[MINUTES] W3C Credentials CG Call - 2018-07-10 12pm ET

Thanks to Ryan Grant for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-07-10/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-07-10

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Jul/0013.html
Topics:
  1. Introductions
  2. Announcements and Reminders
Action Items:
  1. Chairs follow up on concerns about funding, recognition, 
    contribution to commons
  2. Open issue regarding DID resolution in WG charter
Organizer:
  Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
  Ryan Grant
Present:
  Christopher Allen, Andrew Hughes, Dmitri Zagidulin, Chris Webber, 
  Heather Vescent, Ganesh Annan, Markus Sabadello, Joe Andrieu, 
  Ryan Grant, Kulpreet Singh, Manu Sporny, Dan Burnett, Kim 
  Hamilton Duffy, Ted Thibodeau, Moses Ma, Samantha Mathews Chase, 
  Benjamin Young, Bohdan Andriyiv, Christian Lundkvist, Pelle 
  Brændgaard, Nate Otto, Irene Hernandez, Eric Olszewski
Audio:
  https://w3c-ccg.github.io/meetings/2018-07-10/audio.ogg

Ryan Grant is scribing.

Topic: Introductions

Kim Hamilton Duffy:  On to reintroductions
Ted Thibodeau:  I work for OpenLink software.  active for several 
  years.  working in VC/credentials working group.
Ted Thibodeau:  Works for openLink software.  active for several 
  years.  working in VC/credentials working group.
Kim Hamilton Duffy:  Bulk of meeting to be about uPort proposal
Kim Hamilton Duffy:  Reminders about using the queuing mechanism 
  and strict timeboxing.

Topic: Announcements and Reminders

Kim Hamilton Duffy: Announcements: 
  https://w3c-ccg.github.io/announcements/
Kim Hamilton Duffy:  Summer BTCR virtual hackathon is next week.  
  we have a zoom room and will have standup meetings MWThF, and Tu 
  after this meeting.
  ... planning meeting tomorrow afternoon.  invites to anyone 
  interested.
Kim Hamilton Duffy: https://www.w3.org/2018/10/TPAC/
  ... Helsinki MYDATA 2018 — August 29-31 Helsinki, Finland.  
  #RebootingWebOfTrust VII — September 24-26th, Toronto.  Also 
  27-28th DID/Verifiable Credential Hackathon (F2F).  TPAC — 
  October 23rd-26th, Lyon, France.
  ... IIW — October 23rd-25th, Mountain View
Kim Hamilton Duffy:  Moses is organizing a conference.  
  introduction forthcoming.
Kim Hamilton Duffy: 
  https://businessofblockchain.com/web/virtual-summits/blockchain-id
Moses Ma:  Link posted.  GMSI-web co-producing.  share the link.
Moses Ma:  Publishers want to see "traction", to test their 
  resource allocation.
Moses Ma:  Day2 is more public.  more availability for speaking.  
  email Moses for speaking options.
Moses Ma:  Please support.  thanks!
Samantha Mathews Chase: Where is the link for this?
Heather Vescent:  Will the registration details be shared with 
  the community?
Moses Ma:  We get the entire signup list, but it will be held 
  closely so as not to invite spam.
Heather Vescent:  What's the transparency on that ownership?
Moses Ma:  How about a governance group?
Heather Vescent:  If our social capital is being used to build 
  the community, then we should have a sense of ownership.
Moses Ma:  Let's resolve this via a governance group
Heather Vescent:  If we're co-creating this, then we should have 
  a commons-based ownership model
Kim Hamilton Duffy:  Jumping in: library of references that 
  you're advocating looks useful to w3c-ccg as well
Moses Ma:  Entire library will remain open source
Manu Sporny:  I hear you Heather, and want to speak in support of 
  Moses' efforts.  it's working in concert with the multi-year 
  efforts we've got going.  we don't know of ways to build this 
  without engaging with these business models.  it's a balancing 
  act.
Heather Vescent: It's just very inconsistent what gets funded... 
  technology gets funded, but other things do not.
Manu Sporny:  It's a good trade off.
Manu Sporny:  Maybe there's a CRT that gets created that can 
  manage that list and its best use.  unfortunately, we need to 
  make these decisions rather quickly.  everyone's participation is 
  based on their own acceptance.
Heather Vescent:  It's a huge red flag.  Moses is doing great 
  work, but we need a way for people who don't fit this business 
  model to see their work valued.  i'm going to advocate for 
  everyone in the community to get value out of the work they're 
  putting in.
Moses Ma: Please share or blog about this virtual summit: 
  https://businessofblockchain.com/web/virtual-summits/blockchain-id/
Kim Hamilton Duffy:  Let's do further work to address these 
  concerns.  action item: <something>

ACTION: Chairs follow up on concerns about funding, recognition, 
  contribution to commons

Manu Sporny:  We're trying to get  a WG charter proposal started
Kim Hamilton Duffy: https://w3c-ccg.github.io/did-wg-charter/
Manu Sporny: DID WG Charter - 
  https://w3c-ccg.github.io/did-wg-charter/
Manu Sporny:  W3C staff resources and members' own resource get 
  allocated based on these charters.
Manu Sporny:  The current charter is "done enough for review"
Manu Sporny:  Review it.  understand that we have to be 
  "super-hyper focused"
Manu Sporny:  It says that we're going to produce this document, 
  and nothing more.
Manu Sporny:  And test suite
Manu Sporny:  And that's it.  please read and raise issues in 
  issue tracker.
Manu Sporny:  See email for details.
Markus Sabadello:  Q regarding DID resolution: would DID 
  resolution be in scope for the WG charter?  one spec or multiple?
Manu Sporny:  We could add it.  we need to have this 
  conversation.  it needs a spec that has been incubated.  
  expanding the scope may risk objections.  the first WG charter 
  draft is narrowed to data model and DID spec.
Manu Sporny:  If you and Dmitri can commit to the work to do the 
  spec, then we can put it in there.
Manu Sporny:  This is for community to decide.
Kim Hamilton Duffy:  Let's open an issue.

ACTION: Open issue regarding DID resolution in WG charter

Manu Sporny: We do have two implementations -- Markus and 
  Dmitri...
Christopher Allen:  Reminder that we'll need a second 
  implementation.
Dmitri Zagidulin:  We have a Java and a Javascript 
  implementation.
Kim Hamilton Duffy: DID Primer PR: 
  https://github.com/w3c-ccg/did-primer/pull/2
Kim Hamilton Duffy:  On to the DID primer.  is it ready to merge?
Andrew Hughes:  Reporting progress, there were some distractions. 
   recording regarding github repo and respec document has been 
  posted.
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues/18
Kim Hamilton Duffy:  JWK crypto suite specifications.
Andrew Hughes: Will get back on the did-primer: respec format 
  today
Kim Hamilton Duffy:  Who should we assign this issue #18 to?
Dmitri Zagidulin: I'm definitely interested in participating in 
  issue #18
Bohdan Andriyiv: Achuges (y)
Kim Hamilton Duffy:  Create a spec that demonstrates how you 
  express a JWK using a LD Cryptosuite. Create a spec that 
  demonstrates how you express a Verifiable Credential as a JWT 
  Implementations and test suites for those specs
Andrew Hughes: The raw recording for the tutorial session by manu 
  on setting up a github repo and also a respec doc is here: 
  https://youtu.be/vcL3ffgGEJM
Christopher Allen:  This is realted to uPort, so let's fold it 
  into that.
Kim Hamilton Duffy:  Last call for work items
Christian Lundkvist:  One of the things that happened was that 
  Mike Jones (JWT at MSFT) submitted some additions to secp256k1 to 
  the JWT spec.
  ... did anyone else see that?
  ... i think that got through the IETF, but I don
Pelle Brændgaard: Yes it did
  ... don't know the details
Kim Hamilton Duffy:  Thanks, we can look into that.
Kim Hamilton Duffy:  On to work items.
Kim Hamilton Duffy: Work items: 
  https://github.com/w3c-ccg/community/blob/master/work_items.md
Kim Hamilton Duffy: 
  https://medium.com/uport/a-complete-list-of-uports-protocols-libraries-and-solutions-63e9b99b9fd6
Kim Hamilton Duffy:  Moving on to uport DID proposal
Pelle Brændgaard:  I'm missing some mailing list context.
Christian Lundkvist:  People are interested in recent changes and 
  work on DID methods.
Pelle Brændgaard:  Over the last few months, we've proposed an 
  Ethereum contract
Pelle Brændgaard:  That allows key revocation, using multiple 
  keys, etc.  we want some community to support it.
Pelle Brændgaard:  The base is an Ethereum address.
Pelle Brændgaard:  It also supports smart contracts (Ethereum 
  small pieces of code)
Pelle Brændgaard:  Does not support signing...
Pelle Brændgaard:  You can add a signing key to it
Pelle Brændgaard:  Goals were: Ethereum compatible, does 
  identities, simple to add, edit, and resolve.
Pelle Brændgaard:  This supports our did:uport method.
Christian Lundkvist:  A philosophy that we've come to is that 
  unlike previous requirements to create an (expensive) blockchain 
  transaction, our new thinking is that the hash of a public key is 
  the identity, so that the supporting smart contract can handle 
  key revocations.  thus to onboard, you do not need any blockchain 
  transactions.
Christian Lundkvist:  Further on in the lifecycle, you may beed 
  to do a key revocation, and that is the point of the blockchain 
  transaction
Markus Sabadello:  I was workign with the author fo the ERC725 
  proposal.  what is the difference between your new proposal and 
  that one.  i guess not needing to create a new smart contract to 
  create an identity is a big one.  plus <lossage>
Pelle Brændgaard:  Yes, ERC725 requires posting a contract.  and 
  it doesn't rely on verifiable claims.
Pelle Brændgaard:  ERC780 would allow you to make lossage claims.
Pelle Brændgaard:  Service endpoints require the contract to be 
  posted.
Manu Sporny:  Having read through things at a high level, parts 
  look familiar and parts don't.
Manu Sporny:  DID spec outlines various steps to get something 
  done.  do you have a document with steps like that?
Manu Sporny:  I'm also seeing a lot of JWTs and i don't know 
  where those are used.
Pelle Brændgaard:  We do have docs
Pelle Brændgaard:  We can update
Pelle Brændgaard:  We have a JWT library.  it should be simple 
  enough to plug into any other layer.  we would encourage someone 
  to do that.
Pelle Brændgaard:  We don't have that need right now.
Christian Lundkvist:  We have not crated a formal DID method spec 
  for this.
Christian Lundkvist:  It had been in flux, but we want to create 
  the spec, to make sure we're compatible.
Pelle Brændgaard: Our current document 
  https://github.com/uport-project/ethr-did-registry/blob/develop/README.md
Christopher Allen:  If i create an identity, and it's not on a 
  blockchain, where is it?
Christopher Allen:  Q2: someone has a uport id and a verifiable 
  claim signed by another party (that is not necessarily a jwt <-- 
  sounds like "jot")
Pelle Brændgaard:  We use event logs
Pelle Brændgaard:  Cheap way of storing things on the blockchain 
  that is kept by the blockchain.
Pelle Brændgaard:  There is no longer a need to go to ipfs for 
  this.
Pelle Brændgaard:  We are looking at ways of supporting more 
  complex structured data as well
Pelle Brændgaard:  But that's not finalized
Pelle Brændgaard:  This will be for public users that want to 
  post information about themselves, which we envision being for 
  businesses.
Pelle Brændgaard:  We have a javascript library.
Kim Hamilton Duffy: This one? 
  https://github.com/uport-project/did-resolver
Pelle Brændgaard:  This will be good for BTCR support, and is a 
  very simple method.
Pelle Brændgaard: Yes thats it kimhd
Christian Lundkvist:  The way i see it is that the claims 
  themselves are always stored offchain, using JWT (versus LDS) 
  this DID method should be completely agnostic to that.  you can 
  imaging taking any form of data that references this and it 
  should be able to be resolved (in an orthoganal manner)
Christopher Allen:  Will you be at the post RWOT hackathon?
Pelle Brændgaard:  We'll look at it.
Pelle Brændgaard:  We can add other methods into our app as well.
Pelle Brændgaard:  We're trying to bridge the various blockchains 
  and formats.
Christian Lundkvist:  We also have a plugin for Markus's 
  universal resolver
Bohdan Andriyiv:  Security of uPort DID not anchored in 
  blockchain?
Bohdan Andriyiv:  How do you resolve once anchored?
Bohdan Andriyiv:  Will you be able to have the same DID as used 
  in other blockchains?  how will security of this be resolved?
Bohdan Andriyiv:  Same DID on Ethereum and Bitcoin
Bohdan Andriyiv:  Do users see the DIDs?
Bohdan Andriyiv:  Can humans select the DIDs, and will they 
  acquire vanity value?
Pelle Brændgaard:  We do "a lookup that isn't actually really a 
  lookup"
Pelle Brændgaard:  First we check onchain for changes to the DID
Pelle Brændgaard:  If there are no changes, then the (hashed) 
  address is the public key
Pelle Brændgaard:  This is the same trick that Ethereum uses for 
  recoverable signatures -something- added height and recovery 
  bytes.
Music starts to play from Kulpreet Singh device when he 
  accidentally mutes it. Cue Samantha Mathews Chase skillfully 
  singing a sensational solo about DIDs over the hold music. Rumble 
  of laughter ensues...
Ryan Grant:  Lol!!!!
Nate Otto: Ok, that's hilarious.
Irene Hernandez: Hahaha
Heather Vescent: It's kinda sexist actually.
Moses Ma: Is there a link for this song?
Samantha Mathews Chase: I'm available for parties, birthdays, 
  weddings
Eric Olszewski: Well, it's nice that hackers are paying attention
Pelle Brændgaard:  Recoverable signatures should be usable with 
  Bitcoin as well.
Pelle Brændgaard:  <Blee bloop>
Christian Lundkvist:  If you anchor on two chains, that's not 
  really supported.  when you first create the identity, you need 
  to go to a specific Ethereum contract as the refernece point, to 
  look for updates.
Christian Lundkvist:  If no updates, you generate a DID Document 
  directly from the public key.
Christian Lundkvist:  There's no way to senibly do this on 
  multiple chains.
Christian Lundkvist:  And to the later question about someone 
  else registering your DID, it's not a security risk because to 
  use it, you will need to be able to sign with the private key.
Markus Sabadello:  When the DID document is created, will it 
  contain public keys?
Markus Sabadello:  Asking for clarification
Heather Vescent: IT WAS NOT ME.
Pelle Brændgaard:  -Is back- we require an Ethereum address to 
  resolve.
Markus Sabadello: Here's an open issue on whether to store 
  Ethereum addresses vs public keys in DID document: 
  https://github.com/w3c-ccg/did-spec/issues/56
Samantha Mathews Chase: Yeah i just started singing lol sorry
Ryan Grant:  Rgrant: what languages are you asking for DID method 
  resolver code in?
Christian Lundkvist:  Our library is in Javascript.
Pelle Brændgaard:  We're working on Java and Swift  as well
Pelle Brændgaard:  ... Incidents
Pelle Brændgaard:  The first thing is to have a generic DID 
  resolver for that language
Pelle Brændgaard:  It should be in a way that makes sense for 
  that language and platform
Eric Olszewski:  Are you working on any integrations with LDAP?
Pelle Brændgaard:  Short answer: no
Pelle Brændgaard: Markus I will update that PR to reflect our 
  current format, which we came to through talks on the mailing 
  list
Christian Lundkvist:  We've had talks with MSFT about those 
  things, but not anything that is really concrete.  we have some 
  ideas.
Manu Sporny:  Are you talking about Ethereum DID method or DID in 
  general?
Pelle Brændgaard: I will have to leave now. Thanks everyone
Eric Olszewski:  In general
Manu Sporny:  Very interesting.
Manu Sporny:  Reach out if you want to collaborate on that
Nate Otto: If you like songs in the genre of decentralized 
  identity and credentials, you might like 
  https://www.youtube.com/watch?v=Xf_b-PojsMw
Christian Lundkvist:  One of the more interesting things is 
  connecting Kerberos to Active Directory and then using PKI 
  capability of Kerberos to sign with your DID.
Kim Hamilton Duffy:  Over time.  see you next week
Moses Ma: Thanks and bye!
Manu Sporny: Ericolszewski - msporny@digitalbazaar.com to start 
  :)
Kulpreet Singh: Sorry for the accidental mute ;)

Received on Tuesday, 10 July 2018 18:52:53 UTC