W3C home > Mailing lists > Public > public-credentials@w3.org > January 2016

Verifiable Claims Telecon Minutes for 2016-01-05

From: <msporny@digitalbazaar.com>
Date: Tue, 05 Jan 2016 13:14:02 -0500
Message-Id: <1452017642945.0.23471@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-01-05/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-01-05

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Jan/0002.html
Topics:
  1. Background on Verifiable Claims work
  2. Problem Statement and Scope
  3. Key Questions
  4. The Interviews
Organizer:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Manu Sporny, Dick Hardt, David Chadwick, Shane 
  McCarron, Drummond Reed, David Singer, Nate Otto, Jörg Heuer, 
  Kerri Lemoie, John Tibbetts, Daniel C. Burnett, Bill DeLorenzo, 
  Ted O'Connor, Carla Casili
Audio:
  http://w3c.github.io/vctf/meetings/2016-01-05/audio.ogg

Dave Longley is scribing.
Manu Sporny:  The purpose of this call is a briefing call on the 
  Verifiable Claims work.
Manu Sporny:  The idea here is to introduce you to the work we've 
  been doing for the past 2-2.5 years. This is in preparation for 
  interviews we'd like to do with each of you.
Manu Sporny:  We've identified each of you as experts that we'd 
  like to get feedback from you before W3C does anything, if we do 
  anything. We'd like to get your thoughts on the topic, which we 
  will minute and record.

Topic: Background on Verifiable Claims work

Manu Sporny: http://w3c.github.io/vctf/
Manu Sporny:  The site was just updated this morning with 
  Benefits to Stakeholders and some other info.
Manu Sporny:  The purpose is to find out is there's a need for 
  user-centric Verifiable Claims/Identity Credentials. The proposal 
  focuses on a user-centric system vs. service-centric systems like 
  SAML, OpenID Connect.
Manu Sporny:  We're trying to focus on whether a user-centric 
  system would be a good way to address the problems.
Dick Hardt: There are other models besides pure server centric 
  and pure user centric
David Chadwick: If you consider the way plastic cards work today, 
  they are user centric
Manu Sporny:  We've identified a problem statement that has 
  pretty broad buy in from those involved so far, but we'd like to 
  reach out to various experts and get their input. We'd like to 
  hear feedback from "This is a terrible idea don't do it" to "This 
  is heading in an ok direction" to "We support the work, etc", 
  various critiques.
David Chadwick: I dont need to tell the card provider who I show 
  the card to
Manu Sporny:  We've been trying to solve some of these problems 
  for 15+ years and some would argue longer.
Manu Sporny:  The group that has been putting this stuff together 
  for the last two years is called the Credentials Community Group 
  at W3C and have produced some technology, but the Verifiable 
  Claims Task Force is taking a higher view, not focusing on any 
  particular tech solutions at this time, only analysis, etc.
Manu Sporny:  Any questions from anyone who is new to the call? 
  (to the background information, etc)

Topic: Problem Statement and Scope

Manu Sporny: http://w3c.github.io/vctf/#problem
Manu Sporny: 
  http://opencreds.org/presentations/2015/w3c-tpac/anonymized.html
Manu Sporny:  This has fairly decent buy in from those that have 
  been involved (the problem statement). There is a survey that we 
  sent out, we go around 44 organizations to respond to the survey. 
  We have anonymized those responses and the link is in IRC.
Manu Sporny:  The participating orgs have helped put the problem 
  statement together. We have many of the participating on these 
  calls for the past year.
Manu Sporny:  We've talked about the problem statement and scope 
  on this page. The question to experts, Dick Hardt, Brad Hill, 
  etc. is "Have we stated the problem well?" "Is this a problem for 
  the Web?" "Is it a good problem statement?" "How should we 
  proceed?" etc.
Shane McCarron: Are there specific business problems your 
  organization needs solved that this sort of activity might 
  address?
Manu Sporny:  Any questions from people on the call for the type 
  of feedback we're looking for?
Manu Sporny: http://w3c.github.io/vctf/#problem
Manu Sporny:  The link is in IRC^.
Drummond Reed:  We've talked about this once before but it might 
  help others on the call. The problem statement specifies OpenID 
  Connect as service-centric. Could you crystalize what you think 
  makes it service-centric and not user-centric?
David Singer: Why is it a priori user-centric?
Manu Sporny: http://w3c.github.io/vctf/#definitions
Manu Sporny:  There's a link I'll put into IRC to specify what we 
  mean by user-centric and service-centric. We realize this whole 
  area is rife with terminology and the meanings have changed over 
  time and we apologize for that. We list definitions at the link.
Drummond Reed: Absolutely the whole area is "rife with overloaded 
  terminology".
Manu Sporny: http://w3c.github.io/vctf/#design-approaches
Manu Sporny:  We talk about user centric systems as talking about 
  placing users at the center of the ecosystem and we list design 
  ramifications that are outcomes from a user-centric design vs. a 
  service-centric one.
Manu Sporny:  So we describe the differences between a user 
  centric system and a service centric one and the hope is that 
  before we do interviews with you that you read our definitions.
Manu Sporny:  Based on the definitions we have on the page, we 
  describe OpenID Connect as service-centric because the service is 
  in the middle, it issues the claims, claims are not portable, you 
  are locked into a particular identity provider/agent vs. portable 
  and owned by the user themselves, etc.
Drummond Reed: IMHO, identifiers not being portable is a huge 
  point.
Manu Sporny:  These are just some of the reasons that the system 
  isn't user-centric. People have been talking about some of these 
  things for years like Dick Hardt.
Manu Sporny:  A user-centric system has portable identifiers, 
  yes, as Drummond Reed mentioned.
Dick Hardt: Would be nice to be able to be on the call.
Manu Sporny:  David Singer asked "Why is it a prior 
  user-centric?" ... We needed to put a stake in the ground about 
  how what we're talking about here is different from previous 
  attempts to solve verifiable claims on the Web.
Manu Sporny:  So how is this different from LDAP, SAML, OpenID 
  Connect, etc.
Manu Sporny:  So a user-centric design has a lot to do with that.
David Singer:  I agree that it's important to talk about previous 
  solutions, but why is user-centric part of the problem statement?
Manu Sporny:  The easy answer is that that's how the group 
  decided to phrase the problem statement; the fundamental thesis 
  of the group is that service-centric systems exist, OpenID 
  Connect, SAML, pick your super provider, etc. saying we're going 
  to address a problem that those solve is a non-starter, but 
  clearly problems still exist. Solving what those solve is a 
  non-problem. Not seeing user-centric systems, things that are not 
  on the Web now -- like driver's licenses and passports and things 
  we put in our wallets and that we control in that way ... those 
  user-centric systems are the ways we deal with verifiable claims 
  in the real world/physical world.
Manu Sporny:  We haven't been able to transfer those things to 
  the Web and why haven't we? And thus the user-centric language 
  comes into the problem statement.
David Singer:  Yeah, that's good enough for now.
Dave Longley:  I would like to add... [scribe assist by Matt 
  Collier]
Dave Longley:  We build up physical identities but that has not 
  translated well to the web. [scribe assist by Matt Collier]
Dave Longley:  One thing to add - having these credentials in the 
  physical world, but not having them in the digital world - we go 
  about our lives building up our physical identies - describes 
  different parts of our lives - we can't create rich digital 
  identities that can can carry and give out to different consumers 
  where relationship between us and our wallet is not important. 
  [scribe assist by Manu Sporny]
Drummond Reed: Good answer.
Dave Longley:  Use some other container to hold our credentials - 
  the relationship is between us and the consumer, or us and the 
  issuer. There is this whole aspect our lives in the physical 
  world that have not translated into the digital world. A lot of 
  it has to do with user-centric design. [scribe assist by Manu 
  Sporny]
Nate Otto: +1 Dlongley
Dick Hardt: There are other models besides pure user-centric and 
  pure server centric.
Drummond Reed: Yes, I think that's a great subject for the 
  interviews.
Manu Sporny:  Does that provide enough information for this 
  subject for the interviews?
Manu Sporny:  Yes, we definitely want to hear about those other 
  models, Dick.
Manu Sporny:  When we speak with you, we'd love to hear your 
  feedback on that. We're not saying the system won't be some kind 
  of hybrid.
Manu Sporny:  But the first question is "Is there a problem that 
  needs solving?" And then if the answer is yes, "Are there some 
  general guidelines to help us falling into traps of the past?"
David Singer: We also need to agree it is our problem....
Drummond Reed: I think there's very broad agreement on the 
  problem. The key question will be: what is unique about the 
  solution that will allow it to break through where all the 
  previous attempts have failed.

Topic: Key Questions

Manu Sporny:  Please go and read everything on that VCTF page -- 
  because it's stuff that we have consensus around from the 20+ 
  orgs participating in the work. But we can challenge those things 
  and change them based on your input.
Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/ProposalsQ42015/VerifiableClaimsTaskForce#Open_Questions
Manu Sporny:  If you don't have the time to read and formulate 
  your own response, we do have a set of questions we can ask you.
Manu Sporny:  Link is in IRC for some of these.
David Chadwick: That is mirrors the use of plastic cards in the 
  physical world, because they work
Manu Sporny:  [Lists questions at link]
Jörg Heuer: We've worked on - and demoed at occasions - a system 
  that relies on a user-centric flow with corporate-centric 
  credential objects... is that close to what you think of, Dick? 
  (like in the good old 'info card' days)
Manu Sporny:  The other point to make about these questions is 
  that they are just suggestions. During your interview, please 
  feel free to discuss whatever you want. They are just there to 
  help you figure out the type of input we're looking for.
Manu Sporny:  Any feedback on open questions or general feedback?
Drummond Reed: I don't see a question focused directly on 
  portable identifiers (it's inherent in the "moving claims" 
  topic).
Drummond Reed:  It's a pretty good question list. Maybe the 
  question of portable identifiers is important enough that there 
  isn't a direct question about that. It's a good list, it's 
  comprehensive.
Manu Sporny:  I'll add a question about portable identifiers.
Shane McCarron: That's a good point!
David Singer: We need to know if W3C is the right place, and has 
  the right people and skills
Dick Hardt: I don't think portable identifiers are a required 
  part of the architecture.
David Chadwick: I agree with Dick re portable IDs
Dick Hardt: I think there is an important problem to be solved. 
  It is unclear what role W3C should or could play.
Shane McCarron:  Are service-centric identifiers a problem?
Manu Sporny:  Ok, great input, that's the type of stuff we hope 
  come up in the interviews.
Kerri Lemoie:  Should the distributed web be explored? 
  Blockchain, bittorrent....
Manu Sporny:  Dick is saying the problem is important but unclear 
  what role W3C should play.
Drummond Reed: That's a great question, given that aspects of 
  this problem have been tackled by IETF and OASIS and OpenID 
  Foundation and Open Identity Exchange as well.
Drummond Reed: I'm sure I've left out others.
Manu Sporny:  Brad Hill together a real quick document giving us 
  his thoughts before this call happened.
Manu Sporny: Brad Hill's feedback so far: 
  https://docs.google.com/document/d/1aFAPObWUKEiSvPVqh9w1e6_L3iH4T08FQbJIOOlCvzU/edit?usp=sharing
Manu Sporny:  That's a list of all of the concerns he's had so 
  far. General concerns about problem statement, fraud abuse, 
  trust, all that stuff.
Manu Sporny:  This is the type of feedback that is super helpful. 
  We want to make sure we're considering all the pitfalls with the 
  problem statement as proposed, etc.
Manu Sporny:  If you have time to provide that kind of input that 
  would be super helpful. Written input is good, at some point 
  we're going to document what you tell us one way or another.
Manu Sporny:  Putting it in a google doc is good because we can 
  iterate one that, but also showing up on a call and rambling 
  about everything you're concerned about for an hour is also good. 
  We'll have someone scribe it.
Manu Sporny:  Any questions on how to provide feedback or the 
  questions or type of input we're looking for? Does everyone feel 
  comfortable, if we get on a call with you one-on-one you can let 
  us know what you think directly?
Drummond Reed: Yes, this is great background.
Drummond Reed:  Absolutely, this is excellent background.
Manu Sporny:  David Singer, Ted?
Manu Sporny:  Karen?
Drummond Reed: I also like the idea of putting feedback and 
  thoughts in a Google doc.
David Singer: Good so far

Topic: The Interviews

Manu Sporny:  After listening to this, reading the minutes again 
  would you be able to provide some input?
Manu Sporny:  We're hoping to do interviews in the last two weeks 
  of January and we're hoping to get them finished as quickly as 
  possible so we can iterate and keep our rapid progress going.
Manu Sporny:  Let me bring up the questionaire on your 
  availability
Manu Sporny: If you have been asked to do an interview - please 
  sign up for some times that work for you during the last two 
  weeks of January: http://goo.gl/forms/RY4f5h36Y5
Manu Sporny:  Please let us know what time works for you on that 
  form.
Manu Sporny:  When you let us know, it will be the same dial 
  number as now ... hopefully with any issues resolved.
Manu Sporny:  We're going to go through anything that's on your 
  mind, any concerns, etc.
Manu Sporny:  That's it as far as background and what the problem 
  statement and scope is and the key questions we're going to ask 
  you and the type of feedback expected.
Manu Sporny:  Any other questions from the people doing an 
  interview? Do you feel well-prepared?
Drummond Reed:  I certainly do.
Manu Sporny:  We're going to try and circle back around with Dick 
  Hardt and Brad Hill because they couldn't dial in.
David Singer: I am sure more questions will come up in internal 
  discussion, ...
Dick Hardt: I don't really know what I missed by not being on the 
  call.
Manu Sporny:  If there aren't any other questions please fill out 
  that form and let us know what time works for you. Thanks 
  everyone so much for your time, it's really appreciated.
Shane McCarron: Good briefing!  Thanks!
Manu Sporny: Apologies to those that had connectivity issues, 
  we'll try to figure out what happened.
Received on Tuesday, 5 January 2016 18:14:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC