Re: [MINUTES] W3C Credentials CG Call - 2018-11-20 12pm ET from Carlos Bruguera on 2018-11-27 (public-credentials@w3.org from November 2018)

From: Carlos Bruguera <cbruguera@gmail.com>
Date: Tue, 27 Nov 2018 12:57:02 +0700
To: kim@learningmachine.com
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAJrRL-Gp5-g7NUqXcwDZ5Hpw=a7djeS+5jgd0GNeB5jP67wbcg@mail.gmail.com>
Thanks for the update.

On this regard, can anybody share the link paper mentioned during the
call: *Furthering
sustainable commons*? Appreciated.

On Tue, Nov 27, 2018 at 10:58 AM <kim@learningmachine.com> wrote:

> Thanks to  for scribing this week! The minutes
> for this week's Credentials CG telecon are now available:
>
> https://w3c-ccg.github.io/meetings/2018-11-20/
>
> Full text of the discussion follows for W3C archival purposes.
> Audio from the meeting is available as well (link provided below).
>
> ----------------------------------------------------------------
> Credentials CG Telecon Minutes for 2018-11-20
>
> Agenda:
>
> https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0129.html
> Topics:
>   1. Introductions and Reintroductions
>   2. Announcements, reminders
>   3. Action items
>   4. Work Items
>   5. Pain points
> Organizer:
>   Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
> Scribe:
>
> Present:
>   Christopher Allen, Bohdan Andriyiv, Andrew Hughes, Manu Sporny,
>   Dmitri Zagidulin, Ryan Grant, Brent Zundel, Moses Ma, Joe
>   Andrieu, Lucas Parker, Ted Thibodeau, Lionel Wolberger, Markus
>   Sabadello, Drummond Reed, Joe Kaplan, Sam Smith, Nate Otto,
>   Michaela Casaldi, Jarlath O'Carroll, Jeff Orgel, Chris Webber,
>   Andrew Rosen, Adrian Hope-Bailie
> Audio:
>   https://w3c-ccg.github.io/meetings/2018-11-20/audio.ogg
>
> Joe Andrieu: Connections
> Ryan Grant: Does voip-ccg association still work if you do it?
>
> Topic: Introductions and Reintroductions
>
> Lionel Wolberger: ... Main topic, the pain points that DIs are
>   solving.
> Drummond Reed: Note: I can only stay for the first 30 mins today.
> Moses Ma:  Spoke with his partners about our work, and we have a
>   volunteer. Dr. Wu [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... VC who ran a $billion fund
> Lionel Wolberger: ... Templates for DID monetization
> Lionel Wolberger: .... List different ways we can monetize the
>   DID market
> Manu Sporny: +1 To that effort, would be very helpful to the CCG.
> Lionel Wolberger: ... Dr. Wu was a lead investor on Tivo, is good
>   at revenue models.
> Joe Kaplan:  Will this be a work item? How can the community
>   support? [scribe assist by Lionel Wolberger]
> Moses Ma:  Paper for next RWoT [scribe assist by Lionel
>   Wolberger]
> Sam Smith:  Furthering sustainable commons, [scribe assist by
>   Lionel Wolberger]
> Lionel Wolberger: ... If looking to monetize, this paper is
>   related. Will share it.
> Moses Ma:  Let's have the community participate. Should stipulate
>   how a standard can create a fair method to enable monetization
>   models. [scribe assist by Lionel Wolberger]
> S/Furhtering/Furthering
> Lionel Wolberger: .... A mockup of the UX would be helpful,
>   perhaps in Adobe XD
> Joe Kaplan:  Send email and we will follow up. [scribe assist by
>   Lionel Wolberger]
> Lionel Wolberger: Jarlath to the mic!
> Jarlath O'Carroll:  CEO and founder of Jobs___ [scribe assist by
>   Lionel Wolberger]
> Lionel Wolberger: ... Connects students to jobs
> Lionel Wolberger: ... Interested in CCG/VCs for credentials
>   regarding skills, etc
>
> Topic: Announcements, reminders
>
> Joe Kaplan:  Dec 10 workshop, Microsoft [scribe assist by Lionel
>   Wolberger]
> Manu Sporny:  55 People are signed up, room for 15 more. [scribe
>   assist by Lionel Wolberger]
> Manu Sporny:
>
> https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html
> Lionel Wolberger: ... Seeking more lawyers, regulatory and
>   compliance types
> Lionel Wolberger: ... Seeking more European (GDPR) and China
>   focus
> Lionel Wolberger: ... Still time to register!
> Lionel Wolberger: ... Note that new proposals will compete with
>   some critical proposals that we must present at the workshop
> Lionel Wolberger: ... Agenda is being formulated and will be
>   shared soon.
> Lionel Wolberger: RWoT #8 planned for Feb22/28/Mar 01
> Joe Kaplan:  Making decisions about location, to be announced
>   ASAP. [scribe assist by Lionel Wolberger]
> Joe Kaplan:  IIW APril3-May 2. Not the same time as RWoT this
>   time ;-) [scribe assist by Lionel Wolberger]
> Manu Sporny:  Barcelona proposal for RWoT [scribe assist by
>   Lionel Wolberger]
> Moses Ma: +1 Barcelona
> Lionel Wolberger: ... May be just after MWC (mobile world
>   congress)
> Christopher Allen: Take train
>
> Topic: Action items
>
> Bohdan Andriyiv: +1 For Barcelona)
> Joe Kaplan:  Planning to "create Amira as a repo" [scribe assist
>   by Lionel Wolberger]
> Moses Ma: Can someone post URL to Sam's "Furthering sustainable
>   commons" paper
> Joe Andrieu: https://github.com/w3c-ccg/community/issues/18
> Manu Sporny: https://www.w3.org/2018/11/19-vcwg-minutes.html
> Manu Sporny:  Meeting minutes on how to harmonize with Verifiable
>   Credentials [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... General pattern for addressing ZKPs
> Lionel Wolberger: ...  Pattern to host ZKP even as binary BLOBs
> Joe Andrieu:
>   https://github.com/w3c-ccg/community/blob/master/work_items.md
>
> Topic: Work Items
>
> Drummond Reed: The Sovrin community intends for ZKPs to NOT be a
>   "bizarre, out-of-the way format" :-)
> Ryan Grant: +1 For Barcelona
> Manu Sporny: Drummond -- I expected as much, :)
> Manu Sporny:  OCAP in JS [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... Library implementation
> BLOB = Bizarre Large Object </humor>
> Manu Sporny:  Regarding, seeking additional funds for people to
>   implement tools [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... E.g. issue a new type of verfiable
>   credential, need to define a vocabulary, need a website where you
>   can go and CLICK to publish such a vocabulary
> Lionel Wolberger: ... Cryptographic hash linking specification,
>   that is more detailed then just "use IPRS"
> Lionel Wolberger: ... Will be useful to have a kind of "magnet
>   link"
> Lionel Wolberger: ... This is a problem across the decentralized
>   blockchain space
> Lionel Wolberger: ... Proposing an IETF specification
> Nate Otto: +1 To magnet link IRIs for linked data
> Lionel Wolberger: ... New problem emerging around vendor lockin
>   on digital wallets
> Lionel Wolberger: ... Ensure that one vendor won't lock out
>   everyone else, by being specification conforming but not enabing
>   data portability
> Lionel Wolberger: Manu: Exciting stuff +1
> Drummond Reed: BTW, avoiding vendor lock-in is a primary goal of
>   DKMS, of which the plan is to start a Technical Committee at
>   OASIS. See http://bit.ly/dkmsv3
> Manu Sporny:  Mag links will be important to endurance, the
>   ability for documents to be addressable over a period of years
>   [scribe assist by Lionel Wolberger]
>
> Topic: Pain points
>
> Manu Sporny: Drummond, What I was talking about goes beyond DKMS,
>   but yes, that work is important as well.
> Chris Webber:  We accept the value of decentralization without
>   much consideration [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... We can now tease out the assumptions and
>   motivations behind this
> Lionel Wolberger: ... These should be made overt in the DID
>   primer
> Lionel Wolberger: ... Let's start with Vendor Lock-in
> Lionel Wolberger: ... Many standards and protocols ended up being
>   locked-in due to some inherent centrality
> Lionel Wolberger: ... Example: Twitter had lots of apps in a
>   broad ecosystem, but by Twitter controlling the API Keys they
>   constrained that ecosystem
> Lionel Wolberger: ... In federated DIDs, some parties took
>   protocols that were intended to be two way
> Lionel Wolberger: ... But then only implemented one side
> Lionel Wolberger: \
> Manu Sporny:  Every market vertical has its own motivation for
>   needing DIDs [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... In Healthcare DIDS are useful for X,Y,Z
> Lionel Wolberger: ... In banking DIDs are useful for doing n,m,o
> Lionel Wolberger: ... Local, provincial and federal governments
>   do not want to be the system of record for identifiers
> Lionel Wolberger: ... It's all knowledge based stuff
> Lionel Wolberger: ... These organizations do not want to control
>   knowledge based identifiers as opposed to cryptographic
>   identifiers
> Lionel Wolberger: ... Since they are almost guaranteed that the
>   funding creating the system diminishes over time
> Lionel Wolberger: ... As the systems grow, the funding shrinks
>   and can even be cut
> Lionel Wolberger: ... Making the central system suceptible to
>   failure
> Andrew Hughes: Identifiers are useful. The fatal flaw (in our
>   opinion) is that useful widely-usable identifiers end up with
>   central authorities or defacto authorities that have ‘kill
>   switches’. Also all ‘authorities’ must inevitably become
>   high-value attach target infrastructure while at the same time
>   facing funding pressures (because it goes into the background as
>   infrastructure). Decentralization has the promise of a
>   globally-shared namespace that involved de[CUT]
> Andrew Hughes: Governance and operations but universal
>   resolvability.
> Lionel Wolberger: ... Organizations are excited that the DID
>   enables use without hosting it
> Lionel Wolberger: ... Though when you point out the cost, their
>   enthusiasm cools a bit
> Q
> Chris Webber:  Borders are a pain point [scribe assist by Lionel
>   Wolberger]
> Lionel Wolberger: ... Borders between countries. Borders between
>   companies.
> Lionel Wolberger: ... Different ways we evaluate and think about
>   trust
> Lionel Wolberger: ... Everybody's trust requirements are
>   different, in sometimes subtle, sometimes kajor ways
> Lionel Wolberger: ... A centralized federated system demands tha
>   tthe trust model propagate throughout the system and mark all
>   interactions
> Lionel Wolberger: ... A decentralized system will support
>   variation in those trust rules
> Lionel Wolberger: ... You may want to rely on something that
>   other people dont need or dont want to pay for
> Drummond Reed: Gotta run now. Bye.
> Lionel Wolberger: ... Back in SSL, we defined client certs, and
>   almost no one ended up adopting that
> Joe Kaplan:  In solving the double spend problem, we ended up
>   defining DIDs [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... Interstitial jurisdictionality
> Lionel Wolberger: ... There are well defined jurisdictions
> Lionel Wolberger: Inbetween these well defined jurisdictions
>   there are interactions
> Lionel Wolberger: ... In these interstices we interact
> Lionel Wolberger: ... How can we have an interaction outside a
>   jurisdiction
> Lionel Wolberger: ... E.g. a soviet union master of science, how
>   will another country e.g. the UK evaluate that
> Andrew Rosen:  Identifiers are useful. [scribe assist by Lionel
>   Wolberger]
> Lionel Wolberger: ... These have kill switches
> Lionel Wolberger: ... DID offers governance but still
>   resolvability
> Lionel Wolberger: ... Identifiers are useful. The fatal flaw (in
>   our opinion) is that useful widely-usable identifiers end up with
>   central authorities or defacto authorities that have ‘kill
>   switches’. Also all ‘authorities’ must inevitably become
>   high-value attach target infrastructure while at the same time
>   facing funding pressures (because it goes into the background as
>   infrastructure). Decentralization has the promise of a
>   globally-shared namesp[CUT]
> Lionel Wolberger: ... Governance and operations but universal
>   resolvability.
> Sam Smith:  Offloading personal data liability, avoiding toxic
>   data [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... Focusing on construction sites, new
>   construction to create a safety wifi network to mark things on a
>   job site, track
> Lionel Wolberger: ... Generates a safety plan and a 3D model of
>   the space from floor plans
> Lionel Wolberger: ... Sam showed them overlays in the wallet
> Lionel Wolberger: ... Proof of data without cost of storage
> Lionel Wolberger: ... Given these watches (apple watch) will you
>   accept this token?
> Lionel Wolberger: ... If this succeeds, no one has to store the
>   data, then through an overlay or an OAuth scope
> Lionel Wolberger: ... Hit the threshold
> Lionel Wolberger: ... This way create a non-surveillance
>   ecosystem
> Lionel Wolberger: Audio problem
> Lionel Wolberger: Go on
> Manu Sporny:  Centralized ID providers, e.g. legal entity
>   identifier and large corporations [scribe assist by Lionel
>   Wolberger]
> Lionel Wolberger: ... These are interested in upgrading their
>   identifiers
> Lionel Wolberger: ... E.g. a company whose business model is
>   issuing identifiers
> Lionel Wolberger: ... They seek the addition of a layer of
>   cryptography to mitigate and prevent theft
> Lionel Wolberger: ... They could roll their own crypto, or more
>   simply adopt DIDs
> Lionel Wolberger: ... Centralized authorities want to upgrade
>   their ecosystem and add cryptography
> Lionel Wolberger: *** Can someone scribe temporarily, I will drop
>   and rejoin ****
> Bohdan Andriyiv:  One of the issues is longevity in identifiers.
>   [scribe assist by Manu Sporny]
> Bohdan Andriyiv:  If I have an identifier, and I want a signature
>   on something, providers can disappear, there is no certainty that
>   these centralized identifiers will stay. So I think this is one
>   of the reasons that digital signatures were not widely adopted.
>   [scribe assist by Manu Sporny]
> Bohdan Andriyiv:  DIDs solve this problem. [scribe assist by Manu
>   Sporny]
> Lionel Wolberger: Manu, i'm back
> Bohdan Andriyiv:  Question to manu - governments do not want to
>   manage records of centralized identifiers - I do think
>   governments still want those lists - they still have databases,
>   data stores, records of who paid how much in taxes, who received
>   how much and benefits, they need to keep this data, they don't
>   want to manage passwords for people. [scribe assist by Manu
>   Sporny]
> Lionel Wolberger: ... Still a need to retain the data, just not
>   manage the task force and make it more secure
> Markus Sabadello:  Regarding large companies interested in
>   upgrading their IDs to DIDs [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... I have an IETF draft to discover DIDs based
>   on the domain name system
> Lionel Wolberger: ... Large companies are interested in using
>   domain names for discovery
> Markus Sabadello:
>   https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/
> Manu Sporny: +1, That's really neat work that's going on.
> Joe Kaplan:  In the digital realm things are easily faked [scribe
>   assist by Lionel Wolberger]
> Lionel Wolberger: ... Public key/private key issues
> Lionel Wolberger: ... How do you verify that something is not
>   fake
> Lionel Wolberger: ... That is a pain point that DIDs solve
> Jarlath O'Carroll: @Lionel - there was a discussion about VC and
>   Jobs earlier, can you please post the link to the details of this
>   work in the feed again (I missed it)?
> Chris Webber:  Keep in mind we had PGP keys for decades and they
>   were decentralized [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... They did not spread everywhere because
> Lionel Wolberger: ... (A) they were not vendor agnostic nor
>   future proof
> Lionel Wolberger: .. .DIDs are rotateble so allow technological
>   upgrades
> Lionel Wolberger: ... The crypto is separated from the actual
>   identifer
> Lionel Wolberger: ... Another reason why PGP fingerprints did not
>   achieve wide market adoption
> Lionel Wolberger: ... Due to the complications of rotating them
> Lionel Wolberger: ... Revocation was extremely difficult, you
>   needed the original key material
> Lionel Wolberger: ... You had to notify people
> Lionel Wolberger: ... A number of DID methods have fast and
>   efficient ways to notify about revocation and rotation
> Adrian Hope-Bailie:  Questions back to Markus, etc [scribe assist
>   by Lionel Wolberger]
> Lionel Wolberger: ... I use corporate centralized user IDs in
>   general today
> Lionel Wolberger: ... If DIDs would be linked to domain names or
>   email addresses
> Lionel Wolberger: ... Would the service provider only persist the
>   DID and not the email address?
> Lionel Wolberger: ... Let's say I use finger
> Markus Sabadello:  Yes, your understanding is correct. [scribe
>   assist by Lionel Wolberger]
> Adrian Hope-Bailie:  That sounds like a powerful value statement.
>   [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... That ability sounds quite valuable
> Lionel Wolberger:  Something that wasn't mentioned - DID process
>   of creating an identifier feels like it's lower friction, more
>   lightweight. [scribe assist by Manu Sporny]
> Lionel Wolberger:  So many more digital interactions, so many
>   more devices, feels like a better way to interact given the
>   complexity of devices today. [scribe assist by Manu Sporny]
> Manu Sporny:  Responding to Bohdan [scribe assist by Lionel
>   Wolberger]
> Lionel Wolberger: ... The general assertion is that governments
>   must continue to manage data
> Lionel Wolberger: ... But the identifier is really secondary to
>   their interest
> Markus Sabadello: FYI the August CCG list archive has some
>   discussion on pros/cons of discovering DIDs from DNS:
>
> https://lists.w3.org/Archives/Public/public-credentials/2018Aug/thread.html
> Lionel Wolberger: ... E.g. in the USA the SocSec number is being
>   used as an identifier but SecSec admin wants to stop this
> Lionel Wolberger: ... SSA does not really need the identifier,
>   they just need to provide their services
> Lionel Wolberger: ... This is what we mean by saying geovernments
>   do not want to be identifier providers
> Lionel Wolberger: ... It is not their core value proposition
> Lionel Wolberger: ... They still need an identity proofing
>   process, of course
> Lionel Wolberger: ... But then they would not have the
>   responsibility to maintain and track the identifier
> Lionel Wolberger: ... Keep in mind, they still have to store the
>   ID and that is an attack surface honeypot
> Lionel Wolberger: ... They will benefit from the VC architecture,
>   where they store that they had a verified credential and can tear
>   down and not store a lot of the artifacts of the proving process
>   itself
> Chris Webber:  We are trying to move away from knowledge based
>   security (e.g. you know my SocSec#, you know my birthdate)
>   [scribe assist by Lionel Wolberger]
> Manu Sporny: Yep, Knowledge Based Authentication is usually a bad
>   thing...
> Lionel Wolberger: ... Human memorizability for DIDs was an
>   argument that we had
> Lionel Wolberger: ... I (Chris) advocated for non-memorizable
>   IDs, I wanted it to be underlying
> Lionel Wolberger: ... But people may want DIDs to last a lifetime
> Lionel Wolberger: ... That is not prevented by the standard,
>   though this would be an inappropriate use
> Lionel Wolberger: ... I dont want to give my BTCR identifer, I
>   want to give a more safe identifer.
> Adrian Hope-Bailie:  Responding to Manu, that the credentials are
>   not retained [scribe assist by Lionel Wolberger]
> Lionel Wolberger: ... Huge synergy with the upcoming technology
>   that more and more data stores will be held by individuals
> Lionel Wolberger: ... This is a good argument for DIDs in the
>   broadest sense
> Joe Kaplan:  Adding pain points from previous notes. [scribe
>   assist by Lionel Wolberger]
> Lionel Wolberger: ... Things change. Email addresses change.
>   Phone numbers change. Technologies change. Organizations change.
> Lionel Wolberger: ... The organization that could have verified
>   your deed does not exist anymore.
> Lionel Wolberger: ... Fakes are a pain point. Signatures prevent
>   this, but signatures need PKI
> Lionel Wolberger: ... Over-identification is a pain point.
> Lionel Wolberger: ... Identifier misuse. Successful and useful
>   IDs tend to get used for more things
> Lionel Wolberger: ... Burden of management: DIDs will be easier
>   for companies and organizations.
> Lionel Wolberger: ... Jurisdictional boundaries, where different
>   groups for different reasons need their own identifiers.
> Andrew Hughes: Pain point - vendor lock-in
> A world of pain (points) </h>
> Chris Webber:  One size trust does not fit all [scribe assist by
>   Lionel Wolberger]
> Manu Sporny: Good summary, is really going to help write the W3C
>   TAG primer
> Lionel Wolberger: ... You get to decide what your trust model is
> Moses Ma: Bye y'all, have a great thanksgiving!
> Lionel Wolberger: HAPPY TURKEY DAY
> Joe Kaplan:  See you [scribe assist by Lionel Wolberger]
>
>
>
>
>
>
Received on Tuesday, 27 November 2018 05:57:41 UTC