- From: <msporny@digitalbazaar.com>
- Date: Tue, 23 May 2017 14:27:12 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
http://w3c.github.io/vctf/meetings/2017-05-23/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-05-23
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2017May/0050.html
Topics:
1. Introductions
2. Action Item Review
3. Future Work Items Discussion
Action Items:
1. Kim create poll for priorities
2. Chairs close poll after ~3 weeks, decide separate group,
naming
3. Chairs finalize missions statement after after decision of
group naming
Organizer:
Manu Sporny
Scribe:
Dave Longley
Present:
Dave Longley, Kim Hamilton Duffy, Harlan Wood, Manu Sporny,
Christopher Allen, Joe Andrieu, Nathan George, Matt Stone, Dan
Burnett, Kostas Karasavvas, David I. Lehn, Adam Migus, Adam Lake
Audio:
http://w3c.github.io/vctf/meetings/2017-05-23/audio.ogg
Dave Longley is scribing.
Topic: Introductions
Kim Hamilton Duffy: I'm one of your new Chairs in this group. I
work with the Blockcerts project and am a part of Learning
Machine.
Harlan Wood: I worked on the Koblitz JavaScript signatures and I
was noticing and appreciating their use in block certs. Also
working on TrustGraph using VC in the future, released a
prototype that uses a different kind of signed claims on ethereum
blockchain and I hope to integrate all of these techs into in the
future.
Dave Longley is scribing.
Kim Hamilton Duffy: Changing the agenda a bit, we have a google
doc tracking the work items and Christopher started breaking that
down into items the digital verification group would work on and
I thought it would out more naturally if we discuss the work
items first and that would inform the digital verification
question more. Then leave a bit more time for reviewing the
mission statement. Sound ok?
Topic: Action Item Review
Kim Hamilton Duffy: Let's review current items. First was
creating a preliminary list of items and that's done.
Manu Sporny: Nothing to add, that's done.
Kim Hamilton Duffy: Christopher to create a rough draft of
credentials mission, that's to be discussed last today.
Manu Sporny: Work Items for group action item done:
https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit
Kim Hamilton Duffy: Christopher to create a new proposal for how
the digital verification group integrates, also tracked by the
discussion today.
Christopher Allen: Still a pending item, we'll have to save for
next week or the week following.
Kim Hamilton Duffy: Let's dive into the work items for the CCG.
Christopher Allen:
https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#
Topic: Future Work Items Discussion
Kim Hamilton Duffy: Could everyone take a second to look through
those items.
Manu Sporny: Work Items for group:
https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#
Kim Hamilton Duffy: Starting with a proposal for how we go
through this, talk through ambiguities, scope, etc. then next
steps. This isn't a concrete proposal yet but one way to do it is
to say if a topic has no champions we scratch it or someone gets
the urgency to then champion it. Proposals for how to move
forward and then maybe closing it down.
Kim Hamilton Duffy: Any questions on scope or anything you've
seen on the work items?
Christopher Allen: One of the key things that I was really
hoping for was clarifying more on champion vs. supporters. People
haven't articulated the difference so I want to make sure we're
there. It's been my experience that in WG people will do it
whether others will or not, that's a champion. They want input
and to do the group process but they have energy, time, and
commitment to so it. Supporters instead want to see it done but
it isn't their top priority as other things might get in the way
and slow it down. We have a lot of items and we may push things
up but having a champion is an important part of the criteria.
Kim Hamilton Duffy: One thing that we should take from that is
that if you are listed as a champion but you don't have intent to
work on it, don't have time, etc. switch to supporter.
Manu Sporny: Right so, I wanted to clarify some thoughts on the
work items in the document. Having reviewed them. Question was
raised in the VCWG call today ... would these be better done by
that WG instead of this one with potential input from this group.
Terminology is one of those things. That's a critical item for
the WG. I'm trying to say that the WG will do that with input
from this group. I'm making a note on terminology that this is a
WG potential item.
Christopher Allen: Terminology includes DIDs and such
Manu Sporny: Lifecycle of a VC, I think I understand that, the
more than just claims one and direct vs. indirect claims, I'm not
quite sure what that work is about. I understand ... it feels
like it's a fairly large vision. As far as work items are
concerned they tend to get done when narrowly scoped. These seem
important but scope is large and so they may hang out forever.
Wondering if we can narrow those.
Manu Sporny: The other thing I noticed is that it feels like
there are core specifications and supporting documentation. There
might be a tension in the group with wanting to dive into the
core specs because a number of us have commercial interests, vs.
supporting documentation which we need to convince W3C to pick up
the work with a WG. Both are important, but I foresee some
tension on those because some want to dive into core specs
without supporting docs and others wanting to do supporting docs.
Wondering if chairs or others have put into how we deal with the
tension.
Manu Sporny: We can't really prevent anything from happening if
people want to work on different things.
Manu Sporny: The other question has more to do with the DVCG. If
we want to rebrand the CCG, it feels like a lot of what we're
doing is actually about digital verification. And the Digital
Verification group is more about signature formats, it's about
signing data. I'm wondering if the group has thought about that.
Maybe this group becomes the Digital Verification Community Group
and then we rebrand the current one as a signatures group.
Manu Sporny: Just a bunch of thoughts.
Christopher Allen: I spent a bit of time organizing this, etc. I
do feel like there is a tension between the fundamentals as
supporting docs. It falls into a difference of credential work
items and digital verification CG to me. Terminology, one of the
things I was thinking of here is that there's a lot of things we
want to be consistent with the WG. There are things like DIDs,
trust anchors, etc. Part of the reason I like DV is that it
includes timestamps which aren't signatures, etc. I feel like
there's a role, it should be closely aligned maybe 80% in VC and
20% that isn't. The lifecycle of a VC is somewhat of a response
to not being able to talk about protocols easily in the VCWG
because of charter and as that WG can start accepting we can move
over there.
Christopher Allen: I wanted Noah and Harlan at this meeting
because they directly faced a problem ... R3 introduced
self-sovereign identity and they separated evidences and
assertions from the claims. We need to be careful that we're...
if I've heard once before that you can express these other things
as claims as well and if that's true I want to make sure that it
works for some of these other people who have taken an
independent look at it and split things off. It's an important
issue and it feels appropriate ... also applies to direct vs.
indirect claims. I can see the browser API and polyfill is more
of a spec and it's deeper down. Maybe that can be fit into the
verification work items and the Web of Trust schema and could
directly go to the VCWG. That's my quick overview.
Joe Andrieu: I think the more than claims/direct vs. indirect
claims may be part of the terminology section. Some of that is
semantics, what do you mean by these things and how they fit in.
I like Manu's assertion that the terminology is part of WG. What
happens when we run into terminology that's out of scope for that
WG? How do we talk about the terms that can't be addressed by
that group. I wanted to talk about this tension, which I agree,
supporting vs core. It's an inevitable thing. Since I'm a
requirements engineer I like this upfront work. It's not so much
about documenting but figuring out what you really need. I think
we're really missing what would drive terms of use, scope or
expiration of a claim. Or how to present selected claims for
different but multiple credentials. Part of that is a rush is
given the mental model of a productive I'm developing that's what
I think.
Kim Hamilton Duffy: Developing some more nodes in our decision
tree... there may be some topics more properly owned by the WG
but there are some where that might make sense we also want to be
actively contributing, where we encounter use cases that differ.
I am curious to ask, do we have anyone on the call right now who
sees themselves more as part of the DVCG ... and do they think
should they be separate groups or join, etc.?
Christopher Allen: It does feel like there are as many as four
different categories now. We have a number of items that are
clearly fit into the VCWG, things like defining requirements,
foundational docs. Things more spec oriented, two categories, one
of which is the DV, DIDs also. We kind of need it, no one else is
doing it, it's here for now, but it's a separate group of people
potentially. And we have items, I know Kim expressed deep
interest in getting down ... reference implementations of things
to see if it works.
Kim Hamilton Duffy: So we're sliding into DVCG integration and
maybe that's better to just let that happen. One thing I was
wondering ... does anyone have any thoughts on where to go from
here on making these decisions. I know there are certain areas
I've very interested in and the ones I can champion and would
gladly sign up for and will do no matter what I know what that
is, maybe we can have people who are interested in Championing
and put forward what those are and maybe use the voting system
that Manu or Christopher described ... where should we
go/approach this?
Christopher Allen: I wanted to come back to ... now that we've
opened this up to the bigger thing of DV, I've been reaching out
to a variety of parties that haven't been as active or active at
all in the credentials community, cryptographers, security
professionals, blockchain space, like block stack should be
technically using this family of stuff but not participating in
the WG or VC task force, etc. Something in my gut says that
because we aren't doing spec level things or have specs for
people to review is maybe why they aren't participating as much.
There is maybe a need for separating the DV out as more spec
oriented. I've got one cryptographer in mind ... I really like
his work at hyperledger and will see if I can't get him in here
because he is a person that can look at these specs and say "wait
you haven't addressed this etc" maybe even willing to be a
co-chair that could attract more like him. So I'm inclined to
keep the groups separate. We can change the name for things that
are at the spec stage in that group somehow...
Christopher Allen: As an operational thing.
Nathan George: +1 On having fewer groups if possible
Matt Stone: +1 On fewer calls per week :)
Kim Hamilton Duffy: :)
Matt Stone: +1 On moving away from the term "credential" based on
historical friction.
Manu Sporny: I'm wondering, during last week's call that we want
to be careful with merging groups because we just separated them
out. I may be reverse that hearing this discussion. We don't want
to lose momentum in groups. Splitting out for the survival of the
group because of too much momentum makes sense but it sounds like
the vast majority of items that we want to do have to do with DV
and that's incredibly broad which is good for a CG. We could
shove all of these items into a DV CG and no one would question
whether the spec or supporting material belonged. If you did the
same with the CCG, people could argue against it. I think this is
an argument to rebrand all the work under the DVCG and go
forth... and only split work off when it feels like we have
critical mass.
Manu Sporny: The only issue is if people object to doing that.
Manu Sporny: Renaming and concerns we'll have to talk with W3C
systems team and they might just say we can't rename the group
and we'll have move everyone over and we'll lose 60 members who
aren't paying attention to the mailing list on a weekly basis.
Rebranding everything under DVCG would be the proposal, move all
the specs there.
Manu Sporny: People work on the things they really want to work
on, telling us priorities.
Kim Hamilton Duffy: I think that makes a lot of sense. I think
the renaming alone describes more clearly what we're working on.
Depending on who's interested in a topic, what you will get out
of it. I think one thing we could do is combine champions and
supporters in a way, so that if I'm working on a prototype that
would lead into a specification but I don't have as much
experience there others could help out. So I think because of
that I'm liking the idea that we're under an umbrella group. If
we have a concrete deliverable we're working on and have people
with different strengths that could work really well.
Harlan Wood: Scrum I think ;)
Kim Hamilton Duffy: Let the record state strongbad ;)
Matt Stone: I think having two groups sort of forces us to have
discussions like "we can't have that discussion here". That's
challenging if you don't have the right parties in the call.
Based on our discussions over the last few years, the term
"credential" has turned into a land mine that would be nice if we
could just move away from. DV is a pretty good fit for what we're
trying to do. That may be a better feeder from big ideas to
implementable standards without having a land mind of credentials
thrown into it all the time.
Harlan Wood: Everyone will want to be on that team!
Manu Sporny: +1 To what Matt said
Christopher Allen: I'll concede to merging the two. I don't want
to get lost in the specs too deeply without also considering some
of these higher level things. I have some real concerns and we
keep talking about data minimization and selective disclosure but
we don't say what they are and best practices, crypto techniques,
reasonable, possible, etc. We could put a lot of work into a spec
that doesn't focus on a privacy and data minimization property
and have to throw the spec away. If I look at the list on the
bottom, the redaction signature suite which has some challenges
but it's one of the closest that allows for data minimization and
it could be a requirement for some of these types of things. The
intent of every node ... that is separate and you can just
include a hash of the node or something of that nature when
sending it on to another party. The current one doesn't quite
work because it doesn't have nonces from a security perspective.
But you've got the way to have a large signed claim and just give
a small piece of it and it's still valid. Data minimization way
of addressing privacy. It's not in this list but there's also CL
signatures which is a true cryptographer selective disclosure
method, there's u-prove, etc.
Christopher Allen: There's some high level work that needs to be
done and that's one of the reasons why RWoT has done reasonably
well is that I always try to make sure that we're spending
sufficient time where we can include people like Joe who has
brought diversity and great knowledge, etc. You don't want to
forget those.
Manu Sporny: We don't want people working on specs where the
specs don't necessarily meet requirements the group has, but at
the same time the group doesn't have control over what people
work on or what they believe the correct requirements are etc.
But spec writers will get hints from the community as to whether
they are going in the right direction. In Christopher's point, if
the spec doesn't have the right privacy features, implementers
will say it's not meeting needs. Community Groups tend to work in
a pro "fork the spec" or "submit PRs" or writing emails to the
group to convince people to move another way. I don't think we
should spend too much time wringing hands over people picking up
and writing a spec. That's the core thing that gets things done,
or people doing implementations and then writing specs after the
fact. IF we're doing that we're successful, everything else is
fine tuning.
Manu Sporny: We can't control people doing things we don't want
them to do, if someone goes off doing something people don't want
and the spec will be forked and you'll have two competing specs,
which is reasonable in a CG. Dumping all these specs into a group
isn't a bad thing, the things people want to work on will get
worked on and everything else will fall by the way side.
Manu Sporny: Having a single group won't have a negative impact
in that respect.
Christopher Allen: I don't want to repeat the bad patterns of
FOAF
Joe Andrieu: Had a question about umbrella group with community
conversation vs. spec driven work. Community place to explore
bigger issues without slowing down spec. The assumption at the
heart of your argument, Manu, privacy is poorly understood and
companies get it wrong all the time, the notion that if we get it
wrong we'll fix it later, I'm weary of that. Spec work has to go
hand in hand you have to get requirements, etc together.
Manu Sporny: +1 To working in parallel :)
Dave Longley: +1 ... And a lot of spec discussion happens in
github
Manu Sporny: ChristopherA, it would be good to understand what
those "bad patterns" were?
Kim Hamilton Duffy: Not sure what we need to do with W3C staff
to move membership over, etc.
Kim Hamilton Duffy: Over the mailing list if there are further
thoughts we can iterate, but maybe next week let's make a
decision about going forward.
Kim Hamilton Duffy: Next we need to decide finalizing work
items, I don't mean commitments, etc. and timeline. If we have
some kind of thoughts or prioritization, urgency, any thoughts?
Christopher Allen: I justed to also ... it's good for some
people to talk about what their highest priorities are. This week
is a lot of people I thought I could draft into this meeting are
at the consensys conference.
Christopher Allen: Blockstack team, MS, Drummond. Next Tuesday
will be day after memorial day, so lots of people taking that
off. I'd like to say the one after that we decide then.
Harlan Wood: Looking over the work items, I'm especially
interested in the RWoT schema at the end. We've been working with
codying ratings in a JSON schema. We've been developing a similar
format for schema.org ratings and I'm interested in integrating
that with signed claims, that's my core interest.
Kim Hamilton Duffy: We don't have an item tracking that could
you add that?
Christopher Allen: Reputation systems have issues — we
Harlan Wood: Yes, the RWoT schema, the last one.
Kim Hamilton Duffy: Got it.
Christopher Allen: I think that reputations and ratings and
whatever are going to come up more and there known ... talked
about RWoT, issues and challenges on catching people up on what
makes rating and reputation systems hard. Lots of half-assed
things -- we've known for years flawed 5 star rating systems. We
could at least try to address some best practices and point
people where they can discover more. Coming up in credentials
more and more.
Christopher Allen: I agree with manu if we add 1 week.
Manu Sporny: This whole "what is the group going to do next"
discussion ... we kind of staged it in a way that let everyone
write down their ideas in the document and it's settling, quite a
bit over the last week or so. Maybe give it till the end of the
week and then convert it to a poll. You get points to allocate
however you want, if you feel really strongly about one item you
can put more of your points there. That gives us a lose idea of
what people want to work on and the importance. We just leave
that poll open and as new people come into the community they put
their ideas down on what they want to work on and the chairs just
keep an eye on it and see if what people want to work on shifts.
Could rerun the poll every 6 months, etc.
Harlan Wood: Link to Reputon spec I mentioned:
https://tools.ietf.org/html/rfc7071
Manu Sporny: Good way to get people's input, not everyone will
talk on the phone, not how they like to communicate.
Manu Sporny: Concrete proposal is to wait another week to add
items to this google doc and one of us can convert it into a
google forms poll and keep it open for a month and get consensys
people and newcomers.
Manu Sporny: Then chairs make determination "this is what people
said they'd work on" and let people do their thing.
Manu Sporny: That's my concrete proposal.
Manu Sporny: Agree or better way forward?
Harlan Wood: Link to Work.nation architecture doc, which uses
"Reputons" as "signed claims" via Ethereum + IPFS + uPort:
https://github.com/worknation/work.nation
Dan Burnett: +1 To poll
Christopher Allen: I'm fine with a poll if we can add a week, I
just think people ought to be able to have two weeks to put
things onto the poll.
Harlan Wood: I have to drop off for another meeting. Last note:
9am Pacific is better than 8am if we are choosing one of those
call times.
Christopher Allen: I think making sure we have all the work
items that people want to do when we don't necessarily have ...
some of the people who have moved on will come back if we have
work items that are related to the work they are doing.
Dan Burnett: I was just going to say ... the poll idea is a good
one you've seen me use that in other contexts as well. I like it
from an administrative perspective as well because you can rerun
it. I'd say, don't worry too much, allow an extra week but it
doesn't have to be the last time you ever do it. Just a snapshot
for a point in time to gauge interest.
Kim Hamilton Duffy:
https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing
Kostas Karasavvas: Hi all! I couldn't join you from the beginning
but just wanted to introduce myself and maybe take part in the
next meeting. My name is Kostas Karasavvas and I am working on
the blockchain academic certificates project from the University
of Nicosia. I have also briefly contributed on blockcerts and had
a great collaboratation with Kim on that (hi Kim!). I look
forward to get involved with the TF.
Christopher Allen: We have this very long credentials statement
from the existing one which manu said was based on circumstances
at the time. We put together a briefer one. The main comment
someone had was that they wanted to have "what is a credential" a
bit more. So, we've also had discussions here about digital
verification and whether or not that should be the new name of
the group. But we risk losing some our less active members who
could come back and can't find us because we've moved.
Christopher Allen: I'm open on do we focus on the name change
first, or do we try to revise this mission statement for the new
name, etc.
Manu Sporny: Hi Kostas, great to see you here! Please join us
next time... would love to have you in the group!
Kim Hamilton Duffy: Recapping... we finished two action items,
we are going to continue to get feedback over the week, at the
end of this week I can create a poll to let people allocate their
points on what they want to work on. Per Christopher's feedback
we won't have all the people here for deciding branding, names,
separate groups, etc.
Kim Hamilton Duffy: So we're going to set a deadline on that
decision for three Tuesdays from now.
Kim Hamilton Duffy: What I do propose is that if there's an area
you are passionate about don't wait for that.
Kim Hamilton Duffy: In terms of next steps for the mission
statement. Christopher do you have thoughts on that?
ACTION: Kim create poll for priorities
Christopher Allen: Both things are kind of stymied on ...
branding, naming things. Has to do more with whether or not we
can preserve any of our existing thing if we have to go new...
what are the protocol ramifications. I kind of like that
credentials has been accepted by the W3C. It's pretty broad. For
whatever reason I could easily see us adding to our revised
mission statement, some of the text from the digital verification
into the description if we want to merge the two groups.
Conversely we could focus on digital verification and even if we
lose a lot of people we might get more DV people who are active.
ACTION: Chairs close poll after ~3 weeks, decide separate group,
naming
Christopher Allen: Risks for that ... their requirements become
challenging for some of our goals, self sovereignty, etc. Have to
be careful. I haven't been part of the larger process for this,
Manu and others dealing with VCTF, CCG, Web Payments CG, may have
better answers.
Kim Hamilton Duffy: We'll revisit finalizing the mission
statement after naming.
Christopher Allen: Post to group for last call of putting
possible items into poll
Dave Longley: +1
Manu Sporny: +1
Christopher Allen: We need to post to the group a call for more
work items if any. If people can talk to others in other groups
who want credentials/DV if they want to participate to come over.
ACTION: Chairs finalize missions statement after after decision
of group naming
Christopher Allen: I'd like more open badges, blockstack, others
who have shown up for meetings in the past, etc.
Christopher Allen: Are you part of the DI group, manu?
Manu Sporny: Nope.
Christopher Allen: We should try to get them to come, all those
people want to use VC and credentials. R3 also talking about self
sovereign identity recently with different requirements. I'd like
to get that clarity and get those people in.
Kim Hamilton Duffy: We're at time :)
Received on Tuesday, 23 May 2017 18:27:43 UTC