W3C home > Mailing lists > Public > public-credentials@w3.org > September 2015

Credentials CG Telecon Minutes for 2015-08-25

From: <msporny@digitalbazaar.com>
Date: Tue, 01 Sep 2015 10:39:57 -0400
Message-Id: <1441118397447.0.30520@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Gregg Kellogg for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

http://opencreds.org/minutes/2015-08-25/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials Community Group Telecon Minutes for 2015-08-25

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2015Aug/0039.html
Topics:
  1. Recruiting
  2. Standards Implementation Foundation
  3. Update from IMS Global
  4. Capabilities Wrap-up
Action Items:
  1. Manu to follow up with Ian about VitalSource as W3C member.
Organizer:
  Manu Sporny
Scribe:
  Gregg Kellogg
Present:
  Gregg Kellogg, Manu Sporny, John Tibbetts, Sunny Lee, Richard 
  Varn, Eric Korb, Brendan Benshoof, Brian Sletten, Dave Longley, 
  David I. Lehn, Rob Trainer
Audio:
  http://opencreds.org/minutes/2015-08-25/audio.ogg

Gregg Kellogg is scribing.
Manu Sporny:  Need to wrap-up recruiting drive. Need to ping one 
  more time and give them a last opportunity.
  … We’re doing pretty well.
  … Also need to get back to standards implementaitons.

Topic: Recruiting

Manu Sporny:  We’ve had a drop-off in new people signing up. We 
  have about 60 organizations that haven’t responded yet, but we 
  have a good set to show W3C.
John Tibbetts:  I’ve sent an update about Vital Source.
Manu Sporny:  W3C tries to get larger companies first, but will 
  accept smaller companies.

ACTION: Manu to follow up with Ian about VitalSource as W3C 
  member.

Manu Sporny:  W3C staff are having deliberations on when to have 
  a call for us.
  … I’m presenting again at the Web Payments F2F in Sapporo 
  Japan.
  … a number of members have stepped up and said they want this 
  on the agenda.
Sunny Lee:  Are you familiar with the connecting credentials 
  event that’s going on?
Richard Varn:  We know about it, and we’re going.
http://connectingcredentials.org/national-dialogue/#co-sponsors
Sunny Lee:  A lot of the work is descdribed on their website.
Manu Sporny:  How does this dovetail with badges and so forth?
Sunny Lee:  Too early to tell how this impacts us, they’re having 
  a meeting in D.C. on Oct. 5.
Richard Varn:  There’s a place we can submit things ahead of 
  time. We can add something to their site about what we’re doing.
Manu Sporny:  We’ll make it an agenda item for next week, and 
  talk about who should present our work there.

Topic: Standards Implementation Foundation

Manu Sporny:  About a year ago we discussed creating a group that 
  would do technical implementaitons of the work we’re doing here.
  … This was called the “Open Payments Foundation”, because we 
  thought this would interesect.
  … But, in June, the payments group put credentials on the 
  back-burner.
  … The foundation would have hired engineers to do open source 
  implementaions of various standards, but the effort fell off.
  … We had submitted with the Software Payment Concervancy, but 
  they haven’t gotten back to us.
  … We’re not making good enough progress on creating this 
  organization, and it’s important that we do.
Eric Korb: This orginazation is the Foundation, not the 
  Credentials Community Group
Manu Sporny:  I had a discussion with a large world-wide 
  technology organization, and they’ve said they’re interested in 
  our work, but they’re planning on basing the hash table work on 
  BitCoin.
  … They want to go standards track with their platform. They’re 
  aligned with our goals, but have different ideas on the 
  distributed hash.
  … They’re counter argument as that they want to launch in 5 
  months, and the Blockchain is out there and can be used.
  … We should already have an implementation of WebDHT, but we 
  dont. So, organizations are willing to go forward with 
  Blockchain.
Brendan Benshoof:  There’s an easy conflation in terms if it’s 
  “a” or “the” Blockchain.
Manu Sporny:  “The” Blockchain.
  … Problem for us doing this is that noone has put up funding 
  for this yet. It’s a large project which requires the full 
  support of the community to do such implementaitons.
  … THey want to collaborate with us, and we should get into a 
  discussion with them about particulars of Blockchain and 
  decentralized ledgers. But, we’re not in a possition as a 
  community to move on this thing. As a result, such a large 
  organization may try to make a de-facto standard, which would be 
  pretty horrible for interoperability.
  … For example, Internet of Things devices are too underpowered 
  for the Blockchain. THe easiest counter is to say we have an 
  implementation. But, we’re falling behind.
Brendan Benshoof: +1 Multiple Decentralized Backends
Brian Sletten:  Is it not possible to have multiple DiD 
  implementations, and this could be one of 2 or three?
Manu Sporny:  Could be, but issues about namespace, and URI 
  schemes.
  … This also makes implementaions more complex. We’re trying to 
  keep the complexity down.
Dave Longley:  It also creates different levels of trust, 
  depending on what network is used.
Manu Sporny:  For example, all mining activity is in China, and 
  they could presumably overwhelm the system and take over ids.
Brian Sletten:  It seems like a problem we should be able to 
  handle.
Brendan Benshoof:  We could also mirror different systems to 
  create a single namespace.
Dave Longley:  We’d rather there be a single popular system and 
  avoid fracture. But, it’s not against the design of the system to 
  have separate systems.
Manu Sporny:  There are plenty of decentralized/federated 
  identifier systems that failed because of implementation 
  complexity.
  … Or, they could be implemented in non-interoperable ways.
  … We allow design flexibility so we can fix things down the 
  road, but there should be “one true way” to implement things 
  which will make it easy for organizations to deploy at a low 
  cost.
Dave Longley:  That also allows an open implementation to be used 
  for smaller systems.
Manu Sporny:  If anyone can help on funding this effort, please 
  get in touch through email.

Topic: Update from IMS Global

John Tibbetts:  We had several touch points presenting our ideas 
  at the conference.
  … We had a dinner where we got together some key decision 
  makers, and it bounced all over the place.
  … There’s a realization that the standard creates the plumbing 
  that allows an ecosystem of different systems.
  … They’re looking at all kinds of different choices, including 
  Oauth2, JWT, etc.
  … There’s a longer-term work that  addresses things a trusted 
  pipe doesn’t help.
  … It’s important for this group to realize that this is a 
  longer-term project, and not a short-term project.
  … I think the IMS is not likelyl to move quickley enough for 
  our needs.
Eric Korb:  I did a a machine-to-machine demonstration of a 
  credential using the standard.
  … Presentation focused on work we’re doing here. IMS has also 
  endorced the Open Badge Alliance.
  … As we start to see our work converge with IMS, there’s a 
  great opportunity. As John pointed out, there’s an even greater 
  opportunity for machine-to-machine authorization.
John Tibbetts:  I heard positive feedback. The seeds have been 
  planted, but we’re going to have to keep showing up.
Manu Sporny:  Telling W3C membership and management that we’re 
  actively engaged with IMS Global is a positive message.
Eric Korb:  There are also issues at IMS regarding authentication 
  and identity. This is a sticky point for us, but it presents and 
  opportunity.
  … They keep coming back to identity being a big problem. They 
  compare this with Shibolith.
  … OAuth/OpenID is overkill for what they want to do.
Manu Sporny:  For machine-machine, the HTTP Signatures stuff 
  comes to mind.
Eric Korb:  They need to be educated about this. We need to offer 
  to help with this.
John Tibbetts:  We did bring the HTTP Signatures stuff up, and 
  the one objection is that “we can’t go with something that noone 
  uses in production”
Manu Sporny:  Several organizations have been using it, as I 
  pointed out.

Topic: Capabilities Wrap-up

Manu Sporny:  We’ve been going through this for the last couple 
  of weeks. We’ve shared upcoming blog posts with some people, and 
  one of the founders of the Microsoft Infocard stuff, and the 
  OpenID have reviewed and said they agree about much of what’s in 
  the posts.
Brendan Benshoof:  I’ve been focusing on the message, and have 
  folded together some things.
  … For example, centraized vocabularies. It’s open enough to let 
  the market decide.
  … The converstaion with dlongley was about revocation of 
  certificates. We talk about the provider hosting in some 
  contexts, and in others the issuer.
  … We narrowed this down to the provider hosting the 
  certificates, but the issuer maintaining a reference to see if 
  it’s revoked.
Brendan Benshoof: 
  https://gist.github.com/BrendanBenshoof/3b955f1a96d7cb75b93c
  … I’m working on a draft to discuss this ^^^
  … The next step is to start writing a lot more about it.
Manu Sporny:  Link to credentials retrospective.
  … The criticisms from OpenID Connect and Infocard are that 
  they’re not sure this is the right way to go. We can tell you 
  about our experience.
  … We talk about an extensible data model. They think this is 
  overrated; Infocard was very extensible, but noone extended it. 
  This lead to implementation complexities.
  … In OpenID Connect we found a way to do this in a clean way, 
  and we think that was the right way to do it. We’re not claiming 
  that we succeeded.
  … If you give them 3 options, you can guaranteed 3 
  non-interoperable implementations. Otherwise, it’s a failure to 
  standardize.
  … For choice of storage, they ended up with a bunch of 
  federations that spoke to each other, but didn’t find at generice 
  ID.
  … It’s not designed to be as generic and interoperable as what 
  we’re doing. There’s a question of bias, because of 
  self-selecting the audience.
  … I believe we heard in this group that we want generic 
  providers and consumers, but this is at odds with the OpenID 
  Connect experience. There are definite providers and consumers.
  … They like the privacy-enhanced bits. Portability isn’t 
  important for them; once people select, they don’t move.
  … They were very complimentary, and wanted to participate in 
  the work.
Received on Tuesday, 1 September 2015 14:40:21 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:25 UTC