- From: <msporny@digitalbazaar.com>
- Date: Tue, 26 Aug 2014 14:47:28 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
http://opencreds.org/minutes/2014-08-26/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials Community Group Telecon Minutes for 2014-08-26
Agenda:
http://lists.w3.org/Archives/Public/public-credentials/2014Aug/0001.html
Topics:
1. Introductions
2. Overview of W3C Community Group Process
3. Charter Review
4. Questions Related to CG Operation
5. Use Case Review
Resolutions:
1. Hold a vote on the Credentials CG Charter starting Friday,
August 29th 2014 with the vote open for 2 weeks. Accept the
charter if 2/3rds majority of votes cast are in favor.
Organizer:
Manu Sporny
Scribe:
Dave Longley
Present:
Dave Longley, Manu Sporny, Mark Leuba, Pindar Wong, David I.
Lehn, Bailey Reutzel, Sunny Lee, Chris MacAvoy, Mary Bold,
Richard Varn, Bill Gebert
Audio:
http://opencreds.org/minutes/2014-08-26/audio.ogg
Dave Longley is scribing.
Manu reviews the agenda with the telecon participants.
Manu Sporny: On the agenda today, we're going to spend a good
chunk of time on introductions, Community Group process, charter
review, ensuring everyone's questions are answered, and use
cases. Anything else to update or add on the agenda? If not,
we'll begin.
Topic: Introductions
Mark Leuba: My name is Mark Leuba and I'm an independent
consultant, was CTO/CIO with American Public University, I've
been working on projects periodically, with the obvious need for
security in identity. I saw the work on global payments and
understood that to be central to the value of secure mobile
identity. I'm interested in secure identity in educational and
institutional sphere, there aren't many solutions in this area
that are better than what this group is doing. I'd like to do
what I can to help support the standard.
Pindar Wong: Hi, Pindar Wong from Hong Kong. I'm the Chairman of
VerifFi Ltd. I'm porting over from the Web Payments CG, very
interested in online identity. About 21 years ago there was a
famous cartoon with a dog in front of a computer that stated: "On
the Web, nobody knows you're a dog." I'd like to move the state
of the art forward. I'm interested in international property
trading, I'm involved in government from the policy side in Hong
Kong and China.
David I. Lehn: I'm David Lehn from Digital Bazaar, I work on
standards around payments and finance.
Bailey Reutzel: Hi, my name is Bailey Reutzel. I work for
Payments Source and write about global payments. I've also been
working on writing about credentials and anything standards
related and am here to help edit the specifications that this
group creates.
Sunny Lee: I've been working on Mozilla OpenBadges for over 3
years, which is Mozilla's work on a badging/credentialing
standard. I've since left Mozilla and started at the Badge
Alliance.
Dave Longley: Hi my name is Dave Longley, co-founder and CTO of
Digital Bazaar, one of the primary authors of JSON-LD. I've been
involved with work around world standards and Linked Data for a
while now. [scribe assist by Manu Sporny]
Manu Sporny: Hi, Manu Sporny - I've chaired the W3C RDFa 1.1
working group, Web Payments and JSON-LD work. I'm a co-author of
JSON-LD. I'm a founder and CEO of Digital Bazaar, where we spend
most of our time creating standards and technology around
hi-stakes credentials and payments on the Web. Credentials was
spin off from the web payments work, we know that the credentials
work will be useful for more than just banks and financial
institutions and we wanted to bring in a broader perspective. We
wanted to involve not just financial institutions, but
governments and educational institutions and others to focus on a
more general credentialing solution.
Chris MacAvoy: Hi, Chris MacAvoy, I work with Sunny at the
OpenBadge Alliance. I've been working on that for a number of
years, working on the standards that define open badges, I'm
excited to be part of this group.
Mary Bold: Thanks to Manu for bringing people together, I'm from
education and workforce sectors. I'm with a startup called
Accreditrust that is entering the arena of credentials. We're
committed to open standards. We see standards as crucial to the
adoption of any credentials, from low-stakes badge up to
hi-stakes for drivers license, university degree, etc. We think
that governments and other large orgs won't be ready to go down
the high-stakes credentialsroad until we've got standards in
place.
Richard Varn: I'm a Distinguished Presidential Appointee at
Educational Testing Service and a former CIO for the state of
Iowa. I've had a long interest in credentials since my work as
the CIO of Iowa, working on many systems for identity
credentials, security. I've been pushing very hard to get ETS
involved in this credentials standardization effort. I can speak
to Mary's concerns and say we won't be able to adopt until there
is a decent standard.
Bill Gebert: I'm a strategic adviser at ETS and have worked with
them for over 10 years. Previously I was involved in VerticalNet
during the dotCom boom in the late 90's early 2000s. I look
forward to participating in this group
Manu Sporny: Just to mention a few of the people that couldn't
make the call today. Tim Holborn runs a Web Civics group out of
Australia, his focus is on people owning their own credentials,
comes from data privacy perspective. Evgeny Vinogradov is from
Yandex which is basically the Google of Russia, they run payment,
identity systems but this is late in the day for him so he's not
here. Markus Lanthaler wanted to be here as well, one of the
co-authors of JSON-LD and is focused on REST APIs for
transmitting data back and forth. He is involved in Social Web
Technical Working Group at W3C and we should be having crosschat
with them, as we decide what specs we want to focus on here,
anything else as far as intros are concerned before we move on?
Manu Sporny: In general, I think we're off to a great start. We
have folks from the financial, education, open source, web
standards sectors here, great to have diverse industries on the
same call, that's not easy to do.
Manu Sporny: I really appreciate everyone showing up and being a
part of the conversation.
Topic: Overview of W3C Community Group Process
Manu Sporny: The company group process is very lightweight, we
don't have a lot of W3C support until we go to them directly and
ask for it. So all the intellectually property stuff is dealt
with in a light manner, every org is expected to do some IP
release (you did this when you signed up to the group), if you
are on the mailing list don't mention an IP/patent stuff at all
if you don't want us to know about it (or risk your filing
deadlines).
Manu Sporny: The W3C CG process is designed to incubate
technology, it's the same process we used to incubate JSON-LD and
push it through W3C. It can be a fairly rapid process, we were
able to go from JSON-LD CG through to a standard in ~3 years,
which is very fast vs. usual 5-7 year timeframe.
Manu Sporny: We will iterate on the tech here and then take that
output and give it to W3C to create the standard
Manu Sporny: What the tech is and what it does will be what we
discuss in the next months here
Manu Sporny: We will have weekly telecons, agenda is created by
the group, if someone wants to talk about something they send
something to the mailing list to get it put on the agenda, group
talks about technical nature of the work, what specs need to be
written, volunteers go off and write them, once they are in a
good state to get pushed through W3C standardization process,
then we agree as a group to push it to the formal process at W3C,
which involves identifying patent/IP issues, etc
Manu Sporny: Once it's in W3C process at that point a more
deliberate/slow process takes over
Manu Sporny: So to recap, we meet weekly, talk about technical
issues, write specs, then we hand it off to the official W3C
technical standardization process
Manu Sporny: If they pick it up, then it would take 3-4 years to
reach official status
Manu Sporny: Any questions about the process?
Mary Bold: I've got a question about logistics. I'm sure Yandex
doesn't need me worrying about them, please discuss if there will
be alternate times for meetings or will Yandex catch up / get to
calls as they need, we have international group and want to make
this work for as many as we can
Manu Sporny: There is a precedent for having alternate calls for
folks in non-western hemisphere, we could have the calls at 10am
ET it would be better for him, it makes it 7pm for Evgeny
(Yandex), he's good at following the minutes, it's really based
on demand, if majority of folks are in EU, if we get
Australia/China/Russia/etc then we'll make the call match that
time zone.
Pindar Wong: Normally the minutes are usually quite complete so
it's pretty easy to catch up on what the group is up to
Pindar Wong: If you can't make the calls the minutes are usually
scribed well
Manu Sporny: We try to run this group in a fair way. So everyone
gets a chance to scribe, you'll know well in advance when to
scribe. Dave longley volunteered today, but we'll alternate
throughout, everything in this call is recorded, audio, detailed
minutes, we are as transparent as possible, this is fairly
unique, not every group records the audio and the minutes. If,
for whatever reason, if you say something in the audio for
whatever reason that is supposed to be a trade secret (or not
widely publicized) we can go and cut it from the audio, you have
to let us know and we'll do that, but it takes some time to do it
Manu Sporny: The minutes we try to get up shortly after the
telecons
Manu Sporny: Any questions?
No other questions.
Topic: Charter Review
Manu Sporny: http://www.w3.org/community/credentials/charter/
Manu Sporny: There is a draft charter that is up, we've gotten
input from a number of orgs that want to participate including
most of the folks on the call today, the charter has basically
been taken from the Web Payments group and JSON-LD group, been
slightly modified, is battle tested, works fairly well, never had
an issue with how decisions are made, etc. charter outlines our
scope of work, focuses on digitally verifiable credentials
Manu Sporny: Identity credentials work started in web payments
and badge alliance work is in scope
Manu Sporny: We are trying to be focused yet inclusive
Manu Sporny: I didn't hear anyone introduce themselves today
that might be doing stuff that wouldn't fit into the scope of
work for the charter
Manu Sporny: Any questions on scope of work?
No question on scope of work.
Manu Sporny: There is a section on work items in the charter,
right now we only have three items, to be clear this charter
hasn't been ratified by the group so proposals can be made to
change it, the three items now are HTTP signature specification,
that is being pushed through IETF, it is expected to be co-owned
by Web Payments group and Credentials group and IETF and is
low-level can be used in a number of use cases
Manu Sporny: The HTTP signature spec lets you verify that a
piece of software that sent you a message is operating on a
particular entity's behalf behalf, so if someone sends you a
credential then you can know that the person on the other end is
who you think they are (the US Government, for instance)
Manu Sporny: It verifies that the message channel is secure over
just plain old HTTPS.
Manu Sporny: Another spec is secure messaging, that allows you
to put your stamp of approval on a particular credential, that is
being shared with Web Payments CG, Credentials CG, the Social Web
group may pick up the work
Manu Sporny: The last one is the Identity Credentials spec that
tells you how to express a credential in JSON-LD
Manu Sporny: The reason we are starting with those, DB created
the vast majority of the specs, we have handed all IP over to W3C
which must happen for a worldwide standard, it's good to start
these groups with some tech from some company to ground the
discusison
Manu Sporny: Otherwise you go in circles about what the group is
building
Manu Sporny: I certainly don't want to put anyone on the spot
today on tech that their orgs may contribute to the work we're
doing here, that said, does anyone want to raise any other work
items to pick up in this group?
Manu Sporny: Any other tech to pick up?
Pindar Wong: Given that this group is just getting going, what
is important is to let people know this group exists to let
people know about the question you just asked, as this group
becomes more well known I expect others to answer, it's important
to get the word out
Manu Sporny: Yes, thank you, and we've got a number of events
coming up where we can do that
Manu Sporny: Moving down the charter, we have dependencies,
liaisons, etc.
Manu Sporny: There are a number of other W3C tech groups, etc.
to talk to to make sure orgs such as IMF global, etc. know what's
going on
Manu Sporny: We're very interested in reaching out and making
sure they know that we're doing work that relates to work they
are doing as well
Manu Sporny: Next week, Mary, Pindar, myself, folks from EFF,
and other educational/payment-related orgs, are going to be at
the Internet Governance Forum, put on by the UN, to talk about
what we're doing.
Manu Sporny: The work that we're doing here is meant to be
purely technical, any policy should be moved out of the group to
venues like the IGF. W3C works well by keeping policy discussion
out of technical groups, IGF and forums like it are the right
place for policy discussions.
Manu Sporny: We are primary focused on technology, not rule of
law, regulation, etc. though it will certainly affect this work
Manu Sporny: If we can identify good external groups to pick up
non-technical conversations, we should do that.
Manu Sporny: Any questions on scope of work?
No questions.
Manu Sporny: W3C operates by consensus; groups operating under
and near it try and make sure as many people as possible are
happy with the technical discussions we're making
Manu Sporny: In lieu of that, if there are objections, we ask
the objector if they see it as a blocking issue ... meaning
whether or not we can continue without fully addressing their
concerns
Manu Sporny: Usually takes a week or two to deal with it
objections. If we can't resolve an objection then we move to a
chair decision or a vote which is very rare.
Manu Sporny: Having a formal vote is very rare, it's a multiweek
process that slows everything down
Manu Sporny: We're trying to effectively build the same
capability and we're all working together
Manu Sporny: The decision making process is outline in the
charter, we go to working consensus, if no consensus, chair makes
a decision if [missed] then it goes to a formal vote
Manu Sporny: Speaking of chair we don't have one yet
Manu Sporny: The group will need to decide who the chair will be
over the next couple of weeks, we can operate without one for a
while, but W3C wants us to name one, can be up to 3 chairs, if we
have this many people on the call i'd expect at least two chairs
to share the load of running the group
Manu Sporny: As far as process is concerned we are very
transparent, everything minuted, general public can see the whole
process
Manu Sporny: Don't say anything to put your org in a tough
position, but since we focus on technology usually not an issue
Manu Sporny: That's effectively the charter, any concerns about
how this group runs or the decision process?
Pindar Wong: A vote on the charter is expected by September
15th? can we discuss that?
Manu Sporny: We needed to have this call to make sure people
knew about it could discuss it, we hope to have a vote by then,
really we don't need one but it makes things go more smoothly
with W3C. For example, an org could come in that wants the group
to fail and say the process isn't formal enough because there
isn't an agreed upon charter and thus the entire output of the
work should be ignored. So, the sooner we get a charter in place
the better.
Manu Sporny: Sept 15th is the hope, but it could be longer,
October, etc.
Mary Bold: To pick up on Pindar's point, if we use the calendar
to anchor this decision, would it be wise to have chairs and
charter before TPAC? We can advance the work there and it's
several days prior to Halloween in US, that's the last week of
October.
Mary Bold: Could we talk about having several weeks with charter
endorsements and a couple of co-chairs so we have that show of
strength in the next couple months?
Mary Bold: Give us a couple of weeks to locate willing co-chairs
to bring us some stature
Manu Sporny: Yes, and the sooner we get all that process out of
the way the sooner we can discuss the technology which is the
main reason we're here.
Manu Sporny: It's really only limited by how quickly everyone in
the group can move.
Manu Sporny: Next week a number of people will be at IGF, but
maybe by next call we can put forth a proposal to get things
adopted
Manu Sporny: Other option is to do it over the mailing list.
Manu Sporny: Today or tomorrow or the day after we can start a
vote on the charter and have two weeks for voting and then we'll
have an operational charter if it passes
Manu Sporny: Other people on the call will have to give their
preference.
Manu Sporny: My personal preference would be to do it as quickly
as possible, it's not a very controversial charter, we've used it
in other groups and gotten their experimental tech all the way
through the W3C process
Pindar Wong: I'd been in favor in started as soon as possible
Manu Sporny: Chairs will be whomever volunteers. I'll be way too
busy to chair, but I can support by doing the administrative
stuff, taking of minutes, posting them, etc. i can help there as
well as make sure we're staying within CG and W3C process.
Manu Sporny: If you've never chaired a W3C group in the past
don't let that prevent you here, you'll have plenty of help
Manu Sporny: Any other comments for voting on the charter?
Manu Sporny: If there are no objections I'll put it up for a
vote this week
No objections.
PROPOSAL: Hold a vote on the Credentials CG Charter starting
Friday, August 29th 2014 with the vote open for 2 weeks. Accept
the charter if 2/3rds majority of votes cast are in favor.
Dave Longley: +1
Chris MacAvoy: +1
Sunny Lee: +1
Manu Sporny: +1
Bailey Reutzel: +1
Richard Varn: +1
Pindar Wong: +1
David I. Lehn: +1
Mary Bold: +1
Bill Gebert: +1
RESOLUTION: Hold a vote on the Credentials CG Charter starting
Friday, August 29th 2014 with the vote open for 2 weeks. Accept
the charter if 2/3rds majority of votes cast are in favor.
Manu Sporny: Any questions related to the charter?
No questions related to the Charter.
Topic: Questions Related to CG Operation
Pindar Wong: All the work is in English?
Manu Sporny: All W3C work is required to be in English, if our
technical work makes it all the way through the W3C process then
there will be translations from English to other languages
Manu Sporny: Yes, Pindar, it's a part of the W3C that all work,
meetings, documents written in English
Manu Sporny: Any other questions related to CG operation?
Manu Sporny: For those of you not on the IRC channel, you
definitely want to be on it in later meetings, you can connect
with a web browser, it's important for a variety of reasons. The
first is ensuring the minutes are correct, so if you see the
scribe misrepresent what you said you can correct what you said
at that point, we share links in there on the topics we're
discussing, you can control the voice channel so you can tell
what's going on, there's a voip-bot you can tell to mute you,
disconnect/alias you, tell it that you want to speak, if there
was a heated discussion we ask people to put themselves on a
speaking queue and we'll go through the order in the queue, very
useful if lots of people join
Manu Sporny: You put yourself on the queue by saying "q+" and
take yourself off by saying "q-"
Topic: Use Case Review
Manu Sporny:
https://www.w3.org/community/webpayments/wiki/UseCases#Identity
Manu Sporny: We had lots of orgs at Web Payments Workshop like
Bloomberg, Google, US Federal Reserve, AT&T, Telefonica, PCI
Security Standards Council, etc. A lot of companies there
outlining use cases around identity.
Manu Sporny: The Web Payments CG has been refining these
identity use cases over the past couple of months, but is handing
the identity use cases over to this group to make sure this group
takes those use cases into account.
Manu Sporny: Throwing that out there so if people didn't know
about those use cases they do now, and we'll need to add more use
cases around credentials in education and those sort sof things
in this group
Manu Sporny: Any questions on the use cases?
No questions about use cases
Manu Sporny: If there are no other comments or questions, we'll
go ahead and end the call now, the next call will not be next
week because a number of us will be at IGF talking about
credentials, policy, law all around this stuff, we'll post the
results of that to the credentials CG mailing list
Manu Sporny: But the next call will be the week after that same
time and day, etc. (September 9th, 2014).
Manu Sporny: Any other questions?
Sunny Lee: Thank you everyone!
None, lots of "thank you"s
Manu Sporny: The sooner we get through this administrative
stuff, the sooner we can focus on the tech.
Received on Tuesday, 26 August 2014 18:47:52 UTC