W3C home > Mailing lists > Public > public-credentials@w3.org > February 2018

[MINUTES] W3C Credentials CG Call - 2018-02-13 12pm ET

From: <msporny@digitalbazaar.com>
Date: Tue, 13 Feb 2018 15:19:38 -0500
Message-Id: <1518553178852.0.14245@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Mike Lodder for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-02-13/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-02-13

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0023.html
Topics:
  1. Announcements
  2. DID Authentication
  3. Object Capabilities
Resolutions:
  1. Create an Education and Occupational Credentials Task Force 
    as described in 
    https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html
  2. Adopt the Linked Data Object Capabilities specification as a 
    work item.
Organizer:
  Christopher Allen and Kim Hamilton Duffy and Joe Andrieu
Scribe:
  Mike Lodder
Present:
  Mike Lodder, Joe Andrieu, Manu Sporny, Kim Hamilton Duffy, 
  Christopher Allen, Moses Ma, Drummond Reed, Dave Longley, Ryan 
  Grant, Nate Otto, Adrian Gropper, Ted Thibodeau, Jarlath 
  O'Carroll, Chris Webber, Greg Linklater, Markus Sabadello, 
  Benjamin Young, Andrew Hughes, Sam Smith, David Chadwick, David 
  I. Lehn, Lionel Wolberger, Mark Miller
Audio:
  https://w3c-ccg.github.io/meetings/2018-02-13/audio.ogg

Mike Lodder is scribing.
Joe Andrieu:  Give Marcus 5 minutes to talk about DID-AUTH
Joe Andrieu:  Bulk of the call will focus on Object Capabilities
Manu Sporny:  Need time to discuss DID-Spec
Kim Hamilton Duffy:  Please cover verifiable credentials
Christopher Allen:  Need to cover verifiable credentials/claims 
  especially before the next RWoT

Topic: Announcements

Moses Ma: Also, has everyone seen this? 
  https://www.forbes.com/sites/ktorpey/2018/02/12/microsoft-to-embrace-decentralized-identity-systems-built-on-bitcoin-and-other-blockchains/#3ec187195ada
Joe Andrieu:  Disc golf tournament with RWoT
Joe Andrieu:  Going to update the functional identity primer
Joe Andrieu:  Want a 5 minute presentation on the primers
Joe Andrieu:  Announcement - reconciliation draft for DID-Spec 
  before RWoT
Christopher Allen:  Some of us are trying to align ourselves on 
  manu's code changes, will that week long stand up work for 
  everyone else
Joe Andrieu:  IIW is coming up, will send out discount code
Joe Andrieu:  Verifiable claims meet up that same week
Kim Hamilton Duffy:  Updates have been made to various work items
Kim Hamilton Duffy: @Mike-lodder -- I'll do that
Manu Sporny:  DID Spec we are in post hardening phase
Manu Sporny:  Digital Bazaar is actively coding against the 
  latest version
Manu Sporny:  I have processed many of the last issues either as 
  things to do and will not do
Manu Sporny:  Only closing issues that were consensus exists
Kim Hamilton Duffy:  Update on action items [scribe assist by Kim 
  Hamilton Duffy]
Manu Sporny:  And why its being closed
Kim Hamilton Duffy: Kim finished these action items - Chairs to 
  add potential works items section to main W3C-CCG page 
  (educational, object capabilities, etc.) (Kim) - Add updated 
  Credentials Community Group 2018 WBS graphic onto landing page 
  (Kim) - Add link to WBS on home page (Kim) - Chairs to create VC 
  examples repo
Manu Sporny:  For two more weeks will try to close as many of 
  those as possible so implementers can be sure of their 
  implementations
Kim Hamilton Duffy: Kim finished these action items: Chairs to 
  add potential works items section to main W3C-CCG page 
  (educational, object capabilities, etc.) (Kim); Add updated 
  Credentials Community Group 2018 WBS graphic onto landing page 
  (Kim); Add link to WBS on home page (Kim); Chairs to create VC 
  examples repo
Christopher Allen:  Manu - when can we tag features as finalized 
  and have confidence in them
Manu Sporny:  Still in pre 1.0 phase of the DID Spec
Manu Sporny:  Using semantic versioning on the DID Spec
Kim Hamilton Duffy:  Kimhd is also closing these action items: 
  Chairs to assign Joe as owner of CCG process, Chairs to assign 
  Manu as Registry Process owner [scribe assist by Kim Hamilton 
  Duffy]
Manu Sporny:  We have not been categorizing issues in the 
  prerelease phase
Christopher Allen:  When do categorize versions as finished like 
  0.9 or 0.10
Manu Sporny:  Usually done by signaling the community that a 
  version is done or for a specific version is still being worked 
  on
Kim Hamilton Duffy:  Kimhd closing action item: W3C-CCG to 
  complete reconciliation of #RebootingWebOfTrust & Hardening 
  changes (All, due end of January 
  _https://github.com/w3c-ccg/did-spec/pull/41_) *COMPLETE* [scribe 
  assist by Kim Hamilton Duffy]
Kim Hamilton Duffy:  Kimhd closing action item Sending out 
  additional details about RWoT in Santa Barbara (Joe)*COMPLETE* 
  [scribe assist by Kim Hamilton Duffy]
Manu Sporny:  No real hard and fast rule to communicate this
Manu Sporny:  These are living specs, stable are versions that 
  have been approved by W3C
Joe Andrieu:  Would like this more formalized, where are we and 
  how do we do living standards
Joe Andrieu:  We can take the discussion offline
Drummond Reed:  Will have one more DID Spec closure call this 
  Thursday
Drummond Reed:  Just covering issues management until all can be 
  resolved online
Drummond Reed:  We should have many implementations of DID Method 
  Specs at RWoT
Joe Andrieu: http://rwot6.eventbrite.com
Drummond Reed:  I would like to see coming out of RWoT multiple 
  V1 specs
Kim Hamilton Duffy:  Looking for feedback on Edu/Occ VC -  as 
  described in 
  https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html

PROPOSAL:  Create an Education and Occupational Credentials Task 
  Force

Manu Sporny: +1 To Occedu VC Task Force
Dave Longley: +1
Kim Hamilton Duffy:  Ready to finish that
Ryan Grant: +1
Kim Hamilton Duffy:  Will link final proposal
Nate Otto: +1 To occupational/educational task force (will 
  participate)
Kim Hamilton Duffy:  Still need to shape the remaining work items 
  with the task force
Manu Sporny: +1
Kim Hamilton Duffy:  Some short term and others long term, to 
  meet once a week similar to DID Spec hardening
Dave Longley: +1
Nate Otto: There are specific work items for this task force, but 
  likely to do more discovery around work items that are not yet 
  fully defined. We'll start with an Open Badges/Verifiable 
  Credentials unification proof of concept. (Asserting an Open 
  Badge in a VC envelope)
Joe Andrieu:  Call for consensus for the task force
Adrian Gropper: +1
Ted Thibodeau: +1
Drummond Reed: +1
Mike Lodder: +1
Jarlath O'Carroll: +1
Chris Webber: +1
Kim Hamilton Duffy: +1
Joe Andrieu: +1
Greg Linklater: +1
Christopher Allen: +1

RESOLUTION: Create an Education and Occupational Credentials Task 
  Force as described in 
  https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html

Joe Andrieu:  Formally approved to create the task force
Christopher Allen: @Joe May be a good example of exploration work 
  item
Markus Sabadello:  Selected by British Colombia government to 
  implement a working version for DID-AUTH

Topic: DID Authentication

Markus Sabadello:  BC Gov has many scenarios where DID-AUTH is 
  applicable
Markus Sabadello:  DID-AUTH is basically proving control over a 
  DID-Doc
Markus Sabadello:  DID-AUTH is proof of control and endpoints 
  over TLS
Markus Sabadello:  Applies to browsers, QR codes
Dave Longley: Credential handler provides a DID-AUTH mechanism 
  via the browser
Markus Sabadello:  Service-to-service endpoints, and as log in 
  mechanisms
Markus Sabadello:  Idea is to implement everything in an open way 
  and DID Method agnostic
Markus Sabadello:  Looking for any feedback on this
Markus Sabadello: 
  https://bcdevexchange.org/opportunities/opp-initial-reference-implementation-of-decentralized-authentication--did-auth--and-authorization-mechanisms
Joe Andrieu:  Is there a DID-AUTH spec work item
Markus Sabadello:  Not yet but I am working some documentation 
  that could become the basis for a spec
Manu Sporny: https://w3c-ccg.github.io/credential-handler-api/
Manu Sporny:  We have done some work in this area also in the 
  credential-handler which is DID-AUTH in the browser and 
  verifiable credentials
Manu Sporny:  The core messages themselves can be reused in the 
  BCGov implementation
Dave Longley: And the original design was to create messages that 
  could flow over different mediums, not just the browser.
Manu Sporny:  The messages are medium independent
Manu Sporny: Demo to credential handler: 
  https://youtu.be/qdbDu1oV0PI
Dave Longley: A "Verifiable Credential" can simply be a 
  "PublicKeyCredential" which is just an assertion that you have a 
  certain public key ... which can be checked by going to a DID 
  ledger.
Manu Sporny: And technically, this is already a work item for the 
  group -- https://w3c-ccg.github.io/credential-handler-api/
Joe Andrieu:  We will be creating a work item for DID-Auth
Dave Longley: And the credential handler API supports any 
  Verifiable Credential -- so it covers that simple "DID AUTH" case 
  as well as others.

Topic: Object Capabilities

Joe Andrieu:  Cwebber and mark miller have been working Object 
  Capabilities and use cases
Chris Webber: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md
Chris Webber:  Object Capabilities are a way to security through 
  a flow rather than a typical access control list (all)
Chris Webber:  Acl
Chris Webber: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md
Chris Webber:  Object capabilities using a linked data system
Dave Longley: Ocap: "just use a key to get in" vs. acls: "a list 
  that says who can do things"
Chris Webber: https://w3c-ccg.github.io/ld-ocap/
Chris Webber:  The newer specification has some minor changes 
  made since the previous RWoT
Manu Sporny: Looking here: 
  https://w3c-ccg.github.io/ld-ocap/#ocap-by-example
Dave Longley: Note: ocaps vs. acls .... using a key (ocap) is 
  better because it only fits into a particular lock -- using a 
  list with names on it (acl) makes it too easy to trick those 
  people into doing things for others that weren't intended.
Chris Webber:  Attenuated keys are used for restricted 
  capabilities
Chris Webber: 
  https://github.com/digitalbazaar/ldocap.js/blob/first-pass/js/ld-ocap.js
Chris Webber:  Ccg wants to take this spec on now that more 
  details have been written
Chris Webber:  Close to first working implementation
Joe Andrieu:  Will do a formal consensus call to adopt ocap as a 
  work item
Manu Sporny:  Ocap for decentralized permissions with DID's and 
  verifiable credentials/claims
Manu Sporny:  Verse one will use ocap and no acls
Dave Longley: Very simple version of a DID that uses ocap: 
  https://gist.github.com/dlongley/1762f214f18d8cc63af8ff2853c1c5e1
Manu Sporny:  We believe we've figured out a way to integrate 
  this into linked data signatures
Dave Longley: The gist shows how this fits really nicely with the 
  approach taken with the DID spec so far.
Ryan Grant:  What about this should be method specific
Ryan Grant:  What is the recommendation for someone who wants to 
  integrate this
Manu Sporny:  At RWoT there was hesitation to integrate this at 
  the general DID Spec level
Manu Sporny:  This is still experimental
Joe Andrieu: Lost my voip
Joe Andrieu: I'm surprised IRC is still responsive.
Joe Andrieu: Chris or Kim? Could you take over moderating?
Manu Sporny:  We don't feel comfortable recommending yet at the 
  general level yet because each method will have specifics that 
  are different
Christopher Allen:  Ocap architecture is not new, but has not 
  been successful because the need has not been sufficient, acl has 
  been adequet
Manu Sporny: Yes, I didn't mean to imply that that ocap is a "new 
  concept"... it definitely isn't and a LOT of 
  thought/implementation has gone into it.
Christopher Allen:  We're finally reaching a point where the 
  weight of the acl system is hurting us
Drummond Reed: I think we need to differentiate between using the 
  OCAP model with a particular Sovrin method and using it as a 
  general pattern of authorization between DID subjects. Both are 
  important.
Manu Sporny: I was just saying that it's new to this group and 
  new to "blockchains", which are new themselves... so... LOTS of 
  NEW stuff going on, which makes some organizations very nervous 
  about deployment.
Adrian Gropper:  How much of this is interacting with DIF
Drummond Reed:  DIF is pursuing a hub model are trying to solve 
  the same problem that ocap solves but their thinking isn't far 
  enough along yet
Ryan Grant:  If veres one is doing anything with ocap outside of 
  DID updates and if other method specs should consider it with 
  their own
Drummond Reed:  Verifiable credentials is a general pattern to do 
  ocap
Manu Sporny: Chris has a great part of the spec that he wrote 
  that goes into how all this fits together: 
  https://w3c-ccg.github.io/ld-ocap/#relationship-to-vc
Drummond Reed:  Sovrin is planning to use it

PROPOSAL:  Adopt the Linked Data Object Capabilities 
  specification as a work item.

Kim Hamilton Duffy: +1
Ryan Grant: +1!
Chris Webber: +1
Drummond Reed: +1
Christopher Allen: +1 As a work item
Dave Longley: +1
Mike Lodder: +1
Ted Thibodeau: +1
Adrian Gropper: +1
Benjamin Young: +1
Joe Andrieu: +1

RESOLUTION: Adopt the Linked Data Object Capabilities 
  specification as a work item.

Joe Andrieu: For the record, these +1s were for adopting the 
  LD-OCAP specification as a work item of CCG
Moses Ma: Question for Manu: How does LD-OCAP work with or 
  compete against SOLID?
Manu Sporny: Moses, its complementary
Manu Sporny:  Open questions are should ocap be the required way 
  to do this?
Ryan Grant: Thanks manu!  so far, i hear a layer of abstraction.
Moses Ma: See you all in Santa Barbara!
Received on Tuesday, 13 February 2018 20:25:23 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:44 UTC