W3C home > Mailing lists > Public > public-credentials@w3.org > July 2016

Verifiable Claims Telecon Minutes for 2016-07-12

From: <msporny@digitalbazaar.com>
Date: Tue, 12 Jul 2016 13:34:49 -0400
Message-Id: <1468344889465.0.10075@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Gregg Kellogg for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-07-12/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-07-12

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Jul/0041.html
Topics:
  1. Verifiable Claims Presentation at WPIG face-to-face
  2. Identified Verifiable Claims "Weak Points"
  3. Next Steps
Organizer:
  Manu Sporny
Scribe:
  Gregg Kellogg
Present:
  Gregg Kellogg, Manu Sporny, David Ezell, Dan Burnett, Matt Stone, 
  Shane McCarron, Richard Varn, Carla Casilli, Dave Longley, Dave 
  Crocker, Nate Otto, Christopher Allen, Chris Webber, Kerri 
  Lemoie, Stuart Sutton, David I. Lehn, Colleen Kennedy, Les 
  Chasen, Rob Trainer, Rebecca Simmons, Matthew Larson, Marta 
  Piekarska
Audio:
  http://w3c.github.io/vctf/meetings/2016-07-12/audio.ogg

Gregg Kellogg is scribing.

Topic: Verifiable Claims Presentation at WPIG face-to-face

Manu Sporny:  We took all the material we’ve been working on and 
  presented it to WPIG two weeks ago to see if they would support 
  the VC work going forward.
  … The IG largely voted to pass it, which is great news! It will 
  take another week for the vote to be binding.
  … There was a large amount of support for the work.
  … Somewhat troubling, there are two large organizations opposed 
  to it as well as another key individual.
  … We’ll see if we want to change anything to help bring them 
  onboard.
  … I want to point out to W3C members on the call to not yet 
  point out which members we’re discussing, as the minutes are not 
  yet public (should be next Monday).
  … Presentation went well, went over various documents. No push 
  backs on documents themselves.
  … No controversial questions. We asked for feedback from 
  critical organizations, and they had some pushback.

Topic: Identified Verifiable Claims "Weak Points"

Manu Sporny:  First set of consistent pushback was that the work 
  is too broad: we have a number of education companies, but not 
  others such as healthcare, finanical, etc. Use cases include 
  this, but not enought people from these sectors.
  … It was suggested to hone down to education case. One 
  organization said they don’t think we’re in the position to say 
  it will work for these verticles.
  … Until they see organizations from other verticles, they’re 
  not convinced we can adequately work on those use cases (also 
  govt).
  … There was quite a bit of pushback from within the IG from 
  members in these sectors, who thought the work was appropriate 
  and necessary.
  … The second criticism was that JOSE/JWT (JSON web tokens) also 
  allows claims to be made. We analyzed this some years ago and 
  found it wasn’t a good fit for Linked Data, but the orgnaizations 
  pushed back saying they’d rather start with JWT and extend as 
  necessary.
  … They basically want to work off of existing technologies. 
  Pushback is that we’re not making technology decisions and 
  working on data model. We’d like a flexible solution, and 
  choosing JWT would be making such a decision.
  … Of course, this pushback from organizations which pushed 
  through JOSE/JWT. there are also oranizations using Linked Data 
  Signatures which would like to go in that direction.
  … There was a philosophical point raised: one org said they 
  felt work hadn’t been incubated enough; they want demo 
  implementations, pilot usage. We pushed back saying we had done 
  this, but they were unsatisifed. They couldn’t say exactly how 
  much deployment would be enough to be satisfied.
David Ezell:  I’d like to thank the VCTF for doing such a great 
  job. In discussions with W3M, it was widely acknowledged that the 
  work done here has been great.
Dan Burnett: One concern I would have with "just use X that's 
  already out there and extend it" is that our starting point 
  principles are not necessarily the same as those of the orgs 
  working on those other technologies.  Any suggestions we make for 
  extensions in those organizations may meet with opposition merely 
  because our goals are different.
  … I wouldn’t worry too much about some of the pushback 
  (particularly the last one), it’s likely to evaporate.
Matt Stone:  I would add to that last point about incubation: I 
  got the sense that they were looking for us to see a standard 
  emerge from the market place. They’re not asking for a pilot, but 
  a developed system that can be rubber stamped. We’ve been waiting 
  for that to emerge for 15 years.
Shane McCarron:  I don’t think it makes sense to approach this 
  against a single verticle. We got pushback earlier that we were 
  too focused on a single verticle.
  … Everytime we come back with more data, the goal posts keep 
  moving. Eventualliy, the absurdity must become broadly apparent.
Dan Burnett:  For those who suggest there are existing 
  technologies that can be extended: the principles we’ve developed 
  would likely make getting existing organizations to adopt our 
  needs would be difficult/imposible. I’ve seen this many times 
  where the NIH factor makes groups reluctant to adopt outside 
  viewpoints.
Richard Varn:  I’d like to second stone’s point that we’re 
  getting in the middle of exisint battle lines between large 
  vested interests. If we focus too much on education, it won’t be 
  clear that there are generic issues that are handled. This leads 
  to a bunch of different solutions.
Carla Casilli: +1 To what RichardVarn is saying about education: 
  and education is connected to other claims. Sorta nuts to just 
  try to do that.
Dan Burnett: +1 Carla (and Richard and Shane)
  … WRT self-soverignty, these are key to a solution, and leaving 
  this out would make it a much weaker solution. If we don’t do 
  this at the W3C, we may need to elsewhere.
Dave Longley: +1 Everyone so far.
Dave Crocker:  References to JWT or others seems to be a 
  fundamental technical error, not because they’re bad, but that 
  they’re at the wrong layer. My understanding was that choices for 
  specific formats/encodings/protocol were not being made at this 
  point, but that we are focusing on design specific to the problem 
  domain. This is much higher than deciding on JSON or encryption 
  details.
  … Critisisms that are proposing JSON are fundamentally at the 
  wrong level at the wrong time.
  … The issue of political motivations/self intereset, I’ve never 
  seen this to be helpful. To the extent that there is a basis for 
  saying there is not support in the industry, this is either true 
  or false. The solution is to just get a broader base of support.
Dan Burnett: +1 Dave Crocker with respect to JSON-based 
  technology recommendations being at the wrong level.  May need to 
  add to FAQ before AC review.
Manu Sporny:  Appriciate the comments, it demonstrates that the 
  concensus building we’ve done has paid off.
  … There was a suggesting to move the problem statement and 
  self-soverign as well as other important parts of our proposal. 
  My expectation is that this group would push back hard on this, 
  as it would imply that we don’t need to solve the problem we’ve 
  decided to. We don’t need to satisfy the suggestions.
Dave Longley: +1 To manu about changing the problem we're solving 
  ... not only would we be solving a different problem, it would 
  make that problem much closer to the same problem that other 
  technologies have solved, for example, JWT -- and then there 
  really is no point for the work.
  … Responses to issues typically don’t end the discussion, they 
  don’t seem to be satisfied with any reasonable response.
Dave Longley: There's a problem that needs solving that hasn't 
  been solved yet -- there's no reason to switch to solving an 
  already-solved problme.
  … I’ll also note that during the blockchain identy meeting, one 
  organization sent in someone that was mildliy disruptive.
  … While we’d like to think the best, it doesn’t seem that some 
  organizations are playing fair. Some critisisms are an attempt to 
  derail the work, rather than being a constructive critisism.
Dave Longley: If an organization thinks that no one is interested 
  in solving this problem and it's all pointless, they should let 
  it fail -- there's no reason to fight so strongly against it.
Nate Otto: +1 To manu about changing the problem we're solving. 
  The Badge Alliance community wants to solve the problems as we've 
  defined them in the use cases, and if we remove language about 
  self-sovereignty, it weakens the applicability of this work to 
  the problems the Badge Alliance and Open Badges community was 
  founded to address.
Carla Casilli: +1 To dlongley and manu's comments
David Ezell:  Respoding to Shane: I would not recommend that you 
  do anything without engaging with W3M on the next steps. The 
  suggestion of limiting to one vertical was a trial balloon. THe 
  same is true for the rest, I would not change anything until you 
  get specific feedback on what they want changed.
Dave Longley: +1 To no changes without specific requests for 
  change
  … To be clear, the WPIG passed unanimousliy (individuals). 
  People should feel good that the work as presented was approved. 
  You need to walk forward cautiously, but hide a big stick.
Matt Stone:  The work wasn’t only approved, but recognized as 
  being of very high quality. We were as well prepared as any that 
  has come before. If we spend too much time responding to 
  complaints, it lends validity to the complaints.
Christopher Allen:  The JWT argument is a red herring, we don’t 
  need to address further. Some big orgs are not of one mind; one 
  group has constituents that need the technologies, and it may be 
  the “old guard” which is being a problem.
David Ezell: S/hide a big stick/keep eyes forward toward 
  progress/
  … I’m generally against removing self-soverign, but could be 
  satisfied with “peer claims” or something.
Christopher Allen:  I’m not sure how to do some things with JWT 
  that we can do with LDS.
Chris Webber: Good news so far!
Nate Otto: +1 There are a number of problems in this area that I 
  don't see a good solution with JWT, but I do see a good path 
  forward with Linked Data Signatures.
  … What are the requiement for consent in W3C? What happens if 
  those opposed continue to say no?
Manu Sporny:  When people saw there was pushback, there was a 
  velied threat that some members would be fine with going to other 
  standards bodies. If W3C Membership doesn’t want to do it here, 
  we can take it elsewhere.

Topic: Next Steps

Manu Sporny:  The WPIG voted unanimously to take forward, those 
  against in are not in the IG (but are member companies). W3M is 
  reviewing the charter and will come back with changes they think 
  will address the concerns. When W3M comes back with changes, we 
  can review and consent.
  … Regarding consensus, the easiest ones are where there are no 
  formal objecitons and there’s support for going forward. We 
  should have enough members to go forward
  … I do expect a formal objection (i.e., we won’t satisfy there 
  concerns). The question will be if we responded at face value. 
  That’s usually good enough for the director to rule on the 
  objection for us to move forward.
  … It will be difficult for FO’s to keep us from moving forward.
  … We’ve handed the charter to W3M, they’ll give us change 
  suggestions, and we can accept or not. Eventually, it goes to a 
  vote.
  … The risks are that for obvious reasons, W3M may take an 
  extended amount of time to come back. (This should be obvious 
  next Monday).
  … We’ve discussed doing an F2F at W3C TPAC in late September.
Dave Longley: https://www.w3.org/2016/09/TPAC/ (19-23 September)
Manu Sporny:  W3C says charter won’t happen in time for TPAC, but 
  that doesn’t mean you can’t ask another group for space.
  … It would be bad to have such a meeting with low attendance.
  … This group should assume we’ll be successful, and plan for an 
  F2F.
  … We need to address JWT thing. Of course it’s premature, but 
  there are likely technical reasons for us to say it’s not 
  appropriate in any case.
  … The Rebooting Web of Trust meeting is happening on the west 
  coast.
Richard Varn: It will be challenging to get travel approvals for 
  international travel for organizations like mine so the sooner we 
  make a decision on whether there will be a FTF (regardless of 
  official status) the easier it will be to get approvals and make 
  travel arrangements.
Kerri Lemoie: http://www.weboftrust.info/
Christopher Allen:  We have a 3 day event reserved. In generall, 
  the VC technologies is of broad interest. I’ve also asked for IIW 
  to make space for us.
Manu Sporny:  Members of this call may want to wave the flag at 
  such meetings to get broad interest in the larger community.
Shane McCarron:  I think we can stop worrying about the charter 
  and independently continue on core data model work.
Kerri Lemoie: +1 ShaneM
  … That’s more the Credentials CG than the VCTF. We did a lot of 
  editing work up to this meeting, but not enough feedback.
Nate Otto: +1 To continuing work on the documents. I have some 
  active feedback on use cases. +1 to manu to showing how some of 
  this works in JWT
Manu Sporny:  We need to be sure the JSON/JWT stuff is tied up; 
  perhaps provide both mechanisms.
Nate Otto: I have a couple active comments on the use cases that 
  I'd like to go back and forth a couple more times with ShaneM and 
  manu in the coming several weeks.
  … We should also note that this has been a volunteeer effort, 
  which is not sustainable. The amount of work will increase, and 
  can’t be done just by volunteers.
Dave Longley: Notes that there's also Dave Crocker's argument 
  that JWT just doesn't matter at this level -- however, it does 
  seem to be the main sticking point for some opposition and I'm 
  not sure they would accept the (IMO, correct) argument that it's 
  at the wrong level.
  … We need to find funding to support the volunteers. 
  Specifcally ShameM, Burn, and SpecOps.
  … We’re going into an area with well funded organizations that 
  want to disrupt the work, which is hard for volunteers to do.
  … Travel expenses, pay for editors, etc.
Manu Sporny:  Next monday the minutes will be public, and we can 
  talk more specifically about strategy. One thing is an analysis 
  of JSON/JWT. When things are voted on, there will be other 
  organizations joining the work who weren’t involved in these 
  discussions.
Received on Tuesday, 12 July 2016 17:35:33 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:30 UTC