W3C home > Mailing lists > Public > public-credentials@w3.org > November 2016

Verifiable Claims Telecon Minutes for 2016-11-15

From: <msporny@digitalbazaar.com>
Date: Tue, 15 Nov 2016 12:14:29 -0500
Message-Id: <1479230069714.0.9641@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-11-15/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-11-15

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Nov/0012.html
Topics:
  1. W3C AB Feedback
  2. Specific Use Cases
  3. Age Verification Use Case
  4. Spec Issues
Action Items:
  1. Manu to migrate specifications to independent repositories.
Organizer:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Matt Stone, Manu Sporny, Shane McCarron, Phil Hunt, 
  Phil Archer, Gregg Kellogg, Bob Burke, Richard Varn, David I. 
  Lehn, Les Chasen, Adam Migus
Audio:
  http://w3c.github.io/vctf/meetings/2016-11-15/audio.ogg

Dave Longley is scribing.
Matt Stone: We need to add the following item to the agenda 
  today:  start process issues in the spec (from manu)

Topic: W3C AB Feedback

Matt Stone:  The link in the agenda that we just dropped in to 
  this discussion... Manu you suggested we add this to the agenda 
  in the last day or two. Could you give us a quick intro?
Manu Sporny: W3C AB Feedback: 
  https://lists.w3.org/Archives/Public/public-credentials/2016Nov/0011.html
Manu Sporny:  Sure. The discussion (the AB feedback) ... just a 
  precursor to this, this is W3C member-confidential, so we can't 
  actually talk about the contents or what people said. We can only 
  talk about what is in the public.
Manu Sporny:  The W3C advisory board, they are elected, there are 
  10 on the board, 3 of them are Tantek (Mozilla), Chris Wilson 
  (Google), Mike Champion (Microsoft). These three have raised 
  concerns about the VC work publicly.
Manu Sporny: Email from Mike Champion of Microsoft: 
  https://lists.w3.org/Archives/Public/public-webpayments-comments/2016Nov/0022.html
Shane McCarron: Huzzah!
Manu Sporny:  Mike Champion from MS sent an email in that 
  basically said that ... it was good. He was convinced that the 
  education industry use cases meet the requirements for 
  effectively starting a working group. He said he's "personally" 
  persuaded, doesn't mean it's a MS position. That's good that we 
  have met the REC track readiness criteria.
Manu Sporny: REC track readiness criteria: 
  https://www.w3.org/Guide/standards-track/
Manu Sporny:  He says we've met that for VC.
Manu Sporny:  MS could still formally object if someone else 
  doesn't want the work to proceed. Mike is convinced from an 
  education perspective, specifically, Matt Stone, Richard Varn, 
  and Nate Otto said things that were convincing. Then he wants to 
  hear from the retail space. We've raised this and we need to hear 
  from Bob Burke, Jay, and we've heard from Gray Taylor from 
  Conexxus but Mike didn't find that compelling. He wants to see 
  the implementers, not in general, but the specific spec being put 
  forward. And do they have the ability to put this into the 
  market. That's where he's coming from.
Manu Sporny:  Those are the types of responses that Mike needs to 
  hear to convince him.
Manu Sporny:  I think that's where we are right now. Matt over to 
  you.
Matt Stone:  A followup question to that is ... I know we spawned 
  out of the Web Payments IG as a need to solve issues in the 
  payments space. And it turns out that another vertical may be 
  more mature in the need (Education). So what? Maybe we validated 
  that we need a standard for industries that are not payments. 
  What happens if we leave them behind and we don't satisfy his 
  need for a use case in that space?
Shane McCarron: (I am not concerned; there are payments people 
  who care; lots of them)
Manu Sporny:  This places the Web Payments IG in an awkward 
  position, they voted unanimously to put the charter up for a vote 
  at W3C in the first place. I would expect that we'd hear from the 
  IG. If we don't, then payments get removed from the charter and 
  that's that. It's mostly that that group didn't expect to be 
  taken out of the charter.
Matt Stone:  Is that something that you and your relationship 
  with the Web Payments members would drive?
Manu Sporny:  Yes.
Manu Sporny:  And Shane, I don't know if you want to say 
  anything.
Shane McCarron:  I put it in IRC already, there are payments 
  people who care and they'll speak up.
Manu Sporny:  We've requested space on the IG call next week to 
  discuss this.
Manu Sporny:  The discussion seems to be around "Yes, but who has 
  actually implemented this out in the field as REC track readiness 
  criteria." What Chris, Tantek, Mike seem to be saying is that 
  they need to see people who have implemented the spec as it 
  stands right now in the wild and this is kind of a new thing at 
  W3C and it's not an opinion that is shared by all W3C members. 
  The general tenor from them seems to be that standards should be 
  discovered and not created, and even though we have organizations 
  saying they've been implementing this stuff for a decade plus, 
  and their response is "You haven't implemented this *specific 
  thing* and how does it solve a problem you couldn't solve 
  before?"
Phil Hunt:  I think you have all put in so much effort, I don't 
  know why it's even a thing and the sooner we get this on the road 
  the better, I'd like to stop arguing and get on with it. This 
  thing with incubation I think you've proved it. I understand why 
  creating standard before market is a bad idea, but this group is 
  being asked to do things that have never been asked to do. I'm 
  amazed that anyone of you are even bothering to show up at this 
  point.
Shane McCarron: I *love* being the first one to break ground at 
  the W3C. :/
Manu Sporny:  Thank you Phil, great to hear from W3C staff that 
  you feel that the bar here is fantastically high. I think the 
  reason the AB discussed this is because reps want to see 
  something changed at W3C. They are concerned that W3C staff is 
  spread too thin and they want to see thorough incubation before 
  work started and the VC work was just coming to a head just as 
  they feel that the way they fee labout changing W3C is also 
  coming to a head. They have new criteria that they want to see 
  become part of the W3C process. They are exercising that 
  philosophy on use through their positions on the AB and as large 
  W3C members.
Manu Sporny:  I don't think we're the first to break new ground, 
  this is a new thing that they want to see happen and they are 
  using us to push that discussion, is my view.
Shane McCarron: I also love being used. :P
Manu Sporny:  But, with that happening, I think we have actually 
  done the things they want us to do. For example, Chris Wilson has 
  said there are no implementations, but there are and they are 
  deployed (Digital Bazaar, ACDT, Pearson, ETS). There's clearly a 
  miscommunication that's happened.
Manu Sporny:  They want to see a system they can use that uses 
  this spec.
Phil Hunt:  I was looking at the use case document. The use case 
  document is deliberately generic. I was asking whether ... Mike 
  Champion, who seems to be softening which is nice, he was saying 
  is there an ecosystem. And we say "Yes". And you say we took the 
  specifics out to make a nice use case document. I think everyone 
  in this group has put enough effort into this. I want to look at 
  the charter and do some bits and bobs with it. I want to go to 
  W3M and talk with them and they need to review it internally and 
  I don't think there's any problem and I think it will go to the 
  AC in the coming weeks. Unless I find anything else, I would be 
  inclined to move the conversation and get on with what you want 
  to do instead of answering the same question from the same people 
  all the time.

Topic: Specific Use Cases

Matt Stone:  So, last week, specifically the use cases have a 
  pendulum swing/yo-yo pattern. On one hand too specific and then 
  too generic. We show one, they want to see the other one. So it 
  seems.
Matt Stone: 
  https://docs.google.com/document/d/1sTlymbzQ2zQsgnWDaNBXTq3aZ77RD_Jp5u9p9DLAcfA/edit#
Matt Stone:  We started a very brief, pragmatic document, from 
  healthcare, education, commerce, KYC. Here are the current use 
  cases that are in practice today that are representative of the 
  marketplace out in the wild where a standard would facilitate 
  interop, privacy, and other goals we have. Can we shift gears 
  about what we need to do, is that the last nail in the coffin so 
  we can move onto issues in the spec.
Matt Stone:  Here's the document that I just put into IRC>
Manu Sporny:  I think one of the things that ... when Phil sent 
  us the email, can we get some documented use cases with real 
  world data, and I think a number of us are just trying to get 
  that data here. I know our organization has a bunch of VC that 
  we're talking with various companies about and we're engaged in 
  pilots. I know Pearson, Evernym, Open Badges, etc have this stuff 
  and we can talk about it and show the friction points on what's 
  out there.
Manu Sporny:  Once we document this stuff we'll link to it from 
  the use cases ... is that what you'd find useful, Phil?
Phil Archer:  You already got a well written use cases document. 
  Given the work you've done here, I'd be inclined ... as a 
  suggestion here, under each generic use cases, you could say 
  "Real world situations where this applies" with one, ideally more 
  cases. These are real world companies that are happy to be named 
  and if we meet these use cases then we've solved these problems. 
  I would update the use case document with these real cases rather 
  than trying to do anything new.
Matt Stone:  It seems like where we are then is, we have a group 
  of us trying to collect real world examples, running right now in 
  a parallel doc and the goal would be to bring them back into the 
  official use case doc and either embed or refer to them.
Shane McCarron: Happy to update the use cases with other data!
Matt Stone:  I hear that right?
Phil Archer:  It's not part of the charter. This is the use case 
  doc that you're working on for the working group. I'm pretty sure 
  the charter is as it's going to be. This is simply to the 
  acknowledge the discussion that's been going on and it can go out 
  in the call to the AC for review.
Matt Stone:  Sure.
Manu Sporny:  I would propose a slightly different strategy; we 
  would still gather the data and put it in the doc, but maybe have 
  a different section with real world data. 30-40-50 people have 
  reviewed the use cases document at this point but don't have the 
  real world data in the document and maybe what we need in the 
  document is a section that just talks about real world data. And 
  we say "For example, here are some VC in the wild today. And we 
  put an example of open badges, pearson/acclaim stuff, ETS 
  examples, JohnTibbets IMSGlobal, we've got examples from DHS, we 
  just put that in there with a bunch of claims and say this is 
  what it looks like and say what's deployed, etc.
Manu Sporny:  Any thoughts on that approach?
Dave Longley: +1
Matt Stone: +1
Shane McCarron: It feels harmless... +1
Gregg Kellogg: +1
Shane McCarron: (Just so people can find the information)
Matt Stone:  I think that's a reasonable way to represent this. 
  When I go through the use cases I don't want to page through a 
  bunch of examples that don't apply to my industry. Right now I 
  can read use cases and see how theey apply. This goes in the 
  appendix.
Bob Burke:  With coupon media we see some applications and should 
  we talk about what we want to do moving forward as well? We see 
  applications for it, we just haven't done it yet.
Manu Sporny:  Yes, basically Mike Champion from MS needs to hear 
  that from you and even just a mock up of what you want to do, he 
  needs to hear it. Right now he's not hearing it and thinks you 
  aren't there, when we know that you're here.
Manu Sporny:  I don't think we'd embed the examples directly in 
  the document because they are very large, but we can link to 
  them. We can store them in the directory. You wouldn't have to 
  thumb through pages of content.
Matt Stone:  Ok.
Manu Sporny:  Phil, would that meet the requirements that you 
  have, for links to real world data?
Gregg Kellogg: I can take no credit for the CSVW Use Cases.
Gregg Kellogg: https://www.w3.org/TR/csvw-ucr/
Phil Archer:  There are two things. Satisfying the demands from 
  the AC and the AB. And getting the use cases document ready for 
  publication as a WG in the new year. The CSV on the Web use case 
  document is really good, it has real world data, nothing made up. 
  I would be inclined to say, yes, put them in the appendix, 
  wherever. At this stage now, I think we're just trying to get 
  agreement to go ahead with this. In the message that goes to the 
  AC for review, "In response to comments, here's real world data 
  augmenting the use case document showing how it works with the 
  existing use cases, etc." Or something like that.
Phil Archer:  How it goes in tothe document is up to the editors.
Matt Stone:  If I think about timing and sequence, and a sense of 
  urgency, this document I scanned through ... are you 
  saying/recommending that we produce a deliverable along these 
  lines on a short timeline in the next week or two, before this 
  goes up for a vote, or what is the urgent item that we do in the 
  next 10 days that moves the needle on this?
Phil Archer:  I believe in the emails we've gotten and the google 
  doc I've just seen,  I need to do my bit, just been too busy. My 
  job, now, is to get two things ... I've got to get W3M to agree 
  that it goes to the AC, which I think they'll do, I'll say to 
  them that this group has been put through the mill, unusual level 
  of scrutiny, asked every single question asked, answered multiple 
  times, and where people are asking for showing existing 
  ecosystem, development before we do anything, I can point to docs 
  that show this has been done and I can point these other docs and 
  can point to real world data now. When it goes out for review, it 
  will include some of that information. It's for me to document 
  what you've already documented and put that forward to the AC. 
  I've read the discussions, I can see why they've been saying 
  this. I know they've been asking the same question and getting 
  answers. I've very confident that there will be a VCWG in the new 
  year. And then, because of all the work you've done and you've 
  already got your use case document and there's nothing new that 
  you haven't already done.
Matt Stone:  That sounds pretty positive.
Manu Sporny:  One slight clarification, I do think we need to put 
  that data in the use cases document and say "This is the data 
  we're working with today. This is in systems today."
Phil Archer:  Sure, yeah.
Shane McCarron: I don't mind adding some information to the use 
  cases.  Should it be in an appendix?
Phil Archer:  I have a workshop in two weeks time which I'm 
  hoping leads to a new working group and if we have to do go 
  through this every time there is a new WG ... I will reserve 
  passing judgment now. The WG I want to start next year would not 
  pass all these tests.
Phil Archer:  I wonder whether ... age verification and the UK 
  passing a law for age verification to be in place for anyone 
  selling age-restricted products/services.
Matt Stone:  We have in the commerce side, claims that relate to 
  over 21 and the US example is buying alcohol.

Topic: Age Verification Use Case

Matt Stone:  We don't necessarily call this out in education 
  explicitly, but in education and professional licensure, 
  legislative acts are the defining bar that run that drive our 
  systems. One of the examples I pulled together is verifying nurse 
  aid license in SC, USA. It's not just a UK commerce restriction. 
  Many examples require a verified claim before an individual can 
  take a job or practice their craft.
Phil Archer:  The political question comes in, at the moment, 
  there are a number of ideas put forward for how you might do 
  that. Most are ill-informed or wacko, and for various reasons 
  should not be touched. My political fear is that, come the day 
  that W3C has a REC for doing VC. Then the legislators will say 
  "Now you can, therefore it is mandated that you must." In that 
  case, the tech developed here has a whole extra layer on top of 
  it and we have battles with ACLU. There's a whole load of 
  politics that comes into that we have to mindful of. Asking 
  whether this community has come across this as a political issue, 
  has their been any flak about it, what will happen.
Phil Archer:  You are going to get it.
Richard Varn:  We've had a lot of discussions about it over the 
  years and we're keenly aware of them. One of the reasons we're 
  attracted to this is a toolset to help people make choices about 
  how privacy is managed. In the very standards work we're doing, 
  we're providing a response that the ACLU and other privacy 
  advocates care about in the work. That doesn't mean that they 
  won't misunderstand or misinterpret, that happens.
Richard Varn:  Privacy sensitive and privacy protecting methods 
  are important and we're proposing them. Not sure what else we can 
  do there.
Manu Sporny: Input from Gray Taylor at Connexxus: 
  https://lists.w3.org/Archives/Public/public-webpayments-comments/2016Nov/0022.html
Manu Sporny:  Phil, I just dropped a link in ... if you scroll a 
  page down. Gray Taylor is the executive director of Conexxus, all 
  fuel and retail in the US. If you buy fuel in the US or buy from 
  a convenience store, you deal with the tech standards they put 
  out there. Their primary use case is around age verification. 
  It's for exactly what you said, it's for making sure a person is 
  above a certain age to buy things like tobacco, alcohol, etc. 
  from a convenience store. This is a primary use case for this and 
  they are looking for VC that can address that and we have it in 
  our use cases. That's on the desire side, they desire VC to 
  address that use case.
Manu Sporny: Privacy Considerations: 
  http://opencreds.org/specs/source/claims-data-model/#privacy-considerations
Phil Archer: 
  https://medium.com/@alecmuffett/a-sequence-of-spankingly-bad-ideas-483cecf4ba89#.o3sf9m2rc 
  Bad ideas for age verification
Manu Sporny:  What we also have is ... at a recent workshop 
  calling Rebooting Web of Trust. A number of us got together and 
  hashed out all of hte initial privacy considerations when it 
  comes to VC. I know that Wendy at W3C is really concerned about 
  privacy here and there are a number of EU mandates that are 
  really important to take into consideration when talking about 
  privacy, orgs that don't provide a certain level of privacy can 
  be fined, very seriously. To attempt to address that we have a 
  fairly good, high-level privacy consideration section. We have 15 
  items there, many not filled out that were discussions as section 
  headers in the spec right now and we expect all of those things 
  to filled out over the lifetime of the WG. You asked a general 
  question: "Are you thinking about privacy?" And the short answer 
  is "Absolutely".
Manu Sporny:  There are many things to discuss about what's out 
  there.
Phil Archer:  The digital economy bill going through the UK 
  parliament right now requires age verification. There's a 
  requirement that they must do it ... and there are various ideas 
  that are well intentioned but wrong, others who want to make a 
  quick buck on proprietary systems, etc. If you're perfectly well 
  aware of all this that's great, I assumed you would be. Lots of 
  various legal concerns. As you clearly well know, this will bite 
  you and you sound prepared which is terrific, thank you.
Matt Stone:  One note on that, to this group, and to the W3C at 
  large, it drives us to be careful about overselling our 
  capability or deliverable that's in this charter. Our plan is to 
  make a data model to represent this content. What you're 
  describing is a full end to end solution with protocols, etc. We 
  won't have that at this first phase.
Phil Archer:  Yes, that's good. I noticed tha.t
Phil Archer:  The charter mentions that.
Matt Stone:  Any more on this topic?

Topic: Spec Issues

Matt Stone:  Last remaining item on the agenda is to work through 
  issues on the spec.
Manu Sporny: http://opencreds.org/specs/source/claims-data-model/
Manu Sporny:  The claims data model spec has lived here^
Manu Sporny:  All of the specs were on opencreds.org a name we 
  started with and moved away from.
Manu Sporny:  W3C has a new process where it manages all this 
  stuff on github. The things between now and the formation of the 
  WG, one of us will get to it, we need to get this spec into its 
  own github repo, and then start adding issues, document the 
  issues associated with that github repo. Typically every spec 
  gets its own repo, use cases, its own repo, data model spec its 
  own repo, etc. then start logging issues. The chairs and editors 
  should look at the issues and prioritize them in a way that meets 
  the goals of the WG. Rinse and repeat. There will be specs in 
  github repos, issues logged against them. Most of the discussions 
  happen on the github tracker these days instead of the mailing 
  list. There's a process that W3C, we're seeing used more and more 
  at WGs.
Manu Sporny:  So, I guess the first question is, are there any 
  objections to working in that way?
Gregg Kellogg:  So, I think we had this discussion a while ago 
  and we did resolve to use multiple repos. I'm still hung up on 
  how to deal with shared assets. If you have terms in common, etc.
Gregg Kellogg:  Having multiple use cases just seem to challenge 
  that. In the CSVW case, there was a CSVW org where we could 
  collect everything, sometimes issues span multiple specs and we 
  could organize there. Being able to tag issues across all the 
  different specs they might touch. If we go into multiple repos 
  I'm concerned we'll lose cross linking and resource sharing.
Manu Sporny:  Just to note how we address this in the Web 
  Payments IG...has an IG repo, where general issues are raised 
  that affect all the specs. Just a holding spot for issues that 
  bridge a number of different specs. We also have spec-specific 
  issue trackers that are just for issues for a very specific spec. 
  Having those different issue trackers seems to be ok, people are 
  ok with that. The other thing you raised is a technical question, 
  how do you refer to a shared glossary. We publish everything to 
  github pages and then you cross link to all the specs and pull in 
  terminology from a common repo, etc. We did that with WPIG. Each 
  spec pulls that terminology in thanks to a number of extensions 
  that Shane did. There's a pattern we can follow that works in the 
  WPIG.
Matt Stone: Thanks phila
Shane McCarron:  Pretty close to same pattern in ARIA work. 
  There's some magic in JS to automatically resolve interdocument 
  refs, and it's a solved problem. It's not solved well, but well 
  enough.
Matt Stone:  So it seems that we're resolved to put the spec in 
  its own repo according to manu's suggestion?
Gregg Kellogg:  I'm sure it would work. There are different ways 
  to do it, I just didn't understand all those technical things, 
  I'm familiar with the mechanisms you've used to resolve these 
  things, sort of just a clarification I was looking for, I don't 
  have an issue with going in that direction.
Matt Stone: Dan is in korea, but voluteered
Manu Sporny:  I can take an action to split the spec out, whoever 
  does it has to know the history, so it should be me.
Matt Stone:  Next week is Thanksgiving holiday in the US, we had 
  decided not to meet, so two weeks from now. Would you let this 
  group know when you have that work completed and two weeks from 
  now Dan Burnett is up to chair and he'll use existing issues as a 
  source for the agenda for the next meeting.

ACTION: Manu to migrate specifications to independent 
  repositories.

Manu Sporny:  Will do.
Matt Stone:  Anymore business for the day?
None. Adjourned.
Received on Tuesday, 15 November 2016 17:14:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:32 UTC