manu Sporny: Direct links to images - tech stack: http://opencreds.org/presentations/2014/tpac-wpig-ccg/images/technologyStack.svg Manu Sporny: Collaborators: http://opencreds.org/presentations/2014/tpac-wpig-ccg/images/collaborators.svg Dave Longley: "Modelling" is mispelled i think (should be 1 L) Manu Sporny: We didn't want to list any organizations that we're working with yet that we haven't had a discussion about putting their information up there. Manu Sporny: Any concerns about collaborators or what's in the diagram/what's missing? Manu Sporny: Keep in mind we can have input on these slides up until Friday. Manu Sporny: Next slide is about what information CCG will feed into WPIG. Manu Sporny: We'll also continue to experiment with pre-standards tech and do outreach. Manu Sporny: Slide 13 is just a high-level ... "where do you want to go from here?" We have options for discussion. Manu Sporny: We could look at use cases, specs, demos, input from IGF. Nate Otto: Manu, for slide 13, you mentioned you needed to put in an open badges demo. Let me know if you need help figuring out what to put there. Manu Sporny: Please send me some links for Badge Alliance stuff ... info packed and shorter is better. Manu Sporny: Send whatever you think is best, pull Sunny and Chris in maybe and figure out what you guys want in there. Nate Otto: Cool, will talk to them and get back to you in a couple days. Manu Sporny: So we'll fix the image issues, link to some more Open Badge/Badge Alliance demos, specs, etc. Manu Sporny: If anyone thinks of anything between now and Friday please send it to the mailing list so we can get the changes in ASAP. Manu Sporny: Bill, we need input from ETS wrt. the presentation, we'll do that offline. Bill Gebert: Ok, sounds good. Topic: Review Credentials CG F2F Agenda Manu Sporny: Face to face agenda: https://docs.google.com/document/d/1FQmZt_2FTjRMO5YSBLS-3dwuNQFi_BFEvbIRoUg7pGA/edit Manu Sporny: This agenda is very drafty. Manu Sporny: It's for Tuesday at TPAC. Manu Sporny: There's something called the Advisory Committee meeting (the AC part of TPAC) from 11-3pm on Tuesday, many of the big W3C reps will be there (MS, Yahoo, Google, Yandex, etc.) there are many other people that aren't the AC rep that are looking for something to do during that time and we've got time then. The idea is to have a very fast 1hr or 1:15 min meeting and intro people to the CCG. People there will have never been to one of our meetings and talk about our goals, etc. Manu Sporny: We'll have an hour for lunch and then during the afternoon we'll jump into demos and use cases and roadmap discussions. Manu Sporny: We would probably want to do some quick demos to ground the work, this is a credential, this is how you verify a credential, etc. Then talk about our use cases and ground the discussion. Manu Sporny: We can talk about how we'll align endorsement work in the future, talk about vocabularies and how we'd like the Badge Alliance to take that work on, talk about things we may cut or what's missing, the general state of things as they exist today. Manu Sporny: Then the future planning will be, unfortunately, only a 20 minute discussion. We'll talk about keeping the calls going, how we'll coordinate with the WPIG and how we'll try to drive more membership into this group, etc. Manu Sporny: That's the general layout, but honestly I spent about 15-30 minutes thinking about the Agenda, so we may need to re-think it or rearrange it. Manu Sporny: Any general thoughts about it for the F2F at TPAC? Manu Sporny: Anything missing or any discussions we want to have earlier than later? Nate Otto: That all looks pretty good. Dave Longley: In general agreement on the agenda. It's basically the outline that we followed for the Web Payments CG introduction we did last year. [scribe assist by Manu Sporny] Dave Longley: Where the CG came from, where it's headed, we should talk about that - we also need to talk about how this fits in w/ Web Payments. [scribe assist by Manu Sporny] Nate Otto: Badge Alliance can't come. wish I could come too. Dave Longley: If you wanted to tweak the flow a bit, you could briefly go over where Credentials CG came from - why it split out of Web Payments CG. Relate it to Web Payments IG in some way. [scribe assist by Manu Sporny] Dave Longley: Talk about how technology/ideas solve problems in other spaces. [scribe assist by Manu Sporny] Dave Longley: You may take that tact and it may make it flow a bit more nicely [scribe assist by Manu Sporny] Dave Longley: Important that we don't spend too much time talking about history. We need to ground the work. [scribe assist by Manu Sporny] Manu Sporny: Any other concerns with the agenda? Keep in mind we can change it all the way up until the day of (Tuesday), but chiming in earlier would be helpful. Topic: Review Credentials Use Cases vote status Manu Sporny: Vote called last Tuesday: http://lists.w3.org/Archives/Public/public-credentials/2014Oct/0028.html Manu Sporny: https://docs.google.com/forms/d/1EZCOQ2kIv9FB94RuL6R3w2Ycq8CLbGV_wrAtBrXI-2A/viewform?usp=send_form Manu Sporny: You have until 5pm today to vote, so get your votes in if you haven't already. Manu Sporny: We've got a decent number of votes, I'd like to see at least six more to feel confident that most people saw and voted on it. Manu Sporny: These are the same use cases we've been discussing in the group ... so it's a formality, most should be familiar. Manu Sporny: Any other concerns for the upcoming TPAC meeting? No other concerns. Topic: Open Badges and JSON-LD Manu Sporny: Could you give us a brief updating on what you're been working on with respect to JSON-LD/signatures on the Badge Alliance side? Nate Otto: I think most people on the call are probably familiar with how badges are structured. Nate Otto: We're looking at updating standards to move towards using JSON-LD and make it possible for different issues to share their representations. Nate Otto: JSON-LD is pretty good in that you can say "this is the term I'm using and it maps back to a URL that describes what it does" Nate Otto: However, if two different people add a location to a badge, one may be thinking about the location where the badge was earned, and others might be thinking about a location for future possible opportunities for earning a badge. So slight differences in meaning. Nate Otto: So we're looking at bundling properties together and publishing context files and letting people use those and share them, etc. Nate Otto: Does anyone have any questions? Manu Sporny: That sounds clear so I understand you. It's a good direction. I do have a couple questions. Manu Sporny: Badge Alliance is focused on using JSON-schema, and we also use that to validate messages coming into REST APIs. The system that receives it can frame the data coming in and put it in a specific structure and then JSON schema can be used to verify the syntactic requirements are met. Manu Sporny: You can ensure that the proper semantic information is in there and the syntactic structure of the badge is what it needs to be. Manu Sporny: I think that's restating what you said, what I'm trying to express is that there's a large amount alignment there. Nate Otto: I do want to make sure we're building the right thing. At first we wanted to get a proposal out in July but it slowed down, and there are a bunch of different ways to structure the relationship between JSON-schema and JSON-LD and -- things like whether you force people to put extension properties in a certain place or anywhere in the badge, etc. So a lot of design decisions to make. Manu Sporny: I noticed that there was a big discussion about what you just said -- if you put all the extensions in a top-level object, you don't really need JSON-schema except for things like addresses, as it has structured data like street name, city/state/region, etc. all of those things. Nate Otto: Some pictures/diagrams to look at https://docs.google.com/presentation/d/1dNvp9fab4IkTNr0k68JruYmPCA0F2Cbj4LFeflt1yFc/edit#slide=id.p Manu Sporny: I don't think we can get away from JSON schema; it's currently unclear what the best approach is (at global JSON-LD scale), some orgs take JSON-LD and convert to RDF and do a SPARQL query against it and that's not what we want to do to Web Devs, but it's one way to do it. The JSON-LD @context can have extra data in there but there's no standard way to express that ... if we're going to do that we might want to pull in the rest of the JSON-LD community to have that discussion. There are other orgs that are doing that but there is no vocab that has come about as a result of that. What we could do is take the work that you've done and feed it back to the JSON-LD community as general input. Let's say we want to use JSON-schema and not JSON-LD framing, would that be a valid way of doing it. All I'm saying is let's take advantage of that community an d they have great insight and have been working with JSON-LD for the last 4+ years. Nate Otto: I think that's a good idea and this work is ready for feedback from that kind of group. Nate Otto: We have prototypes of it actually working, etc. I personally think those prototypes are hundreds of lines too long and I'd prefer something simpler :) -- I'd like to have that conversation with the group. Manu Sporny: We'll try to get that conversation going. Nate Otto: Great, we can talk to people that have done this before. Manu Sporny: Any other concerns that are floating out there that you'd like input on ... as far as the move to JSON-LD, etc.? Nate Otto: You originally suggested doing a very flat approach, and I've pushed back on that because I do like keeping things module. There are some details with different scope that work better that way. Nate Otto: Toward the end of that slide deck that I linked to, there are some sketches for how I think some small iterations move towards 2.0 that could break backwards compatibility and I'd like some good technical feedback on that to see if it's a good direction to head. Manu Sporny: There are some other concerns I want to put pins in where I have you here; I think the digital signatures thing is a big question mark now, TrueCred/Credential stuff does it one way, and the Open Badge stuff does it another way. I think we want to discuss that. Manu Sporny: Let's say you refer to a badge class using a URL and you digitally sign that badge, what happens if that badge class changes? Nate Otto: Those are exactly the questions I'm wrestling with this week. :) Manu Sporny: For example, if someone got a Pilot License credential at some point and then the requirements change 5 years later, you want to make sure that the requirements aren't auto-pulled into the signed badge. Nate Otto: I do think I'm moving towards what TrueCred/ACDT has prototyped. Nate Otto: The JWT stuff has issues, like modification without breaking signatures, etc. Manu Sporny: Ok, let's put a pin in that and say we need to have a discussion about that. Nate Otto: Building a vocabulary: We have been doing some very preliminary vocab work http://etherpad.badgealliance.org/ba-standard-defininitions in the badge alliance Manu Sporny: The other discussion we want to have is about vocabulary. I dont' think anyone in this group wants to reinvent the wheel, and Badge Alliance already has a vocabulary. We'd like to use that and transform that into a proper RDF library with a proper JSON-LD context and I know you've already been doing some of that work. We want to get that document created and build off of it. That's joint work the CCG and Badge Alliance can work on and we can maybe hand off to Badge Alliance or Badge Alliance can decide to standards track that and feed it back into W3C. Manu Sporny: I don't know where you guys are in BA thinking about that same thing. Nate Otto: We just stuck all the terms into an etherpad to hack on. Dale McCrory: Can a Badge be included in a JWT? Since a JWT may be used during the authorization and authentication process of OAuth? Nate Otto: BA would like to make this very standardized Manu Sporny: Any places that you feel the two approaches are misaligned? Nate Otto: Nothing comes to mind right now. Manu Sporny: If we can use JSON-LD and figure out the vocab, we're 80-90% there. We can deal with other differences. Manu Sporny: I think that would be a huge success. Manu Sporny: Thanks for your work on the alignment work, Nate. Nate Otto: JWT is the current technology used for signing Badges, the Badge assertion is complete in terms of having all the information; I don't know much about OAuth. You definitely could deal in JSON directly. If I'm misinterpreting that feel free to contact me on the mailing list, etc. Manu Sporny: The Web Payments work started off with OAuth a long time ago, and we have looked at JWT. And I'm speaking specifically for Digital Bazaar and ACDT. We don't like the complexity that OAuth (and OpenID Connect) bring to the table for Credentials; there's a simpler way to do it. There are proposed mechanisms for login, etc. We are planning on showing how to do OAuth with a Credential, etc. during login, but it's more complicated than it needs to be. Nate Otto: Mozilla's badge issuing platform BadgeKit uses JWT to send requests between system components. Dale McCrory: I was thinking about reinventing the wheel and known developer knowledge. Manu Sporny: Secure Messaging vs. Javascript Object Signing and Encryption: http://manu.sporny.org/2013/sm-vs-jose/ Manu Sporny: We feel that the Secure Messaging spec is much simpler, the downside is it's a new spec. We do provide things for people using the other existing stacks. Manu Sporny: Take a look through that blog post, we went into a lot of detail on why we're not for the JOSE stack. Manu Sporny: Any other concerns before we head off to TPAC next week? No concerns voiced by group. Nate Otto: Thanks for welcoming me to the call. Enjoy TPAC, and we'll talk again in 2 weeks! Manu Sporny: Call next week is canceled we'll be at TPAC. Mary Bold: Thanks all David I. Lehn: Bye!
Received on Tuesday, 21 October 2014 18:36:13 UTC