- From: <msporny@digitalbazaar.com>
- Date: Tue, 14 Nov 2017 13:59:50 -0500
- To: Credentials CG <public-credentials@w3.org>
Thanks to Lionel Wolberger for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2017-11-14/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-11-14
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2017Nov/0032.html
Topics:
1. Introduction to Mark Miller (Google)
2. DID Spec Review
3. Capabilities in Verifiable Credentials
4. W3C TPAC 2017 Update
Action Items:
1. Manu to complete #RWoT changes to DID spec
2. Manu to complete Veres One DID Method spec by January.
3. Joe to submit language edits to section 1, to sync with
Manu's release 2nd december.
4. Drummond to have list of of hardening decisions to list next
week, weekly separate calls to follow.
Organizer:
Kim Hamilton Duffy and Christopher Allen
Scribe:
Lionel Wolberger
Present:
Lionel Wolberger, Mark Miller, Drummond Reed, Frederico Sportini,
Manu Sporny, Christopher Allen, Chris Webber, Joe Andrieu, Nate
Otto, Adrian Gropper, Christian Lundkvist, Dave Longley, David I.
Lehn, Kim Hamilton Duffy, Adam Lake, Chris Chapman, Jarlath
O'Carroll
Audio:
https://w3c-ccg.github.io/meetings/2017-11-14/audio.ogg
Lionel Wolberger is scribing.
Agenda review
1. Agenda Review (2 minutes) 2. Introductions & Re-Introduction
(3 minutes) 3. Status of Current Action Items (5 minutes) 4.
Review and discussion of status of DID spec 0.7, post
#RebootingWebOfTrust, #IIW & #TPAC, with goal to advance the
specification to 0.8 by end of year. (50 minutes)
Topic: Introduction to Mark Miller (Google)
Mark Miller: Google research in ECMA script. Advancing object
capabilities security model
... at RWoT went through a revolution of reorienting a lot of
stuff with the object model
... made a lot of progress
Drummond Reed: Mark was able to attend the Rebooting the Web of
Trust #5 conference and gave us fantastic guidance about using
the object capabilities security model there.
Drummond Reed: Very glad to have him here.
Frederico Sportini: Hi, Frederico Sportini
... CTO of ____
... developing an app on the Android Store implementing
spidchain.
Frederico Sportini:
https://play.google.com/store/apps/details?id=com.spidchain.app
Skipping action items for today. Need to improve this and make it
more easily available.
Frederico Sportini: It's a late alpha more than a beta :D
Frederico Sportini: Still lots of features missing
Spidchain app description: Spidchain is a next generation
identity system. It protects your privacy because you are the
owner of all the data that identifies you. With spidchain you
can login with one click to websites that requires certified
information.
Spidchain implements btcr, bitcoin testnet
Topic: DID Spec Review
... move spec number back to conform with W3C conventions.
Manu Sporny: https://w3c-ccg.github.io/did-spec/
... 0.7 was update from RWoT and other
... Discuss TPAC and other discussions, to move the spec up to
a revision and become v0.8
Manu Sporny: DID spec link above
... Before W3C TPAC got approval to pull in the changeset of
all changes discussed, about 30 decent sized modifications
Christopher Allen: Section 1, 2, 3.1, 3.2 have changed
Manu Sporny: Discussion re:hardening. Drummond leading.
... JoeA wants to update spec, instead of "identity" speak of
"identifiers"
... some other changes still to make post-RWoT and IIW
... aiming for 1st/2nd week December
Drummond Reed: I can give a short report on the DID spec
hardening proposal
ACTION: Manu to complete #RWoT changes to DID spec
Chris Webber: Does this version incorporate the MarkM learnings?
Manu Sporny: VCWG decided to ask CCG to pick kup object
capabilities
... two places where object capabilities can be put into the
system we have
... 1 layer- DID spec layer.
... Got push back on this.
... Direction- we state we strongly advise putting object
capabilities on the ___
Drummond Reed: +1 To the DID spec saying that DID method specs
SHOULD use object capabilities.
... In VC work, we say object capabilities should be the
primary mechanism for authorization to do things
... Propose doing object cap. in the verifiable claims layer
Drummond Reed: I know that Daniel Hardman, Evernym VP
Engineering, also agrees with that approach, i.e., object
capabilities in verifiable credentials.
Mark Miller: The DID spec presented had a section attempting to
do a capbility-based authorization
... we realized by end of RWoT this text was broken, and it was
better to just remove it
Chris Webber: There are aspects to putting it in the DID spec v
the methods spec
ACTION: Manu to complete Veres One DID Method spec by January.
Joe Andrieu: Plans to dive into the identity stuff in section 1
ACTION: Joe to submit language edits to section 1, to sync with
Manu's release 2nd december.
Manu Sporny: Move from talking about identity to talking about
decentralized identifiers and how they enable identity
Drummond Reed: +1 To JoeAndrieu making his editorial changes.
Joe Andrieu: A OK
Christopher Allen: Question, you said two weeks ago the best way
to move forward on hardening was to complete the RWoT draft.
... can you update on IIW discussions
Drummond Reed: IIW discussion resulted in a Google Doc that has
collected comments
... some additional discussion at TPAC (not that much)
... suggest to have closure calls next week
... in Utah this week
... this thursday people are narrowing in on hardening that
they wish to discuss
... start scheduling dedicated calls, in addition to this
weekly CCG call;
... propose one per week
Christopher Allen: DIF or CCG?
Christopher Allen: Drummond to have hardening decisions by Sat.
Drummond Reed: Susan Bradford to take task to propose schedule
of calls starting a week from now
ACTION: Drummond to have list of of hardening decisions to list
next week, weekly separate calls to follow.
Drummond Reed: Will coordinate with Manu to avoid 'stepping on
each other'
Drummond Reed: Apologies, must go now, thanks
Topic: Capabilities in Verifiable Credentials
Chris Webber: Recap of VCWG end of W3C TPAC
... reviewed, if we do not go down the capabilities route, we
will reproduce the problems we had with ACLs
... group was unanymous except for one observer
... does CCG agree to take up the credentials work? Do we need
a proper vote/poll here?
Christopher Allen: Let's wait, we're not gated on the ocap
stuff.
... propose, the day Manu ships the next set of PR requests +
some days to accept those PRs
... then after that 7 more days
... leaving time for Thanksgiving celebrations in all of
this...
... cwebber is there anything else you need to move your things
forward?
Chris Webber: A bit swamped now.
... Next month I can draft what Mark and I have written, then
resubmit it
... contingent on a consensus that this is worth doing
Manu Sporny: We should try to explore this path... +1
Christopher Allen: +1
Joe Andrieu: +1
Manu Sporny: +1
Christopher Allen: Polling the crowd
Nate Otto: We should explore this path. +1
... no one against, many +1's
Adrian Gropper: +1
Christopher Allen: Explanation of OCAP.. ?
Chris Webber: We have a good angle on producing training
materials re: object capabilities
Christopher Allen: Would like to publish general capabilities
material
... enable them with DID and specify them in the method specs
... IIW people were not at RWoT, so we need some more
discussion
Manu Sporny: Hardening spec goes back to keys
... suggests a single array of keys
... and the services array
... before RWoT we had keys and services. At RWoT the consensus
was to move away from keys and more towards authorization
credentials
... and move services up
... hardening spec undoes those two changes
... in other words, IIW discussion kind of un-does the RWoT
discussions
... how we describe keys
... path dereferencing, services, serialization formats
... from the DID side we are getting key management material:
how keys are used
... discussion around cryptographic algorithms and their
application
... key issues now
... how we are listing keys and services (discussion re-opened)
Christopher Allen: In BTCR we will have our own proofs, ...
Topic: W3C TPAC 2017 Update
Manu Sporny: TPAC updates
Manu Sporny:
https://lists.w3.org/Archives/Public/public-credentials/2017Nov/0033.html
... sent an email out to the mailing list, report on how the
DID discussion went
... had good turnout from enterprise, Google, BBC
... about 45 people
... spent more time than planned due to interest
... Tim Berners Lee joined us for the DID discussion and
invited us to submit to the W3C architecture group for review
... this group reviews architecture for the web at large, the
highest group at the W3C who make a final determination
... they only review things they are very interested in
... was said (a W3C personage) "DNS is the achilles heel of the
web, any solution that ensures a better alternative is welcome to
consideration"
... were warned, DID is not a web fork
... DID is an alternative identifier that lives beside the DNS
system
... lives alongside
... and has its own applications
... a W3C staff member suggested some changes in how we
approach it
... so we have "problems of success"
... we have to fix up all the specs and do tag review
... if the TAC says it is important technology this is a big
upvote and results in less fighting and a smoother onramp into
W3C
Christopher Allen: Credentials group approve
... formalkly charter a WG?
... or is this part of rechartering ?
Manu Sporny: Easier to use an existing group
... same argument for linked data signature stuff
... recharter VC group in the following way:
... we did it, got data models done, but since we find these
DIDs with signatures,
... we put those specs through the W3C standarsd process
Christopher Allen: A number of people here who are not members
... community allows anyone to participate
... example Evernym is a member
... others are not
Manu Sporny: Two implementers are not enough to make it, the
group will collapse
... need UCorp, blockstack, ++ folks
... does not look good with just two implementers.
... how can we defend such a low number of implementers?
... need IPFS, blockstack on implementation
... when we have demonstrable implementations that is the exit
criteria
... need 4 or 5
... 460 members at W3C. Minimum in favor is 25 companies
... example: VC had 58 members in support, but there were only
about 20 people really there doing work
... we need to match those numbers
... 50 people supporting DIDs with 20 showing up
... not enough right now (!)
... bottom line: need commitments from more companies
... warning: if the WG is shut down it stays dark for 5 years
Christopher Allen: DID spec, DID document, ...
... plan a new hackathon for January via KimH
Frederico Sportini: Hackaton would be great
Frederico Sportini: +1
... AFAIK Blockstack's latest release has an identifier at the
root,
... AFAIK no effort towards DID docs or Verifiable claims
... UPORT:
... Christian, where are you guys?
Christian Lundkvist: Uport has the method spec
... at IIW we implemented the plugin for the universal resolver
... next on our roadmap:
... we have been doing some verifiable claims stuff
... an issue, it is a fair amount of work moving over from JSON
token VCs to JSON LD signatures
Christopher Allen: The BTCR from the last hackathon
... there was a python library released (no C or C++)
Manu Sporny: The crypto is implemented, and JSONLD should have
reference implementation in JScript
... when you have issues ping Dave, Manu, for examples
Christian Lundkvist: The DID spec itself is a work in progress
... this is another challenge
Dave Longley: Btw, rdf canonicalization has a native
implementation now (that is currently integrated as a node.js
module):
https://github.com/digitalbazaar/rdf-canonize/tree/master/lib/native
... we have an implementation in a resolver that returns an
older version of a DID document
Dave Longley: This could be split out into a C library at some
point.
... that needs to be updated when we setetle
Christopher Allen: +1 On c lib
Christopher Allen: +1 For Uport stepping up
... move to JSON-LD is key
... bitcoin curves
Adrian Gropper: +1 UPort for stepping up -
Christopher Allen: Remember! No meeting next week!
Nate Otto: Bye all; it was nice to be back in this group today!
See you again soon.
Received on Tuesday, 14 November 2017 19:00:15 UTC