W3C home > Mailing lists > Public > public-credentials@w3.org > October 2014

Credentials CG Telecon Minutes for 2014-10-21

From: <msporny@digitalbazaar.com>
Date: Tue, 21 Oct 2014 14:35:50 -0400
Message-Id: <1413916550035.0.2186@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials Community Group Telecon Minutes for 2014-10-21

  1. Intro from Dale McCrory from Courseload
  2. Introduction to Nate Otto from Concentric Sky
  3. Review Credentials CG Presentation to Web Payments IG
  4. Review Credentials CG F2F Agenda
  5. Review Credentials Use Cases vote status
  6. Open Badges and JSON-LD
  Manu Sporny
  Dave Longley
  Dave Longley, Manu Sporny, Mark Leuba, Dale McCrory, Nate Otto, 
  Bill Gebert, Mary Bold, David I. Lehn

Dave Longley is scribing.
Manu Sporny:  Anything to add to the agenda?
No additions to agenda.
Mark Leuba:  In transit today, can't scribe, but invited Dale to 
  the call.
Manu Sporny:  Dale, would you mind giving a quick intro?

Topic: Intro from Dale McCrory from Courseload

Dale McCrory:  In the enterprise space, for 8-9 years, 
  historically, I've been in the integration space, as the 
  principle ? manager for tech sales force. The 360-degree view of 
  an individual was important for us. How you bring together 
  information about an individual who has a lot of different online 
  identities was an important question. As directory of production 
  management, "how do we follow educational experiences, etc. as 
  they move around, eg: if one person comes back at 20s, 30s, and 
  50s getting an education there's no easy way to coordinate that. 
  Identity is really important."
Manu Sporny:  Thanks for the intro, Dale. We loved hearing it, 
  lots of stuff in common with what we're working on here.
Manu Sporny:  Nate, could you give a quick intro?

Topic: Introduction to Nate Otto from Concentric Sky

Nate Otto:  I come here from the Open Badges community. I've been 
  working with them for 2 years. I just took a job with Concentric 
  Sky to work on badges.
Manu Sporny:  For those that don't know, Nate is working on 
  badges/JSON-LD/etc and is very active in the community.
Manu Sporny:  Today's Agenda is mostly about prep-work for W3C 
  TPAC next week.

Topic: Review Credentials CG Presentation to Web Payments IG

Manu Sporny: 
Manu Sporny:  This is a very rough draft of a presentation we're 
  doing on Monday to the WPIG. We're trying to convince W3C that 
  credentialing should be taken standards track sooner rather than 
  later. Before we talk about the proposals we have on the table we 
  need to make the case to the W3C membership. TPAC is happening 
  next week in Santa Clara, CA. We're going to take every advantage 
  we can to make the case for Credentials. Our first presentation 
  will be at noon.
Manu Sporny:  We're trying to get people interested in the 
  Credentials CG as well.
Manu Sporny:  We're taking this approach because of KYC and 
  anti-money laundering is an important problem to solve on the Web 
  and in finance in general, we have people from the education 
  space on the call today and we're also looking at it from 
  healthcare, and if we can get those 3 verticals on the same page 
  that would be great.
Manu Sporny:  The presentation is designed to be a very 
  high-level overview of credentials and badging.
Manu Sporny:  The second slide we just define what a credential 
  is, that's the definition the CG agreed to in the charter.
Manu Sporny:  I talked to Sunny Lee and Chris McAvoy about the 
  video that's in the presentation, etc. we'll talk about Badge 
Manu Sporny:  ACDT will talk about high stakes credentials and 
  signatures, etc.
Manu Sporny:  We'll have ETS talk about how they are a big player 
  in this space and they want it to succeed, etc.
Manu Sporny:  We're outlining that there's a really strong desire 
  from the educational space to make this work.
Manu Sporny:  We don't have to talk about the financial space 
  because those people will be there and know of the issues.
Manu Sporny:  The healthcare people should be able to put two and 
  two together from that.
Manu Sporny:  I've got some details about the CCG there -- 
  transparency, that we discuss tech/specs, etc.
Manu Sporny:  Just to get people to understand what the CG works 
Manu Sporny:  Does anyone feel uncomfortable with the order or 
  what we're presenting?
Nate Otto:  Is someone from ETS going to be presenting with you?
Manu Sporny:  Bill Gebhart from ETS will be presenting
Manu Sporny:  The other folks we'll have in the room will be 
  from, for example, Bloomberg, National Association of Convenience 
  Stores, others I can't mention, about 50 people in the room, 
  about 70% of top tech companies in the world will be in the room.
Manu Sporny:  Next slide covers history and where the specs come 
  from, etc. I should add the Badge Alliance there.
Nate Otto: To do: add Badge Alliance founding (Feb 2014) to Brief 
  History slide
Manu Sporny:  Next slide we outline clear, narrow focus, don't 
  want to "solve the whole identity on the Web problem."
Manu Sporny:  That means different things to different people and 
  there's a rich history of failure around those sorts of 
  initiatives. We want to keep our focus tight.
Manu Sporny:  Next we talk about design criteria and link to use 
Manu Sporny:  Then we show the technology stack we're using 
Manu Sporny:  Anything not clear?
Group feels the presentation is acceptable, but images can't be 
  viewed in recent version of Google Chrome.
Dale McCrory: I can't see them either (and in Chrome)
Manu Sporny: Direct links to images - tech stack: 
Manu Sporny: Collaborators: 
Dave Longley:  "Modelling" is mispelled i think (should be 1 L)
Manu Sporny:  We didn't want to list any organizations that we're 
  working with yet that we haven't had a discussion about putting 
  their information up there.
Manu Sporny:  Any concerns about collaborators or what's in the 
  diagram/what's missing?
Manu Sporny:  Keep in mind we can have input on these slides up 
  until Friday.
Manu Sporny:  Next slide is about what information CCG will feed 
  into WPIG.
Manu Sporny:  We'll also continue to experiment with 
  pre-standards tech and do outreach.
Manu Sporny:  Slide 13 is just a high-level ... "where do you 
  want to go from here?" We have options for discussion.
Manu Sporny:  We could look at use cases, specs, demos, input 
  from IGF.
Nate Otto: Manu, for slide 13, you mentioned you needed to put in 
  an open badges demo. Let me know if you need help figuring out 
  what to put there.
Manu Sporny:  Please send me some links for Badge Alliance stuff 
  ... info packed and shorter is better.
Manu Sporny:  Send whatever you think is best, pull Sunny and 
  Chris in maybe and figure out what you guys want in there.
Nate Otto: Cool, will talk to them and get back to you in a 
  couple days.
Manu Sporny:  So we'll fix the image issues, link to some more 
  Open Badge/Badge Alliance demos, specs, etc.
Manu Sporny:  If anyone thinks of anything between now and Friday 
  please send it to the mailing list so we can get the changes in 
Manu Sporny:  Bill, we need input from ETS wrt. the presentation, 
  we'll do that offline.
Bill Gebert:  Ok, sounds good.

Topic: Review Credentials CG F2F Agenda

Manu Sporny: Face to face agenda: 
Manu Sporny:  This agenda is very drafty.
Manu Sporny:  It's for Tuesday at TPAC.
Manu Sporny:  There's something called the Advisory Committee 
  meeting (the AC part of TPAC) from 11-3pm on Tuesday, many of the 
  big W3C reps will be there (MS, Yahoo, Google, Yandex, etc.) 
  there are many other people that aren't the AC rep that are 
  looking for something to do during that time and we've got time 
  then. The idea is to have a very fast 1hr or 1:15 min meeting and 
  intro people to the CCG. People there will have never been to one 
  of our meetings and talk about our goals, etc.
Manu Sporny:  We'll have an hour for lunch and then during the 
  afternoon we'll jump into demos and use cases and roadmap 
Manu Sporny:  We would probably want to do some quick demos to 
  ground the work, this is a credential, this is how you verify a 
  credential, etc. Then talk about our use cases and ground the 
Manu Sporny:  We can talk about how we'll align endorsement work 
  in the future, talk about vocabularies and how we'd like the 
  Badge Alliance to take that work on, talk about things we may cut 
  or what's missing, the general state of things as they exist 
Manu Sporny:  Then the future planning will be, unfortunately, 
  only a 20 minute discussion. We'll talk about keeping the calls 
  going, how we'll coordinate with the WPIG and how we'll try to 
  drive more membership into this group, etc.
Manu Sporny:  That's the general layout, but honestly I spent 
  about 15-30 minutes thinking about the Agenda, so we may need to 
  re-think it or rearrange it.
Manu Sporny:  Any general thoughts about it for the F2F at TPAC?
Manu Sporny:  Anything missing or any discussions we want to have 
  earlier than later?
Nate Otto: That all looks pretty good.
Dave Longley:  In general agreement on the agenda. It's basically 
  the outline that we followed for the Web Payments CG introduction 
  we did last year. [scribe assist by Manu Sporny]
Dave Longley:  Where the CG came from, where it's headed, we 
  should talk about that - we also need to talk about how this fits 
  in w/ Web Payments. [scribe assist by Manu Sporny]
Nate Otto: Badge Alliance can't come.  wish I could come too.
Dave Longley:  If you wanted to tweak the flow a bit, you could 
  briefly go over where Credentials CG came from - why it split out 
  of Web Payments CG. Relate it to Web Payments IG in some way. 
  [scribe assist by Manu Sporny]
Dave Longley:  Talk about how technology/ideas solve problems in 
  other spaces. [scribe assist by Manu Sporny]
Dave Longley:  You may take that tact and it may make it flow a 
  bit more nicely [scribe assist by Manu Sporny]
Dave Longley:  Important that we don't spend too much time 
  talking about history. We need to ground the work. [scribe assist 
  by Manu Sporny]
Manu Sporny:  Any other concerns with the agenda? Keep in mind we 
  can change it all the way up until the day of (Tuesday), but 
  chiming in earlier would be helpful.

Topic: Review Credentials Use Cases vote status

Manu Sporny: Vote called last Tuesday: 
Manu Sporny: 
Manu Sporny:  You have until 5pm today to vote, so get your votes 
  in if you haven't already.
Manu Sporny:  We've got a decent number of votes, I'd like to see 
  at least six more to feel confident that most people saw and 
  voted on it.
Manu Sporny:  These are the same use cases we've been discussing 
  in the group ... so it's a formality, most should be familiar.
Manu Sporny:  Any other concerns for the upcoming TPAC meeting?
No other concerns.

Topic: Open Badges and JSON-LD

Manu Sporny:  Could you give us a brief updating on what you're 
  been working on with respect to JSON-LD/signatures on the Badge 
  Alliance side?
Nate Otto:  I think most people on the call are probably familiar 
  with how badges are structured.
Nate Otto:  We're looking at updating standards to move towards 
  using JSON-LD and make it possible for different issues to share 
  their representations.
Nate Otto:  JSON-LD is pretty good in that you can say "this is 
  the term I'm using and it maps back to a URL that describes what 
  it does"
Nate Otto:  However, if two different people add a location to a 
  badge, one may be thinking about the location where the badge was 
  earned, and others might be thinking about a location for future 
  possible opportunities for earning a badge. So slight differences 
  in meaning.
Nate Otto:  So we're looking at bundling properties together and 
  publishing context files and letting people use those and share 
  them, etc.
Nate Otto:  Does anyone have any questions?
Manu Sporny:  That sounds clear so I understand you. It's a good 
  direction. I do have a couple questions.
Manu Sporny:  Badge Alliance is focused on using JSON-schema, and 
  we also use that to validate messages coming into REST APIs. The 
  system that receives it can frame the data coming in and put it 
  in a specific structure and then JSON schema can be used to 
  verify the syntactic requirements are met.
Manu Sporny:  You can ensure that the proper semantic information 
  is in there and the syntactic structure of the badge is what it 
  needs to be.
Manu Sporny:  I think that's restating what you said, what I'm 
  trying to express is that there's a large amount alignment there.
Nate Otto:  I do want to make sure we're building the right 
  thing. At first we wanted to get a proposal out in July but it 
  slowed down, and there are a bunch of different ways to structure 
  the relationship between JSON-schema and JSON-LD and -- things 
  like whether you force people to put extension properties in a 
  certain place or anywhere in the badge, etc. So a lot of design 
  decisions to make.
Manu Sporny:  I noticed that there was a big discussion about 
  what you just said -- if you put all the extensions in a 
  top-level object, you don't really need JSON-schema except for 
  things like addresses, as it has structured data like street 
  name, city/state/region, etc. all of those things.
Nate Otto: Some pictures/diagrams to look at 
Manu Sporny:  I don't think we can get away from JSON schema; 
  it's currently unclear what the best approach is (at global 
  JSON-LD scale), some orgs take JSON-LD and convert to RDF and do 
  a SPARQL query against it and that's not what we want to do to 
  Web Devs, but it's one way to do it. The JSON-LD @context can 
  have extra data in there but there's no standard way to express 
  that ... if we're going to do that we might want to pull in the 
  rest of the JSON-LD community to have that discussion. There are 
  other orgs that are doing that but there is no vocab that has 
  come about as a result of that. What we could do is take the work 
  that you've done and feed it back to the JSON-LD community as 
  general input. Let's say we want to use JSON-schema and not 
  JSON-LD framing, would that be a valid way of doing it. All I'm 
  saying is let's take advantage of that community an d they have 
  great insight and have been working with JSON-LD for the last 4+ 
Nate Otto:  I think that's a good idea and this work is ready for 
  feedback from that kind of group.
Nate Otto:  We have prototypes of it actually working, etc. I 
  personally think those prototypes are hundreds of lines too long 
  and I'd prefer something simpler :) -- I'd like to have that 
  conversation with the group.
Manu Sporny:  We'll try to get that conversation going.
Nate Otto:  Great, we can talk to people that have done this 
Manu Sporny:  Any other concerns that are floating out there that 
  you'd like input on ... as far as the move to JSON-LD, etc.?
Nate Otto:  You originally suggested doing a very flat approach, 
  and I've pushed back on that because I do like keeping things 
  module. There are some details with different scope that work 
  better that way.
Nate Otto:  Toward the end of that slide deck that I linked to, 
  there are some sketches for how I think some small iterations 
  move towards 2.0 that could break backwards compatibility and I'd 
  like some good technical feedback on that to see if it's a good 
  direction to head.
Manu Sporny:  There are some other concerns I want to put pins in 
  where I have you here; I think the digital signatures thing is a 
  big question mark now, TrueCred/Credential stuff does it one way, 
  and the Open Badge stuff does it another way. I think we want to 
  discuss that.
Manu Sporny:  Let's say you refer to a badge class using a URL 
  and you digitally sign that badge, what happens if that badge 
  class changes?
Nate Otto: Those are exactly the questions I'm wrestling with 
  this week. :)
Manu Sporny:  For example, if someone got a Pilot License 
  credential at some point and then the requirements change 5 years 
  later, you want to make sure that the requirements aren't 
  auto-pulled into the signed badge.
Nate Otto:  I do think I'm moving towards what TrueCred/ACDT has 
Nate Otto:  The JWT stuff has issues, like modification without 
  breaking signatures, etc.
Manu Sporny:  Ok, let's put a pin in that and say we need to have 
  a discussion about that.
Nate Otto: Building a vocabulary: We have been doing some very 
  preliminary vocab work 
  http://etherpad.badgealliance.org/ba-standard-defininitions in 
  the badge alliance
Manu Sporny:  The other discussion we want to have is about 
  vocabulary. I dont' think anyone in this group wants to reinvent 
  the wheel, and Badge Alliance already has a vocabulary. We'd like 
  to use that and transform that into a proper RDF library with a 
  proper JSON-LD context and I know you've already been doing some 
  of that work. We want to get that document created and build off 
  of it. That's joint work the CCG and Badge Alliance can work on 
  and we can maybe hand off to Badge Alliance or Badge Alliance can 
  decide to standards track that and feed it back into W3C.
Manu Sporny:  I don't know where you guys are in BA thinking 
  about that same thing.
Nate Otto:  We just stuck all the terms into an etherpad to hack 
Dale McCrory: Can a Badge be included in a JWT? Since a JWT may 
  be used during the authorization and authentication process of 
Nate Otto:  BA would like to make this very standardized
Manu Sporny:  Any places that you feel the two approaches are 
Nate Otto:  Nothing comes to mind right now.
Manu Sporny:  If we can use JSON-LD and figure out the vocab, 
  we're 80-90% there. We can deal with other differences.
Manu Sporny:  I think that would be a huge success.
Manu Sporny:  Thanks for your work on the alignment work, Nate.
Nate Otto:  JWT is the current technology used for signing 
  Badges, the Badge assertion is complete in terms of having all 
  the information; I don't know much about OAuth. You definitely 
  could deal in JSON directly. If I'm misinterpreting that feel 
  free to contact me on the mailing list, etc.
Manu Sporny:  The Web Payments work started off with OAuth a long 
  time ago, and we have looked at JWT. And I'm speaking 
  specifically for Digital Bazaar and ACDT. We don't like the 
  complexity that OAuth (and OpenID Connect) bring to the table for 
  Credentials; there's a simpler way to do it. There are proposed 
  mechanisms for login, etc. We are planning on showing how to do 
  OAuth with a Credential, etc. during login, but it's more 
  complicated than it needs to be.
Nate Otto: Mozilla's badge issuing platform BadgeKit uses JWT to 
  send requests between system components.
Dale McCrory:  I was thinking about reinventing the wheel and 
  known developer knowledge.
Manu Sporny: Secure Messaging vs. Javascript Object Signing and 
  Encryption: http://manu.sporny.org/2013/sm-vs-jose/
Manu Sporny:  We feel that the Secure Messaging spec is much 
  simpler, the downside is it's a new spec. We do provide things 
  for people using the other existing stacks.
Manu Sporny:  Take a look through that blog post, we went into a 
  lot of detail on why we're not for the JOSE stack.
Manu Sporny:  Any other concerns before we head off to TPAC next 
No concerns voiced by group.
Nate Otto: Thanks for welcoming me to the call. Enjoy TPAC, and 
  we'll talk again in 2 weeks!
Manu Sporny:  Call next week is canceled we'll be at TPAC.
Mary Bold: Thanks all
David I. Lehn: Bye!
Received on Tuesday, 21 October 2014 18:36:13 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:38 UTC