- From: <msporny@digitalbazaar.com>
- Date: Tue, 13 Feb 2018 15:19:38 -0500
- To: Credentials CG <public-credentials@w3.org>
Thanks to Mike Lodder for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2018-02-13/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-02-13
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0023.html
Topics:
1. Announcements
2. DID Authentication
3. Object Capabilities
Resolutions:
1. Create an Education and Occupational Credentials Task Force
as described in
https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html
2. Adopt the Linked Data Object Capabilities specification as a
work item.
Organizer:
Christopher Allen and Kim Hamilton Duffy and Joe Andrieu
Scribe:
Mike Lodder
Present:
Mike Lodder, Joe Andrieu, Manu Sporny, Kim Hamilton Duffy,
Christopher Allen, Moses Ma, Drummond Reed, Dave Longley, Ryan
Grant, Nate Otto, Adrian Gropper, Ted Thibodeau, Jarlath
O'Carroll, Chris Webber, Greg Linklater, Markus Sabadello,
Benjamin Young, Andrew Hughes, Sam Smith, David Chadwick, David
I. Lehn, Lionel Wolberger, Mark Miller
Audio:
https://w3c-ccg.github.io/meetings/2018-02-13/audio.ogg
Mike Lodder is scribing.
Joe Andrieu: Give Marcus 5 minutes to talk about DID-AUTH
Joe Andrieu: Bulk of the call will focus on Object Capabilities
Manu Sporny: Need time to discuss DID-Spec
Kim Hamilton Duffy: Please cover verifiable credentials
Christopher Allen: Need to cover verifiable credentials/claims
especially before the next RWoT
Topic: Announcements
Moses Ma: Also, has everyone seen this?
https://www.forbes.com/sites/ktorpey/2018/02/12/microsoft-to-embrace-decentralized-identity-systems-built-on-bitcoin-and-other-blockchains/#3ec187195ada
Joe Andrieu: Disc golf tournament with RWoT
Joe Andrieu: Going to update the functional identity primer
Joe Andrieu: Want a 5 minute presentation on the primers
Joe Andrieu: Announcement - reconciliation draft for DID-Spec
before RWoT
Christopher Allen: Some of us are trying to align ourselves on
manu's code changes, will that week long stand up work for
everyone else
Joe Andrieu: IIW is coming up, will send out discount code
Joe Andrieu: Verifiable claims meet up that same week
Kim Hamilton Duffy: Updates have been made to various work items
Kim Hamilton Duffy: @Mike-lodder -- I'll do that
Manu Sporny: DID Spec we are in post hardening phase
Manu Sporny: Digital Bazaar is actively coding against the
latest version
Manu Sporny: I have processed many of the last issues either as
things to do and will not do
Manu Sporny: Only closing issues that were consensus exists
Kim Hamilton Duffy: Update on action items [scribe assist by Kim
Hamilton Duffy]
Manu Sporny: And why its being closed
Kim Hamilton Duffy: Kim finished these action items - Chairs to
add potential works items section to main W3C-CCG page
(educational, object capabilities, etc.) (Kim) - Add updated
Credentials Community Group 2018 WBS graphic onto landing page
(Kim) - Add link to WBS on home page (Kim) - Chairs to create VC
examples repo
Manu Sporny: For two more weeks will try to close as many of
those as possible so implementers can be sure of their
implementations
Kim Hamilton Duffy: Kim finished these action items: Chairs to
add potential works items section to main W3C-CCG page
(educational, object capabilities, etc.) (Kim); Add updated
Credentials Community Group 2018 WBS graphic onto landing page
(Kim); Add link to WBS on home page (Kim); Chairs to create VC
examples repo
Christopher Allen: Manu - when can we tag features as finalized
and have confidence in them
Manu Sporny: Still in pre 1.0 phase of the DID Spec
Manu Sporny: Using semantic versioning on the DID Spec
Kim Hamilton Duffy: Kimhd is also closing these action items:
Chairs to assign Joe as owner of CCG process, Chairs to assign
Manu as Registry Process owner [scribe assist by Kim Hamilton
Duffy]
Manu Sporny: We have not been categorizing issues in the
prerelease phase
Christopher Allen: When do categorize versions as finished like
0.9 or 0.10
Manu Sporny: Usually done by signaling the community that a
version is done or for a specific version is still being worked
on
Kim Hamilton Duffy: Kimhd closing action item: W3C-CCG to
complete reconciliation of #RebootingWebOfTrust & Hardening
changes (All, due end of January
_https://github.com/w3c-ccg/did-spec/pull/41_) *COMPLETE* [scribe
assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: Kimhd closing action item Sending out
additional details about RWoT in Santa Barbara (Joe)*COMPLETE*
[scribe assist by Kim Hamilton Duffy]
Manu Sporny: No real hard and fast rule to communicate this
Manu Sporny: These are living specs, stable are versions that
have been approved by W3C
Joe Andrieu: Would like this more formalized, where are we and
how do we do living standards
Joe Andrieu: We can take the discussion offline
Drummond Reed: Will have one more DID Spec closure call this
Thursday
Drummond Reed: Just covering issues management until all can be
resolved online
Drummond Reed: We should have many implementations of DID Method
Specs at RWoT
Joe Andrieu: http://rwot6.eventbrite.com
Drummond Reed: I would like to see coming out of RWoT multiple
V1 specs
Kim Hamilton Duffy: Looking for feedback on Edu/Occ VC - as
described in
https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html
PROPOSAL: Create an Education and Occupational Credentials Task
Force
Manu Sporny: +1 To Occedu VC Task Force
Dave Longley: +1
Kim Hamilton Duffy: Ready to finish that
Ryan Grant: +1
Kim Hamilton Duffy: Will link final proposal
Nate Otto: +1 To occupational/educational task force (will
participate)
Kim Hamilton Duffy: Still need to shape the remaining work items
with the task force
Manu Sporny: +1
Kim Hamilton Duffy: Some short term and others long term, to
meet once a week similar to DID Spec hardening
Dave Longley: +1
Nate Otto: There are specific work items for this task force, but
likely to do more discovery around work items that are not yet
fully defined. We'll start with an Open Badges/Verifiable
Credentials unification proof of concept. (Asserting an Open
Badge in a VC envelope)
Joe Andrieu: Call for consensus for the task force
Adrian Gropper: +1
Ted Thibodeau: +1
Drummond Reed: +1
Mike Lodder: +1
Jarlath O'Carroll: +1
Chris Webber: +1
Kim Hamilton Duffy: +1
Joe Andrieu: +1
Greg Linklater: +1
Christopher Allen: +1
RESOLUTION: Create an Education and Occupational Credentials Task
Force as described in
https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html
Joe Andrieu: Formally approved to create the task force
Christopher Allen: @Joe May be a good example of exploration work
item
Markus Sabadello: Selected by British Colombia government to
implement a working version for DID-AUTH
Topic: DID Authentication
Markus Sabadello: BC Gov has many scenarios where DID-AUTH is
applicable
Markus Sabadello: DID-AUTH is basically proving control over a
DID-Doc
Markus Sabadello: DID-AUTH is proof of control and endpoints
over TLS
Markus Sabadello: Applies to browsers, QR codes
Dave Longley: Credential handler provides a DID-AUTH mechanism
via the browser
Markus Sabadello: Service-to-service endpoints, and as log in
mechanisms
Markus Sabadello: Idea is to implement everything in an open way
and DID Method agnostic
Markus Sabadello: Looking for any feedback on this
Markus Sabadello:
https://bcdevexchange.org/opportunities/opp-initial-reference-implementation-of-decentralized-authentication--did-auth--and-authorization-mechanisms
Joe Andrieu: Is there a DID-AUTH spec work item
Markus Sabadello: Not yet but I am working some documentation
that could become the basis for a spec
Manu Sporny: https://w3c-ccg.github.io/credential-handler-api/
Manu Sporny: We have done some work in this area also in the
credential-handler which is DID-AUTH in the browser and
verifiable credentials
Manu Sporny: The core messages themselves can be reused in the
BCGov implementation
Dave Longley: And the original design was to create messages that
could flow over different mediums, not just the browser.
Manu Sporny: The messages are medium independent
Manu Sporny: Demo to credential handler:
https://youtu.be/qdbDu1oV0PI
Dave Longley: A "Verifiable Credential" can simply be a
"PublicKeyCredential" which is just an assertion that you have a
certain public key ... which can be checked by going to a DID
ledger.
Manu Sporny: And technically, this is already a work item for the
group -- https://w3c-ccg.github.io/credential-handler-api/
Joe Andrieu: We will be creating a work item for DID-Auth
Dave Longley: And the credential handler API supports any
Verifiable Credential -- so it covers that simple "DID AUTH" case
as well as others.
Topic: Object Capabilities
Joe Andrieu: Cwebber and mark miller have been working Object
Capabilities and use cases
Chris Webber:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md
Chris Webber: Object Capabilities are a way to security through
a flow rather than a typical access control list (all)
Chris Webber: Acl
Chris Webber:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md
Chris Webber: Object capabilities using a linked data system
Dave Longley: Ocap: "just use a key to get in" vs. acls: "a list
that says who can do things"
Chris Webber: https://w3c-ccg.github.io/ld-ocap/
Chris Webber: The newer specification has some minor changes
made since the previous RWoT
Manu Sporny: Looking here:
https://w3c-ccg.github.io/ld-ocap/#ocap-by-example
Dave Longley: Note: ocaps vs. acls .... using a key (ocap) is
better because it only fits into a particular lock -- using a
list with names on it (acl) makes it too easy to trick those
people into doing things for others that weren't intended.
Chris Webber: Attenuated keys are used for restricted
capabilities
Chris Webber:
https://github.com/digitalbazaar/ldocap.js/blob/first-pass/js/ld-ocap.js
Chris Webber: Ccg wants to take this spec on now that more
details have been written
Chris Webber: Close to first working implementation
Joe Andrieu: Will do a formal consensus call to adopt ocap as a
work item
Manu Sporny: Ocap for decentralized permissions with DID's and
verifiable credentials/claims
Manu Sporny: Verse one will use ocap and no acls
Dave Longley: Very simple version of a DID that uses ocap:
https://gist.github.com/dlongley/1762f214f18d8cc63af8ff2853c1c5e1
Manu Sporny: We believe we've figured out a way to integrate
this into linked data signatures
Dave Longley: The gist shows how this fits really nicely with the
approach taken with the DID spec so far.
Ryan Grant: What about this should be method specific
Ryan Grant: What is the recommendation for someone who wants to
integrate this
Manu Sporny: At RWoT there was hesitation to integrate this at
the general DID Spec level
Manu Sporny: This is still experimental
Joe Andrieu: Lost my voip
Joe Andrieu: I'm surprised IRC is still responsive.
Joe Andrieu: Chris or Kim? Could you take over moderating?
Manu Sporny: We don't feel comfortable recommending yet at the
general level yet because each method will have specifics that
are different
Christopher Allen: Ocap architecture is not new, but has not
been successful because the need has not been sufficient, acl has
been adequet
Manu Sporny: Yes, I didn't mean to imply that that ocap is a "new
concept"... it definitely isn't and a LOT of
thought/implementation has gone into it.
Christopher Allen: We're finally reaching a point where the
weight of the acl system is hurting us
Drummond Reed: I think we need to differentiate between using the
OCAP model with a particular Sovrin method and using it as a
general pattern of authorization between DID subjects. Both are
important.
Manu Sporny: I was just saying that it's new to this group and
new to "blockchains", which are new themselves... so... LOTS of
NEW stuff going on, which makes some organizations very nervous
about deployment.
Adrian Gropper: How much of this is interacting with DIF
Drummond Reed: DIF is pursuing a hub model are trying to solve
the same problem that ocap solves but their thinking isn't far
enough along yet
Ryan Grant: If veres one is doing anything with ocap outside of
DID updates and if other method specs should consider it with
their own
Drummond Reed: Verifiable credentials is a general pattern to do
ocap
Manu Sporny: Chris has a great part of the spec that he wrote
that goes into how all this fits together:
https://w3c-ccg.github.io/ld-ocap/#relationship-to-vc
Drummond Reed: Sovrin is planning to use it
PROPOSAL: Adopt the Linked Data Object Capabilities
specification as a work item.
Kim Hamilton Duffy: +1
Ryan Grant: +1!
Chris Webber: +1
Drummond Reed: +1
Christopher Allen: +1 As a work item
Dave Longley: +1
Mike Lodder: +1
Ted Thibodeau: +1
Adrian Gropper: +1
Benjamin Young: +1
Joe Andrieu: +1
RESOLUTION: Adopt the Linked Data Object Capabilities
specification as a work item.
Joe Andrieu: For the record, these +1s were for adopting the
LD-OCAP specification as a work item of CCG
Moses Ma: Question for Manu: How does LD-OCAP work with or
compete against SOLID?
Manu Sporny: Moses, its complementary
Manu Sporny: Open questions are should ocap be the required way
to do this?
Ryan Grant: Thanks manu! so far, i hear a layer of abstraction.
Moses Ma: See you all in Santa Barbara!
Received on Tuesday, 13 February 2018 20:25:23 UTC