- From: <kim@learningmachine.com>
- Date: Mon, 26 Nov 2018 19:56:50 -0800
- To: Credentials CG <public-credentials@w3.org>
Thanks to for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2018-11-20/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2018-11-20 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0129.html Topics: 1. Introductions and Reintroductions 2. Announcements, reminders 3. Action items 4. Work Items 5. Pain points Organizer: Joe Andrieu and Kim Hamilton Duffy and Christopher Allen Scribe: Present: Christopher Allen, Bohdan Andriyiv, Andrew Hughes, Manu Sporny, Dmitri Zagidulin, Ryan Grant, Brent Zundel, Moses Ma, Joe Andrieu, Lucas Parker, Ted Thibodeau, Lionel Wolberger, Markus Sabadello, Drummond Reed, Joe Kaplan, Sam Smith, Nate Otto, Michaela Casaldi, Jarlath O'Carroll, Jeff Orgel, Chris Webber, Andrew Rosen, Adrian Hope-Bailie Audio: https://w3c-ccg.github.io/meetings/2018-11-20/audio.ogg Joe Andrieu: Connections Ryan Grant: Does voip-ccg association still work if you do it? Topic: Introductions and Reintroductions Lionel Wolberger: ... Main topic, the pain points that DIs are solving. Drummond Reed: Note: I can only stay for the first 30 mins today. Moses Ma: Spoke with his partners about our work, and we have a volunteer. Dr. Wu [scribe assist by Lionel Wolberger] Lionel Wolberger: ... VC who ran a $billion fund Lionel Wolberger: ... Templates for DID monetization Lionel Wolberger: .... List different ways we can monetize the DID market Manu Sporny: +1 To that effort, would be very helpful to the CCG. Lionel Wolberger: ... Dr. Wu was a lead investor on Tivo, is good at revenue models. Joe Kaplan: Will this be a work item? How can the community support? [scribe assist by Lionel Wolberger] Moses Ma: Paper for next RWoT [scribe assist by Lionel Wolberger] Sam Smith: Furthering sustainable commons, [scribe assist by Lionel Wolberger] Lionel Wolberger: ... If looking to monetize, this paper is related. Will share it. Moses Ma: Let's have the community participate. Should stipulate how a standard can create a fair method to enable monetization models. [scribe assist by Lionel Wolberger] S/Furhtering/Furthering Lionel Wolberger: .... A mockup of the UX would be helpful, perhaps in Adobe XD Joe Kaplan: Send email and we will follow up. [scribe assist by Lionel Wolberger] Lionel Wolberger: Jarlath to the mic! Jarlath O'Carroll: CEO and founder of Jobs___ [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Connects students to jobs Lionel Wolberger: ... Interested in CCG/VCs for credentials regarding skills, etc Topic: Announcements, reminders Joe Kaplan: Dec 10 workshop, Microsoft [scribe assist by Lionel Wolberger] Manu Sporny: 55 People are signed up, room for 15 more. [scribe assist by Lionel Wolberger] Manu Sporny: https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html Lionel Wolberger: ... Seeking more lawyers, regulatory and compliance types Lionel Wolberger: ... Seeking more European (GDPR) and China focus Lionel Wolberger: ... Still time to register! Lionel Wolberger: ... Note that new proposals will compete with some critical proposals that we must present at the workshop Lionel Wolberger: ... Agenda is being formulated and will be shared soon. Lionel Wolberger: RWoT #8 planned for Feb22/28/Mar 01 Joe Kaplan: Making decisions about location, to be announced ASAP. [scribe assist by Lionel Wolberger] Joe Kaplan: IIW APril3-May 2. Not the same time as RWoT this time ;-) [scribe assist by Lionel Wolberger] Manu Sporny: Barcelona proposal for RWoT [scribe assist by Lionel Wolberger] Moses Ma: +1 Barcelona Lionel Wolberger: ... May be just after MWC (mobile world congress) Christopher Allen: Take train Topic: Action items Bohdan Andriyiv: +1 For Barcelona) Joe Kaplan: Planning to "create Amira as a repo" [scribe assist by Lionel Wolberger] Moses Ma: Can someone post URL to Sam's "Furthering sustainable commons" paper Joe Andrieu: https://github.com/w3c-ccg/community/issues/18 Manu Sporny: https://www.w3.org/2018/11/19-vcwg-minutes.html Manu Sporny: Meeting minutes on how to harmonize with Verifiable Credentials [scribe assist by Lionel Wolberger] Lionel Wolberger: ... General pattern for addressing ZKPs Lionel Wolberger: ... Pattern to host ZKP even as binary BLOBs Joe Andrieu: https://github.com/w3c-ccg/community/blob/master/work_items.md Topic: Work Items Drummond Reed: The Sovrin community intends for ZKPs to NOT be a "bizarre, out-of-the way format" :-) Ryan Grant: +1 For Barcelona Manu Sporny: Drummond -- I expected as much, :) Manu Sporny: OCAP in JS [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Library implementation BLOB = Bizarre Large Object </humor> Manu Sporny: Regarding, seeking additional funds for people to implement tools [scribe assist by Lionel Wolberger] Lionel Wolberger: ... E.g. issue a new type of verfiable credential, need to define a vocabulary, need a website where you can go and CLICK to publish such a vocabulary Lionel Wolberger: ... Cryptographic hash linking specification, that is more detailed then just "use IPRS" Lionel Wolberger: ... Will be useful to have a kind of "magnet link" Lionel Wolberger: ... This is a problem across the decentralized blockchain space Lionel Wolberger: ... Proposing an IETF specification Nate Otto: +1 To magnet link IRIs for linked data Lionel Wolberger: ... New problem emerging around vendor lockin on digital wallets Lionel Wolberger: ... Ensure that one vendor won't lock out everyone else, by being specification conforming but not enabing data portability Lionel Wolberger: Manu: Exciting stuff +1 Drummond Reed: BTW, avoiding vendor lock-in is a primary goal of DKMS, of which the plan is to start a Technical Committee at OASIS. See http://bit.ly/dkmsv3 Manu Sporny: Mag links will be important to endurance, the ability for documents to be addressable over a period of years [scribe assist by Lionel Wolberger] Topic: Pain points Manu Sporny: Drummond, What I was talking about goes beyond DKMS, but yes, that work is important as well. Chris Webber: We accept the value of decentralization without much consideration [scribe assist by Lionel Wolberger] Lionel Wolberger: ... We can now tease out the assumptions and motivations behind this Lionel Wolberger: ... These should be made overt in the DID primer Lionel Wolberger: ... Let's start with Vendor Lock-in Lionel Wolberger: ... Many standards and protocols ended up being locked-in due to some inherent centrality Lionel Wolberger: ... Example: Twitter had lots of apps in a broad ecosystem, but by Twitter controlling the API Keys they constrained that ecosystem Lionel Wolberger: ... In federated DIDs, some parties took protocols that were intended to be two way Lionel Wolberger: ... But then only implemented one side Lionel Wolberger: \ Manu Sporny: Every market vertical has its own motivation for needing DIDs [scribe assist by Lionel Wolberger] Lionel Wolberger: ... In Healthcare DIDS are useful for X,Y,Z Lionel Wolberger: ... In banking DIDs are useful for doing n,m,o Lionel Wolberger: ... Local, provincial and federal governments do not want to be the system of record for identifiers Lionel Wolberger: ... It's all knowledge based stuff Lionel Wolberger: ... These organizations do not want to control knowledge based identifiers as opposed to cryptographic identifiers Lionel Wolberger: ... Since they are almost guaranteed that the funding creating the system diminishes over time Lionel Wolberger: ... As the systems grow, the funding shrinks and can even be cut Lionel Wolberger: ... Making the central system suceptible to failure Andrew Hughes: Identifiers are useful. The fatal flaw (in our opinion) is that useful widely-usable identifiers end up with central authorities or defacto authorities that have ‘kill switches’. Also all ‘authorities’ must inevitably become high-value attach target infrastructure while at the same time facing funding pressures (because it goes into the background as infrastructure). Decentralization has the promise of a globally-shared namespace that involved de[CUT] Andrew Hughes: Governance and operations but universal resolvability. Lionel Wolberger: ... Organizations are excited that the DID enables use without hosting it Lionel Wolberger: ... Though when you point out the cost, their enthusiasm cools a bit Q Chris Webber: Borders are a pain point [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Borders between countries. Borders between companies. Lionel Wolberger: ... Different ways we evaluate and think about trust Lionel Wolberger: ... Everybody's trust requirements are different, in sometimes subtle, sometimes kajor ways Lionel Wolberger: ... A centralized federated system demands tha tthe trust model propagate throughout the system and mark all interactions Lionel Wolberger: ... A decentralized system will support variation in those trust rules Lionel Wolberger: ... You may want to rely on something that other people dont need or dont want to pay for Drummond Reed: Gotta run now. Bye. Lionel Wolberger: ... Back in SSL, we defined client certs, and almost no one ended up adopting that Joe Kaplan: In solving the double spend problem, we ended up defining DIDs [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Interstitial jurisdictionality Lionel Wolberger: ... There are well defined jurisdictions Lionel Wolberger: Inbetween these well defined jurisdictions there are interactions Lionel Wolberger: ... In these interstices we interact Lionel Wolberger: ... How can we have an interaction outside a jurisdiction Lionel Wolberger: ... E.g. a soviet union master of science, how will another country e.g. the UK evaluate that Andrew Rosen: Identifiers are useful. [scribe assist by Lionel Wolberger] Lionel Wolberger: ... These have kill switches Lionel Wolberger: ... DID offers governance but still resolvability Lionel Wolberger: ... Identifiers are useful. The fatal flaw (in our opinion) is that useful widely-usable identifiers end up with central authorities or defacto authorities that have ‘kill switches’. Also all ‘authorities’ must inevitably become high-value attach target infrastructure while at the same time facing funding pressures (because it goes into the background as infrastructure). Decentralization has the promise of a globally-shared namesp[CUT] Lionel Wolberger: ... Governance and operations but universal resolvability. Sam Smith: Offloading personal data liability, avoiding toxic data [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Focusing on construction sites, new construction to create a safety wifi network to mark things on a job site, track Lionel Wolberger: ... Generates a safety plan and a 3D model of the space from floor plans Lionel Wolberger: ... Sam showed them overlays in the wallet Lionel Wolberger: ... Proof of data without cost of storage Lionel Wolberger: ... Given these watches (apple watch) will you accept this token? Lionel Wolberger: ... If this succeeds, no one has to store the data, then through an overlay or an OAuth scope Lionel Wolberger: ... Hit the threshold Lionel Wolberger: ... This way create a non-surveillance ecosystem Lionel Wolberger: Audio problem Lionel Wolberger: Go on Manu Sporny: Centralized ID providers, e.g. legal entity identifier and large corporations [scribe assist by Lionel Wolberger] Lionel Wolberger: ... These are interested in upgrading their identifiers Lionel Wolberger: ... E.g. a company whose business model is issuing identifiers Lionel Wolberger: ... They seek the addition of a layer of cryptography to mitigate and prevent theft Lionel Wolberger: ... They could roll their own crypto, or more simply adopt DIDs Lionel Wolberger: ... Centralized authorities want to upgrade their ecosystem and add cryptography Lionel Wolberger: *** Can someone scribe temporarily, I will drop and rejoin **** Bohdan Andriyiv: One of the issues is longevity in identifiers. [scribe assist by Manu Sporny] Bohdan Andriyiv: If I have an identifier, and I want a signature on something, providers can disappear, there is no certainty that these centralized identifiers will stay. So I think this is one of the reasons that digital signatures were not widely adopted. [scribe assist by Manu Sporny] Bohdan Andriyiv: DIDs solve this problem. [scribe assist by Manu Sporny] Lionel Wolberger: Manu, i'm back Bohdan Andriyiv: Question to manu - governments do not want to manage records of centralized identifiers - I do think governments still want those lists - they still have databases, data stores, records of who paid how much in taxes, who received how much and benefits, they need to keep this data, they don't want to manage passwords for people. [scribe assist by Manu Sporny] Lionel Wolberger: ... Still a need to retain the data, just not manage the task force and make it more secure Markus Sabadello: Regarding large companies interested in upgrading their IDs to DIDs [scribe assist by Lionel Wolberger] Lionel Wolberger: ... I have an IETF draft to discover DIDs based on the domain name system Lionel Wolberger: ... Large companies are interested in using domain names for discovery Markus Sabadello: https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/ Manu Sporny: +1, That's really neat work that's going on. Joe Kaplan: In the digital realm things are easily faked [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Public key/private key issues Lionel Wolberger: ... How do you verify that something is not fake Lionel Wolberger: ... That is a pain point that DIDs solve Jarlath O'Carroll: @Lionel - there was a discussion about VC and Jobs earlier, can you please post the link to the details of this work in the feed again (I missed it)? Chris Webber: Keep in mind we had PGP keys for decades and they were decentralized [scribe assist by Lionel Wolberger] Lionel Wolberger: ... They did not spread everywhere because Lionel Wolberger: ... (A) they were not vendor agnostic nor future proof Lionel Wolberger: .. .DIDs are rotateble so allow technological upgrades Lionel Wolberger: ... The crypto is separated from the actual identifer Lionel Wolberger: ... Another reason why PGP fingerprints did not achieve wide market adoption Lionel Wolberger: ... Due to the complications of rotating them Lionel Wolberger: ... Revocation was extremely difficult, you needed the original key material Lionel Wolberger: ... You had to notify people Lionel Wolberger: ... A number of DID methods have fast and efficient ways to notify about revocation and rotation Adrian Hope-Bailie: Questions back to Markus, etc [scribe assist by Lionel Wolberger] Lionel Wolberger: ... I use corporate centralized user IDs in general today Lionel Wolberger: ... If DIDs would be linked to domain names or email addresses Lionel Wolberger: ... Would the service provider only persist the DID and not the email address? Lionel Wolberger: ... Let's say I use finger Markus Sabadello: Yes, your understanding is correct. [scribe assist by Lionel Wolberger] Adrian Hope-Bailie: That sounds like a powerful value statement. [scribe assist by Lionel Wolberger] Lionel Wolberger: ... That ability sounds quite valuable Lionel Wolberger: Something that wasn't mentioned - DID process of creating an identifier feels like it's lower friction, more lightweight. [scribe assist by Manu Sporny] Lionel Wolberger: So many more digital interactions, so many more devices, feels like a better way to interact given the complexity of devices today. [scribe assist by Manu Sporny] Manu Sporny: Responding to Bohdan [scribe assist by Lionel Wolberger] Lionel Wolberger: ... The general assertion is that governments must continue to manage data Lionel Wolberger: ... But the identifier is really secondary to their interest Markus Sabadello: FYI the August CCG list archive has some discussion on pros/cons of discovering DIDs from DNS: https://lists.w3.org/Archives/Public/public-credentials/2018Aug/thread.html Lionel Wolberger: ... E.g. in the USA the SocSec number is being used as an identifier but SecSec admin wants to stop this Lionel Wolberger: ... SSA does not really need the identifier, they just need to provide their services Lionel Wolberger: ... This is what we mean by saying geovernments do not want to be identifier providers Lionel Wolberger: ... It is not their core value proposition Lionel Wolberger: ... They still need an identity proofing process, of course Lionel Wolberger: ... But then they would not have the responsibility to maintain and track the identifier Lionel Wolberger: ... Keep in mind, they still have to store the ID and that is an attack surface honeypot Lionel Wolberger: ... They will benefit from the VC architecture, where they store that they had a verified credential and can tear down and not store a lot of the artifacts of the proving process itself Chris Webber: We are trying to move away from knowledge based security (e.g. you know my SocSec#, you know my birthdate) [scribe assist by Lionel Wolberger] Manu Sporny: Yep, Knowledge Based Authentication is usually a bad thing... Lionel Wolberger: ... Human memorizability for DIDs was an argument that we had Lionel Wolberger: ... I (Chris) advocated for non-memorizable IDs, I wanted it to be underlying Lionel Wolberger: ... But people may want DIDs to last a lifetime Lionel Wolberger: ... That is not prevented by the standard, though this would be an inappropriate use Lionel Wolberger: ... I dont want to give my BTCR identifer, I want to give a more safe identifer. Adrian Hope-Bailie: Responding to Manu, that the credentials are not retained [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Huge synergy with the upcoming technology that more and more data stores will be held by individuals Lionel Wolberger: ... This is a good argument for DIDs in the broadest sense Joe Kaplan: Adding pain points from previous notes. [scribe assist by Lionel Wolberger] Lionel Wolberger: ... Things change. Email addresses change. Phone numbers change. Technologies change. Organizations change. Lionel Wolberger: ... The organization that could have verified your deed does not exist anymore. Lionel Wolberger: ... Fakes are a pain point. Signatures prevent this, but signatures need PKI Lionel Wolberger: ... Over-identification is a pain point. Lionel Wolberger: ... Identifier misuse. Successful and useful IDs tend to get used for more things Lionel Wolberger: ... Burden of management: DIDs will be easier for companies and organizations. Lionel Wolberger: ... Jurisdictional boundaries, where different groups for different reasons need their own identifiers. Andrew Hughes: Pain point - vendor lock-in A world of pain (points) </h> Chris Webber: One size trust does not fit all [scribe assist by Lionel Wolberger] Manu Sporny: Good summary, is really going to help write the W3C TAG primer Lionel Wolberger: ... You get to decide what your trust model is Moses Ma: Bye y'all, have a great thanksgiving! Lionel Wolberger: HAPPY TURKEY DAY Joe Kaplan: See you [scribe assist by Lionel Wolberger]
Received on Tuesday, 27 November 2018 03:57:17 UTC