W3C home > Mailing lists > Public > public-credentials@w3.org > December 2018

[MINUTES] W3C Credentials CG Call - 2018-11-27 12pm ET

From: <kim@learningmachine.com>
Date: Sun, 09 Dec 2018 13:26:46 -0800
Message-Id: <1544390806689.0.71358@Kims-MacBook-Pro.local>
To: Credentials CG <public-credentials@w3.org>
Thanks to Manu Sporny for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-11-27/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-11-27

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0179.html
Topics:
  1. Agenda Review
  2. Introductions / Reintroductions?
  3. Reminders and Events
  4. Progress on Current Action Items
  5. Work Items
  6. Review summary of previous DID stories, questions, 
    painpoints meetings
  7. DID Summary High Points
  8. DID Explainer Template
Organizer:
  Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
Scribe:
  Manu Sporny
Present:
  Christopher Allen, Moses Ma, Dmitri Zagidulin, Joe Andrieu, 
  Bohdan Andriyiv, Mike Lodder, Ganesh Annan, Manu Sporny, Jeff 
  Orgel, Heather Vescent, Lucas Parker, Dan Burnett, Samantha 
  Mathews Chase, Ryan Grant, Lionel Wolberger, Kim Hamilton Duffy, 
  Ken Ebert, Jonathan Holt, Ted Thibodeau, Jarlath O'Carroll, 
  Adrian Gropper, Drummond Reed
Audio:
  https://w3c-ccg.github.io/meetings/2018-11-27/audio.ogg

Manu Sporny:  I can scribe [scribe assist by Dmitri Zagidulin]
Dmitri Zagidulin: Ah, k, n/m
Manu Sporny is scribing.
Voip?
Kimhd goes over standard introduction, queueing, present+'ing, 
  etc.

Topic: Agenda Review

https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0179.html
Kim Hamilton Duffy:  Pretty standard intro/reintro
Kim Hamilton Duffy:  Possibly review of previous DID pain points, 
  stories - and then working session on DID Explainer for W3C TAG.
Kim Hamilton Duffy:  They gave us a template that we should 
  consider
Joe Andrieu:  There is a line item that says connections check, 
  since we've decided that that's more complicated than it's worth, 
  we don't need to go over it, but didn't update it in our 
  template.
Kim Hamilton Duffy:  Oh, right. We need to update the template.

Topic: Introductions / Reintroductions?

Kim Hamilton Duffy:  Anyone that's new that would like to 
  introduce themselves?
Kim Hamilton Duffy:  Hi, I'm  Kim, one of the 3 chairs of the 
  group - CTO at Learning Machine - we work on verifiable 
  credentials in the educational/occupational space, stems on work 
  from Open Badges.
Kim Hamilton Duffy:  The idea is recipient-centric credentials - 
  I am also on the steering committees for RWoT and DIF, so looking 
  forward for further alignment with CCG and DIF.
Kim Hamilton Duffy:  I'm excited to be a part of this community.

Topic: Reminders and Events

Kim Hamilton Duffy: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Kim Hamilton Duffy:  W3C Strong Authentication and Identity 
  Workshop
Kim Hamilton Duffy: W3c Identity: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Manu Sporny:  We're at capacity, but please still join if 
  possible and you really want to go -- only way to go now is if 
  someone else doens't come/accept.
Kim Hamilton Duffy:  RWoT 8 - is coming up
Kim Hamilton Duffy: RWOT: http://weboftrust.info
Kim Hamilton Duffy:  Also IIW - April
Kim Hamilton Duffy: IIW: 
  https://www.internetidentityworkshop.com/
Moses Ma:  Two things to add - invited Jill to join and speak at 
  Strong Auth and Identity Workshop... ask her to sponsor RWoT.
Moses Ma:  Asked Dr. Po Chi Wu to help w/ modeling revenue 
  possibilities for DID Developers... was hoping that someone with 
  a start up would host him and do a call w/ him.
Moses Ma:  I can do it, but would like someone else, preferably a 
  startup, to take point on it.
Jarlath O'Carroll: II'm can host
Samantha Mathews Chase:  Hey, I'd be happy to host a webinar

Topic: Progress on Current Action Items

Moses Ma:  I'll send out details.
Samantha Mathews Chase: @Jarlath let's chat after the call
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Jarlath O'Carroll: @Samchase sounds good
Kim Hamilton Duffy:  No updates really on action items / work 
  items...

Topic: Work Items

Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/blob/master/work_items.md
Manu Sporny:  Rhiaro to help spec editing [scribe assist by Kim 
  Hamilton Duffy]
Kim Hamilton Duffy:  Welcome rhiaro -- very excited about getting 
  help w/ specs.
Joe Andrieu:  Do we have other pending work items?
Manu Sporny:  Not yet, will add them when we have specs.
Joe Andrieu:  We need help w/ Work Breakdown Structure - need WBS 
  for 2019 as well.
Joe Andrieu:  Year end paperwork and planning before the 
  holidays.
Christopher Allen:  I'd like to add a bit of clarity, we have a 
  lot of work items, they need to move to be CCG reports, haven't 
  been making progress on them, some of them we may move to another 
  column if people aren't going to move them forward.
Christopher Allen:  If one of those is important to you, start 
  thinking about when you can do so... for example, Credential 
  Handler API -- I'd like to know when that's going to be ready adn 
  when we want to turn it into a report.
Kim Hamilton Duffy:  It would be nice to get clarity on those 
  before end of year.
Kim Hamilton Duffy:  If you have something that's a work item, 
  send it to the mailing list so we know what we might cut...
Moses Ma: If you'd like to sign up to participate in the call 
  with Po Chi Wu to survey and analyse monetization models for DID 
  developers, please let us know here: 
  https://goo.gl/forms/2tKbmbi5cDQMUBaC2 - this will be moderated 
  by Samantha Chase.
Bohdan Andriyiv: @Moses @samchase @jarlath I have a business 
  model based on SSI to present on the zoom call.

Topic: Review summary of previous DID stories, questions, painpoints meetings

Manu Sporny:  We want to be careful w/ Credential Handler API
Manu Sporny:  So, we may want to put that on hiatus for now.
Christopher Allen: 
  https://docs.google.com/document/d/11sEvUhivMBt7DXBviqyEydvsnpOJY31O7KKw73eFdmc/edit#

Topic: DID Summary High Points

https://docs.google.com/document/d/11sEvUhivMBt7DXBviqyEydvsnpOJY31O7KKw73eFdmc/edit#
Christopher Allen:  Feel free to suggest additional things - Joe 
  and I tried to capture what we could during our previous 
  meetings... talked a bit about stories, explaining DIDs, things 
  that happened... for example, push back on SSI, corps don't care, 
  and potential answers.
Christopher Allen:  We also tried to capture common questions - 
  why do we need a new universal namespace, who manages keys, what 
  do you talk about when you talk about DIDs?
Christopher Allen:  Last week, we tried to focus on what is it 
  about DIDs that solve these pain points... these are incomplete 
  lists - we don't need answers, but we would like to be sure that 
  we have ansewrs for a lot of these and can leverage them.
Christopher Allen:  We have a primer in spec text, didn't explain 
  why -- DID Primer was explaining it to ourselves, we need to 
  explain underlying value proposition.
Christopher Allen:  We can spend a couple of minutes if people 
  want to add stuff, then we can move on to drafting a new 
  document.
Bohdan Andriyiv: @Moses @samchase - i'll publish business model 
  description/deck before the call to CCG list
Heather Vescent: Where is the second document @ChristopherA 
  mentioned? Is that the DID Primer?
Kim Hamilton Duffy:  The explainer, it sounds like some of the 
  things might solicit external information... is it possible that 
  the DID Explainer work can feed into DID Primer.
Jonathan Holt: Doc is read-only
Adrian Gropper:  I wrote up 3 pages or so writing up use case on 
  DIDs, don't know if it's at the right level to serve the proper 
  purposes... just sent it to a couple of the Chairs, unclear from 
  description what contributions you expect other than list of 
  questions we should be concerned about.
Joe Andrieu:  Yes, Adrian, thanks that was a great write up, 
  please share with rest of list... explainer framework from W3C 
  TAG is a particular framework that they would like to see 
  outlined... it's a bit more specific and constrained, I think 
  Adrian's work is great fodder, share it more widely.
Joe Andrieu:  They want a more limited template... we need to 
  concisely answer their bullet points... then they can engage more 
  easily.
Christopher Allen:  I also added to the bottom, if you have an 
  explainer that you don't know about, please add it to the bottom 
  of the list.
https://www.scuttlebutt.nz/
Adrian Gropper: Health records explainer: 
  https://docs.google.com/document/d/1AbhR3xFLXYB7h83iGqmhgF9N6Q5BM2thziwbrS2miqs/edit
Manu Sporny:  I think we can learn from the Secure Scuttlebutt 
  community, look at their page, lift some ideas there.
Dmitri Zagidulin:  Wanted to mention that Secure Scuttlebutt is 
  an example of a community that failed on the key recovery 
  problem... great example of what happens when you don't account 
  for key recovery.
Moses Ma:  One of the ideas our group had is that someone should 
  build an Adobe XD mock up for DID product - would be something 
  useful here... if someone else wants to do that/work on it, 
  please let me know.
Christopher Allen: 
  https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit

Topic: DID Explainer Template

https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit
Manu Sporny:  Let's talk through this document, get people that 
  want to write it.
Christopher Allen:  I can begin a little bit... some of the 
  things that we could talk about are non-goals explicitly...
Christopher Allen:  What scenarios do we want to focus on - what 
  two user scenarios, tricky design choices...
Christopher Allen:  One of these choices was not doing real 
  names, for example, not a replacement for DNS - that was a tricky 
  design decision... what else?
Christopher Allen:  Capture some of these things, that's what the 
  TAG wants, what are the alternatives - what does Solid or 
  BlockStack provide that is orthogonal?
Christopher Allen:  This is open for editing.
Joe Andrieu:  If there is a bullet point that expands and fits in 
  the section, please add it, don't just suggest it.
Joe Andrieu:  If you are changing something, but really mean it 
  as a suggestion, then use suggest.
Joe Andrieu:  In general, please dive in and write things up - 
  the process we're trying to catalyze, let's get something prior 
  to the Workshop in Seattle.
Joe Andrieu:  Trying to turn bulletpoints into prose, get full 
  document, so kinda quick chaotic/chaordic stuff into a place 
  where we can get it to the W3C TAG.
Joe Andrieu:  If you can provide stuff, please do
Christopher Allen:  We literally want people to type in the 
  things they care about the most - do that now
Jonathan Holt: Define?
Manu Sporny:  We are not trying to replace DNS, we're not trying 
  to replace Content-addressed networks.
Joe Andrieu:  We are not trying to provide identity assurance.
Kim Hamilton Duffy:  I have a separate question on use cases -- 
  key scenarios -- saw Christopher typing in something about 
  education credentials
Kim Hamilton Duffy:  In general, for key scenarios, can we use 
  outputs of previous meetings, explaining DIDs, are those worth 
  explaining?
Christopher Allen:  I don't want to speak for everyone in VCWG, 
  but VCWG has discovered that the common "over 21" use case is 
  problematic on a number of fronts... the DMV was not intended to 
  be on age verification.
Christopher Allen:  There is a lot of discussion about that, it 
  has also come up as a bad selective disclosure example... a nice 
  simple "I institution that subject graduated with a degree" is a 
  better type of default claim to be made.
Christopher Allen:  That enables us to talk about institutions 
  changing, etc.
Drummond Reed: Why are we being the guinea pig?
Dmitri Zagidulin: (I would argue that although academic 
  credentials is an excellent example of a verifiable claim in 
  general, it is still a poor example of selective disclosure. 
  Because it's a high-value/high-threat credential, it will still 
  need to be tied intimately to identity verification, much like 
  the proof of age.)
Kim Hamilton Duffy:  I had wanted to change the motivation slides 
  when we show DIDs, every time we try to do it, it breaks down - 
  ID string in driver's license doesn't really work as a DID.
Kim Hamilton Duffy:  There is a long term applicability idea
Kim Hamilton Duffy:  Institutions can go out of business, some 
  push back on that, but key rotation on recipient side is a 
  concern - key management is a concern.
Dan Burnett: Better to talk about getting a specific degree than 
  just graduating from an institution - also works for honorary 
  degrees
Kim Hamilton Duffy:  I think I would like to help convert that 
  scenario, would be a lot more informative and get less push back 
  from Driver's license example.
Christopher Allen:  Another thing that needs work is considered 
  alternatives... what are we competing against?
Joe Andrieu:  In the area of scenarios, interstitial 
  jurisdictionality - when two parties need some sort of reliable 
  transaction and they don't have a common deferable authority 
  (different countries) and they are not goverend by UN Body - do I 
  need approval from a government to do business?
Joe Andrieu:  This is how the Internet breaks a lot of things... 
  cross border transactions - getting your degree recognized in a 
  foreign country can be an issue.
Kim Hamilton Duffy:  That's interesting because Learning Machine 
  customers talk about value in preventing fraud - educational 
  fraud is big, so that's a good angle as well.
Christopher Allen:  I'm finding that crossing borders, changing 
  jurisdictions over time, is a useful topic by itself... it might 
  help at the end of it, scenario 1, there are similar problems in 
  educational space.
Mike Lodder: Medical is a good example
Christopher Allen:  The VCs are bearer instruments and DIDs 
  enable bearer instruments to function, so that's something that 
  is unique and we really want to underline that.
Samantha Mathews Chase: I was about to say where all the bodies 
  are buried lol
Lionel Wolberger: I think the Mars Insight rover has dialed in
Kim Hamilton Duffy:  We do have some good use cases in medical... 
  what about that - is medical as key scenario a good thing?
Samantha Mathews Chase:  To dig a bit on what Manu said - show 
  less dire things that we can fix (even though they are powerful), 
  having those sorts of mundane things (like customer preferences), 
  carry truths about yoruself, or offload that sort of customer 
  acquisition into hands of user easily - those kinds of things 
  seems like the right path?
Manu Sporny:  Yes
Samantha Mathews Chase:  So, marketing tech is suffering, if we 
  can empower people to have control of that while helping  
  marketing folks, that would be a big upside.
Christopher Allen:  I wanted to add to what Sam said - number of 
  nations that are talking about travel documents - work permits - 
  that allow for different type of travel - as an acceptable use 
  case for businesses and governments...
Christopher Allen:  It's cross jurisdictional, leading people 
  into SSI w/o full DID stack - don't know if that's a separate use 
  case, or subset of jurisdiction, safer one as opposed to others.
Samantha Mathews Chase: I think the military specialties codes is 
  something to think about
Joe Andrieu:  Maybe applying for job internationally incorporates 
  those other things... and it gets cross border
Samantha Mathews Chase: Google has made a search for them, that 
  could tie onto special skills recognized across border or just in 
  line with credentials that should be verified and recognized
Joe Andrieu:  We may want to go further than "I have a degree"
Kim Hamilton Duffy:  Yes, we need a scenario that's more 
  immediately forcing it.
Lionel Wolberger: +1 On limitations to federation
Adrian Gropper:  If I was trying to explain this to a technical 
  group, I'd start by asking about the limitations of federation 
  with whatever use case they're familiar with... start with that, 
  rather than cast it in immigration or medicine... the fact that 
  we all understand what the limitations of federation wrt. 
  identity are, and that this is a solution.
Jonathan Holt:  Yes, there was an interesting case in England in 
  NHS, that was not licensed from a foreign government, I'm on the 
  American Board of Physicians, it's about making claims on digital 
  assets, how do we represent that.
Jonathan Holt:  Travelling across borders, typically hello world 
  in that, is immunization records - that is low hanging fruit for 
  the use case.
Drummond Reed: +1 To health care records and lifetime portability
Joe Andrieu: +1 For Manu or Sam to write up a scenario about user 
  preferences
Moses Ma: I did consulting gigs for the governments of Georgia 
  (the country) and Poland, their major universities expressed a 
  wish that American employers would at least know that they are 
  large or dominant universities. So they could be an interesting 
  use case for an educational credential.
Samantha Mathews Chase:  Military occupation speciality - 250K 
  veterans per year, skills not recognized in their own country...
Heather Vescent: +1 Sam, this is a big area, and there are people 
  working in this space.
Christopher Allen:  If you like one of the sections, put your 
  name on it, fill it out.
Ryan Grant:  Note that this sounds like it's replacing editing of 
  the document - maybe we need to rename it for action item for 
  next week.
Samantha Mathews Chase: This doc link is where sorry?
Joe Andrieu: 
  https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit?usp=sharing
Moses Ma: Quite
Moses Ma: Quit
Received on Sunday, 9 December 2018 21:27:12 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 9 December 2018 21:27:13 UTC