W3C home > Mailing lists > Public > public-credentials@w3.org > June 2017

[MINUTES] W3C Credentials CG Call - 2017-06-13 12pm ET

From: <msporny@digitalbazaar.com>
Date: Tue, 13 Jun 2017 14:15:29 -0400
Message-Id: <1497377729464.0.8654@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Kim Hamilton Duffy for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials CG Telecon Minutes for 2017-06-13

  1. Introductions
  2. Action Items
  3. Community Group Naming
  4. Interaction with Banking/Finance Industry
  5. Planning for W3C TPAC
  6. Work Item Review
  7. RDF Dataset Canonicalization
  8. Privacy and Security Requirements
Action Items:
  1. Chairs to work on technologies pitch for TPAC
  Kim Hamilton Duffy and Christopher Allen
  Kim Hamilton Duffy
  Kim Hamilton Duffy, Christopher Allen, Dave Longley, Glen Braun, 
  David I. Lehn, Drummond Reed, Adrian Gropper, Matt Stone, Manu 
  Sporny, Sean Bohan, Adam Lake, Nathan George, Noah Thorp, David 
  Chadwick, Joe Andrieu, Abbas Ali

Kim Hamilton Duffy is scribing.
Christopher Allen:  Reviewing agenda
Christopher Allen:  Add separate discussion item about meeting in 
Dave Longley:  Add item about what to do with DID spec, what is 
  desired outcome?
Christopher Allen:  We'll discuss after results

Topic: Introductions

Glen Braun:  Working with local company called RChain, helping 
  with ID work, studying Sovrin. Studying Open Badges
David I. Lehn:  With Digital Bazaar, helping with implementations

Topic: Action Items

Manu permissions work item complete
Christopher Allen: Please fill out group work item priorities 
  poll here:  
Poll deadline target next week
Christopher Allen:  Ideally 1 per org
Christopher Allen:  Naming goals constraints and pitfalls -- in 
  progress, will talk about later. new name and mission stmt -- 
  should be done end of month
Christopher Allen:  Meetings with Digital Verification groups, 
  how does this work
Kim Hamilton Duffy:  We haven't gotten that many new votes on the 
  poll, we have around 13-15 votes so far... support on lifecycle, 
  browser APIs, DIDs, are in the lead. [scribe assist by Manu 
Kim Hamilton Duffy:  Privacy and security requirements are also 
  supported - get your votes in as soon as possible. [scribe assist 
  by Manu Sporny]
Drummond Reed:  How will things proceed?
Drummond Reed: BTW, I just joined the IRC. Can someone post the 
  link to the poll again?
Christopher Allen:  2 More of discussions about work items, tally 
  which were highest, who will be champion and actually work on 
  poll items
Joe Andrieu: 
Christopher Allen:  Want items that are doable and shippable, 
  won't take too long

Topic: Community Group Naming

Christopher Allen:  Naming status "Self Sovereign CG". concern: 
  makes it difficult to speak to banks. Feeling at an impasse
Christopher Allen:  OTOH everyone know what "Credentials CG" 
  means. questions/comments?
Kim Hamilton Duffy:  I was wondering - what's the concern w/ the 
  banks - it might imply that we're working toward too much of a 
  decentralized solution? [scribe assist by Manu Sporny]
Christopher Allen:  Manu will follow up on kimhd's question
Drummond Reed:  +1 For SS CG. Industry buying into that term
Drummond Reed:  SS speaks strongly to paradigm shift; individual 
  control of their data
Drummond Reed:  Has become a technology category
Adrian Gropper: +1 For SS CG for the same reasons as Drummond
Kim Hamilton Duffy: +1 To Drummond's statement
Matt Stone:  Concern with SST -- is it too implementation 
  focused? Credentials is narrower in scope, people will pick up on 
  more quickly
Manu Sporny:  Presentation to 80-100 bank execs. Tried all, they 
  reacted positively to (1) Credentials, (2) VC, (3) SST
Manu Sporny:  They did not grok SST. Perhaps this use has not hit 
  this audienc
Sean Bohan: Anyone have a URL for that paper?
Manu Sporny:  Of people who were aware, different connotation. 
  Swedish context from 80s?
Drummond Reed: Ironically, Manu's point is one of the reasons I 
  am in favor of "self-sovereign" is that it is a new technology 
  category, and that means it can gain meaning as the use of the 
  term grows.
Drummond Reed: Note that the Perkins Coie law firm just released 
  a white paper on self-sovereign identity: 
Manu Sporny:  In general, SST term is taking off. Google search 
  on term top results are DID spec, etc
Drummond Reed: +1 To SSI being highly aligned with GDPR
Manu Sporny:  We will have to educate certain audiences, which is 
  not a great marketing approach
Drummond Reed: The term is gaining great traction in the EU 
  because of that alignment.
Manu Sporny:  SST or SSCG are fine choices
Christopher Allen:  Is torn. Has seen poor uses of term "SS" in 
  the wild, beginning to be coopted. So may be preferable to 
  reclaim the narrative and mission/goals.
Adam Lake: What about "Self Sovereign Credentials"?
Christopher Allen:  Would forming a separate CG cause political 
  problems with w3c?
Dave Longley: -1 To creating new groups
Drummond Reed: -1 To creating a new group
Manu Sporny:  Should focus on group we have rather than diffuse 
Kim Hamilton Duffy:  Also -1 to new group
Adrian Gropper: Also -1 to new group
Manu Sporny: I like Self Sovereign Credentials more than Self 
  Sovereign Technology
Manu Sporny: It has continuity w/ the "old" group
Christopher Allen:  Close agenda item for now. We need more ppl 
  who care about this here. e.g. Christian Lundkvist, other RWoT 
Drummond Reed: "Self-Sovereign Technology CG" is a broader term 
  and a bigger tent
Nathan George: I also prefer keeping credentials in the title
Manu Sporny: It introduces the "new thing" we want to go with...
Matt Stone: Also -1 on new group - let's keep this energy 
  consolidated.  I could rally around Self-Sovereign Credentials.

Topic: Interaction with Banking/Finance Industry

Adrian Gropper: I prefer SST for the same reason as Drummond
Christopher Allen:  Read Manu's banking presentation and feedback
Manu Sporny:  Will clean up email with his summary and send to 

Topic: Planning for W3C TPAC

Christopher Allen:  Should we have our own meeting during that?
Christopher Allen:  Could be good opportunity to get message out 
  about new name.
Drummond Reed: Note that this meeting will come shortly after the 
  next IIW Oct 17-19 in Mountain View
Manu Sporny:  Suggests creating pitches. Weds is plenary (?) 
  day...introduce new work that's experimental. 468 companies in 
  W3C ; would be good to do a presentation on DID, signature 
  schemes, ... that this group is working on. Suggest this group 
  does those sort of pitches rather than face to face meeting
Manu Sporny:  May not get a lot more ppl joining CG as an 
  outcome. But we should pitch the specs we're working on to W3C 
  group on weds. This is separate from CG having F2F meeting
Drummond Reed: Manu, when is the VC WG F2F meeting?
Manu Sporny: Last 2 days of W3C TPAC... Nov 9th/10th, I think? 
  Will have to check schedule. It's on the Thu/Fri.

ACTION: Chairs to work on technologies pitch for TPAC

Manu Sporny: Drummond, Burlingame, CA ... 
Manu Sporny: Drummond, Nov 6-10.

Topic: Work Item Review

Dave Longley: 
Dave Longley:  DID spec is listed as doc in DIF. Does this mean 
  that WG is iterating on the spec? What is that group doing with 
  the spec? Implementations of spec?
Dave Longley:  Desired outcome -- this group takes on specs, work 
  on it in open community; other groups can work on 
  implementations. His  understanding is Drummond agrees
Drummond Reed: Dave is absolutely right - DIF is focused on 
  implementations, and in the Identifiers, Names, and Discovery WG, 
  specifically a community DID resolver. The DID spec should, if 
  the members of this CG agree, come to this group.
Christopher Allen:  Meeting with D. Buchner to discuss later this 
Drummond Reed:  Strongly agree. Natural home for spec is this CG. 
  Enthusiastic about taking on in this group
Drummond Reed:  Standards in standards orgs, implementations in 
  implementation orgs
Manu Sporny: +1 To what Drummond said, very supportive of that 
Dave Longley: 

Topic: RDF Dataset Canonicalization

Dave Longley:  Domain champions are he and manu
Dave Longley:  Work item primarily about how we express claims
Dave Longley:  Esp. data format for claims about someone
Dave Longley:  Concern is that multiple ways to express graph
Dave Longley:  To check and verify, we need to ensure canonical 
Dave Longley:  Problem how to determine claim has not changed, 
  which representation was signed
Dave Longley:  RDF dataset canon. is a solution. produces unique 
  form of graph
Dave Longley:  Output of alg can be compared, hashed and 
  digitally signed. outcome is same no matter which input rep.
Dave Longley:  Can ensure same claim
Drummond Reed: +1 To renaming spec to RDF Data Canonicalizaton
Dave Longley:  Canonicalization is more accurate term. should 
  rename. spec needs review, clarification (why useful), and should 
  have rigorous proof of correctness
Dave Longley:  There are multiple implementations of this. 1st 
  version was in 2012 and iterations since. Mature.
Dave Longley:  https://json-ld.github.io/normalization/spec/ is 
  location of current spec. would like to work on in this group
Nathan George:  One area of disconnect. Selective disclosure 
  schemes (uproof etc) need a rigorous def of which slots are 
  available for signing. role of norm. is filled by signature 
  scheme itself. normalization from RDF ends up being redundant. 
  There is overlap between sel. dis. and RDF canon that should be 
Drummond Reed: Don't different signature schemes need to support 
  different canonicalization algorithms?
Manu Sporny: Drummond - that's it!
Dave Longley: Yes
Drummond Reed: Coming from the XDI graph world, I can guarantee 
  you that canonicalization of the graph is every bit as important 
  as Dave is saying.
Christopher Allen:  Impressed with effort to create canon that 
  works across formats. Working in multiple implementation. 
  Concerns with how it connects to others? Propose get rid of "RDF" 
  in title and instead focus on value proposition
Drummond Reed: But Nathan is also correct that the CL sig scheme 
  uses a totally different approach.
Manu Sporny: Drummond, yes, but as Nathan was mentioning - CamLys 
  signatures don't need to normalize, because they already have a 
Drummond Reed: And that's goodness too.
Christopher Allen:  Second suggestion: being to make open to 
  other things like selective disclosure
Manu Sporny: Drummond, in short - Linked Data Signatures is 
  designed to support both... CL-Signatures wouldn't use RDF 
  Dataset Normalization.
Manu Sporny: Drummond, they'd use something more like this - 
Drummond Reed: +1 To robust support for selective disclosure - 
  there are multiple ways to do it
Manu Sporny: Note the 3.3 Examples section
Christopher Allen:  Instead of hash for entire dataset, break 
  down into hash tree. provide hash of things that are not 
Nathan George: There are several signature schemes that are 
  important (and useful) for ledger-like use cases of Verifiable 
  claims that I think are worth making space for (even if we don't 
  address them head on)
Nathan George: We should clear room for tree-like signatures, 
  group signature and a few others to help project ledger consensus 
  outside of a DLT (but that may or may not be in scope for this 
Manu Sporny: Nage, absolutely agree - hopefully we've done 
  that... happy to explain how.
Dave Longley:  This is just canon piece, does not talk about 
  signature schemes
Dave Longley:  RDF work addresses ordering part. can discuss how 
  to make that work with selective disclosure. This only addresses 
  getting a graph in canonical order
Dave Longley:  Flexible in what we can do with output
Noah Thorp: Nothing urgent from me
Kim Hamilton Duffy: +1 To adding to the work item scope some 
  investigation, narrative around how it can work with other  

Topic: Privacy and Security Requirements

David Chadwick:  See outline in "Privacy & Security Requirements 
  for Credentials Ecosystem" of 
Christopher Allen: (BTW, if folks who done presentations can you 
  make sure their link is added to the work items document?)
David Chadwick:  "Except in cases of abuse" -- issuer and 
  inspector should have recourse in case of user abuse
Christopher Allen:  Where is line between VC and SST groups in 
  terms of scope?
Manu Sporny:  Some items DavidC covered may belong in VC WG. Some 
  requirements of SS are stricter than the general case.
Manu Sporny:  One way to approach: state a principle, see where 
  it belong
Nathan George: +1 To the "big tent" approach to keep the 
  generalizations as adoptable as possible
Manu Sporny:  For each item DavidC mentioned, ensure weaker 
  version is listed in VC group, but stronger version is available 
  in this group
David Chadwick:  Concept of high security credentials that should 
  not be released to anyone outside the org. Nothing in the 
  technology would stop stepping outside restrictions of employer 
  (kimhd: not sure I captured this statement correctly)
Christopher Allen:  Focus on differences between groups
Kim Hamilton Duffy:  We have Jan Camenisch signed up two weeks 
  from now...  [scribe assist by Manu Sporny]
Drummond Reed: FYI, I will not be able to attend next week's 
  meeting - I have an all day meeting with BYU Internet Security 
  Research Labs
Joe Andrieu: I gotta run. See you next week.
Manu Sporny: FILL OUT THE POLL: 
Christopher Allen:  Let's make sure to invite more folks to these 
  meetings and build our community! [scribe assist by Manu Sporny]
Received on Tuesday, 13 June 2017 18:15:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:38 UTC