W3C home > Mailing lists > Public > public-credentials@w3.org > September 2014

Credentials CG Telecon Minutes for 2014-09-30

From: <msporny@digitalbazaar.com>
Date: Tue, 30 Sep 2014 12:53:52 -0400
Message-Id: <1412096032237.0.8996@zoe>
To: Credentials CG <public-credentials@w3.org>
Thanks to Tim Holborn and Manu Sporny and Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials Community Group Telecon Minutes for 2014-09-30

  1. Web Payments Use Cases Vote
  2. Register Now for W3C TPAC
  3. Advanced Use Cases (Tim Holborn)
  4. Offer use case
  5. Proof of Contribution Use Case
  6. Proof of Invention Use Case
  7. Wrapping up Use Cases
  Manu Sporny
  Tim Holborn and Manu Sporny and Dave Longley
  Tim Holborn, Manu Sporny, Pat Adler, Jörg Heuer, Dave Longley, 
  Eric Korb, Sunny Lee, Mary Bold, David I. Lehn

Tim Holborn is scribing.
Manu Sporny:  On the agenda today, making sure people know about 
  the Web Payments use case vote, are registered for TPAC, and 
  going through the use-cases. Any other additions/changes to 
No changes.

Topic: Web Payments Use Cases Vote

Manu Sporny:  Web-payments use-group have finalised a draft that 
  will be presented to the W3C Interest group at TPAC
Manu Sporny: 
Manu Sporny:  Basically the use-cases are more-or-less revised.  
  these cases came from paris. alot of identity use-cases moved 
  into this group.
Manu Sporny: 
Manu Sporny:  This is the use-cases, credentials is a big part of 
  the use-cases. although it has been set in stone for 
  web-payments, it’s very much the requirement for credentials 
  group.  A vote is going on, if this is agreed upon. it will be 
  the responsibility of this group to define the credentials 
Manu Sporny:  If anyone here is involved with web-payments, make 
  sure you get involved with the vote. Basically, look at the 
  use-cases and identify what the technical requirements will be 
  for the web-payments work.
Tim Holborn:  Questions about the privacy stuff, what about the 
  ODRL group? Is that fit to print? I need to follow up on that 
  with you at some stage. [scribe assist by Manu Sporny]
Tim Holborn:  We spoke about the privacy work and I'm not sure if 
  it's going to fit the work, I'll follow up. [scribe assist by 
  Dave Longley]
Manu Sporny:  I don’t know if we have the data rights stuff in 
  there, I don't think we do have it in the Web Payments Use Cases 
Manu Sporny:  My concern is that we were talking about data 
  rights in credentials, but not in web-payments. we need to do 
Manu Sporny:  Because your purchase / transaction history can be 
  used to track you.
Manu Sporny:  And ODRL we need to touch base with from both 
Manu Sporny:  The other thing to pay attention to, is that the 
  payments process is exactly the same proces the credentials group 
  will need to go through.
Manu Sporny:  My hope is that we’ll be able to go through exactly 
  the same thing in the next few weeks
Manu Sporny:  Any other questions?

Topic: Register Now for W3C TPAC

Manu Sporny: Web Payments IG now on the schedule
Manu Sporny:  Important thing to note is that the web-payments 
  session is in the schedule now.
Manu Sporny: https://manu.sporny.org/2014/3-wp-events/
Manu Sporny:  (W3C Web Payments Activity)  the web-payments 
  interest group is listed. the vote to create the Web-Payments 
  activity at W3C is going on now.
Manu Sporny:  If you are going to TPAC - make sure you register 
  for the Web-payments group if you want to discuss the credentials 
Manu Sporny:  Talking about schedule….
Pat Adler:  Is the meeting on wednesday?
Manu Sporny:  (Discussing the way TPAC is organised this year). 
  Basically, we can have the credentials meeting on Mon/Tue instead 
  of Wed.
Manu Sporny:  The internet identity workshop is happening on the 
Manu Sporny:  Perhaps we’ll announce an ad-hoc meeting on the 
Tim Holborn:  Still working on funding to get over there, if you 
  could help w/ getting access to the W3C TPAC as an Invited 
  Expert. [scribe assist by Manu Sporny]
Manu Sporny:  Let's take the discussion offline, Web Payments 
  group is being very strict about Invited Experts (which is 
  unfortunate for the preliminary meeting). [scribe assist by Manu 

Topic: Advanced Use Cases (Tim Holborn)

Manu Sporny: 
Manu Sporny:  We went through the use-cases Tim Brought-up in the 
  first email last week.
Manu Sporny is scribing.
Tim Holborn:  So, peer-to-peer advertising - concept was to wrap 
  an Offer statement as a payment URL.
Tim Holborn:  Conceptually, make the offer discoverable.
Tim Holborn: http://webizen.org/
Tim Holborn:  That Webizen system searches FOAF URLs, so if you 
  type in "tim" it'll pull information out from decentralized 
Tim Holborn:  This is about writing some sort of HTML-style 
  document where you can specify an offer, and then potentially 
  create a claim on that offer w/o needing to integrate it into a 
  traditional content management system.
Tim Holborn:  Like an eBay or traditional merchant type website.
Manu Sporny:  This seems like a Web Payments use case.
Jörg Heuer: Should/ can commercial offers be represented by 
  credentials, really? (Joerg Heuer, Deutche Telekom Labs)
Tim Holborn:  How do you make sure someone hasn't changed the 
  payment URL? If they change that, then contract would be void.
Dave Longley: 
Tim Holborn:  Would you generate a credential from that?
Dave Longley: 
Jörg Heuer:  If we go too deeply into the shopping experience 
  that won't be good for this group. We'll have a session and 
  something that offers a transaction in the Web Payments work, 
  might not need to go deeper than that.. 
Manu Sporny:  This use-case touches credentials, but likely 
  belongs in the web-payments group. [scribe assist by Tim Holborn]
Tim Holborn:  When you're signing the document, does that protect 
Dave Longley:  Yes, if any of the information changes, the 
  signature will fail. You can't tamper with it.
Dave Longley:  A credential is a set of statements about an 
  identity that is endorsed by some 3rd party. The most important 
  part is that we're talking about a set of statements about an 
  identity. We don't want to open the scope to be wider about that.
Dave Longley:  That's not where we want to go.
Tim Holborn:  So the credential, we're dealing w/ the identity of 
  a legal entity.
Manu Sporny:  Only thing the digital signature does, is ensures 
  the digital information that was signed cannot be tampered with. 
  [scribe assist by Tim Holborn]
Manu Sporny:  Definition we use for credential is very specific, 
  as defined in the charter... [scribe assist by Tim Holborn]
Dave Longley:  Take a look at Web Commerce spec, talks about 
  publishing an offer. Describes what an offer would look like. The 
  credentials work comes in where there is an ID for an entity 
  (person providing offer, person receiving payment, etc.)
Tim Holborn:  I think where my confusion was was around the 
  generation of the signature.
Manu Sporny:  This group is then going to work on the identity, 
  such as drivers licenses, bank accounts and other identity 
  information... [scribe assist by Tim Holborn]
Tim Holborn: What consitutes a credential? The list from the call 
  last week - http://opencreds.org/minutes/2014-09-23/#47
Jörg Heuer: ... But a credential coud be a 'proof of purchase' to 
  let you access content, etc. Right?
Tim Holborn:  Was it documented clearly? [scribe assist by Tim 
Dave Longley: Joerg, 
  <-- proof of purchase
Jörg Heuer:  Still not a "credential", but is a digitally-signed 
  document (a receipt) that proves a purchase occurred [scribe 
  assist by Dave Longley]
Jörg Heuer:  (That you can use to access 
  content/service/whatever) [scribe assist by Dave Longley]
Manu Sporny:  Is a proof of purchase a credential?  it is a 
  digital receipt. you could say / argue it is a credential. we are 
  arguing it is not a credential. [scribe assist by Tim Holborn]
Jörg Heuer: ... Using it as an access key - or to receive a 
  special discount...
Pat Adler:  It could be used if was used after the transaction? 
  [scribe assist by Tim Holborn]
Jörg Heuer:  When talking about digital goods, you could use a 
  digital receipt as a credential.
Manu Sporny:  A license to a particular person could be termed a 
  credential. [scribe assist by Tim Holborn]
Manu Sporny:  It depends on how the information could be used. 
  but for right now, if you’ve got a bunch of statements about an 
  entity. we’re saying that’s a credential.  if it’s something 
  about an asset? we’re saying that’s not a credential. [scribe 
  assist by Tim Holborn]
Dave Longley:  I think what's important is that we think of these 
  definitions in how these systems can work together, we need to 
  make sure to keep the scope limited.
Jörg Heuer: Proposal - the subject of a purchase can be a 
  credential - or a book or file...
Dave Longley:  There's nothing wrong w/ those arguments, they 
  could all be philosophically argued to be correct, we need to 
  keep our scope limited to identity.
Dave Longley:  Otherwise, all of this stuff will bleed together, 
  and we won't be able to work on the technology.
Eric Korb:  I agree that definition is clear wrt. licenses.
Pat Adler:  Is the difference - anything that is a credential is 
  expected to be used to authenticate?
Jörg Heuer: We don't need to take care of every kind of 
  credentials, I think.
Dave Longley:  It might be that in one context something is 
  considered a credential, in another context, it's not.
Jörg Heuer: +1
Pat Adler:  Receipts are for verification that something 
  happened, where authentication is for access... maybe more of a 
  heuristic? What types of entities require a credential vs. a 
Pat Adler:  Information about organization, government, 
  individual, machine system doing the action - those require 
  credentials for authentication purposes. Perhaps it's a 
Manu Sporny:  The key being we’re trying to narrowly scope the 
  work, we do not need to take care of everything with a 
  credential. [scribe assist by Tim Holborn]
Tim Holborn: +1

Topic: Offer use case

Tim Holborn:  I create a document to advertise the availability 
  of my pushbike, including the amount i seek for the bike and the 
  terms (pick-up only).
Tim Holborn:  Selling a bike is similar to P2P Advertising. 
  [scribe assist by Tim Holborn]
Tim Holborn:  I create a document to advertise the sale of a 
  T-Shirt.  I display the price (in local currency) and link to a 
  shipping provider (to automate the shipping fees)
Manu Sporny:  This is a Web Payments use case - it's an offer of 
  sale/availability/service.  [scribe assist by Tim Holborn]
Tim Holborn: Yup, Let's, move it to Web Payments CG.

Topic: Proof of Contribution Use Case

Tim Holborn:  I use a credential when initiating PUT on a 
  project, incorporating a multitude of others, and an agreement 
  for contributing to project.  My credential is associated to my 
  contributions for the purpose of remunerating me if the project 
  moves to a point where a revenue is identified 
Tim Holborn:   Some of these Bitmark images show a variety of 
  use-cases.  In the above example; the use-case denotes a ‘proof 
  of stake’ rather than the use of a transactional credential of a 
  fixed financial integer (meaning $1).  In the “contribute” 
  example, a contributor may provide 1% of total contribution, or 
  10% of total contribution for stage 1, or 1% of total 
  contribution to date, or 0.5% of total contribution - upon the 
  date that the project is achieving critical mass (has a million 
  users, is generating revenue, etc.)
Tim Holborn: Contribute: so, the use-case is like using github
Manu Sporny:  The general idea is when you are working on a 
  project, you want to associate your identity to your 
  contributions. so if the project moves to the situation where 
  it’s making money, you can be renumerated for it. [scribe assist 
  by Tim Holborn]
Manu Sporny:  You need to assocaite it to identity. which means 
  we need some sort of URL that can be looked-up.  In the 
  use-cases, it means you can find an identity URL. I think we 
  already have this covered, we don't  need another use case. Does 
  anyone disagree? [scribe assist by Tim Holborn]
Tim Holborn: +1
Tim Holborn: +1 - All good..
Sunny Lee: Nope
Dave Longley: +1  - Already covered by the use cases we have

Topic: Proof of Invention Use Case

Tim Holborn:  I write a document disclosing an invention i 
  purport to have defined in a manner that would denote the work as 
  being innovative.   I publish this specification, incorporating a 
  credential that provides a date-stamp (“priority date” esk).  I 
  submit an offer statement with respect to the use of the 
  knowledge contained within that document; and perhaps define a 
  specified market (i.e. use can MFG product for personal use or 
  for commercial manufacture within these restrictions).
Tim Holborn: Essentially - a portion of the intellectual property 
  process is establishing a priority date.
Tim Holborn: So, the objective is to provide sufficient 
  information that supports this priority date requirement.
Tim Holborn:  There are several different parts - the first 
  element is you make a claim of some point of innovation 
  (identified a priority filing date). 
Tim Holborn:  Whether or not the patent should be granted is up 
  to the national authority. So, the main thing - concept around 
  publishing an idea on the Web, have it date-stamped, digitally 
  signed, so that it's effectively the same as publishing via the 
Dave Longley:  I'm trying to figure out what part of the standard 
  would be used in this case. It involves digital signatures, 
  assertion of certain identity writing a document, not seeing what 
  would be standardized around this use case.
Dave Longley:  Seems like it would be useful for someone to 
  implement, why is it a credentials use case?
Jörg Heuer:  This looks like something in EU framework - 
  attribute-based credentials. I might have an institution asking 
  me to ensure that they're not making me give away my 
  identity/credentials. I think we should support attribute-based 
  credentials, in scope - would like to see that. Overall process 
  around it, assuring customer that everything is being done 
  correctly, doesn't belong in credentials work.
Pat Adler:  Other interesting angle here is the inputs to the 
  payment group - group working on verification on credentials - 
  they should support for each transaction a composite signature - 
  multiple identities being used to verify a particular claim. 
  USPTO signature, plus mine, plus some other organization 
  (counter-signatures) should be supported.

USE CASE: Support endrosements/counter-signatures on credentials. 
  Signatures can be either dependent on one another (chained 
  together), or multiple signatures on original document (part of a 
  mathematical Set).

Dave Longley is scribing.
Manu Sporny:  We want to support both of these use cases: I give 
  a document to Pat and Joerg and they both sign it and give it 
  back -- or I give a document to Pat and he signs it and then 
  gives it to Joerg who signs it (and includes Pat's signature).
Tim Holborn:  Is there a use case where the information can 
  remain confidential before publishing?
Manu Sporny:  We have the technology to encrypt, so that's not a 
  problem, so the questions is "Do we want to talk about encrypted 
  credentials?" -- and the way most patent systems work is that you 
  need to make a public statement when applying for a patent
Tim Holborn:  Don't you need to maintain confidentiality of the 
Manu Sporny:  Not for patents, in general, you have to make a 
  full disclosure of a patent.
Manu Sporny:  For the confidentiality stuff we should be talking 
  about private documents between people or organizations.
Tim Holborn:  In the preparation of a concept an ‘inventor’ wants 
  to patent - does it need to be confidential prior to the 
  publication of the ‘patent document’. [scribe assist by Tim 
Tim Holborn: Ie: drafts.
Tim Holborn: +1
Dave Longley:  The disclosure of the patent is what gives you the 
  power. [scribe assist by Manu Sporny]
Tim Holborn: Actually, I see what you mean now.
Tim Holborn: Write a document on the web which supports an 
  identity claim, a date stamp, digitally signed with the capacity 
  to countersign the document
Pat Adler:  One of the other derivatives of the counter-signing 
  thing is - what about composite credentials? Combinations of 
  authorizations from multiple parties. You, completing transaction 
  are authorized by multiple organizations. For example, USPTO - 
  combining different elements of credentials from different 
  organizations. In order to open bank account, I have to have 
  different banking credentials  (drivers license, government 
  credentials) [scribe assist by Manu Sporny]
Pat Adler:  Using credentials issued by separate authorities. 
  [scribe assist by Manu Sporny]

USE CASE: Enable multiple credentials from multiple 3rd parties 
  to be composed together to grant authorization to access a 

Dave Longley:  We probably have a use case that you can provide 
  credentials to authenticate. We want to make sure that we're 
  clear that you can combine multiple credentials in a particular 
  transaction. [scribe assist by Manu Sporny]
Pat Adler:  How do I pass along organization's authorization 
  along with my own credential information? We should answer that 
  question. [scribe assist by Manu Sporny]

Topic: Wrapping up Use Cases

Manu Sporny:  I think the plan is to try to get through the rest 
  of the use cases next week and then see if we can put all of this 
  in a document and vote on it to be ready in time for W3C TPAC. 
  Anyone have any issues w/ trying to do that? [scribe assist by 
  Tim Holborn]
Tim Holborn: +1
Dave Longley: +1
Manu Sporny:  Ok, then we'll do that - organise these into a more 
  definative list of use-cases. and as long as everyone is ok with 
  it, we’ll goto some sort of vote to get the first set of use-case 
  agreed for TPAC. We'll try to do this next week. [scribe assist 
  by Tim Holborn]
Tim Holborn: +1
Dave Longley: +1
Sunny Lee: Thanks everyone
Mary Bold: Thanks!
David I. Lehn: Bye all
Received on Tuesday, 30 September 2014 16:54:16 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:38 UTC