W3C home > Mailing lists > Public > public-credentials@w3.org > October 2016

Verifiable Claims Telecon Minutes for 2016-10-27

From: <msporny@digitalbazaar.com>
Date: Mon, 31 Oct 2016 15:46:54 -0400
Message-Id: <1477943214664.0.14072@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Manu Sporny and Matt Stone and Shane McCarron and Gregg Kellogg and Joe Andrieu for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-10-27/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
2016 Verifiable Claims Face-to-Face (Day 1) Minutes for 2016-10-27

Agenda:
  https://docs.google.com/document/d/1uYDRcHs_EOpJzezJerKnKT4Grni1sFLX2nRp7zlq2BE/edit#
Topics:
  1. Welcome and Administrivia
  2. Introduction to Use Cases
  3. Education Industry Use Cases
  4. Healthcare Use Cases
  5. Payments Use Cases
  6. Verifiable Claims Proposed Architecture / Goals
  7. Data model and Representation Overview
  8. The W3C Process
  9. VCF2F Day Two Agenda Bash
Organizer:
  Manu Sporny
Scribe:
  Manu Sporny and Matt Stone and Shane McCarron and Gregg Kellogg and Joe Andrieu
Present:
  Manu Sporny, Matt Stone, Gregg Kellogg, Shane McCarron, David 
  Turner, David Robert, Tomas Hnetila, John Tibbetts, Christopher 
  Allen, James Toozny, Scott Fehrman, Chris Webber, Andrew Hughes, 
  Jestin Hopkins, George Fletcher, John Fontana, Phil Hunt, Dick 
  Hardt, Jim Pasqual, Richard Varn, Joe Andrieu, Adrian Gropper, 
  Dave Longley, Eric Korb, Eric Somerville, Heather Vescent, Karen 
  Marr, Adam Lake, Jörg Heuer, Natasha Rooney, Drummond Reed, 
  Timothy Ruff, Jason Law, Adam Migus, Giovanna Mingarelli, Paula 
  Escuadera, Robert Bajor, Nathan George, Don Cameron, Peter 
  Simpson, Heather Schlegel
Audio:
  http://w3c.github.io/vctf/meetings/2016-10-27/audio.ogg

Manu Sporny is scribing.

Topic: Welcome and Administrivia

Matt Stone:  Welcome to the very first Verifiable Claims face to 
  face meeting
Matt Stone:  We're kicking off the Verifiable Claims work before 
  a Working Group is started.
Matt Stone:  We have a couple of days of content, standards 
  process,goals of organization, what we're trying to do - why this 
  is important, etc.
Matt Stone:  Some administration items
Matt Stone:  First, everything is recorded in the public record, 
  you can ask to not be recorded. We want to know everyone who is 
  here, If you have access to chat, state your name, and company.
Matt Stone:  We ask that you use the queue to speak, please keep 
  comments respectful and to the point. Everyone should have an 
  opportunity to chat.
Matt Stone, Pearson 
Gregg Kellogg, Spec Ops - background in Linked Data / RDF 
Shane McCarron, Spec Ops - involved w/w W3C
David Turner, Voltage Gate
David Robert, General Data Protection Regulation
Tomas Hnetila, Kerio Technologies
John Tibbetts, VitalSource consultant, IMS Global
Christopher Allen, Principal Architect at BlockStream, Rebooting 
  Web of Trust
James Toozny
Scott Fehrman, ForgeRock
Chris Webber, W3C Social Web Working Group
Scott Fehrman, ForgeRock
Andrew Hughes, Kantara - Independent Consultant
Jestin Hopkins, Identity.com
George Fletcher, AOL identity architect
John Fontana, Yubico
Phil Hunt, Oracle
Dick Hardt, Amazon, OAuth, JWT
Jim Pasqual, DigiMe
Richard Varn, ETS - co-chair
Adrian Gropper, CTO, Patient Privacy Rights - stack called HIE of 
  One
Dave Longley, Digital Bazaar
Eric Korb, CEO, Truecred - digital credentialing provider
Manu Sporny, Digital Bazaar
Eric Somerville, Independent, pharma supply chain
Heather Vescent, Independent Researcher
Karen Marr, Department of Homeland Security
Adam Lake, Digital Bazaar
Joe Andrieu, First Person, ex-Switchbook
Jörg Heuer, Deutche Telekom
Natasha Rooney, GSM Association
Drummond Reed, Evernym
Timothy Ruff, Evernym
Jason Law, Evernym
Adam Migus, Migus Group
Giovanna Mingarelli, MCrowdsourcing Canada
Paula Escuadera, Collective Shift - LRNG
Robert Bajor, Digital Promise
Dinner will be at Tide House
Matt Stone:  We're going to try to quickly kick off, motivation 
  for why we're here - opportunity that has come through our social 
  network, roll clock back, always been true - social networks like 
  church, rotary club, you can represent yourself personally in 
  achievements and credentials to get a job, or get experience to 
  have fruitful life.
Matt Stone:  As generations have moved forward, local physical 
  community has become less central to access to opportunity.
Matt Stone:  No relationship like what has existed previously, as 
  digital tech has exploded, they fail to provide this 
  authenticity/veracity of evidence that's necessary to enable 
  workers/citizens to leverage their expertise and pursue 
  opportunities. That's what's motivating us to provide a means for 
  claims to be made in an open and verifiable in a digital 
  marketplace that tears down the barriers that are there in a 
  physical and relationship oriented world.
Matt Stone:  It's a democratization of this type of content that 
  we're after - 
Richard Varn:  This is a bit education centric, but healthcare is 
  important as well - right opportunities for right reasons - good 
  in healthcare too. We were going to call this credentials, but 
  that led to confusion in security industry... people are looking 
  to us to put strength around what they can document.
Richard Varn:  There are other industries that are involved in 
  background checks, id proofing, transcripts, prescriptions, etc.
Richard Varn:  Hiring, student info, LMS, from the evidenciary 
  standpoint, we want to assemble, verify, correlate, infer, and 
  warrant that things are valid. we need a standard for t his.
Richard Varn:  Without verifiable claims, this whole process 
  becomes very difficult, I've been working on this for 30+ years, 
  and we need this.
Matt Stone:  We need and open standard to recognize and verify 
  credentials and achievements that an individual has earned.
Matt Stone:  We have some high level goals - we need 
  sustainability, portable, verifiable, extensible, secure, privacy 
  enhancing.
Matt Stone:  We don't want more silos, providers own a portfolio 
  of credentials, but they are not 100% of the marketplace, if you 
  are an individual who has earned credentials in two different 
  places to pull it into one place. We want these verifiable claims 
  to pull things together.
Matt Stone:  We've seen many different marketplaces that use 
  different language - you'll hear us talk about claims/credentials 
  interchangeably, we need to represent an achievement about person 
  in a certain way, transfer across systems in a transferable way. 
  Fraud/PII, still provides market to drive content and nature of 
  claim.
Matt Stone:  We want to reduce friction that exists in system 
  today.
Dick Hardt:  When you say portable, would you want it presentable 
  to anybody, or just a broad range.
Matt Stone:  It's really anybody, one of the reasons we're here 
  is that the currency we have is this self-sovereign identity, we 
  take concept of ownership and put it in hands of individual, 
  primary stakeholder in achievement, we want them to share slices 
  of their identity/achievement and show it about them.
Matt Stone:  Goal is open standard that anyone can integrate and 
  any individual can use
Dick Hardt:  There is a difference between open standard and open 
  system.
Richard Varn:  There are a ton of point to point systems, but 
  when someone publishes we want a portable item.
Dick Hardt:  Are you building a railway or a highway - highways 
  are harder to build, easier to extend.
Matt Stone:  In terms of Verifiable Claims - our problem 
  statement... it's difficult to represent this information on the 
  Web today, other sorts of info on the Web, difficult across 
  stakeholder that's concerned via Web today. Our mission is to 
  make expressing/exchanging that data interesting and more 
  expressible on the Web.
Matt Stone:  Our scope, with regards to W3C is really focused on 
  identifying data model and how market can enable it to evolve 
  over time and syntaxes that are available to represent that. Will 
  get into details over next few days.
Matt Stone:  This is our agenda today - we start off looking at 
  use cases , generally speaking and specific use cases from 
  industry that will show how we expect this stuff to be seen/used.
Matt Stone:  Then after lunch, proposed architecture, goals, new 
  to discussion - participating in calls for 2 years - some of this 
  feels like this is well known for those of us that have been 
  driving these discussions, we need to do a bit of education and 
  listen to   observations. Tomorrow you'll see us go deeper into 
  these items. By end of day, we will do brief review of W3C 
  Process, it's a large standards org
Matt Stone:  There is rigor in the way that they evolve from 
  concept to standards recommendation. We will introduce what next 
  year looks like.
Gkellogg, you wanted to discuss charter
Andrew Hughes: Where's the best place to find reading material on 
  this? URL? Documents?
Gregg Kellogg:  Do we have time to discuss the charter? We 
  highlighted a couple of things that are in scope, the scope may 
  expand over time, charter has a specific meaning in W3C, changing 
  charter is extremely difficult
Manu Sporny:  Hughes, here's more material 
  https://w3c.github.io/webpayments-ig/VCTF/
Gregg Kellogg:  We should look at what charter says.
Shane McCarron:  We can agenda bash tomorrow
Christopher Allen:  Want to make clear to people that are new 
  here, I'd love to see W3C make progress, but it's taking forever, 
  we're starting code, deploying without W3C... we're moving 
  forward with or without W3C.
Christopher Allen:  If W3C comes up with something better, we'll 
  adapt, but want to participate in process, but don't believe that 
  we have to solve all of these charter problems for us to start 
  shipping this.
Eric Korb:  We are moving forward w/o W3C as well, we have a 
  commercial product based on Verifiable Claims.
Matt Stone:  That furthers the cause.
Matt Stone:  Implementations coming to market - we need to 
  cooperate on this.
Andrew Hughes: Is there a list of emerging implementations that 
  are going down this road? Very interesting
Gregg Kellogg:  To follow on - there are two ways for WGs to work 
  - they try to design a system mthat will be implemented, the 
  other is they try to codify things that happen in the real world. 
  That's what we saw w/ HTML for instance. Taking a risk and 
  implementing just make standards work more solid
Eric Korb: +1 Gkellogg
Andrew Hughes:  Yes, but don't have list available right now
Christopher Allen:  Scope has shrunk down, people want answers 
  out of the scope and we can't give answers.
Andrew Hughes: @Manu - thanks
Gregg Kellogg:  We can't create a Recommendation, we can have CGs 
  that push this stuff forward.
Eric Korb: Hughes truecred.com
Shane McCarron:  We're getting into the 4pm topic, let's stay on 
  track, we can circle back to W3C nonsense at 4pm.
Manu Sporny:  Lunch is a great time to demo.
Heather Schlegel:  Is there a list of deployed ideas w/ use 
  cases.
Richard Varn:  Is there a list of initiatives? Yes, Lumina has 
  identified a ton of them. Those are not verifiable claims per se, 
  but they could use verifiable claims.
Heather Schlegel:  You are already working on stuff, it would be 
  helpful to me to know - would be interesting to see list of 
  things being done, how they influence, eventually they will need 
  to be sync'd up.
Heather Schlegel:  Those of us who are interested can do research 
  on our own without hunting though a mailing list.
Heather Schlegel:  I'm happy to participate as long as I have 
  clients to participate.
Shane McCarron:  Does anyone else want to collect this list? 
Eric Korb:  Can we have a list?
Shane McCarron:  There is something called an implementation 
  report... we should all know who is working on this stuff. It's a 
  valuable thing.
Matt Stone:  There is a big phase in here that's about getting 
  implementation commitments and tracking - implementing the 
  standards, we need to know that, no reason not to get started.
Manu Sporny:  We have a wiki, start writing it down there.
Shane McCarron:  There are people at W3C that are claiming no 
  implementations, we need to help them see implementations is good
Eric Korb:  We want to make sure it's not advertising, it's 
  contribution.
Shane McCarron:  Good to list them.
Matt Stone:  We're trying to get to convergence, disparate 
  stakeholder - professional, earner, stakeholder that cares about 
  status, issuer - these are our stakeholders. These three 
  stakeholders are important to the ecosystem and the process of 
  this working. We need critical mass in all 3 of these camps for 
  this to be successful. It's a complicated discussion.

Topic: Introduction to Use Cases

Matt Stone: New topic: Good Use Cases
Speaker: Joe Andrieu
https://docs.google.com/presentation/d/1WWsv3Y1gcHzR1bE_CBbNxBTrIN1vDw_RohuPqUyfUxs/edit?usp=sharing
Matt Stone is scribing.
Joe Andrieu:  Fluid development/requirements modeling
Joe Andrieu:  Baseline: in the beginning, we know requirements 
  are wrong and change
Joe Andrieu:  Think of a "requirements model" that can provide a 
  mechanism for requirements to evolve
Joe Andrieu:  Can get benefit from even a bad requirement
Joe Andrieu:  A use case represents "real world value"  -- 
  logging in is not a use case.
Joe Andrieu:  Should be describable  and represent a single 
  transaction
Joe Andrieu:  The "refugee use case" in ID2020 was too big
Joe Andrieu:  Should be "empathizable" so the reader can 
  understand the intent of the user
Joe Andrieu:  2 Examples: problem domain case and solution domain 
  case
VCTF Use Case: 
  https://w3c.github.io/webpayments-ig/VCTF/use-cases/
Joe Andrieu:  Problem - external trigger that caused user to ack
Joe Andrieu:  Solution, internal, human trigger
Joe Andrieu:  Focus on people, not system to system.  talk about 
  specific users, not abstractions.  or roles that are clearly 
  defined responsibilities.
Joe Andrieu:  These techniques help empathize w/ the user
Joe Andrieu:  Needs map is a collection of use cases documented 
  in VCTF, organized by (in this case) industry
Joe Andrieu:   The needs map is a "problem domain" view of the 
  use cases
Manu Sporny: VCTF Use Case: 
  https://w3c.github.io/webpayments-ig/VCTF/use-cases/
Joe Andrieu:  Solution domain cases are a "task map"
Joe Andrieu:  Problem domain cases are implemented through 
  solution domain tasks
Joe Andrieu:  Start w/ a scenario - prose paragraph - to 
  understand who the user is and how she interacts w/ the system
Joe Andrieu:  For example, jessica is a new employer who has a 
  set of claims to move
Joe Andrieu:  Narratives -- sequential descriptions, 
  action/reaction, detailed steps in interaction. can be broken 
  down into either "real world interaction" or "technology free"
Joe Andrieu:  Real world example using an ATM machine
Joe Andrieu:  Describes the sequential interactions w/ ATM
Joe Andrieu:  Ok with injecting technology in this context and 
  personas, like "Jessica enters PIN..."
Richard Varn: Manu--sent you an email copy of the credentials 
  landscape review of 108 credentials initiatives for posting to 
  our VCTF site if desired
Joe Andrieu:  Technology fee narrative example: shows user intent 
  and system responsibility, like "Start transaction 
  withdrawal"/"Query identity" - doesn't require PIN, could be 
  something else...
David Turner:  Discussion about sequence in this example.  does 
  bank require identity first or later?
Joe Andrieu:  This discussion is what we like about this approach 
  where technology isn't the focus
Manu Sporny:  Nice theoretical discussion, now move to VCTF 
  examples
Joe Andrieu:  Show the use case document
Manu Sporny:  Community gropu draft document of use case for VCTF 
  that is in the package used in the charter conversation
Joe Andrieu:  Anticipated role: issuer, inspector, holder (may or 
  may not be the subject) - minor for example
Richard Varn: Or they have chosen an agent to be the holder of 
  the claim
Matt Stone:  (See use case document for definitions)
Manu Sporny:  There is pushback on terminology - it's impossible 
  to find the right word that works for everyone.  it's a work in 
  process.
Joe Andrieu:  We'll follow a process to choose and move on
Richard Varn:  We've had a lot of discussions to get to 'this set 
  of words'  these roles reflect the reality of the current makeet 
  place.  The roles are critical to the functions we're serving
Christopher Allen:  Anybody can be any of those roles - every use 
  case should contemplate that concept
Richard Varn: You cannot inspect your own claim but yes, anyone 
  can hold any role including issuing oneself a claim
Dick Hardt:  Don't worry about terminology too much.  everyone 
  argues all the time, just be consistent
Eric Korb: +1 Rvarn
Manu Sporny:  In the w3c process, this will be raised and we'll 
  have to figure out how to respond
Joe Andrieu:  Reviews several specific uses cases in the document 
  by industry
Dick Hardt:  How do introduce a new category of use cases
Dick Hardt:  Small community (web of trust example), self signed 
  claims, connect to other individuals, anonyous claims, evidence, 
  reputation
Joe Andrieu:  New category- "communities of trust"
Heather Schlegel:  Military is a community
Heather Schlegel:  Military requires other attributes like 
  security provisions, etc...
Heather Schlegel:  Working on use cases that we might use
Richard Varn:  Thoughs on the utility, value of the examples we 
  have ?
Dick Hardt:  There may be missing some details that are more 
  individualistic
Richard Varn: Clubs and memberships
Joe Andrieu:  If we had a full day, think of all the ways you can 
  use a paperclip type brainstorm.  first expand possibilities, 
  then focus
Vivian: IoT in scope or out of scope?
Joe Andrieu:  Where are the people involved
Christopher Allen:  Who has the agency?
Joe Andrieu:  Missing something like "tickets to an event'
Shane McCarron is scribing.
Matt Stone: Closing this session, moving to industries next.

Topic: Education Industry Use Cases

Manu Sporny: Slides are here: 
  https://drive.google.com/open?id=19r0Mq_dQfCvuqjpBNHvciidX5j8ffo5ocEK4pxqjxts
Speaker: Robert Bajor, digital promise
Innovation in Education mission from Congress. 11 initiatives.  
  one is on credentials
Rob is here representing the badge alliance today
Paula Schandra - learning in the digital age
Richard Varn: I think we need an entity use case like we are a 
  tax exempt organization, this organization is a registered 
  corporation in the state of X, or this entity has a permit to do 
  X.
Robert is also here presenting the Badge Alliance
Robert does an overview of what an open badge is.
Robert Bajor:  Educators can earn badges.  Data needs to be baked 
  into the claims
Paula Escuadera:  Working with 12 cities to start integrating 
  local organizational experiences with digital experiences
  ... millions of badges have been issued already all over the 
  place.
  ... they are used, developed, and created by various 
  stakeholders who have a real investment in ensuring that they are 
  accurate.
Robert Bajor:  This type of learning is happening nationally.  
  Some of these people never see one another.
Shane McCarron:  There are a lot of ways that badges are being 
  used.  Robert presented a few examples.
Shane McCarron:  Working with a variety of states to get 
  continuing education credits.  Hope to get all states eventually.
Paula Escuadera:  Open Badges will be adopted as an IMS Global 
  Standard.  Official working group in planning to launch January 
  2017
Manu Sporny:  How many organizations are involved in IMS?
John Tibbetts:  Hundreds
Manu Sporny: One of the primary standards bodies in the education 
  space.
Manu Sporny is scribing.
Shane McCarron:  I liked the use cases, did you look at the 
  education use cases that we have?
Shane McCarron:  I'd be interested in getting your feedback on 
  how they could be improved. At the end of the day, we try to 
  synthesize down to scenarios that differentiate. Let's have some 
  scenarios that reveal unique requirements.
Shane McCarron:  That's what makes use case documents helpful to 
  others - if we have 7 use cases that come down to "portable", 
  that's not as helpful. But if we get different requirements out 
  of that, that would be very important.
Shane McCarron is scribing.
Robert Bajor:   There are three major players.  Educators earn 
  credentials.  Providers create the content and verify that it is 
  valid.  Districts verify that the content is legitimate and 
  certify it.
  ...Based upon those three stakeholders we could come up with 
  some really useful examples.
Christopher Allen:  Have you looked at the VC work?  DIDs, data 
  formats, etc.  HOw close are you to what VCTF is proposing.
Robert Bajor:  Have you looked at open badges?  Nate Otto is the 
  expert.
Richard Varn:  The types of use cases they are describing are 
  largely covered by the IMS working groups.
  ...The VCTF / W3C work is about making that information 
  portable outside of that ecosystem.
  ... What is interesting is how to manifest the information in a 
  way that is searchable so that the credentials can be used to 
  help with cirriculum development.
Robert Bajor:  It is finding information, as well as supplying 
  the information.
Manu Sporny:  Nate Otto is part of the group.  We have been 
  working with them for more than 2 years.
  ... They have migrated to JSON-LD with JWT signatures.... we 
  use linked data signatures.  We are seeing the merging of the two 
  technologies.
  ... what Nate and the group have been talking about is 
  embedding open badges within a verifiable claim.
  ...(claim composition)
  ... open badges is a meta-data model.
Christopher Allen:  An open badge itself is not a verifiable 
  claim.  It can be put into one.
  ... there is an MIT group that is doing similar things...
  ... the third thing I have heard is multiple signature.  
  Multiple people need to sign things.  Sounds like a requirement 
  for the verificaiton working group.
Adrian Gropper:  About the two sided advertising.  It seems like 
  an uber-use case.  I have been on some calls and at RWoT and have 
  never heard this before.
  ... my question is - is this a class of requirement rather than 
  an requirement itself?
  ...Specifically the ability to advertise or seek.  Is this a 
  requirement?
Richard Varn:  The other groups call it signalling.  You need to 
  be able to build an app that can help discover things and share 
  things.
  ... you need to be able to produce the information in a form so 
  that it can be consumed.
  ... "micro-credential economy"
  ...The difference is that we can invoke an identity service, 
  express the information in a standardized format, and normalized 
  in a data model that allows it to be machine consumable.
Adrian Gropper:  I have not seen this before and it is important. 
   It should be somewhere.
Paula Escuadera:   One of the problems LRNG is trying to solve is 
  helping employers be able to ask the right questions.
Manu Sporny:  All we can do is create a data format in the 
  working group.  But having said that we need to capture these 
  concepts in the use cases or something
  ... but the current data model supports this.
  ... Multi-sig is something that absolutely needs to happen.  
  Open Badges has another term for this.
Christopher Allen:  Are we verifying individual signatures, or 
  verifying within a composite
Manu Sporny:  It is out of scope
Christopher Allen:  But it is within the scope of the new 
  verification community
Christopher Allen:  I am worried about putting an open badge 
  within a verifiable claim.  What are the things in an open badge 
  that a verifiable claim is unable to do?  Why aren;t they the 
  same
Robert Bajor:  That's a great question.
Richard Varn:  Data elements are well defined already.  We need 
  to express them in a verifiable way.  But the OBI already has a 
  rich data model.
  ... It is the other specific things like verification.  Like 
  high stakes work.  Verifiable Claims needs to handle this.
Christopher Allen:  We can get into the complicated verification 
  models later.

Topic: Healthcare Use Cases

Adrian Gropper:  Presenting slides about healthcare
Manu Sporny: 
  https://docs.google.com/presentation/d/1QPx7W0adkYGT-7vtFLO5-BQpC19uz4z_USr9KaCugOs/edit?usp=sharing
Gregg Kellogg:  It seems to me that there is something more 
  complicated going on here.
  ...Classifying the MD as the subject seems wrong.  That is the 
  patient.
  ...Also, the MD has a certificate already from the DEA.
Adrian Gropper:  In this use case everything is about the MD.
  ...A credential is maintained by the medical society because 
  the issuers do not have servers.
  ...medical societies don't want liability in this.  They just 
  want to be a directory.
  ...The MD has permission to issue because their credentials are 
  in good standing.
Adrian Gropper:  I see this as a single transaction.  My goal is 
  to map the typical transaction.
Richard Varn:  "I see this use case as a nested use case" some of 
  us are saying.  That doesn't really change his use case.  It is 
  just how it might map into our world.
Adrian Gropper:  Yes, and the reason it is NOT a nested a use 
  case is because my goal is to make it single so that the patient 
  becomes the holder of the prescription and regains the ability to 
  shop that around.
Richard Varn:  We need a way to express that there are 
  dependencies / layers within a claim.  We may not have talked 
  about that as much as we need to.
Manu Sporny is scribing.
Shane McCarron:  I think he did that, there is only one inspector 
  in this transaction.
Shane McCarron is scribing.
Jason Law:  You can address the complexity by leaving the 
  responsibility to the inspector
Shane McCarron:  That's exactly what he has already done.
Gregg Kellogg:  This implies the prescription is issued by the 
  medical society.
Manu Sporny:  Well, the medical society issues a claim to the MD.
Gregg Kellogg:  So the claim is NOT the prescription.  It is the 
  doctors credentials.
Manu Sporny:  In this use case, yes.  Eventually they might get 
  to where the MD can issue a claim that is a prescription.
Christopher Allen:  Either are possible.  It is just the way that 
  the DIDs work and the way the pharmacy's IT department is willing 
  to implement the inspection protocols.
  ...There is a one-time-use aspect to this claim.
  ...What is a minimal viable credential that can satisfy all the 
  use cases?
Christopher Allen:  Depending on how we implement it is up to the 
  people who are using the credentials, cryptography, claims...
Christopher Allen:  The inspector should be able to walk the 
  dereferencing tree and make decisions about who I trust and who I 
  don't trust.  If there are enough for me to trust it I go ahead.
Manu Sporny is scribing.
Shane McCarron:  We'll talk about architecture and composition 
  later.
Shane McCarron:  They're acting as a repository
Shane McCarron:  That's a piece, then the doctor is issuing a 
  claim, and the target is this person. But the pharmacist needs 
  those two claims plus information about that patient's medical 
  records and that person's other information.
Shane McCarron is scribing.
Adrian Gropper:  This is important.  The concept that the paper 
  prescription can be moved is something we want to maintain.
Adrian Gropper:  In reality what we want is Alice to record that 
  there was a scrip written into their health record.
Manu Sporny is scribing.
Shane McCarron:  I agree with what you're saying, we don't want 
  to lose the fact that alice is in charge of her prescription... 
  she gets to choose what information is shared. So, she gets to 
  decide what to share?
Shane McCarron is scribing.
Joe Andrieu:  I would break it into two use cases.  One is the 
  doctor wants Alice to get the medicine.  The other is Alice is 
  wants the medicine.
Eric Korb:  How long does the claim last?  O got it now I am 
  done.  What about refills.  What about moving among pharmacies 
  for refills?
Adrian Gropper:  If we go there we get into the scope of time and 
  interest.  You could factor in decision support and actors.
  ...Sometimes there are existing relationships that can be taken 
  into account.
Adrian Gropper:  The world looks very different when you look at 
  it from a self-sovereign perspective
Richard Varn:  There is a bunch of business logic that is already 
  done.  Already built into the systems.
  ... there are already a lot of rules for how pharmacies deal 
  with prescriptions.  We need a way to refer to existing rules for 
  things that are solved provblems.
Manu Sporny is scribing.
Shane McCarron:  Yes, that makes sense, why reinvent the wheel.
Shane McCarron:  Eric brought up a good point, Adrian talked 
  about self-sovereign. I think Pharmacies make it difficult to go 
  elsewhere. On the other hand, it's really interesting to me. I 
  should be able to walk into anywhere and provide my healthcare 
  records, etc.
Shane McCarron is scribing.
Richard Varn:  We cant force a business rule change with a 
  standard.
Adrian Gropper:  The uber use case.  Matchmaking of whatever you 
  want to call it.  We do model this in the reference 
  implementation.  We use a service that can tell me what the costs 
  could be for a prescription as an example.
  ...But we can limit the information about what is known to the 
  service provider.  Share the information to shop the 
  prescription.
Eric Korb:  What you are doing is coming up with vertical use 
  cases and then harmonizing the with horizontal requirements.
Richard Varn:  I would love to have a disintermediated 
  prescription world.  But it isn't something we are going to be 
  able to enforce.

Topic: Payments Use Cases

Jörg Heuer:  Presenting information about the value of 
  integrating technologies into purchase processes
  ... "It has a thing-y aspect to it"
  ... Additional apps are an impediment to adoption.... people 
  don't like to install them
Manu nods
Jörg Heuer:  We need to be able to handle lots of things like 
  NFC, optical character recog, UPC, QR
  ...When talking about claims, all of these things are possible.
  ...There should be streamlined redemption of coupons during 
  checkout.  This is different than claims of education 
  credentials.
  ...Use story.   Customers want coupons to just be automatic and 
  transparent.  Issuers of coupons want people to see them
  ... these requirements are conflicting.
  ...Setting up an open source project for wallet handler.  Could 
  work for claims in addition to payment instruments.
  ...Design allows for arbitrary interaction between the issuer, 
  the holder, and the inspector.  Flexible data formats.
  ...Wallet allows for communication to targets like web pages, 
  NFC, BT, etc.  Could send payment information, claims, etc.
Manu Sporny:  Some shops need to know things about you to sell 
  you things.
  ...as a general statement I think there are some financial use 
  cases and retail use cases.  But we probably need more.
  ...digital coupons would help push things along for the retail 
  industry.
Jörg Heuer:   If there were a good general architecture then the 
  number of modules for moving claims would decrease dramatically.
Matt Stone:  How is a loyalty card a claim?
Jörg Heuer:  Think of a VIP club membership.  When you are in a 
  store that uses that club, I will need to prove I am in that 
  club.
  ... I think that means it is a claim.
Matt Stone:  So your claim is the membership.  Which might 
  associate with the point levels or whatever on the backend.  What 
  you carry is the claim.
Timothy Ruff:  Where is the wallet hosted?
Jörg Heuer:  The original idea was an app on a device.
  ... what we did was that we introduced a backend with an HTML5 
  / phonegap application so that it would run anywhere.
Timothy Ruff:  Okay - but WHERE is the wallet?
Joe Andrieu: "There is no cloud. It's just somebody else's 
  computer"
Jörg Heuer:  The idea was originally that it was associated with 
  an operator who would host the information.
Timothy Ruff:  Is there a way to combine this with a 
  self-sovereign identity.
Jörg Heuer:  If you don't need the hardware stuff, then yes you 
  could do things today./me notes 3 minutes
Timothy Ruff:  Ecosystem is different than self-sovereign
  ... self-sovereign means you accept *me*.  Not the *me* that 
  some other company is verifying.
Jörg Heuer:  Yes.  And it should be possible but there are some 
  requirements when special hardware is involved (e.g., a secure 
  element for EMVco).

Topic: Verifiable Claims Proposed Architecture / Goals

Gregg Kellogg is scribing.
Shane McCarron:  When i talk about VC, i start with the problems 
  we’re trying to solve. The problems feed into the architecture.
  … It’s self-sovereign to the point it leads into the claims.
  … Key aspects are composability and distribution. Claims should 
  be used to the extent that I approve.
  … The value for W3C is enhancing the usability of the web; but 
  we know it’s not just the web.
Manu Sporny:  One of the things that people continue to confuse 
  is that we’re only working on data model/syntax, but questions 
  come up about protocol and other things that are out of scope for 
  the WG.
Matt Stone:  Is this the right venue to talk about continued role 
  of CG vs WG.
Shane McCarron:  Problem with WG is you’re stuck with the 
  charter. CG is responsible for the vision
Manu Sporny is scribing.
Gregg Kellogg:  Should be an IG
Gregg Kellogg is scribing.
Shane McCarron:  Yes, but we have a CG, and not an IG.
Manu Sporny:  IG has more official capacity.
Shane McCarron:  IG is “Interest Group”, member only. CG is 
  “Community Group”, allowing everyone.
  … is talking about the architecture at this level a problem?
Manu Sporny:  Yes, because people get confused.
Shane McCarron:  You have to start with the foundation before you 
  can build on top.
  … Anyone can associate a claim with an identifier. This goes 
  back to composability.
  … We want issuers to be able to revoke claims.
  … We’re vertical neutral. We’re doing vertical use cases but 
  extracting horizontal requirements.
  … The terminology is problematic, but not worth the fight. As 
  we get new members, we’ll get more opinions. But, we need to use 
  something (Bagel is taken :)
Jörg Heuer:  Some of the terms bother me. “Identifier” implies 
  something else to me.
Richard Varn:  Perhaps “Identity” instead?
Manu Sporny:  Absolutely not!
Jörg Heuer:  An identifier has meaning.
Manu Sporny:  In this case, “identifier” is the subject 
  identifier used to bind attributes to.
Shane McCarron:  The charter uses “identifier” in this sense.
Jörg Heuer:  So, the identifier doesn’t mean that the claim is 
  associated to an identity, but to an identifier.
  … I’d like to make sure that’s separated.
Shane McCarron:  Naming is hard!
  … I’d be happy to see that claims can exist without being 
  associated with an identity
Matt Stone:  Does this allow abstract things such as repositories 
  to be identified?
Richard Varn:  It’s up to the use case to see if the identifier 
  is bound to anything.
Manu Sporny:  You care that the data matches, the identifier 
  isn’t significant.
Shane McCarron:  If I use a VC as a ticket to a concert, the 
  venue wants to be sure I’m the one using it, and not scalping it
  … Identifier used in a claim isn’t used for anything else. It’s 
  only the components of the claim that have lasting meaning (US 
  govt, etc.)
Jörg Heuer:  Does revocation has a similar optional quality? I’m 
  not sure that we always want claims to be revocable. You just 
  wan’t to be sure it’s your’s, e.g. DRM.
Shane McCarron:  We actually have the problem with DRM on DVDs. 
  (Also bluray’s).
Manu Sporny:  Revocation is optional, it’s a feature that can be 
  added.
Shane McCarron:  If I create a revocable claim I can always 
  revoke it.
Richard Varn:  You have a degree for the rest of your life, and I 
  can’t revoke it.
Matt Stone:  It can be rescinded, not revoked
  … Do we have a use case for rescinding an irrevocable claim?
Shane McCarron:  If the state issues a claim that’s part of my 
  driving record (DUI, for example), I can’t revoke that (subject), 
  only revocable by issuer.
Manu Sporny:  The architecture allows a link to be added for 
  revocation. But, if you have something like a citizenship, you 
  may want to revoke it.
Richard Varn:  We’re conflating business rules with architecture 
  for revocation.
Shane McCarron:  “We shall not prohibit” these things in the 
  architecture.
Adam Lake:  I’m looking at assets and liabilities. If a prison 
  record is a claim, the subject cannot revoke it. We’ll only issue 
  claims that are assets, not liabilities.
Jörg Heuer:  In Germany, we’re able to issue digital cards, and 
  mark that a card was read at a certain time. Not the same as 
  representing an EID card; from this we could allow applications 
  that do not show these things. We should enable it in the 
  architecture.
Shane McCarron:  What’s not built in is decomposition. You can’t 
  extract things from a claim.
  … A claim always has an identifier for a subject, and claims 
  about that subject. Metadata and a digital signature. As you 
  compose new claims, you’re creating supersets of this. This 
  structure addresses most use cases, if metadata is done right.
Richard Varn:  Is digital signature sufficient to describe these 
  things.
Shane McCarron:  We think the term is adequate; LD signatures 
  talks about the different ways claims might be signed.
Adam Lake:  What about claim sets, with different identifiers?
Manu Sporny:  That’s different from claim aggregation. Saying 
  that one identifier is the “same as” another is more difficult.
Adam Lake:  If I want to use a specific identifier for 
  somethings, does the architecture support that? You’re going to 
  end up with a different structure for different RPs (Inspector).
Manu Sporny:  I think the fundamental principle is that multiple 
  orgs will issue credentials. The data model makes sure that the 
  format is the same.
  … The more identifiers you have, the more you have to manage.
  … The architecture allows this, but you need a different 
  software agent that’s really good at managing these things.
  … One of the things that’s changed since SAML is schema.org, 
  that is a common place to describe these things.
Adam Lake:  For some, that’s a non-starter.
Manu Sporny:  In an open eco-system, common vocabularies are 
  necessary.
Shane McCarron:  These can be managed in a context. This allows 
  mapping terms to the same vocabulary terms.
Richard Varn:  If you want to have many claims about age, who is 
  responsible for describing the different claim terms? Does this 
  reduce to a numeric value?
Adam Lake:  Greater than works, for an age, less than doesn’t, as 
  it changes over time.
Shane McCarron:  We don’t have specific terms, they will need to 
  be added.
Manu Sporny is scribing.
Gregg Kellogg:  Ultimately, it reduces to the choice of 
  vocabulary, if someone just makes up the vocabularies, schema age 
  vs. foaf age - one is going to use one, one is going to use the 
  other. Is there some way of agreeing to figure out which vertical 
  will use?
Gregg Kellogg:  More and more is fine, but if anyone chooses what 
  they want to use...
Gregg Kellogg is scribing.
Manu Sporny:  We expect vocabularies to emerge in different 
  verticals; we won’t standardize.
Shane McCarron:  Subject doesn’t come up in many of the use 
  cases, but the subject of a claim may be a thing that will never 
  be a holder (e.g., Dog).
  … We need some kind of identifier registry (DiD management 
  thing) that’s keeping track of the identifier space. These are 
  important terms when we talk about composition.
  … A curator can help maintain a collection of claims, and 
  perhaps mint them over time (composition of other claims)
Adam Lake:  The main use case will be to create claims on the fly
Richard Varn:  We’re saying claims and that they can be composed 
  of different data elements. Do we need to say anything about 
  elements of a claim being composed.
Manu Sporny:  The way we do it in the spec is different than varn 
  said. The issuer chooses to bundle together a set of attributes. 
  The holder can’t de-compose these. The issuer will issue a claim 
  with all attributes, but may choose to issue separate with 
  individual attributes that allows for future composition.
Matt Stone:  A holder can’t de-compose a grant, unless it was 
  discreetly issued.
Shane McCarron:  That’s a design choice. It’s easier to talk 
  about discrete granular claims than de-composition.
Matt Stone:  The issuer won’t want to give holders claims for all 
  combinations.
Manu Sporny:  There are types of signatures that allow the 
  receiver to recompose.
  … You can prevent claims from being composed.
Dave Longley: Note: different signature schemes may allow for 
  decomposition/selective disclosure in the future (we should allow 
  for extensions like this and we currently do)
Shane McCarron:  Dlongley’s point is fair; we’re not preventing 
  that, but we’re not designing for it either.
  … In this case, the holder becomes an issuer (composition).
Shane McCarron:  You may have a composed claim, and they need to 
  chase it down to determine that one composed claim is from 
  Kaiser, which they do trust, even though they don’t necessarily 
  trust the holder.
  … There are all sorts of places in the architecture where 
  people are doing inspection Just because you’re a holder doesn’t 
  mean you’re also an Inspector.
Manu Sporny:  These issues are discussed in more detailed 
  diagrams. For example, a hospital may hand off inspection to 
  another part.
  … If you go to the DMV, and they issue a claim, you may want to 
  inspect that before putting it in your wallet. (Perhaps it was a 
  bogus issuer).
Shane McCarron:  The ecosystem will specify a trust model, not 
  part of the architecture.
Adam Lake:  Trust models that evolve organically aren’t always 
  good.
Christopher Allen:  We want to make sure the architecture allows 
  the important trust models, but can’t mandate them.
Manu Sporny:  Once we have a WG, there may be large interests 
  that want to restrict these things.
Christopher Allen:  The self-sovereign community has already had 
  a big impact on this. No one has a privileged place.
Shane McCarron:  It comes down to if the inspector buys into your 
  trust model. One of the use cases discusses this.
  … If a credential is composed, the inspector needs to buy off 
  on the trust model to follow a chain of issuers.
Christopher Allen:  This is analogous to the way first and second 
  generation block chain systems work.
Shane McCarron:  We talk about enhancing usability on the web. 
  automating verification, accessability.
  … If we can make the stuff real and automatic, it levels the 
  playing field. Let’s not prohibit this in the arch.
  … Fraud reduction; this is a real problem, if we can automate 
  that ...
  … The US government may want to delegate these services.
  … We want it to be ubiquitous, but also decentralized. Pick 
  Google, it’s ubiquitous, but not decentralized.
  … Privacy enhancement is a big deal. Holders are responsible 
  for the claims, and get to determine who sees it.
  … We need to provide for a period during which the claim can be 
  used (or verified).
Christopher Allen:  I want to highlight repudiate/revoke. It’s 
  hard, which we learned with certificates. Revocation lists didn’t 
  work. Also, when you do that with the current approach, you’re 
  leaking information that it was submitted.
  … We can do it, and it will work, but note that it is hard. 
  Depends on if the issuer wants to be available, and risks 
  privacy.
  … The short-term validation helps.
Richard Varn:  Why can’t the spec include the ability to expire 
  the decryption of the payload.
Shane McCarron:  There’s physics, business rules and law. Physics 
  can’t be circumvented.
Adam Lake:  Google walked away form session timeout while 
  recognizing that revocation was not solved.
Matt Stone:  If the claim expires, the verifier gets market 
  analytics every time it’s used.
Christopher Allen:  You can have the identifier be a bitcoin 
  address that is valid if there are funds on it, and not valid 
  otherwise. This allows revocation without leaking information.
  … The idea of people wanting issuers to optionally be able to 
  add evidence; which means that it may be happening on this side, 
  where i’m not just looking at the issuer, but the evidence. It’s 
  not precluded, but we may want to highlight it. (came up in open 
  badges).
Richard Varn:  Can you push additional metadata after it’s signed 
  (no). You might add a link in the metadata that could be followed 
  to find out renewed/additional evidence about a claim.
Christopher Allen:  We don’t just verify the claim, but the 
  evidence in the claim. (A soldier includes a photo as evidence in 
  a claim about a refugee).
Richard Varn:  Claim metadata can be included or referential; 
  most want to use referential to allow for update.
Matt Stone:  We’re asking if the claim is valid, and if we trust 
  the issuer and their evidence.
Joe Andrieu:  We’re also talking about identify insurance. We 
  need language about the business rules involved with verifying a 
  claim.
Joe Andrieu: "Identity assurance" - meaning inspecting the 
  claims' contents verses business rules
Shane McCarron:  There are parts of this we haven’t covered.
  … We haven’t talked about adding something to a claim.

Topic: Data model and Representation Overview

Joe Andrieu is scribing.
Manu Sporny:  There is a spec. Our focus is, specifically, on 
  Syntaxes and Data models. Not  protocols or APIs
Spec is in agenda. We're doing a deep dive tomorrow.
Manu Sporny:  Blockchain can help address privacy issues with 
  checking revocation of credentials
Manu Sporny:  Data within claim could be a single attribute 
  (claim set) or multiple, such as an entire scholastic transcript
Christopher Allen:  We've said id is where you go to check 
  revocation. maybe that's not the best way
Manu Sporny: Claim set / credentials / composite claims 
  terminology sill being defined
Christopher Allen:  I'd love to see every time we mention digital 
  signature, we add ", timestamp" because timestamp is important 
  part of some compositions, and NOT a signature
*Break*
Manu Sporny is scribing.

Topic: The W3C Process

Matt Stone:  Richard and I are going to lean on the people in the 
  room on the process.
https://docs.google.com/presentation/d/1_PIMNxFP_kHK0H-SE0_Zv-yYqJTE8tXzDmK-OdKD8TI/edit
Matt Stone:  High level - W3C is a 420 person member organization
Matt Stone:  Each organization gets a say on quality/direction of 
  standards/recommendations.
Matt Stone:  Via AC rep
Matt Stone:  Decisions are made based on consensus
Matt Stone:  It takes a lot of work to make a decision and have 
  that decision stick. We've been working on this for at least 2-4 
  years, we're building consensus on larger community
Matt Stone:  We're representing the need for a solution in this 
  space. Net impact is two fold, standards that get adopted and 
  used, equality and value, but takes a long time to get there.
Matt Stone:  Next year, key milestones - Create WG - official 
  charter under review.
Shane McCarron:  There was some push back - no one is saying I"m 
  going to build/use this - those are the comments today.
Richard Varn:  We can have others weigh in.
Gregg Kellogg is scribing.
Manu Sporny:  There are a number of people in rebooting web of 
  trust that are frustrated with W3C and are planning on moving 
  ahead and implementing anyway.
Manu Sporny is scribing.
Gregg Kellogg:  We have a number of people saying that they will 
  implement.
Shane McCarron:  This can be handlable - we can deal w/ this.
Natasha Rooney:  There are examples of things done in app space 
  that are taken up. Those people that work in that way at W3C see 
  a lot of success, previous Techinical Architecture Group liked 
  that - a lot of people are holding on to that methodology. That's 
  where it comes from.
Shane McCarron:  I think it makes sense, in that case.
Shane McCarron:  I think a lot of people also think that only the 
  browser is the Web platform, this isn't just about the browser.
Joe Andrieu:  You can't do the crypto stuff you need w/ browsers 
  today....
Gregg Kellogg is scribing.
Manu Sporny:  We need to be careful about we state, as the 
  charter is under review.
Manu Sporny is scribing.
Matt Stone:  Assuming we navigate these waters this quarter, the 
  schedule may shift.
Matt Stone:  IF the group is formed, we should p lan our next 
  face-to-face.
Natasha Rooney:  Have you talked w/ Wendy about this?
Manu Sporny:  Yes.
Natasha Rooney:  They don't have a strategy around blue sky - 
  when I have conversations w/ Alan, in practice, they get squashed 
  pretty quickly. Maybe we should have a discussion w/ Wendy - not 
  only do they want to take native stuff and work on those, but 
  make sure Web is where these things are done.
Eric Korb:  What's the problem here?
Richard Varn:  Intellectual and proprietary interests.
Matt Stone:  I think disintermediation is playing a role.
Richard Varn:  One comment we got from Microsoft was that none of 
  their customers wanted Verifiable Claims.
Eric Korb:  Microsoft is releasing verifiable claims as a product
Drummond Reed:  Assuming these organizations block us here, what 
  is the fastest path to standardization?
Someone: Take it to another standardization body.
Richard Varn:  IMS Global has said that they're willing to house 
  this in their SSO.
Eric Korb:  Can Pearson flex its muscle there?
Pearson: We can do more - our organization is very excited w/ 
  what we're doing.
Richard Varn:  We are willing to walk from W3C if they keep 
  dragging their feet on this.
Matt Stone:  Once there is a successful vote, a WG is created.
Matt Stone:  Once that happens, we can have people from W3C 
  members and Invited Experts.
Matt Stone:  Once WG is created, people participate.
Matt Stone:  At some point, we need to figure out when the 
  face-to-face is going to be. Candidate for next face-to-face is 
  IIW.
Matt Stone:  We should ask them if the way we organized was too 
  disruptive.
Joe Andrieu:  What Project VRM has done is sequestered Monday 
Joe Andrieu:  So disruption is minimized... Monday or Friday 
  might be good synergy.
Gregg Kellogg:  One consideration is IIW is always here.
Joe Andrieu:  The next Rebooting is going to be week prior in 
  Paris, then here.
Gregg Kellogg:  The meta question is the utility of having people 
  involved in IIW w/ some participation - we've benefited from the 
  exposure.
Richard Varn:  I agree with that, we've learned a lot - you need 
  to go to them, or bring them to us, or do it virtually. We should 
  put it down as a definitely consider... inviting some of them to 
  come to our WG is another dimension of that.
Gregg Kellogg:  In past IIWs, there have been W3C staff to do 
  outreach.
Richard Varn:  We can bring some sessions back to IIW
Matt Stone:  That's certainly more in line w/ IIW - if we can 
  integrate more seamlessly into their agenda, do a WG session 
  -doesn't have to be either or.
Jörg Heuer:  IIW is about starting things off - what can we do w/ 
  IIW but then report/build on that - self-sovereign movement helps 
  us a bit.
Shane McCarron:  We were talking about architecture and use cases 
  and big picture thinking, which is different from day to day 
  grind of specs. W3C does IG to do incubation... the IG or CG 
  could do stuff at IIW.
Richard Varn:  I would be willing to provide conference facility 
  - ETS in Princeton. San Antonio - there are other opportunities.
Matt Stone:  Advancing to Recommendation
Matt Stone:  Once the WG is in flight, the goal is to produce a 
  technical recommendation - there are six phases of this... levels 
  of mateurity - FPWD, WD, CR, PR, REC.
Matt Stone:  As we look into 2017, the bulk of the work is about 
  the WD - this year, coming up, is about getting first published 
  working draft done. Get feedback from stakeholders.
Matt Stone:  Getting to FPWD - 
Manu explains the FPWD process
Shane McCarron:  Testing is a bit unusual, we're not really 
  building anything - it's about a data model and a vocabulary - no 
  protocol/api nothing to exercise.
Richard Varn:  So what's an example of a test we can do?
Shane McCarron:  You can evaluate the implementation - a JSON-LD 
  context that defines your vocabulary - you make sure it works 
  interoperably... another part is doing isomorphic transformations 
  - take the data and transform it via RDF - and then transform it 
  back.
Shane McCarron:  Those are the two ways you can check the data 
  model that the W3C Management accepts. You have to prove that 
  your thing is implemented.
Gregg Kellogg:  On the other hand, most vocabularies have logical 
  consistencies - make sure your vocabularies are consistent.
Eric Korb:  We could do it as partners... send and receive 
  credentials.
Gregg Kellogg:  Specifications make normative requirements.
Gregg Kellogg:  Test suites should limit themselves to testing 
  normative requirements.
Shane McCarron:  We did this with web annotation work recently
Shane McCarron:  Another thing w/ vocabulary testing - how do we 
  ensure that all the terms in a vocabulary are needed and used - 
  how do we make sure that happens.
Shane McCarron:  In that context, they're going to see if all 
  terms are used.
Joe Andrieu:  You could have verified claims for all of your use 
  cases.
Eric Korb:  We can just use HTTP to pass.
Gregg Kellogg:  We can create examples that are serialized, make 
  sure they round trip to data model, and that they're consistent.
Richard Varn:  Would that teach us anything useful
Gregg Kellogg:  It taught us something for web annotations - so 
  yes, it works. It caused changes that fixed things.
Matt Stone:  We'd take a number of credentials across a number of 
  industries, render them into the data model, see if it works.
Gregg Kellogg:  One way to do it is to mark up use case document 
  that takes items out of use cases and statements match... 
Shane McCarron:  Is the purpose is to get over the hurdle... if 
  it is, it's a waste of time. we want to make sure this is 
  something that's useful over time.
Joe Andrieu:  There will be parties that will want to evaluate 
  it, they will want to take their needs and map it to them.
Richard Varn:  There are groups of people that want to produce a 
  transcript - we require before you unload payload, you have to  
  pay something for it.
Richard Varn:  You can't just take my credential and dump my 
  credential to anybody - one of the validations, how do you 
  validate it in the transfer - but you don't transfer the keys.
Matt Stone:  Which credentials can be composed or not.
Manu Sporny:  Other groups have been successful doing this, we 
  should pay attention to them.
Matt Stone:  There have been questions around expiration, 
Joe Andrieu:  You're talking about a link contract - so we need a 
  hook in there, but it's more than just vocabulary
Manu Sporny:  Two types of testing - testing for utility and 
  testing for interoperability.
Gregg Kellogg:  There is required input from internationalization 
  groups
Shane McCarron:  There are inputs from internationalization, 
  security, accessibility, privacy.
Shane McCarron:  That CR review process - CR means "We think we 
  are done" - we are going to go through a test cycle, proving that 
  we are interoperable.
Gregg Kellogg:  Many groups have made the mistake of waiting 
  until the end to do their test suite, we should have an 
  understanding of interoperability
Eric Korb:  Is part of the test signature testing?
Gregg Kellogg:  We just need to prove that you can do multiple 
  types
Richard Varn:  Not much that needs to be done there, right
Gregg Kellogg:  Well, verifying a composed claim - there is some 
  technical questions that are raised.
Shane McCarron:  One of the things you want to remember, these 
  tests - the purpose of them - not to determine whether 
  implementation works - implementations conform to the spec - they 
  all work the same way.
Eric Korb:  Would you submit the data model differently based on 
  one signature vs. another?
Shane McCarron:  No
Gregg Kellogg:  No - we need some demonstration that something 
  can serve the purpose of the signature here - 
Eric Korb:  It goes to the integrity of the data model, 
Joe Andrieu:  You can imagine a signature method that doesn't 
  work w/ the data.
Gregg Kellogg:  You can think of a case where you compose things 
  down that don't work.
Richard Varn:  There are people that design how competencies are 
  grouped, those are more easily composable - those elemental 
  components - who is verifying that the combination of those means 
  anything.
Matt Stone:  We should be very careful of taking on the task of 
  validating issuer and composition - we don't care if compiled 
  credential has value in marketplace.
Matt Stone:  From a market value perspective, if it's issued, we 
  have met our goal if it's verified.

Topic: VCF2F Day Two Agenda Bash

https://docs.google.com/document/d/1uYDRcHs_EOpJzezJerKnKT4Grni1sFLX2nRp7zlq2BE/edit#
Stone reviews the agenda
Matt Stone:  We start w/ agenda review
Matt Stone:  Then go into long term concerns
Matt Stone:  Then a break
Matt Stone:  Then a deep dive on data models
Matt Stone:  Then lunch
Matt Stone:  Then digital signatures, then we're done
Shane McCarron:  That sounds great, it'd be nice to look at 
  implementations
Shane McCarron:  It would be nice to look at implementations if 
  we have extra time.
Joe Andrieu:  How does updating the use cases fit into this 
  model?
Shane McCarron:  A CG or a IG can be responsible for taking care 
  of use cases. Sometimes its good to be done outside so you can do 
  more blue sky thinking.
End of Meeting
Received on Monday, 31 October 2016 19:47:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:32 UTC