- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Thu, 18 Feb 2016 14:47:58 +1100
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAM1Sok0OvvHxaG4_Mnr1_Fw7uEbc1QAFuSERov6J=W-+ytnDdg@mail.gmail.com>
Why is the work being explicitly directed towards use within the education
market?
Is this a technical or commercial consideration?
On 17 February 2016 at 17:01, Manu Sporny <msporny@digitalbazaar.com> wrote:
> Feedback on Verifiable Claims Task Force Final Report Draft from Ian
> Jacobs (W3C Payments Staff Contact):
>
> -------- Forwarded Message --------
> Subject: Comments on VCTF Report
> Date: Tue, 16 Feb 2016 20:59:32 -0600
> From: Ian Jacobs <ij@w3.org>
> To: Manu Sporny <msporny@digitalbazaar.com>, Dave Longley
> <dlongley@digitalbazaar.com>
> CC: Web Payments IG <public-webpayments-ig@w3.org>
>
> Dear Members of the VCTF [0],
>
> Thank you for preparing a report [1] on your activities for discussion
> at the upcoming face-to-face meeting. I read the report and the
> minutes of all the interviews. I have not read the use cases [2].
>
> I have several observations and questions that I'd like to share
> in advance of the face-to-face meeting. I look forward to the
> discussion in San Francisco. I will continue to think about
> topics like "questions for the FTF meeting" and "ideas for next
> steps."
>
> Ian
>
> [0] http://w3c.github.io/vctf/
> [1]
>
> https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Feb/0029.html
> [2] http://opencreds.org/specs/source/use-cases/
>
> ==================
>
> * First, thank you for conducting the interviews. I appreciate the
> time that went into them, and you managed to elicit comments from an
> interesting group of people.
>
> * In my view, the ideal outcome from the task force's interviews would
> have been this: By focusing on a problem statement in conversations
> with skeptics, areas of shared interest would emerge and suggest
> promising avenues for standardization with buy-in from a larger
> community than those who have been participating in the Credentials
> Community Group.
>
> * With that in mind, I think the results are mixed:
>
> - The interviews included valuable feedback that I believe can be
> useful to focusing discussion of next steps. For example,
> compiling a list of concerns about the project is very useful.
>
> - I believe the report does not do justice to this useful
> information.
>
> * Here is why I believe the report does not do justice to the
> interviews: it includes information that I don't believe was part of
> the task force's work, which clouds what the report could most
> usefully communicate. Specifically:
>
> - The survey in 5.1 was not part of the task force's work [0].
>
> - While documenting use cases [2] is valuable, I did not read
> in the interviewer's comments that they had considered the
> use cases. It would have been interesting, for example, for
> the interviewees to have considered the use cases, and to
> determine whether there was a small number of them where
> there was clear consensus that it was important to address
> them. But without connecting the interview comments to the
> use cases, I believe they only cloud this report.
>
> Thus, I find confusing the assertion in 6.4 that
> a "point of consensus" is that there are use cases. That
> may be the consensus of the Credentials CG that produced
> them, but it is not clear to me from reading the minutes
> that there is consensus among the interviewees on the
> use cases. Similarly, section 3 (Summary of Research Findings)
> goes beyond the work of this task force to include the use
> cases.
>
> * While there were a lot of valuable comments in the interviews, it would
> not be cost-effective to paste them all here. Here are a few synopses:
>
> - It sounded like people acknowledged the problem statement
> and also that this is a hard problem to solve.
>
> - Many people emphasized the opportunity to improve security and privacy.
> One opportunity that was mentioned had to do with user-friendly key
> management (which made me think of SCAI).
>
> - There is a high cost to setting up an ecosystem, and so the
> business incentives must be carefully considered and
> documented. (This is covered in 7.3 of the report.)
>
> - I found Brad Hill's comments particularly helpful:
>
>
> https://docs.google.com/document/d/1aFAPObWUKEiSvPVqh9w1e6_L3iH4T08FQbJIOOlCvzU/
>
> - A number of comments seemed to me to suggest a strategy for
> starting work:
>
> * Start small.
> * Start by addressing the requirements of one industry and build from
> there. I heard two suggestions for "Education" and explicit advice.
> against starting with health care or financial services.
> * Be pragmatic.
> * Reuse existing standards (a point you mention in section 3 of the
> report).
>
>
> * I don't understand the role of section 4 ("Requirements Identified
> by Research Findings"). This is not listed as a deliverable of the
> task force [0] and it does not seem to me to be derived from the
> interviews. The bullets don't really say "Here is the problem
> that needs to be solved." I think the use cases comes closer, and
> we need more information about business stories as mentioned above.
> Talking about things like software agents helping people store
> claims feels like a different level of discussion.
>
> * In section 6 "Areas of Consensus:
>
> - "Current technologies are not readily solving the problem."
>
> I don't think that's the consensus point. I think that formulation
> suggests too strongly "and thus new technologies are needed."
>
> I think the following headline phrase is more accurate: "Reuse
> widely deployed technology to the extent possible." You do say
> something close to that in the paragraph that follows, and
> again in 7.8.
>
> - "Minimum First Step is to Establish a Way to Express Verifiable
> Claims"
>
> (Also covered in a bullet in section 4.)
>
> First of all, I did not reach that result from reading the
> interviews. Second, the very sentences in the paragraphs that
> follow suggest there is no consensus. Namely:
>
> * "Many of the interviewers suggested that having a data model and
> syntax for the expression of verifiable claims AS ONLY PART OF
> THE SOLUTION." (This suggests they may not agree that "expression"
> is a minimal first step and that MORE is required in a first step.)
>
> * "Some of the interviewers asserted that the technology already
> exists to do this and that W3C should focus on vocabulary
> development." (So this is a recommendation to do vocabulary work.)
>
> * "Others asserted that vocabulary development is already
> happening in focused communities (such as the Badge Alliance,
> the Credentials Transparency Initiative)." (This doesn't say
> anything about what W3C should do; perhaps this sentence could
> be attached to the previous one instead.)
>
> * "Many of the interviewers suggested that the desirable outcome
> of standardization work is not only a data model and syntax for
> the expression of verifiable claims, but a protocol for the
> issuing, storage, and retrieval of those claims, but
> acknowledged that it may be difficult to convince W3C member
> companies to undertake all of that work in a single Working
> Group charter. " (This sounds like a repeat of the first bullet.)
>
> * "In the end, consensus around the question what kind of W3C
> charter would garner the most support seemed to settle on the
> creation of a data model and one or more expression syntaxes for
> verifiable claims."
>
> Basically, I do not think there is a consensus to do that among
> the interviewees. In detail, here’s what I read:
>
> - Brad Hill: "I don't know"
> - Christopher Allen: (I don't see any comment)
> - Drummond Reed: "user-side control of key management"
> - John Tibbetts: "document what a credential looks like
> (perhaps either a data model or ontology)
> plus a graphical diagram"
> - Bob Sheets: "I have a hard time addressing that question,
> whatever it takes to get your group started and
> on the map and doing work the better."
> - David Chadwick: (I don't see any comment)
> - Mike Schwartz: (I don't see any comment)
> - Dick Hardt: (I don't see any comment)
> - Jeff Hodges: (I don't see any comment)
> - Harry Halpin: "Another option is to scope down and aim at a
> particular problem domain, for example a
> uniform vocabulary for educational
> credentials. "
> - David Singer: (I don't see any comment)
>
> * I found interesting the section on "areas of concern" (along with
> Brad Hill's comments). It might be possible to categorize the
> concerns like this:
>
> a) Social issues
> 7.2 scalability of trust
> 7.3 business models and economics
> 7.4 business model for infrastructure
> 7.7 liability; fraud and abuse
>
> b) Design issues
> 7.5 slow evolution of agent-centric designs
> 7.6 risks associated with identifiers, keys, revocation
> 7.7 reusing existing work
>
> c) Communication
> 7.1 communicate vision / big picture
> (BTW, I agree, but this does not imply it belongs in a charter).
>
> - Scalability of trust is very interesting. I think I agree it's
> good to have an architecture that supports diverse business
> models, trust models, etc.
>
> - On business models and economics: "it is yet unknown if
> kickstarting the market will be enough to build a strong economic
> incentive feedback loop." It might be easier to find an answer
> by adopting the above strategy points about starting small and
> picking one market.
>
> * Please list the editors of the report. Also, if possible, please list
> in an
> acknowledgments section of the report the participants in the task force.
>
> --
> Ian Jacobs <ij@w3.org> http://www.w3.org/People/Jacobs
> Tel: +1 718 260 9447
>
>
>
>
>
>
>
Received on Thursday, 18 February 2016 03:49:09 UTC