W3C home > Mailing lists > Public > public-credentials@w3.org > December 2018

[MINUTES] W3C Credentials CG Call - 2018-12-18 12pm ET

From: <kim@learningmachine.com>
Date: Fri, 21 Dec 2018 19:40:29 -0800
Message-Id: <1545450029951.0.15645@Kims-MacBook-Pro.local>
To: Credentials CG <public-credentials@w3.org>
Thanks to Lionel Wolberger for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-12-18/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-12-18

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Dec/0068.html
Topics:
  1. Introductions
  2. Announcements and Reminders
  3. 2018 Year in Review
Action Items:
  1. prime a discussion on PR changes to DID
  2. look at security model (as opposed to just cryptograph) or 
    threat model of DIDs
  3. address requests for clarity on correlation and privacy 
    claims of DIDs
Organizer:
  Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
  Lionel Wolberger
Present:
  Adrian Gropper, Joe Andrieu, Ryan Grant, Brent Zundel, Ted 
  Thibodeau, Christopher Allen, Amy Guy, Dan Burnett, Manu Sporny, 
  Heather Vescent, Benjamin Young, Lionel Wolberger, Ken Ebert, 
  Isaac Patka, Lucas Parker, Jarlath O'Carroll, Samantha Mathews 
  Chase, Kim Hamilton Duffy, Chris Boscolo, Dmitri Zagidulin, 
  Michaela Casaldi, Moses Ma, Chris Webber, Matt Stone, Kaliya 
  Young, Bohdan Andriyiv, Mike Schwartz, Mike Lodder, Sam Smith
Audio:
  https://w3c-ccg.github.io/meetings/2018-12-18/audio.ogg

Joe Andrieu: Thanks, Chris!
Lionel Wolberger is scribing.
Christopher Allen:  Please take note of the IPR policy, anyone 
  can join, but to contribute you must agree to the IPR policy. 
  [scribe assist by Manu Sporny]
Christopher Allen:  Instructions for joining are here -- 
  https://w3c-ccg.github.io/ [scribe assist by Manu Sporny]
Kim Hamilton Duffy: Scribe list: 
  https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing)
Lionel Wolberger is scribing.
Agenda:
Kim Hamilton Duffy: Note scribe list has been updated for 
  freshness

Topic: Introductions

Isaac Patka: First meeting, introducing himself
Working for Bloom
Decentralized identity solution in fintech
Interested in being compliant with the proposed standards here.
Welcome, Isaac (ditto)
Intro: Benjamin Young, working for Wiley & Sons
Always had credentialing issues. Wiley interested in VCs and the 
  ecosystem to solve publishing related issues.
Welcome, Benjamin!
Christopher Allen: https://w3c-ccg.github.io/announcements/

Topic: Announcements and Reminders

RWoT Feb 27-March 1, might move a bit. Looking at Barcelona.
Should have that closed by Jan 8
IIW April 30-May2, Mountain View
NO MEETING NEXT TWO WEEKS. Update your calendars. Next meeting 
  Jan 8
Manu Sporny:  Will we review strong identity workshop
Chris Webber:  Added to agenda
Chris Webber:  We use github issues to manage our action items.
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Samantha Mathews Chase: Can i get a couple of moments help with 
  my use case for the DID explanation doc if there is time? stuck 
  on a piece of it.
Christopher Allen: 
  https://github.com/w3c-ccg/community/labels/action%3A%20review%20next
Dan Burnett: Eq?
Chris Webber:  DID resolver specification status?
Kim Hamilton Duffy: I don't see Markus
Manu Sporny:  Veres One DID method status
Good progress, a new testnet that is almost feature complete is 
  near production.
No ETA right now, but work is progressing, lots of testing, LB 
  work
Testing the DID method, looking good.
D2 should roll out in Jan, then D3 will come after that
  ... and that will be the DID method spec that we need.
Chris Webber:  Looking forward to that!
@Manu ... are there GitHub repos for the Veres One test net code 
  you just mentioned?
Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action%3A+ccg%22
Manu Sporny: @John_BCGov -- yep... 
  https://github.com/veres-one/veres-one -- but don't try to run it 
  unless you really know what you're doing -- we'll have packages 
  out shortly (in a month or so) -- please wait for those.
Thx
Samantha Mathews Chase: 
  https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit?usp=sharing 
  this is the correct doc yes? for DID explainer
Manu Sporny: @Lionel_Wolberger, we need like 10 more engineers :P
Chris Webber:  CCG created the VCWG so is obligated to review its 
  specification
Kim Hamilton Duffy: Correct Sam
Ideally, someone who was not involved deeply in the process.
  ... Who is willing to read the spec. Volunteer.
Isaac Patka:  I can look from our perspective
Lionel Wolberger: Manu, Chris: +1
Isaac Patka: Github.com/ipatka
Dan Burnett:  CCG coordination goes very well. This transition 
  request, we can argue we have a good and continuous relationship
  ... but this review will be critical, as it is done by someone 
  not party to the work that happened so far
  ... your work will really contribute.
Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action%3A+chairs%22
Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+no%3Alabel
Heather Vescent:  Voicing concern about DID monetization
Manu Sporny: +1 To samchase
  ... the two words monetizing & ID should not be in the same 
  sentence
  ... proposing: Solutions for SSI
Heather Vescent: +1 Sam
Chris Webber:  Is this for a future report or a white paper.
Kim Hamilton Duffy: Manu you should jump the q
Joe Andrieu: We did discuss it, briefly.
Joe Andrieu: The sense of it was to use the lighter weight RWOT
Manu Sporny:  +1 Sam, to remove "monetizing"
  ... this does seem to be an RWoT paper since the scope of the 
  group should be the spec itself and not the ecosystem
Moses Ma: I'm totally fine to change monetization to business 
  model and move our brainstorming to RWOT...
  ... this doc feels exploratory, so it may be better in RWoT
Kim Hamilton Duffy: +1 To RWOT move
Moses Ma: And the plan is to write a paper for RWOT
Joe... wishing you a fast recovery, reading your notes.
Joe Andrieu: Thanks, Lionel
Kim Hamilton Duffy:  Respec questions, what is that.
Kim Hamilton Duffy: Respec
  ... that is what we use
Kim Hamilton Duffy: Tutorial: https://youtu.be/0eQXU6Z-A6Q
Kim Hamilton Duffy: Doc to respec: 
  https://lists.w3.org/Archives/Public/spec-prod/2018JulSep/0003.html
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues/29#issuecomment-445563626
Kim Hamilton Duffy:  These resources will help anyone needing 
  help with Respec
  ... if you are blocked or on hold, just let the chairs know.
Chris Webber:  Work items for CCG process, registries process. 
  WIll need repos for those.
  ... older items that we inherited *DID engagement spreadsheet 
  and model * polyfill * specifications
  ... we would like clarity around these items. complete/ archive 
  ??
Agenda: unassigned items
Agenda: Results of strong auth workshop
Manu Sporny: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Manu Sporny:  W3C Workshop on Strong Authentication & Identity 
  was pulled together
  ... from the AUTH community and the IDENTITY community
  ... broad community to find out what is state of the art
  ... W3C encourages these discussions to uncover if 
  specifications are needed, and which standards body should host 
  that work
  ... Presentations start the day, then discussion, then common 
  areas of consensus
  ... then work items are curated
Christopher Allen: Draft minutes of workshop 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/minutes.html
  ... generally a workshop report results from the meeting
  ... the minutes are available and not under IPR restrictions
Manu Sporny:  The report should be out in Jan
Christopher Allen: Presentations were at 
  https://drive.google.com/open?id=1aegR1T_TmLJzD27Rj2tgJCQfH8eLBdi2
  ... it was well attended with about 70 people
Chris Webber:  I attended, I would add: there was a wide variety 
  of presentations including DID discussion from people not 
  actively involved in the CCG
  ... it felt like there is already a DID standard, but, there 
  isn't
Kim Hamilton Duffy:  On a good path to reconciling differences.
Joe Andrieu: I'm good, Chris
  ... Got an opportunity to test out the new DID strategy 
  starting with the Verfiable Claim (education)
  ... and it worked, there was less pushback on that motivating 
  example
  ... lesson learned, leave out "registries" next time
Lionel Wolberger:  Microsoft was hosting, I believe? What was 
  their position? They have huge identity plays in progress and 
  they tend to be interested in innovation, but sometimes they 
  don't move. [scribe assist by Manu Sporny]
Kaliya Young:  Let's just say that they had multiple 
  perspectives. :) [scribe assist by Manu Sporny]
Schizophrenic
Chris Webber:  Microsoft is a big player with many legacy 
  systems, with other MS people wanting to innovate
Christopher Allen:  Microsoft has legacy stuff and so they have 
  that legacy stuff, and they have some future looking stuff, so it 
  was as much Microsoft talking to each other as to the rest of the 
  community. [scribe assist by Manu Sporny]
Agenda: Explainer
Chris Webber:  Anyone taking the lead on that? Anyone feel they 
  own it? Next steps?
Joe Andrieu: I thought I was leading the charge. Dan Burnett also 
  volunteered to help.
Manu Sporny: +1 To JoeAndrieu leading the charge! :)
Manu Sporny:  Suggest deadline of mid-Jan to coincide with the 
  auth workshop report.
  ... It should reach the 480+ companies in the W3C, with 60+ 
  companies saying a WG is called for
Chris Webber:  Since CCG next meeting is Jan 8th, that seems a 
  good target
Christopher Allen: Ack?
Joe Andrieu: It's just time on task
  ... what actions do we need to take to make this target?
>>Cue here, the sounds of silence<<
Joe Andrieu: Sounds right!
Christopher Allen: 
  http://nbviewer.jupyter.org/github/WebOfTrustInfo/rwot7/blob/master/final-documents/convincing-dad.pdf
Dan Burnett:  Will try to make that target.
Christopher Allen: 
  https://github.com/w3c-ccg/community/blob/master/Credentials%20Community%20Group%202018%20WBS.2.pdf

Topic: 2018 Year in Review

Joe Andrieu: I was thinking we could just go through those 
  quickly and say whether we (2) completed it (1) made some 
  progress or (0) didn't make progress
Moses Ma: Voice call died for me
Dan Burnett: Final reports become input to standards-track work 
  that can become Recommendations
Chris Webber:  Review of the tasks and activities that went on in 
  the last year.
Manu Sporny:  Looking at the PDF file
  ... reconciliation draft is done, that is a major achievement, 
  there is only one DID spec now.
  ... no big disagreements left (v1.1.1.1) DONE!
  ... DID Method Registry is done and we refer to other specs in 
  that registry
  ... some specs are asking to be added to the registry, they are 
  pretty solid
  ... Test Suite: Non-existant. no progress in 2018.
1.1.1.4 Cryptographic review: still needs more work particularly 
  the proofs and signatures
  ... in other groups there is discussion
  ... there was a proof of correctness in another group
Mike Schwartz:  Open PRs in the spec
  ... will those PRs help or hurt?
Manu Sporny:  Yes, we probably do need those done, tho your 
  concern is justified

ACTION: prime a discussion on PR changes to DID

Mike Schwartz:  Affirms that he will get to it.
Manu Sporny:  Let's start in Jan before RWoT
Moses Ma: Q
Chris Webber:  Not so much a crypto review, we may need a 
  security review
Lionel Wolberger:  It sounds like you're asking for threat 
  modeling? [scribe assist by Manu Sporny]
  ... e.g. you start trusting the keys from here

ACTION: look at security model (as opposed to just cryptograph) 
  or threat model of DIDs

Moses Ma: Can also call it failure mode analysis.

ACTION: address requests for clarity on correlation and privacy 
  claims of DIDs

Moses Ma: We need to game out how to a phishing organization 
  might game the system.
Lionel Wolberger:  Might include in that correlatability and 
  privacy violations.
What would you phish?
Moses Ma:  Thrreat model, a phishing company, could they pose as 
  a valid DID service?
Chris Webber:  DID resolver services would not be the right model
Heather Vescent: Are you suggesting a kind of pentesting?
Ryan Grant:  Done threat modelling, and is including more DID 
  things there
  ... happy to collect threat model questions
Lionel Wolberger: Manu: Echo suggestion for more threat modelling 
  +1
  ... have not red teamed these systems.
Mike Lodder: DREAD or STRIDE?
  ... surfacing this work (which seems to be going on inside 
  corporations)
  ... Veres One volunteers for a pen test, dread, strident
Jarlath O'Carroll: RE: earlier discussion (couldn't respond 
  earlier) - if you need someone to review spec/doc over the 
  Holidays from a somewhat lay person's perspective, then I'm happy 
  to do so ... if so, please let me know the details
  ... ecosystem red teaming, ecosystem threat models, would be 
  essential to being thought leaders
  ... We were criticized for allowing different key formats
  ... this came from people experienced in jot work
  ... based on seeing Evernym Sovrin Ethereum Bitcoin RChain 
  Veres One
Mike Lodder: +1 To COSE
  ... feels like COSE expressions of key formats would be 
  compact, fit into JSON LD
  ... CBOR Object Signing and Encryption (COSE) protocol...
Chris Webber:  Have spoken with Brave, we opened the door.
  ... The variety on the keys might be here because we are a 
  multi-party system
  ... multiple choices enable things like "I have a Sovrin key 
  and you have a Veres One key"
  ... the same keys can be registered on both systems
Dan Burnett: This is the crux of the "Interop" question we heard 
  at the workshop
  ... that can be secure
  ... Interop comes up BECAUSE we chose not to stipulate one DID 
  for all
Samantha Mathews Chase: Interop has to be incentivized.
Moses Ma:  Revenue models brainstorming-- DID Business Models 
  does sound better
Samantha Mathews Chase: No DID anything it's not a business
  ... will share a link to the great work in the brainstorming 
  (DM to get that from Moses)
Samantha Mathews Chase: It's a standard that opens doors for new 
  markets
  ... follow-up in January , invited ____ <<-- name?
Sam Smith:  Interop
Happy holidays everyone ... see you in 2019!
  ... this index will work somewhat like the internet archive
  ... will each entity help pay for sustaining the 
  interoperability?
Moses Ma: Let me know if you want the recording link for the DID 
  monetization/business model brainstorming call.
Chris Webber:  No discussion at that level
  ... they do each charge something
Sam Smith:  I suggest this approach
  ... setting sustainable costing would be helpful
Chris Webber:  We can add that to agendas next year
Agenda: Plus and Delta
  ... no time for audio
  ... put into IRC highlights (BIG PLUS)
Heather Vescent: Could we do a survey, where people could submit 
  appreciative and critical feedback anon?
  ... or changes you would like to see
Lionel Wolberger: +1 To survey !
Manu Sporny: Plus - we doubled the size of the community and met 
  tons of new great people as a result!
Joe Andrieu: @Sam it might be worth checking out the Veres One 
  financial model. The net net is that each method advocate has 
  their own business questions to answer
Heather Vescent: Plus can then send to the list.
Heather Vescent: I will volunteer to create/run the survey
Heather Vescent: I am the data/researcher master. ;-)
Samantha Mathews Chase: +1 For survey
Heather Vescent: My pleasure
Lionel Wolberger: +1 Chairs run clear meetings, with clear 
  agenda, goals, rules of engagement
Samantha Mathews Chase: Thanks Heather!!
Joe Andrieu: That's a wrap for 2018!!! Thanks, Everyone!
Dan Burnett: Good job, Chairs!
+100 To the thanks for the chairs
Ditto
Samantha Mathews Chase: You guys have really been a highlight in 
  my year!
Moses Ma: Happy holidays!
Samantha Mathews Chase: Thanks
Manu Sporny: +1 Hooray for Chairs!
Received on Saturday, 22 December 2018 03:40:58 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 22 December 2018 03:41:00 UTC