W3C home > Mailing lists > Public > public-credentials@w3.org > May 2017

[MINUTES] W3C Credentials CG Call - 2017-05-30 12pm ET

From: <msporny@digitalbazaar.com>
Date: Tue, 30 May 2017 13:54:33 -0400
Message-Id: <1496166873270.0.5600@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Drummond Reed for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

http://w3c.github.io/vctf/meetings/2017-05-30/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-05-30

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017May/0057.html
Topics:
  1. Community Group Scope and Naming
  2. Verifiable Claims Browser API and Browser Polyfill
  3. Lifecycle of a Verifiable Claim
  4. Data Minimization and Selective Disclosure Report
  5. Decentralized Identifier Spec
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Drummond Reed
Present:
  Drummond Reed, Manu Sporny, Ryan Grant, Maria Dubovitskaya, 
  Markus Sabadello, Adam Lake, Kim Hamilton Duffy, Christopher 
  Allen, David Chadwick, Joe Andrieu, Harlan Wood, Sean Bohan, Dave 
  Longley, Dan Burnett, David I. Lehn
Audio:
  http://w3c.github.io/vctf/meetings/2017-05-30/audio.ogg

Drummond Reed is scribing.
Manu Sporny:  Clarified that we are going to be talking about 
  both Federal Task Force and other topics
Ryan Grant:  Hi, I've been participating in the Rebooting Web of 
  Trust Workshops. Focused on DID spec and DID method 
  specifications
Maria Dubovitskaya:  Works with IBM research and Jan Camenisch on 
  privacy-preserving credentials
Markus Sabadello:  Markus Sabadello is with DanubeTech in Vienna 
  Austria. Working on Sovrin, verifiable claims, Sovrin, and XDI
Adam Lake:  Works with Digital Bazaar, very interested in 
  self-sovereign identity and independence on the Web
Kim Hamilton Duffy: Bariska: Works with IBM research and Jan 
  Camenisch on privacy-preserving credentials
Christopher Allen:  Reviews action items
Kim Hamilton Duffy:  Send last call for additional CG work items 
  before poll DUE FRIDAY MAY 26th [DONE] [scribe assist by Manu 
  Sporny]
Kim Hamilton Duffy:  Create poll for priorities on work items, ~3 
  weeks snapshot poll results for prioritization - DUE TUESDAY MAY 
  30th [IN-PROGRESS] [scribe assist by Manu Sporny]
Christopher Allen:  First draft of CG Mission Statement for 
  review - DUE JUNE 6th [ON HOLD Re: NAME & MISSION] 
  https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing 
  [scribe assist by Manu Sporny]
Christopher Allen:  Create a new proposal for how Digital 
  Verification CG integrates DUE JUNE 6th [ON HOLD re: NAME & 
  MISSION] [scribe assist by Manu Sporny]
Manu Sporny: ALL: Approve New Name and Mission Statement - DUE 
  JUNE 27th
Manu Sporny:  Clarifies that only W3C chairs can update community 
  docs

Topic: Community Group Scope and Naming

Christopher Allen:  At the last meeting, there was a motion to 
  unite the two community groups
Christopher Allen:  The open issue is the name of the unified 
  group. "Credentials" is overused
Manu Sporny:  Needs to appear before the US Fed Secure Payments 
  Task Force next week and give them a formal name of this group
Manu Sporny:  Proposes "Digital Verification Community Group"
Manu Sporny:  Favors that name because it's a "big tent"
Manu Sporny:  Wants to avoid the term "Identity" since it is so 
  overloaded
David Chadwick:  The term "credential" is more accurate
Ryan Grant:  Asks about the term "identity" - why is it 
  overloaded?
Manu Sporny:  The W3C has said that it is not a topic they want 
  to tackle
Manu Sporny:  The security community got upset about the use of 
  the term "credential" because in their view a credential is 
  strictly a username/password
Manu Sporny: "Decentralized Verification" is another option, but 
  that's also vague.
David Chadwick:  "Credential" is broader than username/password
David Chadwick:  It would be correct to use "credentials" in the 
  meaning of the term we all understand
Manu Sporny:  Agrees, but our opinions on the suitability of the 
  term really don't matter to some of the major players at W3C. 
  They can then block the work behind the scenes.
Manu Sporny:  The words "identity" and "credential" are trigger 
  words for that reaction
David Chadwick:  The word "verification" is too vague
Joe Andrieu:  His concern about "verification" is only about the 
  signature of the issuer, not whether the claim is true. So he'd 
  like to be able to retain that,
Ryan Grant: Proven control of keys
David Chadwick:  What about "digital cards"?
Ryan Grant: "Proof of key control"
Christopher Allen:  That term also has challenges
Joe Andrieu: Digital Assertions?
Ryan Grant: "Control assertions"
Joe Andrieu: Digital Attestations?
Christopher Allen:  Would like to find a term that also attracts 
  digital cryptographers
Kim Hamilton Duffy: +1 Digital Attestations
Christopher Allen:  Appreciates why Manu needs to move the 
  process forward to establish a name for the U.S. Fed presentation
Ryan Grant: +1 Digital Attestations
Joe Andrieu:  Likes "digital" as a prefix, but looking for a term 
  that is larger than "claims"
Adam Lake: +1 Digital Attestations
Joe Andrieu: Secure attestations?
Drummond Reed:  The challenge with "Digital Attestations" is that 
  it sounds just like Verifiable Claims
https://github.com/w3c/vc-data-model/issues/47
Manu Sporny:  We are trying to establish that this community 
  group has a larger scope than Verifiable Claims
Christopher Allen:  Wants to make sure that the scope includes 
  reputation systems that describe claims and proofs. Used the 
  example of R3. Also E&Y.
Manu Sporny: Self-Sovereign Technology Community Group?
Christopher Allen:  This also came up at Rebooting the Web of 
  Trust in Paris. The term "attestation" was used for a subtype of 
  verifiable claim
Kim Hamilton Duffy:  The term "attestation" is also pretty loaded
Manu Sporny: +1 To what KimHD is saying... we should get some of 
  these ideas down....
Ryan Grant: +1 For crowsourced sense of specific<-->general, and 
  which words in/out
Drummond Reed:  "Self- Sovereign Technology Community Group" is 
  not bad
Harlan Wood: Our Portable Reputation Toolkit work that Christoper 
  A was referring to: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/final-documents/reputation-toolkit.pdf
Adam Lake: Self-Sovereign Technology is not much longer than 
  "verifiable claims" I think Self-Sovereign sums up the collective 
  effort of the group
Joe Andrieu: There's also a notion of "decentralized" at the core 
  of our approach.
Sean Bohan: Manu, is there a date you need a name by?
Christopher Allen:  We're running out of time for this agenda 
  item, but recognize that it needs to be resolved
Manu Sporny: Sean - by Thursday :P
Manu Sporny: That's when the slides are due
Christopher Allen: Attribute-based credentials
Christopher Allen: Attribute certifications
Adam Lake: Decentralization is a strategy to achieve 
  Self-Sovereignty--Self-Sovereignty is the goal it seems to me.
Harlan Wood: +1 For "Self-Sovereign Technology Community Group".  
  Inspiring to us, and likely sounds irrelevant to those who might 
  block other names...
Adam Lake:  Interesting shift from trying to name the specs to 
  using the name of the goal [scribe assist by Ryan Grant]
Christopher Allen: I love the SS idea (obviously) but it may 
  alienate some, as you can use this tech with centralized as well.
Maria Dubovitskaya:  Worked on ABC for Trust, which was all about 
  privacy-preserving credentials and authentication. This was 
  published by Microsoft and IBM.
Manu Sporny: That's true, ChristopherA - SS may alienate large 
  corporates/governments.
Adam Lake: If SS can be centralized then why does it alienate?
Harlan Wood: Sovereign is a loaded word ;)
Joe Andrieu: Have we seen any evidence that SS alienates 
  corporates/governments? That seems apocryphal so far.
Drummond Reed:  I am finding that the term "self-sovereign" is 
  getting more traction in the market as a specific term of the 
  industry.
Joe Andrieu: +1 To avoid the name conversation, Manu
Ryan Grant: Maybe manu could call it X... working towards Self 
  Sovereign Identity.
Manu Sporny:  Perhaps he should just try to avoid the name in 
  this presentation
Drummond Reed:  I am okay with Digital Verification WG
Adam Lake: It seems like GDPR that SS would be appealing to the 
  EU
https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSym
Harlan Wood: I'm finding SS a great descriptive word. Experts and 
  muggles alike immediately get it, and love it.
Adam Lake: "Governments"
Drummond Reed:  SS tech is *definitely* appealing to GDPR

Topic: Verifiable Claims Browser API and Browser Polyfill

Dave Longley: 
  https://docs.google.com/presentation/d/1-RJMifQthi-vJJ2X4UCjQAtkklgxmlk4LWnHupuibHw/edit?usp=sharing
Kim Hamilton Duffy: Also +1 on SS
Dave Longley:  Assumes he and Manu would be the main champions 
  for this
Dan Burnett: DIgital Self-Sovereign tEChnology Track (DISSECT)
Harlan Wood: LOL
Dave Longley:  A polyfill provides a Web API that is not yet 
  natively supported in a browser
Dave Longley:  A Web API polyfill will let people register a 
  "wallet" to store verifiable claims and share them with other 
  sites
Manu Sporny: We're on slide 5
Dave Longley:  A Web API for verifiable claims will work like 
  other Web APIs like the Payments API. In fact those other APIs 
  are designed to be extended for functions like these.
Ryan Grant: Slide 8's did would be legal as:  did:nop:1324
Dave Longley:  Doing this in a polyfill lays the groundwork for 
  browsers to natively implement the API and those APIs will take 
  over from the polyfill
Dave Longley: https://demo.authorization.io/
Dave Longley:  Digital Bazaar has an implementation of a polyfill 
  that works now. It lets you register a DID, receive a claim, and 
  then share it with another site.
Manu Sporny: Dave's referring to slide 6 - the one with the links
Dave Longley:  There are a number of ways we can go with this. 
  The preso includes links to source code of the demo. The last few 
  slides show what the Javascript code looks like.
Dave Longley:  The Web API abstracts the digital wallet so that 
  the developer does not need to care where or how the credentials 
  are stored
Christopher Allen: 
  https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit?usp=sharing

Topic: Lifecycle of a Verifiable Claim

Joe Andrieu: http://bit.ly/joram100
Harlan Wood: Thanks Dave, great stuff!
Christopher Allen:  Suggests that people add notes about a Web 
  API to the Work Items document
David Chadwick:  Volunteered as a champion for the Lifecycle of a 
  Verifiable Claim work
Christopher Allen: Another example of a use-case in this style 
  (not mature) is the Web Of Trust Use Case at 
  https://github.com/w3c/vc-use-cases/issues/31
Joe Andrieu:  The work is a prose description of the 15 steps of 
  a user interacting with the system—in this case a Syrian refugee 
  arriving in Greece
Joe Andrieu:  Talks through the 15 steps as shown in the use case 
  document
Joe Andrieu:  The goal is to present what the user experience 
  would be throughout the lifecycle of the technology without the 
  technical details so one can focus on the actual use and benefits

Topic: Data Minimization and Selective Disclosure Report

https://github.com/w3c-dvcg
Manu Sporny: https://w3c-dvcg.github.io/lds-pseudonymous2016/
Christopher Allen:  We have a number of topics around data 
  minimization and selective disclosure, including CL signatures
Christopher Allen:  Other approaches do simpler forms of data 
  minimization and selective disclosure, but these have not been 
  expressed in detail, so we need a document that explains and 
  explores the options.
Christopher Allen:  Right now he is the lead on this item, and is 
  seeking other champions
Drummond Reed:  I can talk about current DID spec on next call 
  [scribe assist by Manu Sporny]

Topic: Decentralized Identifier Spec

Drummond Reed:  DID Implementer’s Draft 10: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/final-documents/did-implementer-draft-10.pdf
Drummond Reed:  This is work that started here with the VCTF and 
  DIDs for Verifiable Claims... we moved it forward under DHS 
  S&T... and Rebooting Web of Trust last year. [scribe assist by 
  Manu Sporny]
Drummond Reed:  It's an identifier format that can work with any 
  ledger or decentralized identifier technology. It doesn't rquire 
  centralized registration authority, standardized JSON-LD 
  object/DDO, associated w/ public keys, key rotation control 
  block, service endpoints. [scribe assist by Manu Sporny]
Christopher Allen:  Asks that if you know others who are 
  interested in this work, send them email and make sure they know 
  that this is a new Community Group with a big tent. Encourage 
  them to participate in the next few calls.
Kim Hamilton Duffy:  A poll is going to come out this afternoon
Sean Bohan:  Thanks Christopher and Kim!
Christopher Allen:  Thanks everyone for participating and looks 
  forward to next week
Received on Tuesday, 30 May 2017 17:55:04 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:37 UTC