[MINUTES] W3C Credentials CG Call - 2019-08-20 12pm ET from kimdhamilton@gmail.com on 2019-09-11 (public-credentials@w3.org from September 2019)

From: <kimdhamilton@gmail.com>
Date: Tue, 10 Sep 2019 20:38:40 -0700
To: Credentials CG <public-credentials@w3.org>
Message-Id: <1568173120739.0.67767@okimsRazor.local>

Thanks to Bill Barnhill for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-08-20/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-08-20

Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2019Aug/0104.html
Topics:
1. Introductions and Reintroductions
2. Announcements and Reminders
3. Decentralized Topics at #RWOT9
4. BTCR hackathon
Organizer:
Joe Andrieu and Christopher Allen and Kim Hamilton Duffy
Scribe:
Bill Barnhill
Present:
Bill Barnhill, Heather Vescent, Sumita Jonak, Markus Sabadello,
William Claxton, Amy Guy, Ted Thibodeau, Brent Zundel, Dmitri
Zagidulin, Christopher Allen, Yancy Ribbens, Manu Sporny,
Jonathan Holt, Dave Longley, Justin Richer, Kayode Ezike, Jeff
Orgel, Joe Andrieu, Kim Hamilton Duffy, Kaliya Young
Audio:
https://w3c-ccg.github.io/meetings/2019-08-20/audio.ogg

Bill Barnhill: I’ll volunteer as scribe.
Bill Barnhill: Only done it once before, so may need
pointers/corrections
William Claxton: Voip 877 is wmclaxton
William Claxton: Me hooray!
Heather Vescent: Fantastic! Congrats!!
Bill Barnhill: * I think it’s topic
Bill Barnhill: Trackbot, start telcon
Bill Barnhill: I’ll volunteer to be scribe
Bill Barnhill is scribing.
Manu Sporny: Welcome wmclaxton ... looking forward to seeing you
at RWoT! :)

Topic: Introductions and Reintroductions

William Claxton: Bill Claxton, I’m an American living in
Singapore. My company has developed an application using
Verifiable Credentials. I’ll be at RWOT in Prague, and looking
forward to meeting people there.
Dmitri Zagidulin: I’m Dmitri, currently working with Digital
Bazaar. I’m an implementer of some resolver databases. My
background is in secure data hubs and agents, getting everyone to
interoperate, and distributed data bases. Example: SOLID.

Topic: Announcements and Reminders

Christopher Allen: https://w3c-ccg.github.io/announcements/
Markus Sabadello: We had a call last week. Probably not have a
call for task force during RWOT week, on the 5th.
Christopher Allen:
https://www.meetup.com/Vienna-Digital-Identity-Meetup/events/262359964/
Christopher Allen: https://www.WebOfTrust.info
<https://www.weboftrust.info
Christopher Allen: http://rwot9.eventbrite.com
Christopher Allen:
https://dustycloud.org/blog/activitypub-conf-2019/
Christopher Allen:
https://www.eventbrite.com/e/holochain-hackathon-in-prague-tickets-68086108383
Manu Sporny: https://redaktor.me/apconf/
Manu Sporny: More information about Activity Pub Conference:
https://redaktor.me/apconf/
Manu Sporny: (Speakers, topics, etc.)
Christopher Allen: So sounds like we will cancel the call for
the 5th. There will be a digitial identity meetup prior to RWOT,
with a train ride to Prague. RWOT is happening Sept. 5th, The
weekend after RWOT is the R2 Hackathon/Conference on ActivityPub,
the W3C standard that Mastodon and some other distributed twitter
clients use. Some work is planned that will move forward with
moving these from distributed to decentralized. There is another
group meetin[CUT]
Meeting after, the HoloChain community is having a hackathon in
the same space RWOT is. HoloChain is very interested in digital
identity.
Christopher Allen: https://mydata2019.org/
Christopher Allen: https://www.w3.org/2019/09/TPAC/
Joe Andrieu: Fukuoka
Christopher Allen: Also, TPAC will be in Fukuoka, Japan will be
happening Sept 16-20th. MyData will be 25th -27th.
Kim Hamilton Duffy: We keep the announcements updated here as
well: https://github.com/w3c-ccg/announcements
Christopher Allen: We use the GitHub repository issues for
tracking action items. We’re going to skip over them for now in
the interest of time.
Heather Vescent: Can you post a link for the public comment?
Manu Sporny: Last week there was a link in the minutes for Wayoo
(sp?) requesting public feedback.

Topic: Decentralized Topics at #RWOT9

Christopher Allen:
https://github.com/WebOfTrustInfo/rwot9-prague/tree/master/topics-and-advance-readings
Manu Sporny: Vote closes on group creation at end of the month,
and then W3C will make determination if there is enough interest
to form the group.
Manu Sporny: DID WG Charter -- W3C Member Confidential (yes, I
know, not the link this group wants, but tell W3C AC Reps to go
there and vote):
https://www.w3.org/2002/09/wbs/33280/did-wg-2019/
Manu Sporny: CCG folks -- if you are a company that is not a W3C
Member... please send in public support for the DID WG here --
you can click "respond to this message" below --
https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0000.html
ChistopherA: RWOT is a snapshot of what people are interested in
within the Digital Identity space. Many papers submitted this
year. Thought to give a little time today to think about this in
aggregate. Are there papers members of this community want to
point to? Are we missing things? What is missing from this topic
list.
Christopher Allen: One missing topic is incentivizing
involvement via side-chanel, not on block chain.
Manu Sporny: Data Hub stuff will be a big topic this time.
Wondering about some of the other stuff, like VC stuff, DID
stuff. Of the people that are going what are you hoping to see
happening at RWOT, maybe at ActivityPub conference? Interested in
seeing what’s happening.
Bill Barnhill: The link that was posted was that for
non-members? [scribe assist by Manu Sporny]
Manu Sporny: Yes [scribe assist by Manu Sporny]
Bill Barnhill: Clarifying public support is open to non members?
Manu Sporny: Yes, click the link above and anyone can send in
public support.
Kim Hamilton Duffy: Some of the "things I'd like to see happen"
are covered in the BTCR report out
Kim Hamilton Duffy: So I'll save until then
Manu Sporny: +1 To authentication protocols...
Dmitri Zagidulin: Now that we have the data model the focus is
shifting to how do we do authentication protocols with VCs and
DIDs.
Jonathan Holt: Topic on my mind is the other work coming out of
Hyperledger Aries. I think we need to have a thing for
authentication and exchanging.
Christopher Allen: I’ve been working on some new wallet
proposals for AirGap specification. We found really good results
using QR codes that animate about 1-2 seconds per animation.
Good results with camera with small size and display. Right now
there is now official standard for how to rotate/animate QR
codes. Maybe something like that is in our interest as well.
Dave Longley: I wanted to mention we are working on a emerging
standard for animated QR codes and efficient transmission of
same, called QRAM. We are interested in collaboration on that,
and have working code already.
Dave Longley: QRAM: QR Animation Method
Dave Longley: Working code:
https://github.com/digitalbazaar/qram/tree/initial
Manu Sporny: So many things that I want to participate in! :)
Kim Hamilton Duffy: We may have a couple of people from the
Decentralized Identity Foundation. There is a interop effort
going on there proving interop with BTCR wallets and credentials
and other things like credential exchange protocols. If anyone is
interested in working on those kind of prototypes while at
rebooting I’d be interested as well.
Manu Sporny: So little time... :(
Kaliya Young: +Q
Manu Sporny: +1 To Kaliya "what's the landscape and what's the
plan to get interop between different systems"
Kaliya Young: I wanted to speak to what I was hoping to get out
of RWOT. A much better understanding of the agent, wallet, hub
landscape. Also, a plan in the coming six months for how we get
interoperability with these things. Also, I have a kids digital
identity project, and am interested to see if anyone else at RWOT
is focused on kid’s SSI.
Dmitri Zagidulin: So SOLID community is definitely becoming
aware of this community’s work and the wider identity community.
The SOLID manager attended the last RWOT and will be attending
this RWOT. SOLID has started an outreach WG, including an invite
to RWOT, ARIES, Secure Data Hubs, VC and DIDs.
Markus Sabadello: One of the RWoT topic papers is about Solid +
VCs:
https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/solid-vc.md
Christopher Allen: I noticed there were 8 or 9 papers for RWOT
on Web of Trust, which is more Peer to Peer. I hope we can have
more experimentation there. I ran into one of our members, and
their implementation did not allow for peers. There was not the
original intent, which I thought we were really clear on, that
anyone can have any of the roles. Everybody ought to be an issuer
or a peer. They may not be central to some of the business
models, but I’d [CUT]
See that there.
Christopher Allen: IPFS is another community I’m concerned is
underrepresented around the storage.
Dmitri Zagidulin: There are a number of other storage related
blockchain efforts: FileCoin, KeepBase, others. There are other
fragmented communities out there that are doing decentralized
storage.
Manu Sporny: https://www.scuttlebutt.nz/
Christopher Allen: Hopefully we can eliminate future
difficulties as we grow the broader agenda.
Dmitri Zagidulin: The one I mentioned was MaidSAFE / SAFE network
- https://safenetwork.tech/
Kaliya Young: +Q
Manu Sporny: https://dat.foundation/
Manu Sporny: Two communities we haven’t mentioned are the secure
scuttlebutt community, and the DAT community. We spoke with DAT a
while ago and it didn’t really go anywhere. We haven’t had a
conversation with the secure scuttlebut community. We could
invite them to meet at RWOT, perhaps. Is there any folks that
went to DWEB that think we should be talking and maybe should?
Kaliya Young: I met the secure scuttlebut folks at DWEB. They
were subject to a very hard sell, and were turned off. I managed
to turn that around I think. Avoiding a hard sell should be
something we keep in mind, and approaching other communities with
sensitivity.
Christopher Allen: I know one person from Barcelona, and I’ll
reach out to him about secure scuttlebut.
Heather Vescent: +1 To having a conscious strategy to engage
these other groups.
Manu Sporny: WRT these other communities, it should not be ‘join
us, use what we have’ but rather ‘Let’s see what we can do
together’.
Kaliya Young: +1
Kaliya Young: +Q
Manu Sporny: The idea is that we spend more time listening in
these other communities than about what we can bring into the
mix. As we try to reach into those communities maybe we can do
something that looks more like a field trip, rather than inviting
them to come to us.
Manu Sporny: https://github.com/datprotocol/working-group
Christopher Allen: I was at a meeting recently and a DID member
said RWOT was a W3C thing. I think they got that because there
are a number of W3C people there, but RWOT is not a Standards
Organization. There are many things there that shouldn’t go into
W3C, and many that should. I like the phrase field trips to other
communities.
Kaliya Young: There is a difference, my perception is much of
the work is how do you support people getting on planes with all
the decentralized credentials you need. That is a different use
case than Scuttlebutt or Wireline. So what do wallets look like
for a fully decentralized network.
Kim Hamilton Duffy: +1 To Kaliya's point
Manu Sporny: BGP (Border Gateway Protocol) is protocol that
manages how packets are routed across the internet through the
exchange of routing and reachability information between edge
routers.
Manu Sporny:
https://en.wikipedia.org/wiki/Border_Gateway_Protocol
Kaliya Young: I think this would be a great question to answer at
RWoT - who has an easy to implement wallet for these
decentralized networks. I am on contract with Wireline.io - the
are open to implementing but I'm not clear what they should pick
up and use. The same wallets could/should be used for Holochain
and Scuttlebut and others.
Christopher Allen: BGP, Border Gateway Protocol, central to
networking. Current standards are not being adopted because
networks are peers and they don’t want a centralized authority
defining that a peer must do, so I am reaching out to them and
showing them interesting cryptographic approaches that might
solve their problem. Wondering how many communities are out there
that want this but don’t know they want it.
Christopher Allen: What kinds of things do we want to bring into
the W3C? Not everything needs a 4 year process to become a W3C
standard. Where is it appropriate for a 2 year CCG document or a
4 year WG document.
Jonathan Holt: For an Apple developer when you submit your
cryptographic library you actually have to register. So its more
of a struggle to get acceptance, and that might be a major
barrier to adoption.
Kaliya Young: Someone of the companies who actually are rumored
to be working with Apple should get them more publicly involved
in this community conversation - they are "here" we just can't
see them.
Jonathan Holt: The new cryptoKit ed25519 is supported.
https://developer.apple.com/documentation/cryptokit
Christopher Allen: So I agree. A lot of groups rely on the IETF.
Ed25519 which was a struggle. Nothing that used SECP is allowed
for use in a standard in IETF. How do we get over problems like
that, where a big company says it has to be a government standard
algorithm, and can we help?
Christopher Allen:
https://datatracker.ietf.org/meeting/interim-2017-cfrg-01/materials/slides-interim-2017-cfrg-01-sessa-secp256k1
Christopher Allen: Here is a talk I did at IIDS (see link), on
SECP.
Dave Longley: ED25519 will be in the next FIPs standard that
comes out.
Kim Hamilton Duffy:
https://weboftrustinfo.github.io/btcr-hackathon-2019/final_report.html
Christopher Allen: In multisig situations there are interesting
situations with multi-sig curves, there are other libraries such
as Liberetto. We should be aware that ED25519 has its
limitations.

Topic: BTCR hackathon

Kim Hamilton Duffy: See above for the final report, with more
information on what we were trying to solve. I’ll talk about the
accomplishments and then talk about the struggles we see. As
usual we do clarifications of expected behavior. We noticed we
weren’t granting verified credential signing as a default
capability. Also BIP 136 allowed ambiguous forms we didn’t want
to allow in BTCR. So we made sure we documented such
expectations.
Dave Longley: We had a method, and we eliminated a special
case..using one method over another other.
Kim Hamilton Duffy: Electron demo of a BTCR wallet was updated.
Kim Hamilton Duffy: A BTCR GoLang service running on Linode was
worked on, and the steps documented.
Kim Hamilton Duffy:
https://github.com/decentralized-identity/well-known
Kim Hamilton Duffy: We consolidated the BTCR references and we
now have a single place for that. Also, the BTCR DID method is
being used in the DID Foundation Hackathon. See link.
Christopher Allen: We did take some of the observations about
satoshi audit trail to the last DID task force meeting last
Thursday - see transcript there.
Kim Hamilton Duffy: Joe added a BTCR tutorial on Saturn,
inspired by Jimmy Song’s Bitcoin tutorials. We found we were
having problems with basic claims (e.g., I know this person and
vouch their DID is this). We found it was more of a struggle to
do basic things that we expected. Also, what belongs to DID
Metadata and what belongs to DID Resolution Metadata. That’s
still an open issue. Naming - we need to be more concise in our
naming. There’s also a lot of va[CUT]
Having a server-side service rather than a client side thing
users have to stand up. Those are the highlights that will follow
up on after RWOT.
Joe Andrieu: Also, The Satoshi Audit tral topic had some good
discussions has week. I encourage people that as they are
thinking about using the proofs that your blockchain represent
that some of that architecture doesnt go into the DID Document
but into something different.
JSONLD
Christopher Allen: We will be meeting next week, but not on Sep3
due to RWOT.

Received on Wednesday, 11 September 2019 03:39:08 UTC