Verifiable Claims Telecon Minutes for 2016-05-24

From: <msporny@digitalbazaar.com>
Date: Tue, 24 May 2016 15:03:33 -0400
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Message-Id: <1464116613237.0.10721@zoe>

Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-05-24/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-05-24

Agenda:
https://lists.w3.org/Archives/Public/public-webpayments-ig/2016May/0034.html
Topics:
1. Introductions to New Participants
2. Agenda Bashing
3. Introduction to Anil John and DHS Blockchain R&D
4. Other Introductions
5. United Nations ID2020 Summit Recap
6. Rebooting Web of Trust Design Workshop Recap
7. Recent Vermont Legal Finding
8. Update on Work Items
Organizer:
Manu Sporny
Scribe:
Dave Longley
Present:
Dave Longley, Manu Sporny, Maria Vachino, Anil John, Darrell
Duane, Shane McCarron, David Chadwick, Bill DeLorenzo, Dan
Burnett, Anita Brady, Jason Weaver, Kerri Lemoie, Colleen
Kennedy, Christopher Allen, Richard Varn, Carla Casilli, Eric
Korb, Wayne Vaughn, Arie Y. Levy-Cohen, Alok Bhargava, Alex
Oberhauser, Jen Behrens, Brian Sletten, Rob Trainer, Alex Romero,
David I. Lehn, Gregg Kellogg
Audio:
http://w3c.github.io/vctf/meetings/2016-05-24/audio.ogg

Dave Longley is scribing.
Manu Sporny: I think it would be best if do a number of
introductions because we have a number of new folks on the call
today.

Topic: Introductions to New Participants

Manu Sporny: If you could give a quick 2-3 sentence of who you
are, the org you're with, and what you're interested in the call
that would be good. Keep in mind that we want to get through this
pretty quickly so we can get to Anil's intro on the DHS
blockchain project.
Maria Vachino: I'm with Johns Hopkins Applied Physics Lab,
Project Manager, U.S. Department of Homeland Security Science and
Technology Directorate Identity Management & Privacy Research
Anil John: I'm Anil John, I'm with DHS, I manage two Programs at
the U.S. Department of Homeland Security Science and Technology
Directorate -- The Identity Management R&D and the Data Privacy
R&D Programs in the Cyber Security Division
Darrell Duane: I'm with Xcelerate and one of the awardees of the
DHS blockchain SBIR.
David Chadwick: I am David Chadwick, Professor of Information
Systems Security from the University of Kent
Bill DeLorenzo: This is Bill Delorenzo and I'm with
Accreditrust. We're in the business of developing platforms for
creating digital credentials and processing services in various
vertical segments and we're in the process of rolling a new
platform, product and services in this area.
Manu Sporny: Rob Trainer and Alex are also with Accreditrust,
skipping in the interest of time.
Manu Sporny: Myself, Dave Longley, Dave Lehn here from Digital
Bazaar been doing work in this area for a while now.
Dan Burnett: I've done standards work on WebRTC and VoiceXML.
I'm one of the current editors for the specifications in this
group on Verifiable Claims Data Model. Do stuff at W3C and IETF
Anita Brady: I'm a Vice President of Product Management &
Strategy with Oracle in their Financial Services Global Business
Unit, participating out of interest in this group.
Jason Weaver: I'm the Director of Digital Credential Strategy at
Parchment. Parchment is an academic credential company.
Kerri Lemoie: I'm the CEO/CTO at OpenWorks Group, we build
smart, scalable web and mobile-ready applications for
organizations and businesses focused on education and educational
services. I'm also an Openbadges contributor, member,
contributing to badges on blockchain.
Colleen Kennedy: I'm with Pearson, work with Acclaim Badges
team, representing Matt Stone.
Christopher Allen: I'm Principal Architect at Blockstream,
chair of Hyperledger Identity WG, adviser of ID2020, organizer of
Rebooting Web of Trust, associated with a number of
standardization activities.
Richard Varn: I'm a Distinguished Presidential Appointee at
Educational Testing Service (ETS), converting high and low stakes
score assessments into credentials. I've also been a CIO,
legislator, and have been working on credentials for about 30
years.
Carla Casilli: I'm working with Connecting Credentials, working
with Badge Chain, coming from open badges environment.
Shane McCarron: With Spec Ops, been involved with W3C for 20
years or so, Spec Ops chartered to help development of standards
in this area.
Eric Korb: Eric Korb, CEO, Accreditrust (by chat), digital
credentialing platform service provider
Wayne Vaughn: I'm the Founder & CEO at Tierion, a blockchain
technology company, authored a protocol called chainpoint,
related to VCTF WG goals. Participated at ID2020.
Manu Sporny: Welcome everyone that's new. We're probably missing
6-7 people due to various conferences, so not everyone. But
hopefully everyone can see that we're getting a fantastic
critical mass of people from different industries.

Topic: Agenda Bashing

Manu Sporny: Today we have a packed agenda.
Manu Sporny:
https://lists.w3.org/Archives/Public/public-webpayments-ig/2016May/0034.html
Manu reads agenda.
Manu Sporny: We won't get through the whole agenda today, so
we'll front load the call with as many of our new guests as
possible and let them say a couple of things about what they're
working on and how it might relate to the work we're doing here,
any updates or changes to the agenda?
No changes requested.

Topic: Introduction to Anil John and DHS Blockchain R&D

Manu Sporny: Anil, if you could give us some background on the
DHS blockchain project that would be great.
Anil John: Good morning everyone, good X for different time
zones :).
Anil John: Stepping back, science advisor of homeland security,
job is to look 5 years out and understand what's coming down the
line. There's irrational exuberance around blockchain. Our
interesting blockchain tech is quite the reverse. As PM in this
area and someone who has been in the field for some time, I'm a
skeptic when it comes to blockchain tech. The proposal we put out
there is to get at the root of what blockchain can do.
Anil John: If you are in the identity attributes space, there
are fundamental set of principles to make it real. [lists them].
Anil John: On the privacy side, selective disclosure,
pseudoanonymity, etc.
Anil John: Proposal is to find out how or if blockchain tech can
implement those principles and if it makes sense to do so.
Anil John: As part of it, we've awarded to four companies,
Digital Bazaar, Respect Network, Xcelerate, and Narf
Technologies.
Anil John: Need to find out if the tech can be built out. If
it's true, there are a set of things that become open. DHS is an
authoritative source for a variety of claims and attributes,
eligibility to work, first responder attributes, so on. Shared
responsibility with DHS and FEMA, local as well.
Anil John: There are use cases there but not going there or
recommending to customers without having foundation proved or
disproven.
Anil John: Companies working on this will give us an answer or
tell us to go somewhere else to spend our time on.
Anil John: That is DHS' interest in the technology and why we're
funding the projects.
Manu Sporny: For those new to the call you can type: "q+" to get
on the speaker queue.
Manu Sporny: Please add yourself if you have any questions.
Manu Sporny: If you don't want to speak or can't, you can type
into the chat channel.
Manu Sporny: Everyone in this group is trying to figure out what
the architecture for a self-sovereign/user centric identity
system would be like. We're also trying to translate that into
specs to take through W3C process.
Manu Sporny: Could you give us your thoughts on that ... are you
looking for products or standards or a hybrid?
Anil John: I don't have a clear answer. This is a conversation
that I know people in self-sovereign identity people have heard
this speech from me before. My concern in general is that there's
a drive ... everyone agrees that there is value in individuals
controlling their data and their ability to assert whatever you
define as identity. My comment to that has always been "great",
but in general the adoption or lack thereof in this space has
always been driven by imbalance in power of asserters of info and
consumers of info.
Anil John: Consumers have a lot of power in accepting or
rejecting that. If you want those people to accept your
self-sovereign identity or any other type of identity, it needs
to be vouched for and trusted ... by someone the relying party
trusts.
Anil John: I haven't seen an effort to address that particular
point, more like an effort to create an identity production
thing. Large scale lives or dies on that. The authoritative
nature of the claims and how you prove that authoritative nature
is critical to address.
Manu Sporny: Great, thank you, Anil.
Arie Y. Levy-Cohen: I have a comment on self-sovereign identity
control points just made.
Arie Y. Levy-Cohen: With regards to self-sovereign identity,
fine and good for we the people ... I'm sure that there are
regulatory and governmental reasons for not relinquishing control
over identities to people themselves might be an issue, but isn't
that solved somehow with an elegant layer of permissioning
depending on the circumstance?
Anil John: Yes, and I think I agree with you. At a higher level,
it's irrelevant to someone who is trusting an assertion ... maybe
too strong of a word, doesn't matter where it's from but more
that someone is standing behind it and that they can trust that
entity.
Anil John: That needs to be addressed by whatever mechanism you
put into place. That seems to be lost in the noise.
Manu Sporny: I think part of the issue that we've always had in
this group is terminology, but we've heard enough of it to
understand that what Anil is saying is something we hold to be
true in this group. The consumers of the credentials need to be
able to trust the issuers and it needs to be dynamic some
consumers will trust one set others a different set.
Manu Sporny: Self-sovereign can be part of the solution... I see
this as a good sign, we're gaining momentum.
Eric Korb: +1
Anil John: I slightly disagree, the person that issues the
claims might be disparate from the person who is vouching for
them on behalf of the person.
David Chadwick: Plastic cards provide a good model of how they
work in practice today
Anil John: It is irrelevant to me who is the issuer, an org, an
individual, what is important to me is who is standing behind it.
Anil John: It doesn't need to be the same identity.
Manu Sporny: Yes, absolutely, I think there's a lot of alignment
on that.
Anil John: Yes, digital signatures also give you this -- it
doesn't matter who is presenting a credential, it matters who
makes the claim (who is standing behind it)
Manu Sporny: There's also some discussion in the IRC channel.
Alok Bhargava: I just have one clarification that I'm looking
for, the point that Anil just made, I don't think that's related
to technology.
Manu Sporny: No, I think it's somewhat related, but is
technology agnostic.
Alok Bhargava: I think whether we support the notion that he
brought up, what tech to use is a separate question.
Manu Sporny: Yes, and that's part of the technical work we've
been doing and will continue doing.
Dave Longley: Because we were talking about how technology may
or may not have to do w/ separating who is making an assertion
and who is making it. The technology that we're working on here
is very different from service-centric. Instead, we have
decoupled those who make the assertion from those who verify the
assertion. [scribe assist by Manu Sporny]

Topic: Other Introductions

Alex Oberhauser: Hi Alex Oberhauser, I'm the CTO of Cambridge
Blockchain. [scribe assist by Manu Sporny]
Jen Behrens: Hi, I specializes in privacy and policy analysis,
governance, data analytics, information technology, and identity
management solutions. My main focus is on privacy compliance and
the implementation of trust framework governance structures for
pilot programs as awarded by the National Strategies for Trusted
Identities in Cyberspace (NSTIC).

Topic: United Nations ID2020 Summit Recap

Manu Sporny:
https://twitter.com/ChristopherA/status/733671106612199426
Christopher Allen: I just put a twitter status into IRC that you
can go to see my slides.
Christopher Allen: It was at the UN. It's a big deal, we had
ambassadors and policy makers, etc. there. Goal to bring the
legal, gov't side of things (legal code) to the technologies who
have software code.
Christopher Allen: Goal is leaving no one behind, provide legal
identity for all, a UN mission, to do by 2030. 16.9 million or
19.6 (I forget exact number), leave no one behind, want
partnerships with technologists and they want innovation. Call to
action. We want to do a lot of education, interesting blockchain
opportunities, need policy commitments, balancing short term and
long term needs.
Christopher Allen: Slide 3, what can get in the way? There are
risks, but we need to protect communities, not create new
problems, we don't want to become ... "digital colonialists" into
these worlds. We need to figure out the appropriate role of gov't
and lots of individual challenges around adoption.
Christopher Allen: Next slide about specific problems with
identity, carrier problems, people who don't have voice, tilted
toward first world, lots of issues in the financial sector, want
to give access but also protect people. Information rights and
records to be careful. Next slide is the reality. 10 million
stateless people in the world and 1.5 billion without
citizenship. How do we handle refugees and voters. Need a unified
vision.
Christopher Allen: Be careful with regard that identity could be
weaponized.
Manu Sporny: Christopher talking through
https://twitter.com/ChristopherA/status/733671106612199426
Christopher Allen: We talked about best practices and what the
role of biometrics is. Talked about what tech can do to make this
a reality, want individual freedom. I was quite pleased to hear
an ambassador use the term self-sovereign identity. We need to be
flexible.
Christopher Allen: I think that's a good summary, the event was
very much a high level overview, there were opportunities for
meeting and networking but not for creating specific initiatives
or documents, proclamations or things of that nature. The want to
do another one a year from now. I used this to lead into
Rebooting Web of Trust.
Christopher Allen: Self-Sovereign Identity as a concept was well
received
http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
Manu Sporny: Thanks, Christopher. Before we go on, event was
deeply moving. Was about people who are most vulnerable on this
planet and how identity and identifiers could be something that
could help. Tying the work that we're doing ehre to people in
refugee camps that could use these techs to make their lives
better was one deeply important and moving. And two we were able
to make contact with a number of people that are on the ground in
these refugee camps and people that are trying to prevent human
trafficking and view identity as a way of reducing it.
Manu Sporny: We have access to a number of people that are doing
that and before we didn't. Now in Web Payments and in Credentials
work there are a number of people who want to help people in
vulnerable positions and but now we've made contact with peopel
on the ground and hopefully we can tighten up the feedback loop
to build something to help people in these positions.
Manu Sporny: Anil did you have comments on the event?
Anil John: It was a good event, it was remarkable in that there
were three different communities there, policy makers,
technologists (very heavy on blockchain front), and people with
deep pockets.
Anil John: I look forward to seeing how the problem that
supposedly brought them all together will motivate them toward a
common goal. I was heart broken by the challenge and the issue
but I wasn't overly enthusiastic over what came out of it other
than as a networking event.
Christopher Allen: +1 Anil
Brian Sletten: I was just curious if the negative side of
identity side came up as a concern.
Christopher Allen: That was a big part of what my goal at ID2020
was to make sure those issues were brought up.
Manu Sporny: Absolutely, it also became a big part of the
discussion at Rebooting Web conference. A number of people who
work at refugee camps w/Syrians have said that many Syrians dont'
want to be identified because exposing their identity would allow
people back home to be harmed.
Manu Sporny: It could create a terrible event. So there was
focus on tracking and the dangers that come with that.
Christopher Allen: Something that fed into the next day, there
has to be some better understanding on the ground. There are some
warm places to sleep but it requires a handprint to enter and
people would rather sleep in the mud and cold because of a
general fear of the identity tech.
Christopher Allen: We need to understand these types of things
at all levels.
Manu Sporny: Absolutely, any questions, concerns before next
topic?
None

Topic: Rebooting Web of Trust Design Workshop Recap

Christopher Allen:
https://github.com/WebOfTrustInfo/ID2020DesignWorkshop/
Manu Sporny: There was an event directly after ID2020.
Manu Sporny: Christopher has been putting these together.
Christopher Allen: We had some documents to capture, photos,
whitewalls, etc. The goal of a design workshop is to have a
facilitated discussion and create output that can be iterated
upon by the community. Goal was to have five whitepapers out of
the conference and other benefits of bring people and ideas
together.
Christopher Allen: At the link in IRC there are advanced
readings.
Christopher Allen: There to give people context and focus.
Christopher Allen: We did a report about the results from our
last conference to make sure people are on the same page. Then
went through an exercise to imagine 2021 and to look at the
differences and the language issues and places where people
disagreed and such. By middle of first day driving into topics
and Manu and Wayne had already addressed things like differences
with proof of publication and so forth, other projects brought
up. In the end we'll have 8-9 whitepapers/specifications come out
of this design shop over the next couple of weeks as people have
a chance to massage the info. I'd like to have people from the
design shop say what it was like from their side but I'm very
positive about it and the results. Architecture for
self-sovereign ID, decentralized identifiers, identity
correlation info, lots of great stuff.
Manu Sporny: Wayne, any thoughts on the workshop?
Wayne Vaughn: Great workshop, 40-50 people there, tech founders,
lead engineers, from NYC area. I had brought chainpoint protocol
info ... lets you provide a verifiable proof of publication. Very
much related to the proof of publication work Manu is doing.
Wayne Vaughn: We had taken a previous version of chainpoint and
done it in JSON-LD and it turns out that it was very much like
Manu's ... done indepdnently, very close, very interesting. After
working together it is clear we're all working on the same path
and a clear path forward.
Wayne Vaughn: For something we can propose to standardize.
Christopher Allen: Focus was to capture and ship ideas, not just
talk.
Manu Sporny: Thank you, that's just one example of like 30
similar experiences there. One example is a breakout group got
the VCTF architecture and worked on it themselves and there was
huge overlap with what we've done ... lots of deep technical
expertise from each blockchain company talking about to have
decentralized identifiers and proof of publication, associating
creds with blockchains ,etc.
Kerri Lemoie: +1 Decentralized identifiers and sharing amongst
chains
Manu Sporny: I cannot underscore how deeply technical the people
in the room were and I'd say that they may even have more
experience in implementing things than this group which is saying
something because we have heavy hitters in this group.
Manu Sporny: People looked at the VCTF architecture and didn't
throw it out, instead iterated on it and we're going to have
those folks come to this group and present.
Manu Sporny: One of those folks is a person that worked on the
email standard and he also worked on the domain system standard
we depend on.
Manu Sporny: So we've also got Christopher Allen who worked on
TLS as well, so very heavy hitters in this space.
Christopher Allen: (The review of vc use cases was really
transformative of them)
Manu Sporny: We got a bunch of really good comments on the
architecture and we'll be getting those into the group, comments
on the use cases, etc.
Manu Sporny: https://www.w3.org/2016/04/blockchain-workshop/
Christopher Allen: I just wanted to close to say that there's
going to be a W3C blockchain meet up at the end of June and we're
hoping to revise more items at that conf and it appears so far
from the survey that the last week of Sept will be when we have
another Rebooting Web of Trust in SF, Microsoft will host.
Christopher Allen: So people can keep in their heads if they
will be joining and participating.
Manu Sporny: Awesome and I dropped the link to the W3C
blockchain workshop in IRC.
Christopher Allen: Www.weboftrust.info
Manu Sporny: Any questions Rebooting Web of Trust Workshop or
work that happened there and it's relation to what we're doing
here?
Christopher Allen: Vermont bill H.868, passed by house and
senate, expected to be signed by the Governor Peter Shumlin any
day now, has around page 307 a section § 1913 titled "Blockchain
Enabling"
http://legislature.vermont.gov/assets/Documents/2016/Docs/BILLS/H-0868/H-0868%20As%20Passed%20by%20Both%20House%20and%20Senate%20Official.pdf
KEYQUOTES: * As used in this section, “blockchain technology”
means a mathematically secured, chronological, and decentra[CUT]
None

Topic: Recent Vermont Legal Finding

Christopher Allen: In the house and senate in Vermont, they
passed bill H.868 with section "blockchain enabling" ... which is
says any mathematically secured ledger [more specific legal
text]... but that allows for both bitcoin like blockchains and
other types. They are saying that an electronic record in a
blockchain shall be considered self-authenticating which comes
from previous digital signature legislation which means you can
use it for business activity. The date and time of a record in
the blockchain can be considered fact, you can know who the
person is that recorded that record.
Christopher Allen: There are some caveats here, the bill doesn't
say the validity about the truthfulness of that record but it's
basically reversing burden of proof on this, doesn't require
state gov't to use this at this point, but it does say that the
legality or authorization of an activity which is verified
through blockchain ... so later if you put your proofs on bitcoin
and the govt says they don't like bitcoin, your proofs are still
valid even if the blockchain is used for something else.
Christopher Allen: I met the guy who helped draft it and trying
to recruit him and other political people to get similar things
added. If I were to do one thing differently, I'd change format
as per an international standard.

Topic: Update on Work Items

Manu Sporny: Thank you Christopher -- update on work items. I
want to iterate to the group that this group will not become
"blockchain blockchain blockchain", we just had a lot of events
about it. This is just a heads up about what just happened and
we're concentrating on a single call.
Christopher Allen: (I'm at MIT media lab and some good verified
credentials interest here)
Dan Burnett: Claims data model draft spec:
http://opencreds.org/specs/source/claims-data-model/
Carla Casilli: Blockchainz 'R us. ;) Great to hear all of this
activity.
Manu Sporny: Dan Burnett, can you give us an update on the data
model spec?
Dan Burnett: Not enough time to cover everything, I sent an
email about it. The main ones are that there's a JWT example, I
renamed Credential to be TBDCredential because we didn't pick a
prefix, we just need to decide that, that's probably the biggest
item other than review. I updated examples to be as real as I
could.
Dan Burnett: I haven't decided what we want to say in the intro
but not go too far in making people think this is a decision vs.
some ideas.
Dan Burnett: There's a big topic on the list and we can discuss
that sometime.
Christopher Allen: (At some point I would like to see that
optional proof of publication be a requirement of any alternative
forms)
Shane McCarron: Use cases updates?
Manu Sporny: Thank you. Charter hasn't been updated, use cases
had several hours on it at design workshop changes are pending,
haven't updated the FAQ, got data model spec updated from Dan,
survey results in a holding pattern but found someone to update
that doc and produce it. Still need someone to write a one page
summary for W3C AC reps. Architecture document got a tremendous
amount of work this weekend at the workshop.
Manu Sporny: This is a group of six people at workshop that did
a review of the use cases, no contact with this group previously
and in the next 2 weeks or so they'll get the review to you,
Shane.
Manu Sporny: We've got about a month to get this in front of the
Web Payments IG and then push it to W3C for a vote.
Manu Sporny: We have the first three weeks of June to get it
done.
Kerri Lemoie: Excellent call. Thank you
Manu Sporny: Sorry the call was so packed today, we're out of
time -- thanks to all and we'll see you all next week at 11am
same channel.
Carla Casilli: Thanks, Manu. Congrats on all of the work!

Received on Tuesday, 24 May 2016 19:03:59 UTC