[MINUTES] W3C Credentials CG Call - 2019-01-15 12pm ET from kim@learningmachine.com on 2019-01-19 (public-credentials@w3.org from January 2019)

From: <kim@learningmachine.com>
Date: Sat, 19 Jan 2019 11:37:54 -0800
To: Credentials CG <public-credentials@w3.org>
Message-Id: <1547926674216.0.52542@Kims-MacBook-Pro.local>

Thanks to Lucas Parker for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-01-15/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-01-15

Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2019Jan/0053.html
Topics:
1. Introductions
2. Announcements & Reminders
3. Progress on Action Items
4. Work Item Status Review
5. New Work Items
Organizer:
Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
Scribe:
Lucas Parker
Present:
Kim Hamilton Duffy, Christopher Allen, Lucas Parker, Amy Guy, Joe
Andrieu, Dan Burnett, Heather Vescent, Dave Longley, Mike Lodder,
Isaac Patka, Michael Herman, Vaughan Emery, Manu Sporny, Ken
Ebert, Lionel Wolberger, Jeff Orgel, Brent Zundel, Jarlath
O'Carroll, Markus Sabadello, Jonathan Holt, Drummond Reed, Adrian
Gropper, Bohdan Andriyiv
Audio:
https://w3c-ccg.github.io/meetings/2019-01-15/audio.ogg

Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
Vaughan Emery: Present +
Kim Hamilton Duffy:
https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
Lucas Parker: How do I mark myself as scribe?
Lucas Parker is scribing.

Topic: Introductions

Kim Hamilton Duffy: That was Philipp Schmidt
Michael Herman: Interested in representing business documents.
Trying to clarify draft DID spec.
Michael Herman: Help
Brent Zundel: Evernym, crypto-engineering, ..., currently moving
forward with credentials working group with Sovrin and Evernym
Michael Herman: Hi manu, I'm not too proficient with IRC

Topic: Announcements & Reminders

Joe Andrieu: http://rwot8.eventbrite.com
Kim Hamilton Duffy: RWOT VIII -- Mar 1-3 2019, Barcelona, Spain
http://weboftrust.info
Kim Hamilton Duffy: Locked in RWoT date, March 1-3 in Barcelona.
Few events before and after, Joe sent EventBrite for that.
Kim Hamilton Duffy: IIW -- Apr 30th-May 2nd, Mountain View, CA
https://www.internetidentityworkshop.com
... IIW, which is April 30-May 2 in Mountain View, CA.
... Seen quite a few emails on the VCW email list. Might be
doing verifiable creds meetup right after rebooting.
Joe Andrieu: Definitely going to do it. 4th and 5th, Monday and
Tuesday after RWoT, will be face-to-face for verifiable claims
working group, open to members and guests. Contact the chairs of
that group to ask for an invitation. Limited number. Reach out
to Dan Burnett or Matt Stone.
Dan Burnett: Sent an email to CCG list last week announcing the
meeting. Reply to that if interested.

Topic: Progress on Action Items

Kim Hamilton Duffy: Doing this a little differently. A few
process issues to clean up. In general, we are going to do ...
reviews to ID unlabeled items, but we're skipping those.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/50
... Instead, Dave Longley to present a new issue, tracked via
above link.
Dave Longley:
https://lists.w3.org/Archives/Public/public-credentials/2018Dec/0108.html
Michael Herman: Who is talking currently?
Kim Hamilton Duffy: That is Dave Longley
Dave Longley: Tightening up implementations of LD proof and
DIDs, taking into consideration community input around
terminology. Email sent to mailing list with terminology
specifics. Effectively, a number of terms used in the community
and into proofs and DID documents, such as cryptographic suites,
creator and owner, are debatable. Considering changing because
they cause confusion. Given some alternative names for
terminology, taking into account what people
Have been discussing. Some issues in the tracker for some of
these. Main issue is stopping the use of 'owner', changing to
'controller'.
Jarlath O'Carroll: FYI - currently having issues connection to
conference phone line, anyone else?
... While working on changes, adopted 'controller' instead of
'owner', interested in getting that into the spec. Also talking
about changing 'cryptographic suites'. Existing term of art that
makes people think of something else.
... Other terms changed are replacing 'creator' with
'verification method'. Value of 'creator' field for signatures
is ID of public key. Changing to 'verification method' makes
more sense, allows to work toward making proofs more generic.
... Talked about a variety of different kinds of proofs, like
biometrics, etc.
Manu Sporny: Correction --- privacy preserving biometrics
... Change/adoption/suggestion: try to include a proof purpose.
Helps tighten up use of proofs in the ecosystem. Ensure that
proof is created to include a purpose, helps eliminate some edge
cases.
Jarlath O'Carroll: Manu - ty
... Create a proof for purpose of authentication, different
than assertion. Don't want assertion data to be reused as
authentication method.
... Authentication field in the DID spec which establishes a
link between entity that controls, and verification methods.
Entity can say that thes public keys are for authentication, or
for assertions.
... Also covers case of object capabilities, where entity that
controls can say that these are for invoking or delegating
capabilities.
... In the email, details about linked data proofs work and how
these elements tie together. Ensure that the verifier can make
sure that proof was made for authorized purpose, using
verification method authorized and matches the type of proof that
was created.
... Terminology tries to be more specific about all of that.
Would like feedback.
Kim Hamilton Duffy: Those are separate work items, broader
changes affecting existing draft. Wanted to talk about that, see
about feedback.
... Check out the email and respond if any responses.
... Dont need to do the week waiting time because those will be
PRs.
Manu Sporny: Definitely need feedback on this stuff sooner than
later. Will discuss at Rebooting 8, but implementations are
starting to put the stuff in. Should be where consensus is.
... If anyone disagrees, let us know. Taken inputs from last
two Rebootings, ..., hopefully people will be happy with changes,
looking for one or two objections.
... If no objections, all changes will apply to next rev of DID
spec, with data sweeps, etc.
... Implementations already exist to make sure it all works.
Kim Hamilton Duffy: Status to report on work or action items?
Manu Sporny: Thanks to Michael Herman for issues raised on DID
and VC spec, we will get to them, under work pressure to get
verifiable credentials stuff going.
Michael Herman: Queue+
... Have been watching issues raised, notice frustration in
some of what is written. All good catches, need time to make
changes in response over next couple of months.
Michael Herman: Where I'm headed on that. 36 issues added to
DID spec, too many to review individually.
... Will try to roll up in to a few main topics. If we can
discuss those, then the details fall out in other issues.
... Indie arch. reference model is an important part of
discussion. Work in progress, rolling up issues into smaller
number of items.

Topic: Work Item Status Review

Kim Hamilton Duffy: Bulk of meeting will be talking about work
item issues.
... Starting off with mailing list topic from yesterday.
... Unclear state of work items. One reason is that we've not
been crisp in communications about how to create new work items,
and how to close work items.
... First one, we were being informal with description as
opposed to pointing people to full details.
... Close work item process we're still working on, but as
mentioned, want to address all the problems I saw to optimize for
unblocking community, then on chairs to get rid of problems
introduced.
... Most critical one is ... if you have a new item to propose,
follow process to be describe. Main gap is that we haven't been
identifying multiple owners. That's the main thing we had failed
to do to kick off work items.
... Weren't following one-week countdown process, announce in
CCG, announce in mailing list, wait a week for feedback.
... Thing that is critical for chairs to work on, highest pri,
completing the closing work item process. Blocking closure of
work items that are still pending.
... After we coplete that, start fleshing out work items that
are all-but-done.
... Have a few blocked items, not in a clear state, chairs and
owners will work together to figure out. Few other things, but
those are most critical.
... Through combination of github templates and clearer
pointers, hoping to avoid that in future.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/blob/master/work_items.md
... Want to show some updates (link above). Heavily redone,
will be redone again. Main point is to understand what is the
state, what do we have on these things, are there repos and
drafts, etc.
... Calling attention to ToC, potential work items, talk about
those and propose today.
... Next major section, current work items, see the registries
and that's good at the moment.
... In that table, where you see status, in the W3 CCG process
row, see that it is blocking others with footnote to more
details.
... Blocing everything that says "needs close process." Quite
a few that we think are almost there, but they need spec text, go
through work item close process. Chairs need to work on that.
... Last major section is "completed work items." Goal is to
capture closed work items. Can rethink structure later. Wanted
to get information there.
... Some specifications incubated through this group, for
example verifiable creds lifecycle, wanted to record that it's
closed and integrated into verifiable creds data model.
... That's the overall structure. Can refer to this to see the
current state of what's happening.
... Questions?
Manu Sporny: New process is being documented.
Kim Hamilton Duffy:
https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/view
Kim Hamilton Duffy: Two aspects: one, talk about new process;
next, overall process is in above link. Welcome comments.
... Some uncertainties in close work item and other aspects of
document, but confident of new work item process, which we'll
talk about next. Focus on pushing through today.

Topic: New Work Items

Kim Hamilton Duffy: Walk through new work items process. Then
start kickoff process work item topics that are ready.
Michael Herman: FYI: Link to the current version of the INDY ARM:
https://hyperonomy.com/2019/01/13/hyperledger-indy-sovrin-comprehensive-architecture-reference-model-arm/
... Then, talk about two that we mentioned last meeting: CCG
survey; social identity as a potential work item.
Kim Hamilton Duffy:
https://docs.google.com/document/d/1vj811aUbs8GwZUNo-LIFBHafsz4rZTSnRtPv7RQaqNc/view
... Again, this is the new work item process; not just that,
but all new CCG process.
... Scroll down to page 4, work item process.
(Kim, you dropped out for a second)
Kim Hamilton Duffy: Initial steps are standard. Create abstract
or draft, like Google Doc or Github markdown page. Any way of
capturing it.
... Make sure there's a lead, person resonsible for advancing
work item, and one other sponsor. Doesn't mean financial, but
someone with skin in the game (editor, etc).
... Don't know if it's required that person is from a different
company, but doesn't affect work items in progress now.
... Post a Github issue in the CCG org community repo, but
don't create a CCG repo yet.
... Can create in personal Github account. Tag issue as
proposed work item.
... Instead, creating Github issue templates. Some can be done
through template, like tag, fields for owners, etc, to make it
easier.
... Following, propose work item on weekly call and mailing
list. Can do that in whatever order. Need both to happen before
the one-week countdown start.
Heather Vescent: Nope. ALl good.
... Questions about process?
Kim Hamilton Duffy: Also wanted to send example of something
that is conformant right now.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/48
... One that Manu did. ... work item proposal, not that he has
proposed work items label, editors, contributors, more than one.
... Already posted in mailing list, link with details of that.
... Already described this in CCG last week, doesn't have to go
into as much depth as before. Starting one-week countdown for
substantive objections to why we should do hash link here.
Otherwise, formally accept, create Github repo.
Manu Sporny: When reading document, immediate reaction was
"looks like a lot of process, preference to keep it light."
... At the same time, has to be some kind of process.
... Hope is that chairs have tried to put as much process
burden on selves, rather than on contributors.
... If people want to contribute, writing in email and sending
to list should kick off process.
... Chairs will help guide people through that process.
... Issue template, like filling out a simple form in an issue
tracker. Chairs take over from then on.
... Any thoughts on ease of use of process?
Kim Hamilton Duffy: Preference is for latter. Don't want usual
thing every time, "get another owner, waiting period." Solve
through automation. Figuring out what info we must have.
... If can agree on that, add an issue template and just send
the link to that.
... That way, anyone can be coached through proposal process
through that template. Can ask for help, but we're busy people,
want to minimize repeated info.
... Welcome to feedback.
Joe Andrieu: Respectfully do not want to put burden on chairs,
already overwhelmed.
... People create work items with community support. Bumped
into different things getting that to engagable process.
... For issue #48, would be great to have real names of these
guys.
... For editors and contributors.
... Not in the process to have handles.
... Have people who want to be part of team, but don't have
Github handles, can't make them owners.
... Use Github/automation to streamline.
... Trying to create systems so operational burden is not on
chairs.
Christopher Allen: Another aspect, chairs have to evaluate
comunity support. Can't have work items waiting for a year on
the list.
... Better to put it on hold until there is interest. Can be
on a private repo until more community support.
Kim Hamilton Duffy: Freezing queue on this topic at Ken
... One step, I and other people will say, are we really ready
to do this report?
Kim Hamilton Duffy: Any more comments, capture in CCG process
document or some other forum.
... Related note: thinking about automation for that. Every
interest in making as useful as possible, but has been lingering
work items with minimal traction.
Heather Vescent: Feels process is heavy, specifically for
non-technical people.
... May want to revisit process to simplify and streamline
after feedback from survey.
Joe Andrieu: +1 For burden on non-technical folks; github is a
challenge for many
... Needs to serve the overall goals of what we're all trying
to achieve. In some cases, if you are leading group and being
one of people creating structure, that is an additional burden.
Joe Andrieu: ( I mean +1 in agreement, NOT +1 for actually having
burden)
... Someone to volunteer to manage?
... Feels like a lot of bureaucracy. Also doing this to
support development of community. Could try it, get feedback on
it, see how effective it is.
Drummond Reed: +1 To keeping the bureaucracy as minimal as
possible
Kim Hamilton Duffy: All we're talking about is "contract" (in an
engineering sense). Know up front what we need, tell people in
advance.
... Easy to create automation to let that happen. Github
templates, email path, etc. Getting content, making easier,
we'll have both.
Ken Ebert: Whether we accept an item as a working item. Does
that mean we expect to produce something, or is debate about
whether we produce something after it goes on the queue?
Kim Hamilton Duffy: Haven't covered that.
... Part of CCG process is saying, "What are valid forms of
artifacts/results from work item?" Might be draft report,
something less formal like position paper.
... One example: David Chadwick wrote up something, immediately
into another spec.
Joe Andrieu: Trying to get process to be lightweight/streamlined
from someone having an idea to closure. Have a chart made of
clipart in the document that explains whre CCG work items might
end up.
... Piecing out details of how we keep on top of this.
... Mentioned in last call that we did not budget enough time
for work item review, so want to streamline what's in calls.
... Only want to adopt work items that will get to closure,
some don't, chair's job to move things along.
Kim Hamilton Duffy: Propose to kick off a few items.
Manu Sporny: https://github.com/w3c-ccg/community/issues/46
Manu Sporny: Multi-hash spec. Protocol Labs, does IPFS, has
published the multi-hash spec in Github a couple years ago.
... Getting increasing support. Purpose of spec is standard
way to express cryptographic hash. Before, wasn't a clean way to
do it.
... Gives all benefits for IoT and application layer folks can
live with.
... Simple, lightweight, pretty muych done, has
implementations. Formalizing spec.
... For this group: resource integrity proofs, cryptographic
hashing, touches everybody in this group.
... Proposal is there. Link to mailing list thread on
specifics, exactly which community members will benefit. Suggest
that you take a look at that.
... Probably 80% done.
Joe Andrieu: Sounds great. Confused by IETF relationship.
Manu Sporny: Specs don't fit well at W3C.
... W3C focuses on high level things. IETF focuses on
lower-level things.
... This kind of spec is something that would find easier home
at IETF.
Manu Sporny: Multibase --
https://github.com/w3c-ccg/community/issues/47
Manu Sporny: Next, sister spec: multibase.
... Encoding in multihash that says what crypto hash was used
to generate the hash. Multibase is same concept for base
encoding.
... Binary data. Can't just put into an email, need to encode
binary data using letters and numbers.
... Many ways of base encoding. Base 2, 8, 10, 16, 32, 64, 58,
all ways to encode stuff.
... BTC uses base58
... Flickr uses base58, but their own flavor.
... Same for hexadecimal (lower or upper case?)
... Multibase is a way of encoding the base encoding. Can fit
these two specs together, if you have a multihash expression in
binary, can encode in multibase.
... Full forward and backward compat across crypto hashes and
encoding schemes.
... More flexibility in encoding formats and crypto hashes in
our systems.
... Would enable ... and Sovrin and IPFS to express certain
primitives, like SHA256, in the same way.
... Can start building and using common libraries across Sovrin
and IPFS.
Mike Lodder: +1
Jonathan Holt: Lookup table is hardcoded in repo, is IETF to be
source of truth?
Manu Sporny: Eventually, yes, but for now, generated from Github
repo.
... Spec is generated from tables in Github, but will be a
transition.
... Once that happens, IETF is very used to running registries
- run hundreds. This is what they're used to, they have a
process.
... Keeping spec text up to date is a PR.
... Next time we do publication, new spec text will be put in
there.
Jonathan Holt: What's the turnaround time for that?
Manu Sporny: Structure so that can be kept up to date. In
multibase/hash, built where that's a fit. Simple spec, info in
registry, updating registry is quick.
... Turnaround is fast, PR can go in minutes, can have new
version published at IETF in minutes until becomes RFC, after
which, stability in specification.
Manu Sporny: https://github.com/w3c-ccg/community/issues/48
Manu Sporny: Hashlink is the next one.
Mike Lodder: You answered my question manu
... Builds on top of multibase and multihash. At last
Rebooting, a few folks worked on a resource integrity proof,
deployed into proofs of concept and pilots.
... Resource integrity proofs no longer the way to go, want to
do hashlinks.
... Link has justification.
... Hashlink is a way of saying here's a proof and multiple
implementations.
Adrian Gropper: Like keybase?
... Here's an item, an IPFS link, a BTC tx, etc. If resolver
can resolve, then you've got a cross-network way of doing crypto
linking. Important for JSON-LD contexts, Sovrin schema
expression, items that Bodhan raised
Bohdan Andriyiv: Great!
... Tiny specs can be pushed forward at IETF, has upsides to
everyone.
Kim Hamilton Duffy: Remaining items will be moved to next week.
DID resolver work item proposal. Survey, functional ID.
Drummond Reed: Exit

Received on Saturday, 19 January 2019 19:38:21 UTC