W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

[MINUTES] W3C Credentials CG Call - 2017-05-23 12pm ET

From: <msporny@digitalbazaar.com>
Date: Tue, 23 May 2017 14:27:12 -0400
Message-Id: <1495564032936.0.20677@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

http://w3c.github.io/vctf/meetings/2017-05-23/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-05-23

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017May/0050.html
Topics:
  1. Introductions
  2. Action Item Review
  3. Future Work Items Discussion
Action Items:
  1. Kim create poll for priorities
  2. Chairs close poll after ~3 weeks, decide separate group, 
    naming
  3. Chairs finalize missions statement after after decision of 
    group naming
Organizer:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Kim Hamilton Duffy, Harlan Wood, Manu Sporny, 
  Christopher Allen, Joe Andrieu, Nathan George, Matt Stone, Dan 
  Burnett, Kostas Karasavvas, David I. Lehn, Adam Migus, Adam Lake
Audio:
  http://w3c.github.io/vctf/meetings/2017-05-23/audio.ogg

Dave Longley is scribing.

Topic: Introductions

Kim Hamilton Duffy:  I'm one of your new Chairs in this group. I 
  work with the Blockcerts project and am a part of Learning 
  Machine. 
Harlan Wood:  I worked on the Koblitz JavaScript signatures and I 
  was noticing and appreciating their use in block certs. Also 
  working on TrustGraph using VC in the future, released a 
  prototype that uses a different kind of signed claims on ethereum 
  blockchain and I hope to integrate all of these techs into in the 
  future.
Dave Longley is scribing.
Kim Hamilton Duffy:  Changing the agenda a bit, we have a google 
  doc tracking the work items and Christopher started breaking that 
  down into items the digital verification group would work on and 
  I thought it would out more naturally if we discuss the work 
  items first and that would inform the digital verification 
  question more. Then leave a bit more time for reviewing the 
  mission statement. Sound ok?

Topic: Action Item Review

Kim Hamilton Duffy:  Let's review current items. First was 
  creating a preliminary list of items and that's done.
Manu Sporny:  Nothing to add, that's done.
Kim Hamilton Duffy:  Christopher to create a rough draft of 
  credentials mission, that's to be discussed last today.
Manu Sporny: Work Items for group action item done: 
  https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit
Kim Hamilton Duffy:  Christopher to create a new proposal for how 
  the digital verification group integrates, also tracked by the 
  discussion today.
Christopher Allen:  Still a pending item, we'll have to save for 
  next week or the week following.
Kim Hamilton Duffy:  Let's dive into the work items for the CCG.
Christopher Allen: 
  https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#

Topic: Future Work Items Discussion

Kim Hamilton Duffy:  Could everyone take a second to look through 
  those items.
Manu Sporny: Work Items for group: 
  https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#
Kim Hamilton Duffy:  Starting with a proposal for how we go 
  through this, talk through ambiguities, scope, etc. then next 
  steps. This isn't a concrete proposal yet but one way to do it is 
  to say if a topic has no champions we scratch it or someone gets 
  the urgency to then champion it. Proposals for how to move 
  forward and then maybe closing it down.
Kim Hamilton Duffy:  Any questions on scope or anything you've 
  seen on the work items?
Christopher Allen:  One of the key things that I was really 
  hoping for was clarifying more on champion vs. supporters. People 
  haven't articulated the difference so I want to make sure we're 
  there. It's been my experience that in WG people will do it 
  whether others will or not, that's a champion. They want input 
  and to do the group process but they have energy, time, and 
  commitment to so it. Supporters instead want to see it done but 
  it isn't their top priority as other things might get in the way 
  and slow it down. We have a lot of items and we may push things 
  up but having a champion is an important part of the criteria.
Kim Hamilton Duffy:  One thing that we should take from that is 
  that if you are listed as a champion but you don't have intent to 
  work on it, don't have time, etc. switch to supporter.
Manu Sporny:  Right so, I wanted to clarify some thoughts on the 
  work items in the document. Having reviewed them. Question was 
  raised in the VCWG call today ... would these be better done by 
  that WG instead of this one with potential input from this group. 
  Terminology is one of those things. That's a critical item for 
  the WG. I'm trying to say that the WG will do that with input 
  from this group. I'm making a note on terminology that this is a 
  WG potential item.
Christopher Allen: Terminology includes DIDs and such
Manu Sporny:  Lifecycle of a VC, I think I understand that, the 
  more than just claims one and direct vs. indirect claims, I'm not 
  quite sure what that work is about. I understand ... it feels 
  like it's a fairly large vision. As far as work items are 
  concerned they tend to get done when narrowly scoped. These seem 
  important but scope is large and so they may hang out forever. 
  Wondering if we can narrow those.
Manu Sporny:  The other thing I noticed is that it feels like 
  there are core specifications and supporting documentation. There 
  might be a tension in the group with wanting to dive into the 
  core specs because a number of us have commercial interests, vs. 
  supporting documentation which we need to convince W3C to pick up 
  the work with a WG. Both are important, but I foresee some 
  tension on those because some want to dive into core specs 
  without supporting docs and others wanting to do supporting docs. 
  Wondering if chairs or others have put into how we deal with the 
  tension.
Manu Sporny:  We can't really prevent anything from happening if 
  people want to work on different things.
Manu Sporny:  The other question has more to do with the DVCG. If 
  we want to rebrand the CCG, it feels like a lot of what we're 
  doing is actually about digital verification. And the Digital 
  Verification group is more about signature formats, it's about 
  signing data. I'm wondering if the group has thought about that. 
  Maybe this group becomes the Digital Verification Community Group 
  and then we rebrand the current one as a signatures group.
Manu Sporny:  Just a bunch of thoughts.
Christopher Allen:  I spent a bit of time organizing this, etc. I 
  do feel like there is a tension between the fundamentals as 
  supporting docs. It falls into a difference of credential work 
  items and digital verification CG to me. Terminology, one of the 
  things I was thinking of here is that there's a lot of things we 
  want to be consistent with the WG. There are things like DIDs, 
  trust anchors, etc. Part of the reason I like DV is that it 
  includes timestamps which aren't signatures, etc. I feel like 
  there's a role, it should be closely aligned maybe 80% in VC and 
  20% that isn't. The lifecycle of a VC is somewhat of a response 
  to not being able to talk about protocols easily in the VCWG 
  because of charter and as that WG can start accepting we can move 
  over there.
Christopher Allen:  I wanted Noah and Harlan at this meeting 
  because they directly faced a problem ... R3 introduced 
  self-sovereign identity and they separated evidences and 
  assertions from the claims. We need to be careful that we're... 
  if I've heard once before that you can express these other things 
  as claims as well and if that's true I want to make sure that it 
  works for some of these other people who have taken an 
  independent look at it and split things off. It's an important 
  issue and it feels appropriate ... also applies to direct vs. 
  indirect claims. I can see the browser API and polyfill is more 
  of a spec and it's deeper down. Maybe that can be fit into the 
  verification work items and the Web of Trust schema and could 
  directly go to the VCWG. That's my quick overview.
Joe Andrieu:  I think the more than claims/direct vs. indirect 
  claims may be part of the terminology section. Some of that is 
  semantics, what do you mean by these things and how they fit in. 
  I like Manu's assertion that the terminology is part of WG. What 
  happens when we run into terminology that's out of scope for that 
  WG? How do we talk about the terms that can't be addressed by 
  that group. I wanted to talk about this tension, which I agree, 
  supporting vs core. It's an inevitable thing. Since I'm a 
  requirements engineer I like this upfront work. It's not so much 
  about documenting but figuring out what you really need. I think 
  we're really missing what would drive terms of use, scope or 
  expiration of a claim. Or how to present selected claims for 
  different but multiple credentials. Part of that is a rush is 
  given the mental model of a productive I'm developing that's what 
  I think.
Kim Hamilton Duffy:  Developing some more nodes in our decision 
  tree... there may be some topics more properly owned by the WG 
  but there are some where that might make sense we also want to be 
  actively contributing, where we encounter use cases that differ. 
  I am curious to ask, do we have anyone on the call right now who 
  sees themselves more as part of the DVCG ... and do they think 
  should they be separate groups or join, etc.?
Christopher Allen:  It does feel like there are as many as four 
  different categories now. We have a number of items that are 
  clearly fit into the VCWG, things like defining requirements, 
  foundational docs. Things more spec oriented, two categories, one 
  of which is the DV, DIDs also. We kind of need it, no one else is 
  doing it, it's here for now, but it's a separate group of people 
  potentially. And we have items, I know Kim expressed deep 
  interest in getting down ... reference implementations of things 
  to see if it works.
Kim Hamilton Duffy:  So we're sliding into DVCG integration and 
  maybe that's better to just let that happen. One thing I was 
  wondering ... does anyone have any thoughts on where to go from 
  here on making these decisions. I know there are certain areas 
  I've very interested in and the ones I can champion and would 
  gladly sign up for and will do no matter what I know what that 
  is, maybe we can have people who are interested in Championing 
  and put forward what those are and maybe use the voting system 
  that Manu or Christopher described ... where should we 
  go/approach this?
Christopher Allen:  I wanted to come back to ... now that we've 
  opened this up to the bigger thing of DV, I've been reaching out 
  to a variety of parties that haven't been as active or active at 
  all in the credentials community, cryptographers, security 
  professionals, blockchain space, like block stack should be 
  technically using this family of stuff but not participating in 
  the WG or VC task force, etc. Something in my gut says that 
  because we aren't doing spec level things or have specs for 
  people to review is maybe why they aren't participating as much. 
  There is maybe a need for separating the DV out as more spec 
  oriented. I've got one cryptographer in mind ... I really like 
  his work at hyperledger and will see if I can't get him in here 
  because he is a person that can look at these specs and say "wait 
  you haven't addressed this etc" maybe even willing to be a 
  co-chair that could attract more like him. So I'm inclined to 
  keep the groups separate. We can change the name for things that 
  are at the spec stage in that group somehow...
Christopher Allen:  As an operational thing.
Nathan George: +1 On having fewer groups if possible
Matt Stone: +1 On fewer calls per week :)
Kim Hamilton Duffy: :)
Matt Stone: +1 On moving away from the term "credential" based on 
  historical friction.
Manu Sporny:  I'm wondering, during last week's call that we want 
  to be careful with merging groups because we just separated them 
  out. I may be reverse that hearing this discussion. We don't want 
  to lose momentum in groups. Splitting out for the survival of the 
  group because of too much momentum makes sense but it sounds like 
  the vast majority of items that we want to do have to do with DV 
  and that's incredibly broad which is good for a CG. We could 
  shove all of these items into a DV CG and no one would question 
  whether the spec or supporting material belonged. If you did the 
  same with the CCG, people could argue against it. I think this is 
  an argument to rebrand all the work under the DVCG and go 
  forth... and only split work off when it feels like we have 
  critical mass.
Manu Sporny:  The only issue is if people object to doing that.
Manu Sporny:  Renaming and concerns we'll have to talk with W3C 
  systems team and they might just say we can't rename the group 
  and we'll have move everyone over and we'll lose 60 members who 
  aren't paying attention to the mailing list on a weekly basis. 
  Rebranding everything under DVCG would be the proposal, move all 
  the specs there.
Manu Sporny:  People work on the things they really want to work 
  on, telling us priorities.
Kim Hamilton Duffy:  I think that makes a lot of sense. I think 
  the renaming alone describes more clearly what we're working on. 
  Depending on who's interested in a topic, what you will get out 
  of it. I think one thing we could do is combine champions and 
  supporters in a way, so that if I'm working on a prototype that 
  would lead into a specification but I don't have as much 
  experience there others could help out. So I think because of 
  that I'm liking the idea that we're under an umbrella group. If 
  we have a concrete deliverable we're working on and have people 
  with different strengths that could work really well.
Harlan Wood: Scrum I think ;)
Kim Hamilton Duffy: Let the record state strongbad ;)
Matt Stone:  I think having two groups sort of forces us to have 
  discussions like "we can't have that discussion here". That's 
  challenging if you don't have the right parties in the call. 
  Based on our discussions over the last few years, the term 
  "credential" has turned into a land mine that would be nice if we 
  could just move away from. DV is a pretty good fit for what we're 
  trying to do. That may be a better feeder from big ideas to 
  implementable standards without having a land mind of credentials 
  thrown into it all the time.
Harlan Wood: Everyone will want to be on that team!
Manu Sporny: +1 To what Matt said
Christopher Allen:  I'll concede to merging the two. I don't want 
  to get lost in the specs too deeply without also considering some 
  of these higher level things. I have some real concerns and we 
  keep talking about data minimization and selective disclosure but 
  we don't say what they are and best practices, crypto techniques, 
  reasonable, possible, etc. We could put a lot of work into a spec 
  that doesn't focus on a privacy and data minimization property 
  and have to throw the spec away. If I look at the list on the 
  bottom, the redaction signature suite which has some challenges 
  but it's one of the closest that allows for data minimization and 
  it could be a requirement for some of these types of things. The 
  intent of every node ... that is separate and you can just 
  include a hash of the node or something of that nature when 
  sending it on to another party. The current one doesn't quite 
  work because it doesn't have nonces from a security perspective. 
  But you've got the way to have a large signed claim and just give 
  a small piece of it and it's still valid. Data minimization way 
  of addressing privacy. It's not in this list but there's also CL 
  signatures which is a true cryptographer selective disclosure 
  method, there's u-prove, etc.
Christopher Allen:  There's some high level work that needs to be 
  done and that's one of the reasons why RWoT has done reasonably 
  well is that I always try to make sure that we're spending 
  sufficient time where we can include people like Joe who has 
  brought diversity and great knowledge, etc. You don't want to 
  forget those.
Manu Sporny:  We don't want people working on specs where the 
  specs don't necessarily meet requirements the group has, but at 
  the same time the group doesn't have control over what people 
  work on or what they believe the correct requirements are etc. 
  But spec writers will get hints from the community as to whether 
  they are going in the right direction. In Christopher's point, if 
  the spec doesn't have the right privacy features, implementers 
  will say it's not meeting needs. Community Groups tend to work in 
  a pro "fork the spec" or "submit PRs" or writing emails to the 
  group to convince people to move another way. I don't think we 
  should spend too much time wringing hands over people picking up 
  and writing a spec. That's the core thing that gets things done, 
  or people doing implementations and then writing specs after the 
  fact. IF we're doing that we're successful, everything else is 
  fine tuning.
Manu Sporny:  We can't control people doing things we don't want 
  them to do, if someone goes off doing something people don't want 
  and the spec will be forked and you'll have two competing specs, 
  which is reasonable in a CG. Dumping all these specs into a group 
  isn't a bad thing, the things people want to work on will get 
  worked on and everything else will fall by the way side.
Manu Sporny:  Having a single group won't have a negative impact 
  in that respect.
Christopher Allen: I don't want to repeat the bad patterns of 
  FOAF
Joe Andrieu:  Had a question about umbrella group with community 
  conversation vs. spec driven work. Community place to explore 
  bigger issues without slowing down spec. The assumption at the 
  heart of your argument, Manu, privacy is poorly understood and 
  companies get it wrong all the time, the notion that if we get it 
  wrong we'll fix it later, I'm weary of that. Spec work has to go 
  hand in hand you have to get requirements, etc together.
Manu Sporny: +1 To working in parallel :)
Dave Longley: +1 ... And a lot of spec discussion happens in 
  github
Manu Sporny: ChristopherA, it would be good to understand what 
  those "bad patterns" were?
Kim Hamilton Duffy:  Not sure what we need to do with W3C staff 
  to move membership over, etc.
Kim Hamilton Duffy:  Over the mailing list if there are further 
  thoughts we can iterate, but maybe next week let's make a 
  decision about going forward.
Kim Hamilton Duffy:  Next we need to decide finalizing work 
  items, I don't mean commitments, etc. and timeline. If we have 
  some kind of thoughts or prioritization, urgency, any thoughts?
Christopher Allen:  I justed to also ... it's good for some 
  people to talk about what their highest priorities are. This week 
  is a lot of people I thought I could draft into this meeting are 
  at the consensys conference.
Christopher Allen:  Blockstack team, MS, Drummond. Next Tuesday 
  will be day after memorial day, so lots of people taking that 
  off. I'd like to say the one after that we decide then.
Harlan Wood:  Looking over the work items, I'm especially 
  interested in the RWoT schema at the end. We've been working with 
  codying ratings in a JSON schema. We've been developing a similar 
  format for schema.org ratings and I'm interested in integrating 
  that with signed claims, that's my core interest.
Kim Hamilton Duffy:  We don't have an item tracking that could 
  you add that?
Christopher Allen: Reputation systems have issues — we
Harlan Wood:  Yes, the RWoT schema, the last one.
Kim Hamilton Duffy:  Got it.
Christopher Allen:  I think that reputations and ratings and 
  whatever are going to come up more and there known ... talked 
  about RWoT, issues and challenges on catching people up on what 
  makes rating and reputation systems hard. Lots of half-assed 
  things -- we've known for years flawed 5 star rating systems. We 
  could at least try to address some best practices and point 
  people where they can discover more. Coming up in credentials 
  more and more.
Christopher Allen: I agree with manu if we add 1 week.
Manu Sporny:  This whole "what is the group going to do next" 
  discussion ... we kind of staged it in a way that let everyone 
  write down their ideas in the document and it's settling, quite a 
  bit over the last week or so. Maybe give it till the end of the 
  week and then convert it to a poll. You get points to allocate 
  however you want, if you feel really strongly about one item you 
  can put more of your points there. That gives us a lose idea of 
  what people want to work on and the importance. We just leave 
  that poll open and as new people come into the community they put 
  their ideas down on what they want to work on and the chairs just 
  keep an eye on it and see if what people want to work on shifts. 
  Could rerun the poll every 6 months, etc.
Harlan Wood: Link to Reputon spec I mentioned: 
  https://tools.ietf.org/html/rfc7071
Manu Sporny:  Good way to get people's input, not everyone will 
  talk on the phone, not how they like to communicate.
Manu Sporny:  Concrete proposal is to wait another week to add 
  items to this google doc and one of us can convert it into a 
  google forms poll and keep it open for a month and get consensys 
  people and newcomers.
Manu Sporny:  Then chairs make determination "this is what people 
  said they'd work on" and let people do their thing.
Manu Sporny:  That's my concrete proposal.
Manu Sporny:  Agree or better way forward?
Harlan Wood: Link to Work.nation architecture doc, which uses 
  "Reputons" as "signed claims" via Ethereum + IPFS + uPort: 
  https://github.com/worknation/work.nation
Dan Burnett: +1 To poll
Christopher Allen:  I'm fine with a poll if we can add a week, I 
  just think people ought to be able to have two weeks to put 
  things onto the poll.
Harlan Wood: I have to drop off for another meeting.  Last note: 
  9am Pacific is better than 8am if we are choosing one of those 
  call times.
Christopher Allen:  I think making sure we have all the work 
  items that people want to do when we don't necessarily have ... 
  some of the people who have moved on will come back if we have 
  work items that are related to the work they are doing.
Dan Burnett:  I was just going to say ... the poll idea is a good 
  one you've seen me use that in other contexts as well. I like it 
  from an administrative perspective as well because you can rerun 
  it. I'd say, don't worry too much, allow an extra week but it 
  doesn't have to be the last time you ever do it. Just a snapshot 
  for a point in time to gauge interest.
Kim Hamilton Duffy: 
  https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing
Kostas Karasavvas: Hi all! I couldn't join you from the beginning 
  but just wanted to introduce myself and maybe take part in the 
  next meeting. My name is Kostas Karasavvas and I am working on 
  the blockchain academic certificates project from the University 
  of Nicosia. I have also briefly contributed on blockcerts and had 
  a great collaboratation with Kim on that (hi Kim!). I look 
  forward to get involved with the TF.
Christopher Allen:  We have this very long credentials statement 
  from the existing one which manu said was based on circumstances 
  at the time. We put together a briefer one. The main comment 
  someone had was that they wanted to have "what is a credential" a 
  bit more. So, we've also had discussions here about digital 
  verification and whether or not that should be the new name of 
  the group. But we risk losing some our less active members who 
  could come back and can't find us because we've moved.
Christopher Allen:  I'm open on do we focus on the name change 
  first, or do we try to revise this mission statement for the new 
  name, etc.
Manu Sporny: Hi Kostas, great to see you here! Please join us 
  next time... would love to have you in the group!
Kim Hamilton Duffy:  Recapping... we finished two action items, 
  we are going to continue to get feedback over the week, at the 
  end of this week I can create a poll to let people allocate their 
  points on what they want to work on. Per Christopher's feedback 
  we won't have all the people here for deciding branding, names, 
  separate groups, etc.
Kim Hamilton Duffy:  So we're going to set a deadline on that 
  decision for three Tuesdays from now.
Kim Hamilton Duffy:  What I do propose is that if there's an area 
  you are passionate about don't wait for that.
Kim Hamilton Duffy:  In terms of next steps for the mission 
  statement. Christopher do you have thoughts on that?

ACTION: Kim create poll for priorities

Christopher Allen:  Both things are kind of stymied on ... 
  branding, naming things. Has to do more with whether or not we 
  can preserve any of our existing thing if we have to go new... 
  what are the protocol ramifications. I kind of like that 
  credentials has been accepted by the W3C. It's pretty broad. For 
  whatever reason I could easily see us adding to our revised 
  mission statement, some of the text from the digital verification 
  into the description if we want to merge the two groups. 
  Conversely we could focus on digital verification and even if we 
  lose a lot of people we might get more DV people who are active.

ACTION: Chairs close poll after ~3 weeks, decide separate group, 
  naming

Christopher Allen:  Risks for that ... their requirements become 
  challenging for some of our goals, self sovereignty, etc. Have to 
  be careful. I haven't been part of the larger process for this, 
  Manu and others dealing with VCTF, CCG, Web Payments CG, may have 
  better answers.
Kim Hamilton Duffy:  We'll revisit finalizing the mission 
  statement after naming.
Christopher Allen: Post to group for last call of putting 
  possible items into poll
Dave Longley: +1
Manu Sporny: +1
Christopher Allen:  We need to post to the group a call for more 
  work items if any. If people can talk to others in other groups 
  who want credentials/DV if they want to participate to come over.

ACTION: Chairs finalize missions statement after after decision 
  of group naming

Christopher Allen:  I'd like more open badges, blockstack, others 
  who have shown up for meetings in the past, etc.
Christopher Allen:  Are you part of the DI group, manu?
Manu Sporny:  Nope.
Christopher Allen:  We should try to get them to come, all those 
  people want to use VC and credentials. R3 also talking about self 
  sovereign identity recently with different requirements. I'd like 
  to get that clarity and get those people in.
Kim Hamilton Duffy:  We're at time :)
Received on Tuesday, 23 May 2017 18:27:43 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC