- From: <msporny@digitalbazaar.com>
- Date: Tue, 24 Oct 2017 15:56:28 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Manu Sporny for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2017-10-24/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2017-10-24 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0092.html Topics: 1. Reintroductions 2. W3C TPAC 3. DID Specification 4. Digital Verification Cryptography 5. JSON-LD and LD Signature Updates 6. Credential Handler API 7. Lifecycle Model 8. Verifiable News 9. Other Work Items 10. Path for DID Spec Standardization Organizer: Kim Hamilton Duffy and Christopher Allen Scribe: Manu Sporny Present: Manu Sporny, Christopher Allen, Jan Camenisch, Susan Bradford, Drummond Reed, Dan Burnett, Moses Ma, Dave Longley, Mike Lodder, Joe Andrieu, Ryan Grant, Adam Lake, Nathan George, David I. Lehn Audio: https://w3c-ccg.github.io/meetings/2017-10-24/audio.ogg Manu Sporny is scribing. Christopher Allen: Agenda today is a little loose, this is our first real meeting after both RWoT5 and IIW. Christopher Allen: Let's do introductions and reintroductions... work items... discussion for possible new work items... we may want to work on. Christopher Allen: We may also talk about credential handler polyfill. Christopher Allen: There was also discussion on DID spec hardening at IIW, we could add that to the end. Christopher Allen: Any new folks on the call today? No new people, community is settling again into a regular set of participants. Topic: Reintroductions Jan Camenisch: Hi everyone, I'm Jan - worked a lot on anonymous credentials and cryptographic algorithms for that. Jan Camenisch: Currently working with Sovrin/Evernym folks on defining a format for the crypto interfaces for credentials that we can agree on algorithms for that. Topic: W3C TPAC Christopher Allen: TPAC Meeting coming up - opportunities to spend some time on Wednesday presenting on Credentials CG and Verifaible Claims. Christopher Allen: There is a VCWG time slot for CCG as well - potentially talk about things that are higher level credentials. Susan Bradford: Manu has Wed slot booked. Proposing talk on vision for self sovereign web Drummond Reed: Manu is proposing a talk called, "A Vision for a Self-Sovereign Web" Manu Sporny: Don't worry about the Wednesday slot, I have that booked. I'm proposing a talk titled "Self-Sovereign Web" (or a vision for it) and the goal is to show a good broader vision for this stuff at the Web, VCs, DIDs, Credential Handler API, how it all comes together for a more self-sovereign Web. [scribe assist by Dave Longley] Dan Burnett: Friday time slot(s) in the VCWG meeting agenda can be found here: https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0 Manu Sporny: Would be good to have the chairs for CCG, VCWG, Web Commerce IG, etc, all supporting unified vision. [scribe assist by Dave Longley] Christopher Allen: +1 Christopher Allen: I plan to be there. Manu Sporny: Other thing that just came up is the potential to do a lightning talk in front of the whole AC. I've submitted something there that is a boiled down version of that. If folks are ok I'll take lead for presentations for then and the lightning talk. If people want to help that would be super awesome. Trying to get that done. [scribe assist by Dave Longley] Drummond Reed: I will be there and would definitely like to help. Christopher Allen: If you want to help Manu with this, contact him. Moses Ma: 1+ Christopher Allen: https://w3c-ccg.github.io Christopher Allen: Work items - we did a process to identify work items... getting consent for them... maybe we haven't been as consistent in updating the work items on the Github page. Moses Ma: Manu, I won't be at TPAC, can you or someone connect with Ed Bice and handle coordinating with him? Topic: DID Specification Christopher Allen: We clearly said we wanted the DID spec, Digital Verification specs (LD Signatures), Verifiable Claims security/privacy ecosystem, lifecycle docs. Manu Sporny: I'll take it all the way through Rebooting and if Drummond can take it through IIW that would be awesome. [scribe assist by Dave Longley] Drummond Reed: Happy to Manu Sporny: Before Rebooting we proposed a number of changes to the spec that we then implemented and put up on a Veres One test net to make sure the concepts worked. At Rebooting there were discussions and more changes to the DID spec. [scribe assist by Dave Longley] Manu Sporny: The examples were updated and issue markers added. Language was simplified and sections 1 and 2 updated. Sections 1 and 2 and very first part of 3 should flow now. [scribe assist by Dave Longley] Manu Sporny: But IIW discussions happened and there are more changes. [scribe assist by Dave Longley] Drummond Reed: There was a huge amount of interest in the DID spec on the topic. I did a DID talk 3 times, so the good news is that there is a lot of interest and buy into the vision. Christopher Allen: https://docs.google.com/document/d/1amDNmBqu8uXKeEqdoZ2RMaaxiUlqUKyKoyi8YgGWG6M/edit# Drummond Reed: At the same time, a bunch of developers came in and asked for the details, had a bunch of conversations about how keys and services were managed, a couple of long standing questions around key selection and server selection... lots of discussion, no final changes yet. Met with Christian and he boiled down his concerns... hardened format. Drummond Reed: The picture that this is DIDs and DID Documents are the foundation of a DPKI that describes that, folks are agreeing with that, very universal thing. Drummond Reed: You should be able to take a DID and retrieve a DID document, they want to simplify and harden the format. Christopher Allen: Do we discuss those changes in this group? Manu Sporny: First step is discussion. I think we need to have discussion in the doc first to understand where everybody is coming from. Based on that we need to figure out what changes will be made to the document. [scribe assist by Dave Longley] Christopher Allen: (Keys vs proofs I still don't agree in, obcap, etc.0 Manu Sporny: One of the problematic things here is that problems were reintroduced with some of the new proposals. We need to make sure people understand that. Putting all the keys in one thing, putting all the services in one thing, making everything optional -- these are problematic. [scribe assist by Dave Longley] Manu Sporny: There are a number of things I agreed with but also other things where it's totally up in the air what we put in the spec. [scribe assist by Dave Longley] Drummond Reed: We should proceeed with discussion as quickly as we can, but hopefully we'll be able to work through quickly. Christopher Allen: Let's have a discussion about the less controversial things... keys vs. proofs can come later... Drummond Reed: I was amazed at the level of interest/feedback at IIW. Dave Longley: Can you make sure you put your concerns in the hardening doc [scribe assist by Mike Lodder] Manu Sporny: That would be fine if there was agreement on things, but there really isn't yet. Based on reading the hardening proposal there's just agreement on DIDs and little else. So the only option is putting both options in the spec right now but that's confusing. [scribe assist by Dave Longley] Christopher Allen: There is a PR from manu, the spec we have today, and a list of items for further discussion. There was no way at IIW for them to go through the three days for them to go through ocap. There was no way for them to talk about proofs and not keys, etc. We at least need a proposal for the best of a certain thing here. [scribe assist by Dave Longley] Christopher Allen: There would be a separate discussion about things that are uncertain. [scribe assist by Dave Longley] Manu Sporny: It makes sense, I think some subset of the community will feel alienated if we push forward with the current proposal. I'm worried about that. One way we could do it is say "Here's the Rebooting version" and someone else could put in the "IIW version" and compare side by side. [scribe assist by Dave Longley] Manu Sporny: We could also say "Here's the version from the end of Rebooting and we have one implementation but say that a bunch of issues were raised at IIW and include those. [scribe assist by Dave Longley] Manu Sporny: Drummond what would you prefer to do? [scribe assist by Dave Longley] Mike Lodder: +1 Drummond so everyone can see why decisions were made Drummond Reed: I think there's a benefit in showing the progression. Fine to update with Rebooting Web of Trust and call it the proposal after that and then have a discussion about the hardening proposal and it's boiled down and there's a subsequent decision and the whole thing is clear. [scribe assist by Dave Longley] Drummond Reed: It will show the level of effort and scrutiny going into this. [scribe assist by Dave Longley] Drummond Reed: I think that's a good thing. [scribe assist by Dave Longley] Christopher Allen: From my perspective, we actually have people beginning to implement stuff and they are leaning in the direction of Rebooting and I'm hoping not to lose that momentum. [scribe assist by Dave Longley] Manu Sporny: I just wanted to agree with Drummond's approach. Post Rebooting this is the state that we're in, including all the issues people had there. And then in the DID spec hardening proposal we can have a discussion there and once it settles we can apply those changes to the spec. [scribe assist by Dave Longley] Manu Sporny: And we outline that very clearly in the spec. [scribe assist by Dave Longley] Manu Sporny: So we have a cohesive document post Rebooting -- and then fork that and experiment with the DID spec hardening proposal. [scribe assist by Dave Longley] Christopher Allen: We'll create an action item... RWoT5 draft - Manu will do that... Drummond, you'll continue the hardening proposal... when they're ready (probably after TPAC), we'll schedule an hour on this call to discuss. Drummond Reed: Yes, I'm fine with coordinating discussion on the DID spec hardening proposal. Christopher Allen: Moving on through high-level review - next item on our website - Digital Verfication specs. Joe Andrieu: Is there a current PR on the work before RWoT. Drummond Reed: I'm in favor of Joe cleaning up the language about identity. Joe Andrieu: I want to do a PR for the DID spec... Manu Sporny: +1 To Joe cleaning up the stuff around identity in the spec Christopher Allen: Joe and his team did a good job cleaning up that stuff, so it's a post rebooting thing. Topic: Digital Verification Cryptography Christopher Allen: Digital Verification specs - haven't made any updates on that - hoping that Jan can start making progress on cryptographic selective disclosure... I'm concerned that they may have impact on others... no activity so far. Christopher Allen: https://w3c-dvcg.github.io/ Jan Camenisch: We did have specs for ABC4Trust project... we did specs of IDEMix early on... ABC4Trust reached Microsoft what we have in IDEMixer - working w/ Evernym to bring it to formats that are consumable by this group here. Once we have that format done, we can try to move it through this group. Drummond Reed: +1 To having Jan bringing this work it. Drummond Reed: In Mike Lodder: +1 Jan Manu Sporny: +1 To Jan :) Christopher Allen: This is another thing that's limiting us in our proposals... Christopher Allen: So +1 to bringing that into the group. Christopher Allen: https://w3c-dvcg.github.io/ Jan Camenisch: Timeline for a first presentable draft would be end of november Topic: JSON-LD and LD Signature Updates Manu Sporny: There have been some behind the scenes updates for the reference implementations for Linked Data Signatures, Dave Longley put in support for contextualized nested graphs, so we can do digital signatures around nested graphs more easily now. [scribe assist by Dave Longley] Manu Sporny: So a credential encapsulates the claim as a nested graph now. [scribe assist by Dave Longley] Manu Sporny: The good news is that that works now -- same thing with VerifiableProfile and its credentials (these are nested graphs). [scribe assist by Dave Longley] Manu Sporny: Another change made was that the JSON-LD signature libraries did not throw an error when terms were unmapped (in the @context) and now there's an option in the processor (and on by default in the upcoming json-ld signatures lib) that will allow a signature to be thrown (or any custom behavior) when unmapped terms are detected. [scribe assist by Dave Longley] Manu Sporny: So two very important advances. [scribe assist by Dave Longley] Christopher Allen: We do have a mailing list for DVCG topics - since this isn't of concern to a number of people, I'd like to drag in more cryptographers... maybe we can revive that discussion list with these two things. Topic: Credential Handler API Christopher Allen: Verifiable Claims Credential Handler API - presented and demoed at RWoT5 - can we get a high level from Dave Longley on this? Christopher Allen: When is the next deliverable on this... what do you need? Dave Longley: https://docs.google.com/presentation/d/1qk9-6dpsZttrFr4qV-aID2L2OFTcKHL1epkzRgB8pZc/edit#slide=id.p3 Dave Longley: https://github.com/w3c-ccg/credential-handler-api/issues Dave Longley: The main thing we're waiting on is feedback from David Chadwick - he sent a slide deck showing how his demo worked using what I believe is a native app version of this... he's travelling this week, don't know if he can join today. Differences between both approaches, pros and cons, number of issues in issue tracker. Dave Longley: https://github.com/w3c-ccg/credential-handler-api/issues/1 Dave Longley: I'm looking for feedback here - need to throw a spec together for credential handler API... in terms of polyfill - showing it at TPAC... in particular there is an issue that we'd want more feedback on... signing the verifiable profile to do proof of possession there... Dave Longley: We just need more feedback at this point and to put the spec together. Christopher Allen: We'll get that into our weekly queue. Christopher Allen: Since DavidC isn't here today, we can't make progress on Credential Handler API and Lifecycle document. Christopher Allen: https://w3c-ccg.github.io/ Topic: Lifecycle Model Joe Andrieu: The lifecycle model is going well, RWoT came up with draft of our model last week - setup for weekly meetings, going to try to push through - get a version on the human experience that we should bless/publish as a completed task - where are the verifiable claims in here - that's the lifecycle that we want to include in that model... don't know what the schedule looks like. Christopher Allen: The remaining things were not officially approved - Joram, Verifiable News, ... are these candidates - what else are we missing? What else do people want to have as work items for this group? Christopher Allen: We don't want to meet more than once a week, we don't want to overload the group, there are things that can move independently. Joe Andrieu: +1 Manu Mike Lodder: +1 Manu Drummond Reed: +1 To publishing the primers Drummond Reed: +1 To less work items. Let's get the DID spec done done. Christopher Allen: We may want to put these primers forward... maybe first two primers. Dave Longley: +1 To focusing on getting existing work items done Topic: Verifiable News Christopher Allen: Moses, where are we with Verifiable News - who else is participating? Moses Ma: I have Adam Sobieski and Ed Bice working on first draft of whitepaper... after we get whitepaper, we'll develop a set of slides that we can socialize... Ed has been working on a proposal that he is submitting, working on whitepaper today, did write a first pass... Moses Ma: It's more important to get money here to pay for breakout session at TPAC. Drummond Reed: Wow, cool, Moses! Moses Ma: I set him up with a few folks - he's shopping the idea around now. Drummond Reed: Even standards communities can use the help of some billionaires ;-) Christopher Allen: We have to produce stuff in this community - specs and collaboration around specs. Christopher Allen: We need to connect the dots - are we using DIDs, Verifiable Claims, how does this fit into the credentials ecosystem? Christopher Allen: If we're not reusing this stuff - maybe it needs to be another community. Moses Ma: W3C staff want to push something through in the next six months... but everyone agrees it's only a triage... they don't want to play whack-a-mole... we need to fix this, Verifiable Claims is the right way to do this. Christopher Allen: I've had some push back on whether or not they belong in this CG... I'm leaning toward them being work items, but they do need to be a Community consensus thing. Topic: Other Work Items Christopher Allen: Who else wants to comment about Web of Trust family - how to enable anonymous identities, how to enable web of trust... Joe Andrieu: Given that I have 3 work products in that pipeline, I do think there is a lot more work done - they're collaborative and engaging in a community. It'll take a while to get them through this consensus process so that they're proper contributions. Amira, we focused on the human experience, there is an iteration that needs to happen. Manu Sporny: The type of stuff that Joe's been doing, all these lifecycle use case stuff, is stuff that W3C typically never does. And I think that is to their detriment. There is no full blown thought out human use cases. [scribe assist by Dave Longley] Manu Sporny: The use cases tend to be Joe wants to login into a website and wants to use his Yubikey. [scribe assist by Dave Longley] Drummond Reed: +1 To publishing Joe's document as a community document. Manu Sporny: I don't think your document goes through the W3C standardization process but instead it is proof that we've done the work establishing the purpose and design for the other things. [scribe assist by Dave Longley] Manu Sporny: We can publish these things as community docs or NOTEs. [scribe assist by Dave Longley] Dan Burnett: Frustrating as it is, there is good reason W3C has gone this way. They strongly avoid defining anything that could be considered user interface guidelines or instructions because browsers have always distinguished themselves by UI. Manu Sporny: I think you're in new territory but I think it would be really interesting to push that at W3C, it can be an official W3C doc (as a NOTE) but I think it paints a beautiful story around the human experience. [scribe assist by Dave Longley] Manu Sporny: Pulling all those things in and having the community work on them would be difficult and could be a distraction at this point, but there are different communities working on these things, where both types of docs are really important. [scribe assist by Dave Longley] Manu Sporny: I think we can somehow get that work in here, several different paths to take, lots of work to do, but worth doing. [scribe assist by Dave Longley] Christopher Allen: I'd like to flip that around - I'd like to see that these are community documents... perhaps we can get other communities to do high quality community docs... Is there anyone here that objects to working on this or adopting these work items? Drummond Reed: I don't object, the opposite - it's a vital part of our efforts. Christopher Allen: I'd like to draw more people into this community - cryptocurrency folks - former PGP folks, etc. Christopher Allen: If we don't address some of the Web of Trust stuff, if we only focus on major issuers, we're going to lose them. Manu Sporny: +1 To bringing those people in... because fundamentally, this is about decentralization. Christopher Allen: Given the status of items today - need a better web page, describes what is what - what is pending - any other thoughts on this topic or what do we talk about next week - week before tpac... we cancel meeting during TPAC. Drummond Reed: +1 To canceling meeting during TPAC Drummond Reed: +1 To going over the presentation next week. I may or may not be able to attend as I'm at the MIT Legal Forum on AI & Blockchain workshop that day. Christopher Allen: Ok, then let's focus on presentations for next Tueday. Ryan Grant: Do we need an updated DID spec? Manu Sporny: We don't need an updated DID spec... Manu Sporny: This is more about messaging what we're doing. Topic: Path for DID Spec Standardization Joe Andrieu: Where are we wrt. DID spec standardization? Christopher Allen: This parallels what the Web Payments CG did - get some broad support from various parties, propose WG process get buy in. Christopher Allen: We're doing front-running on DID spec now... circulating ideas at W3C, will eventually migrate to WG item. Manu Sporny: I think that's exactly it. Joe to be very specific, at TPAC this year we're going to introduce the idea of DIDs going standards track at W3C and they are critical part of bringing Web Payments and VC together. It's something W3C really needs to do -- showing a vision for that. [scribe assist by Dave Longley] Manu Sporny: We want to be able to slot the DID spec in there because we spent this TPAC telling them how important this is. [scribe assist by Dave Longley] Manu Sporny: The DID spec is currently slotted to go into W3C for standardization and we need to do front running at TPAC so that when a new WG rechartering happens maybe Spring next year, the DID spec can be brought in. [scribe assist by Dave Longley] Joe Andrieu: Do we coordinate with the DIF people? They have DID spec listed as an item. [scribe assist by Dave Longley] Christopher Allen: We've been told, verbally, that they don't do specs, just implementations. [scribe assist by Dave Longley] Christopher Allen: My hope is that they'll work on getting their implementation details into our specs. [scribe assist by Dave Longley] Dan Burnett: Reminder that this group has 90 minutes at W3C TPAC for discussion of anything that is CCG related. We'll broaden the scope to talk about anything CCG wants to talk about. Christopher Allen: I'd like to walk through the list of items that we're doing here with that group... Christopher Allen: We'll have a meeting next week - review of TPAC presentation - or at least a draft of them... if there are other things that need to be done before TPAC, let me know. Hope to see many of you at TPAC.
Received on Tuesday, 24 October 2017 19:56:52 UTC