W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

[MINUTES] W3C Credentials CG Call - 2017-06-06 12pm ET

From: <msporny@digitalbazaar.com>
Date: Tue, 06 Jun 2017 14:00:42 -0400
Message-Id: <1496772042407.0.16081@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Manu Sporny for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials CG Telecon Minutes for 2017-06-06

  1. Introductions
  2. Agenda Review
  3. Action Items
  4. Current Polls
  5. Decentralized Identifiers
  6. Reputation Systems
  7. Next Meeting
  Kim Hamilton Duffy and Christopher Allen
  Manu Sporny
  Manu Sporny, Frederico Sportini, Drummond Reed, Sean Bohan, Kim 
  Hamilton Duffy, Christopher Allen, Dan Burnett, Dave Longley, 
  Angus Champion de Crespigny, Adam Lake, Harlan Wood, David I. 
  Lehn, Joe Andrieu

Topic: Introductions

Manu Sporny is scribing.
Frederico Sportini:  Hi, co-founder of BigChainDB - 
  self-sovereign distributed identity system, we've been 
  participating in Rebooting Web of Trust. I'm interested in 
  Verifiable Claims.
Drummond Reed: +1 To "reintroductions"
Drummond Reed: Thanks Dave. Man, I need a cheat sheet to W3C IRC 
  commands. Do you know of one?
Sean Bohan:  Hi, Sean Bohan, product manager for consumer 
  platforms at Evernym, also running Community at Sovrin, also 
  migrating code base to Hyperledger Indy. Working on Project VRM, 
  attendee at IIW over the years. I'm helping to define consumer 
  products based on technology that Evernym is creating. 

Topic: Agenda Review

Kim Hamilton Duffy:  We're going to cover the agenda here - 
Kim Hamilton Duffy:  We're going to be mostly covering 
  Decentralized Identifiers, RDF dataset canonicalization, and 
  Reputation Systems - Best Practices & Evaluation

Topic: Action Items

Kim is working on Poll for priorities on work items, ~3 weeks 
  snapshot poll results for prioritization - [IN PROGRESS]
Kim working on naming goals, constraints, pitfalls first draft 
  [DONE] - 
Kim Hamilton Duffy:  We don't have a lot to discuss on this item 
  this week, still discussion is ongoing on mailing list.
Manu Sporny:  Yes, still in progress, failed miserably on making 
  progress ... Dan and I just need to get on a call and find the 
  magic button. [scribe assist by Dave Longley]
Manu to get new chairs privileges on the W3C site and remove old 
  chairs... failing miserably at making progress on that one.
Christopher Allen:  First draft of CG Mission Statement for 
  review - DUE JUNE 13th [ON HOLD Re: NAME & MISSION] - 
Christopher Allen:  Trying to recruit more cryptographers and 
  security reviewers - very valuable contributors, we should ask 
  them about the merger of the two groups. We'll see how that goes.
Action item for everyone - Approve New Name and Mission Statement 
  - DUE JUNE 27th
Kim Hamilton Duffy: 

Topic: Current Polls

Lifecycle of Verifiable claims is front-runner right now... 
All Verifiable Claims related topics are bubbling to the top... 
  browser API and polyfill is floating to the top...
Kim Hamilton Duffy:  Linked Data Signatures topic is up high, 
  specific signature suites are spread out at bottom... smattering 
  of votes here and there... Manu had mentioned that we can address 
  those on an as-needed basis.
Kim Hamilton Duffy:  Does that argue for a separate group? We 
  don't need to discuss today - other thing that stood out, other 
  than Verifiable Claims - data minimization and selective 
Manu Sporny:  Where's the link to the poll? [scribe assist by 
  Dave Longley]
Manu Sporny:  We haven't weighed in yet on the poll -- can it be 
  put on IRC? [scribe assist by Dave Longley]
Kim Hamilton Duffy: https://goo.gl/forms/Q0EBSIC0E5jGYyAM2
Manu Sporny:  Just if we make it more than one vote per 
  organization then it will be very easy for some of us to really 
  tilt the poll, strongly suggest one vote per org. [scribe assist 
  by Dave Longley]
Drummond Reed: While I don't disagree, that adds a lot of 
  coordination on each orgs part

Topic: Decentralized Identifiers

Drummond Reed: Presentation on Decentralized Identifiers (DIDs): 
Drummond Reed:  Can we use WebEx for presentations? [scribe 
  assist by Dave Longley]
Manu Sporny:  Costs money, someone would have to fund it. [scribe 
  assist by Dave Longley]
Drummond Reed:  Zoom? [scribe assist by Dave Longley]
Sean Bohan: Can we send all the deck and Drummond ZOOMs it for 
  showing slides and keeps the voice here on the call
Manu Sporny:  We've tried to not rely on screen sharing or use 
  presentation materials that have accessibility components to 
  allow easier access. [scribe assist by Dave Longley]
Dan Burnett: Yes, even in the WG we don't rely on the screenshare 
Drummond Reed:  Being able to see something in real time as long 
  as you send a copy to the main list and do whatever is necessary 
  is useful. [scribe assist by Dave Longley]
Drummond Reed: Join.me is also good
Christopher Allen:  I have no problem with one of the 
  presentation viewers as an additional link. Makes it easier for 
  someone to walk through. Don't want to see that for general group 
  purposes though, prefer to stay with the tools/IRC/logs, getting 
  a lot of benefits out of being able to massage logs, great 
  recordings, various tools, etc. [scribe assist by Dave Longley]
Christopher Allen:  We'll just follow along if you give us a link 
  for the slides. [scribe assist by Dave Longley]
Drummond Reed:  This is a presentation I give when folks need to 
  come up to speed w/ DIDs and DDOs.
Kim Hamilton Duffy: To be explicit, slides are here: 
Drummond Reed:  A shout out to Anil John and DHS S&T Directorate 
  - excellent work they're doing in promoting identity/data 
  privacy, they've contributed substantially to DID and DDO work.
Drummond Reed:  What is a DID?
Manu Sporny:  This group created that term "DID", it percolated 
  from the Web Payments Community Group and when it came into this 
  group, 2-3 years ago it got a name and explanation. [scribe 
  assist by Dave Longley]
Drummond Reed:  Very cool, first time I saw it was in a CG spec. 
  [scribe assist by Dave Longley]
Christopher Allen: The blockchain aspects where at 
Manu Sporny:  The WebDHT spec, yes. [scribe assist by Dave 
Manu Sporny:  We're finding that blockchains are a better 
  solution than WebDHT at this point. [scribe assist by Dave 
Christopher Allen:  Original DIDs were a unique identifier, but 
  not Blockchain-based... worked on it a bit at Oasis.
Drummond Reed:  We proposed to DHS that DIDs were the key thing - 
  Blockchain were key to distributed identity.
Drummond Reed:  Why DLTs for decentralization? I probably don't 
  need to go into this much here...
Drummond Reed:  To make the point clear, for digital identity, a 
  distributed ledger can solve the "root of trust" problem - a 
  global source of identity that everyone trusts, but isn't owned 
  or controlled by any one company or government.
Drummond Reed:  Slide 5 - different types of blockchains - 
  doesn't matter what the model is, DIDs can work with every type.
Drummond Reed:  Slide 7 - structure of URNs is the pattern for 
Drummond Reed:  ChristopherA helped us move toward this concept - 
  DID syntax - slide 8 - we use the same syntax...
Drummond Reed:  This is a technically valid DID scheme name - 
  slide 8 - did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
Dan Burnett: Catching up now -- what is meant by the 
  Permissionless/Permissioned distinction on slide 3?
Christopher Allen:  We're still trying to define this in 
  practice, what the Bitcoin method is.
Drummond Reed:  Key point is that the DID spec talks about data 
  model.... DID Method spec defines how to work with DIDs on each 
Drummond Reed:  Initial DID Method specs - these are the four 
  that I'm aware of right now... 
Christopher Allen:  There has been discussion about PGP DIDs, 
  presumably a PEM-version of that - won't completely conform to 
  requirements of DID spec, but useful for cross-compatability.
Christopher Allen:  You can also do this for public keys, just 
  doesn't let you rotate on a public key.
Drummond Reed:  There are more under discussion.
Drummond Reed:  The point being that you can create a method for 
  whatever decentralized network that you want, as long as you can 
  define the CRUD operations for DIDs and DDOs.
Drummond Reed:  3 Purposes of DID methods - you have to specify 
  the syntax, the method-specific elements of the DDO, adn then the 
  CRUD operations on DIDs and DDOs.
Dan Burnett: What is the DDO?
Drummond Reed:  Where "D" in CRUD is "Revoke"... CRUR being hard 
  to specify.
Drummond Reed:  DID - DDOs are globally resolvable - want to talk 
  about DID resolvers - DID is the key, tells resolver code which 
  ledger to go and look it up at...
Drummond Reed:  Slide 13 - six primary elements of DDO - list of 
  service endpoints, public key blocks, timestamp and signature 
  blocks, etc.
Christopher Allen:  You may want to specify key rotation AND key 
  recovery - important from a security point of view - key rotation 
  is an important practice - short term keys are better than long 
  term keys.
Christopher Allen:  Fully conforming DID has to allow for key 
  rotation, even if it doesn't support key recovery. Some of this 
  stuff is also defined by the method - may not have to do with DID 
Dave Longley: Anyone interested in some history ... Web Payments 
  CG talking about DIDs in 2014: 
Drummond Reed:  Slide 15-17 - sample DDO object, split across 3 
  screens... folks can take a look at the slides, just an 
  illustration of these points.
Drummond Reed:  We need to talk about ultimate context 
  declaration - where is the DID spec going to live in the longer 
Drummond Reed:  Owner is the block - owner block is for public 
  keys - key descriptions begin w/ ID - if you look at that field - 
  it is the DID that represents the DDO, plus a fragment.
Drummond Reed:  The DID spec is very specific on fragments - the 
  fragment MUST identify an element within the DDO. If you have a 
  path, that can identify any end resource.
Drummond Reed:  Fragment directly on DID can uniquely identify 
  each key in owner block - one purpose of DID spec is to establish 
  widely supported key descriptions.
Dan Burnett:  There is a distinction between permissioned and 
Dan Burnett:  What is that distinction?
Kim Hamilton Duffy: For reference, the current DID work item in 
  our doc is "Further develop the specification into a W3C 
  formatted Community Group specification."
Dave Longley: It has to do with how authorization is performed on 
  a blockchain
Christopher Allen:  There are public blockchains, and 
  permissioned blockchains. it's a blockchain specific term.
Christopher Allen:  If you think of Hyperledger, it's private and 
  permissioned - only parties control it. Private one.
Dave Longley: A permissionless blockchain may use a proof-of-work 
  to authorize writes to the blockchain
Christopher Allen:  In case of Sovrin - information is public, 
  but people that maintain the chain is private.
Dave Longley: A permissioned one may use, for example, a list of 
  entities that may write to the chain that can be authenticated 
  via digital signature
Christopher Allen:  Hyperledger Sawtooth is private, but 
  permissionless - people can add themselves if they know abou tit.
Christopher Allen:  Bitcoin and Ethereum are both permissionless 
  and public.
Dave Longley: Voip-vctf: connections?
Dave Longley: Voip-vctf: mute 95
Kim Hamilton Duffy:  The current work item for DID is to develop 
  spec to W3C formatted CG spec... one topic that has come up is 
  that DIF has said it's taking up the work... how does that work 
  with the CG.
Drummond Reed:  I'm wondering if there are any other folks from 
  DIF on the call?
Christopher Allen:  I've invited a number of DIF folks to the 
  call, but Drummond, you're the only one that's here.
Dave Longley: Voip-vctf: a0 is Drummond Reed
Christopher Allen:  I'd like to know more about what's going on 
  with the DIF - I thought they were focused on implementation, but 
  now I'm hearing that they want to tackle DIDs as a spec - I want 
  to figure out how to coordinate.
Christopher Allen:  There are other people here that want to move 
  DIDs forward in this group, so that's the question.
Christopher Allen: No other DIF folks here that I know of.
Drummond Reed:  Yes, that's what I was trying to figure out - 
  what other DIF folks are here - Manu asked the question - where 
  are the specs going to live?
Drummond Reed:  I'm on the DIF steering committee - ironically, 
  I'm both torn and neutral on the topic. I don't want to see them 
  as any fiefdom, that includes DIF - the work that DHS has been 
  sponsoring is to get the work done - I'm not bringing any 
  particular prejudice here - most of my work has been done at 
  Oasis. I suggested in the email thread that this group and DIF 
  sit down and have a discussion and come to a conclusion.
Drummond Reed:  With the CG, there is a low bar to 
  participation... W3C WGs there is a higher bar - IETF has a 
  higher bar... I'm open to whatever can work best as long as the 
  work can move foward and get implemented.
Dave Longley: +1 For moving spec forward via W3C CG
Christopher Allen:  One of the advantages of a CG is that a spec 
  that is nurtured here is not actually a formal official 
  international standard - that's what WGs do, there is no lock in 
  to have that spec worked on. But, it does have advantages - it's 
  a bully pulpit - these were incubated at RWoT - we're reaching a 
  point where we want more peer review from just Rebooting. I think 
  this CG would be great to move CG to next level. It doesn't have 
  that lock in, but it has rigor.
Christopher Allen:  I don't want an implementation oriented group 
  solely working on the spec - big believer in working code, so 
  that side of it I want to respect, but I watn to make sure it's 
  not purely an implementation thing.
Kim Hamilton Duffy:  I know we have a lot to talk about wrt. DIF 
  - let's think through action items and continue this next week.

Topic: Reputation Systems

Angus Champion de Crespigny:  I'm going to review what we 
  discussed at Rebooting Web of Trust - lot of questions on 
  reputation and the impact of what can be developed - what we can 
  do in decentralized context - looked at reputation - tried to 
  define design considerations for any reputation system.
Angus Champion de Crespigny:  We thought about differing 
  instances - thought of N considerations of reputation systems - 
  we did not take a stand on best practices - but some of these are 
  more clear than others.
Harlan Wood: 
Angus Champion de Crespigny:  We wanted to lay out what these 
  were - how they operated - something that can be used in any 
  decentralized reputation system.
Kim Hamilton Duffy: Dlongley -- will you be able to 
  attend/present next week or the following? I want to make sure we 
  give you enough time
Angus Champion de Crespigny:  We start higher-level and then step 
Angus Champion de Crespigny:  Context: what is the reputation 
  value applicable to? What can be understood about an entity by 
  seeing their reputation value(s)?
Angus Champion de Crespigny:  For example, good rating on Trip 
  Advisor doesn't mean that the food is good - people that are at 
  that restaurant like the food, what's being measured needs to be 
Angus Champion de Crespigny:  Participation: how is it defined 
  who can and can’t participate, and who can and can’t have a 
  reputation value assigned?
Angus Champion de Crespigny:  Consent: Is consent required by a 
  user to issue claims or a reputation value against the user? Is 
  consent required to reveal claims or a reputation value of a 
Angus Champion de Crespigny:  Is consent required to reveal these 
  claims - can you be in the system - once you're in the system, 
  what can be done?
Angus Champion de Crespigny:  Confidentiality, once you're in the 
  system, can you be discovere?
Angus Champion de Crespigny:  Obfuscation: To meet consent 
  requirements, how is data that calculates a reputation value 
  obfuscated? Can it be derived or is it perfectly information 
Angus Champion de Crespigny:  Value: How is the reputation value 
  calculated? How are claims contributing to the reputation value 
Angus Champion de Crespigny:  How it's generated.
Angus Champion de Crespigny:  Performance: How does the system 
  manage the performance and behavior of the users? How does it 
  manage the performance of the network for speed, reliability, and 
  data integrity? How do users have confidence in this?
Angus Champion de Crespigny:  Sustainability: How does the system 
  stay relevant over time?
Angus Champion de Crespigny:  Claim lifecycle: How are claims 
  valued over time? Can they be revoked, and under what conditions?
Angus Champion de Crespigny:  Resilience: How does the system 
  protect against attacks that reduce the integrity of the 
  reputation value?
Angus Champion de Crespigny:  Legal: What is the legal 
  environment in which the system sits? Are there potential 
  violations of ‘natural’ law?
Angus Champion de Crespigny:  We want to develop this further 
  into best practices...
Christopher Allen:  A little context here - one of the key things 
  here - why this is valuable...
Christopher Allen: 
Christopher Allen:  I wrote about the problems with various kinds 
  of rating systems - link to article there - rating systems are 
  hard, reputation systems are even harder.
Christopher Allen: 
Christopher Allen: 
Christopher Allen:  For very first RWoT - asked expert on 
  reputation systems - wanted him to participate - he submitted the 
  paper above.
Christopher Allen:  Reputation in the real world... why they're 
  so hard and difficult to work on. Every RWoT has attempted to do 
  work on reputation systems... a number of them haven't been able 
  to ship their work product, it's difficult - five star rating 
  system... other people will say "it needs to do X instead"
Christopher Allen:  What I like about Angus' group - it lists a 
  set of things where you can evaluate one reputation system 
  against another.
Christopher Allen:  In any of these systems, folks want to 
  publish reputation, and I have some real concerns about quality 
  of that - we'll finish publishing first draft in RWoT - we want 
  to wait, share to broader community - look through 10 things, 
  make sure description of 10 things - we can look at these other 
  things to compare.
Kim Hamilton Duffy:  We'll hear about RDF Dataset 
  Canonicalization next week.
Kim Hamilton Duffy:  We're carrying a lot of items over to next 

Topic: Next Meeting

Christopher Allen: What work item reviews should we do after 
  Dave's next week? How do we get other people to join us to help 
  make priorities?
Kim Hamilton Duffy:  We need to discuss DID spec w/ DIF, that's a 
  continued topic of discussion.
Received on Tuesday, 6 June 2017 18:01:13 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:38 UTC