W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Comments on VCTF Report

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Thu, 18 Feb 2016 14:47:58 +1100
Message-ID: <CAM1Sok0OvvHxaG4_Mnr1_Fw7uEbc1QAFuSERov6J=W-+ytnDdg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Credentials Community Group <public-credentials@w3.org>
Why is the work being explicitly directed towards use within the education
market?

Is this a technical or commercial consideration?

On 17 February 2016 at 17:01, Manu Sporny <msporny@digitalbazaar.com> wrote:

> Feedback on Verifiable Claims Task Force Final Report Draft from Ian
> Jacobs (W3C Payments Staff Contact):
>
> -------- Forwarded Message --------
> Subject: Comments on VCTF Report
> Date: Tue, 16 Feb 2016 20:59:32 -0600
> From: Ian Jacobs <ij@w3.org>
> To: Manu Sporny <msporny@digitalbazaar.com>, Dave Longley
> <dlongley@digitalbazaar.com>
> CC: Web Payments IG <public-webpayments-ig@w3.org>
>
> Dear Members of the VCTF [0],
>
> Thank you for preparing a report [1] on your activities for discussion
> at the upcoming face-to-face meeting. I read the report and the
> minutes of all the interviews. I have not read the use cases [2].
>
> I have several observations and questions that I'd like to share
> in advance of the face-to-face meeting. I look forward to the
> discussion in San Francisco. I will continue to think about
> topics like "questions for the FTF meeting" and "ideas for next
> steps."
>
> Ian
>
> [0] http://w3c.github.io/vctf/
> [1]
>
> https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Feb/0029.html
> [2] http://opencreds.org/specs/source/use-cases/
>
> ==================
>
> * First, thank you for conducting the interviews. I appreciate the
> time that went into them, and you managed to elicit comments from an
> interesting group of people.
>
> * In my view, the ideal outcome from the task force's interviews would
> have been this: By focusing on a problem statement in conversations
> with skeptics, areas of shared interest would emerge and suggest
> promising avenues for standardization with buy-in from a larger
> community than those who have been participating in the Credentials
> Community Group.
>
> * With that in mind, I think the results are mixed:
>
>      - The interviews included valuable feedback that I believe can be
>      useful to focusing discussion of next steps. For example,
>      compiling a list of concerns about the project is very useful.
>
>      - I believe the report does not do justice to this useful
>      information.
>
> * Here is why I believe the report does not do justice to the
>   interviews: it includes information that I don't believe was part of
>   the task force's work, which clouds what the report could most
>   usefully communicate. Specifically:
>
>     - The survey in 5.1 was not part of the task force's work [0].
>
>     - While documenting use cases [2] is valuable, I did not read
>       in the interviewer's comments that they had considered the
>       use cases. It would have been interesting, for example, for
>       the interviewees to have considered the use cases, and to
>       determine whether there was a small number of them where
>       there was clear consensus that it was important to address
>       them. But without connecting the interview comments to the
>       use cases, I believe they only cloud this report.
>
>       Thus, I find confusing the assertion in 6.4 that
>       a "point of consensus" is that there are use cases. That
>       may be the consensus of the Credentials CG that produced
>       them, but it is not clear to me from reading the minutes
>       that there is consensus among the interviewees on the
>       use cases. Similarly, section 3 (Summary of Research Findings)
>       goes beyond the work of this task force to include the use
>       cases.
>
> * While there were a lot of valuable comments in the interviews, it would
>   not be cost-effective to paste them all here. Here are a few synopses:
>
>   - It sounded like people acknowledged the problem statement
>     and also that this is a hard problem to solve.
>
>   - Many people emphasized the opportunity to improve security and privacy.
>     One opportunity that was mentioned had to do with user-friendly key
>     management (which made me think of SCAI).
>
>   - There is a high cost to setting up an ecosystem, and so the
>     business incentives must be carefully considered and
>     documented. (This is covered in 7.3 of the report.)
>
>   - I found Brad Hill's comments particularly helpful:
>
>
> https://docs.google.com/document/d/1aFAPObWUKEiSvPVqh9w1e6_L3iH4T08FQbJIOOlCvzU/
>
>   - A number of comments seemed to me to suggest a strategy for
>     starting work:
>
>     * Start small.
>     * Start by addressing the requirements of one industry and build from
>       there. I heard two suggestions for "Education" and explicit advice.
>       against starting with health care or financial services.
>     * Be pragmatic.
>     * Reuse existing standards (a point you mention in section 3 of the
> report).
>
>
> * I don't understand the role of section 4 ("Requirements Identified
>   by Research Findings"). This is not listed as a deliverable of the
>   task force [0] and it does not seem to me to be derived from the
>   interviews. The bullets don't really say "Here is the problem
>   that needs to be solved." I think the use cases comes closer, and
>   we need more information about business stories as mentioned above.
>   Talking about things like software agents helping people store
>   claims feels like a different level of discussion.
>
> * In section 6 "Areas of Consensus:
>
>   - "Current technologies are not readily solving the problem."
>
>     I don't think that's the consensus point. I think that formulation
>     suggests too strongly "and thus new technologies are needed."
>
>     I think the following headline phrase is more accurate: "Reuse
>     widely deployed technology to the extent possible." You do say
>     something close to that in the paragraph that follows, and
>     again in 7.8.
>
>   - "Minimum First Step is to Establish a Way to Express Verifiable
>     Claims"
>
>     (Also covered in a bullet in section 4.)
>
>     First of all, I did not reach that result from reading the
>     interviews.  Second, the very sentences in the paragraphs that
>     follow suggest there is no consensus. Namely:
>
>     * "Many of the interviewers suggested that having a data model and
>       syntax for the expression of verifiable claims AS ONLY PART OF
>       THE SOLUTION." (This suggests they may not agree that "expression"
>       is a minimal first step and that MORE is required in a first step.)
>
>     * "Some of the interviewers asserted that the technology already
>       exists to do this and that W3C should focus on vocabulary
>       development." (So this is a recommendation to do vocabulary work.)
>
>     * "Others asserted that vocabulary development is already
>       happening in focused communities (such as the Badge Alliance,
>       the Credentials Transparency Initiative)." (This doesn't say
>       anything about what W3C should do; perhaps this sentence could
>       be attached to the previous one instead.)
>
>     * "Many of the interviewers suggested that the desirable outcome
>       of standardization work is not only a data model and syntax for
>       the expression of verifiable claims, but a protocol for the
>       issuing, storage, and retrieval of those claims, but
>       acknowledged that it may be difficult to convince W3C member
>       companies to undertake all of that work in a single Working
>       Group charter. " (This sounds like a repeat of the first bullet.)
>
>     * "In the end, consensus around the question what kind of W3C
>       charter would garner the most support seemed to settle on the
>       creation of a data model and one or more expression syntaxes for
>       verifiable claims."
>
>     Basically, I do not think there is a consensus to do that among
>     the interviewees. In detail, here’s what I read:
>
>         - Brad Hill: "I don't know"
>         - Christopher Allen: (I don't see any comment)
>         - Drummond Reed: "user-side control of key management"
>         - John Tibbetts: "document what a credential looks like
>                          (perhaps either a data model or ontology)
>                          plus a graphical diagram"
>         - Bob Sheets: "I have a hard time addressing that question,
>                        whatever it takes to get your group started and
>                        on the map and doing work the better."
>         - David Chadwick: (I don't see any comment)
>         - Mike Schwartz:  (I don't see any comment)
>         - Dick Hardt:  (I don't see any comment)
>         - Jeff Hodges: (I don't see any comment)
>         - Harry Halpin: "Another option is to scope down and aim at a
>                         particular problem domain, for example a
>                         uniform vocabulary for educational
>                         credentials. "
>         - David Singer: (I don't see any comment)
>
> * I found interesting the section on "areas of concern" (along with
>   Brad Hill's comments). It might be possible to categorize the
>   concerns like this:
>
>   a) Social issues
>      7.2 scalability of trust
>      7.3 business models and economics
>      7.4 business model for infrastructure
>      7.7 liability; fraud and abuse
>
>   b) Design issues
>      7.5 slow evolution of agent-centric designs
>      7.6 risks associated with identifiers, keys, revocation
>      7.7 reusing existing work
>
>   c) Communication
>      7.1 communicate vision / big picture
>          (BTW, I agree, but this does not imply it belongs in a charter).
>
>   - Scalability of trust is very interesting. I think I agree it's
>     good to have an architecture that supports diverse business
>     models, trust models, etc.
>
>   - On business models and economics: "it is yet unknown if
>     kickstarting the market will be enough to build a strong economic
>     incentive feedback loop." It might be easier to find an answer
>     by adopting the above strategy points about starting small and
>     picking one market.
>
> * Please list the editors of the report. Also, if possible, please list
> in an
>   acknowledgments section of the report the participants in the task force.
>
> --
> Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
> Tel:                       +1 718 260 9447
>
>
>
>
>
>
>
Received on Thursday, 18 February 2016 03:49:09 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC