W3C home > Mailing lists > Public > public-credentials@w3.org > May 2016

Verifiable Claims Telecon Minutes for 2016-05-24

From: <msporny@digitalbazaar.com>
Date: Tue, 24 May 2016 15:03:33 -0400
Message-Id: <1464116613237.0.10721@zoe>
To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-05-24/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-05-24

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016May/0034.html
Topics:
  1. Introductions to New Participants
  2. Agenda Bashing
  3. Introduction to Anil John and DHS Blockchain R&D
  4. Other Introductions
  5. United Nations ID2020 Summit Recap
  6. Rebooting Web of Trust Design Workshop Recap
  7. Recent Vermont Legal Finding
  8. Update on Work Items
Organizer:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Manu Sporny, Maria Vachino, Anil John, Darrell 
  Duane, Shane McCarron, David Chadwick, Bill DeLorenzo, Dan 
  Burnett, Anita Brady, Jason Weaver, Kerri Lemoie, Colleen 
  Kennedy, Christopher Allen, Richard Varn, Carla Casilli, Eric 
  Korb, Wayne Vaughn, Arie Y. Levy-Cohen, Alok Bhargava, Alex 
  Oberhauser, Jen Behrens, Brian Sletten, Rob Trainer, Alex Romero, 
  David I. Lehn, Gregg Kellogg
Audio:
  http://w3c.github.io/vctf/meetings/2016-05-24/audio.ogg

Dave Longley is scribing.
Manu Sporny:  I think it would be best if do a number of 
  introductions because we have a number of new folks on the call 
  today.

Topic: Introductions to New Participants

Manu Sporny:  If you could give a quick 2-3 sentence of who you 
  are, the org you're with, and what you're interested in the call 
  that would be good. Keep in mind that we want to get through this 
  pretty quickly so we can get to Anil's intro on the DHS 
  blockchain project.
Maria Vachino:  I'm with Johns Hopkins Applied Physics Lab, 
  Project Manager, U.S. Department of Homeland Security Science and 
  Technology Directorate Identity Management & Privacy Research
Anil John:  I'm Anil John, I'm with DHS, I manage two Programs at 
  the U.S. Department of Homeland Security Science and Technology 
  Directorate -- The Identity Management R&D and the Data Privacy 
  R&D Programs in the Cyber Security Division
Darrell Duane:  I'm with Xcelerate and one of the awardees of the 
  DHS blockchain SBIR.
David Chadwick: I am David Chadwick, Professor of Information 
  Systems Security from the University of Kent
Bill DeLorenzo:  This is Bill Delorenzo and I'm with 
  Accreditrust. We're in the business of developing platforms for 
  creating digital credentials and processing services in various 
  vertical segments and we're in the process of rolling a new 
  platform, product and services in this area.
Manu Sporny:  Rob Trainer and Alex are also with Accreditrust, 
  skipping in the interest of time.
Manu Sporny:  Myself, Dave Longley, Dave Lehn here from Digital 
  Bazaar been doing work in this area for a while now.
Dan Burnett:  I've done standards work on WebRTC and VoiceXML. 
  I'm one of the current editors for the specifications in this 
  group on Verifiable Claims Data Model. Do stuff at W3C and IETF
Anita Brady:  I'm a Vice President of Product Management & 
  Strategy with Oracle in their Financial Services Global Business 
  Unit, participating out of interest in this group.
Jason Weaver:  I'm the Director of Digital Credential Strategy at 
  Parchment. Parchment is an academic credential company.
Kerri Lemoie:  I'm the CEO/CTO at OpenWorks Group, we build 
  smart, scalable web and mobile-ready applications for 
  organizations and businesses focused on education and educational 
  services. I'm also an Openbadges contributor, member, 
  contributing to badges on blockchain.
Colleen Kennedy:  I'm with Pearson, work with Acclaim Badges 
  team, representing Matt Stone.
Christopher Allen:  I'm Principal Architect at  Blockstream, 
  chair of Hyperledger Identity WG, adviser of ID2020, organizer of 
  Rebooting Web of Trust, associated with a number of 
  standardization activities.
Richard Varn:  I'm a Distinguished Presidential Appointee at 
  Educational Testing Service (ETS), converting high and low stakes 
  score assessments into credentials. I've also been a CIO, 
  legislator, and have been working on credentials for about 30 
  years.
Carla Casilli:  I'm working with Connecting Credentials, working 
  with Badge Chain, coming from open badges environment.
Shane McCarron:  With Spec Ops, been involved with W3C for 20 
  years or so, Spec Ops chartered to help development of standards 
  in this area.
Eric Korb: Eric Korb, CEO, Accreditrust (by chat), digital 
  credentialing platform service provider
Wayne Vaughn:  I'm the Founder & CEO at Tierion, a blockchain 
  technology company, authored a protocol called chainpoint, 
  related to VCTF WG goals. Participated at ID2020.
Manu Sporny:  Welcome everyone that's new. We're probably missing 
  6-7 people due to various conferences, so not everyone. But 
  hopefully everyone can see that we're getting a fantastic 
  critical mass of people from different industries.

Topic: Agenda Bashing

Manu Sporny:  Today we have a packed agenda.
Manu Sporny:  
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016May/0034.html
Manu reads agenda.
Manu Sporny:  We won't get through the whole agenda today, so 
  we'll front load the call with as many of our new guests as 
  possible and let them say a couple of things about what they're 
  working on and how it might relate to the work we're doing here, 
  any updates or changes to the agenda?
No changes requested.

Topic: Introduction to Anil John and DHS Blockchain R&D

Manu Sporny:  Anil, if you could give us some background on the 
  DHS blockchain project that would be great.
Anil John:  Good morning everyone, good X for different time 
  zones :).
Anil John:  Stepping back, science advisor of homeland security, 
  job is to look 5 years out and understand what's coming down the 
  line. There's irrational exuberance around blockchain. Our 
  interesting blockchain tech is quite the reverse. As PM in this 
  area and someone who has been in the field for some time, I'm a 
  skeptic when it comes to blockchain tech. The proposal we put out 
  there is to get at the root of what blockchain can do.
Anil John:  If you are in the identity attributes space, there 
  are fundamental set of principles to make it real. [lists them].
Anil John:  On the privacy side, selective disclosure, 
  pseudoanonymity, etc.
Anil John:  Proposal is to find out how or if blockchain tech can 
  implement those principles and if it makes sense to do so.
Anil John:  As part of it, we've awarded to four companies, 
  Digital Bazaar, Respect Network, Xcelerate, and Narf 
  Technologies.
Anil John:  Need to find out if the tech can be built out. If 
  it's true, there are a set of things that become open. DHS is an 
  authoritative source for a variety of claims and attributes, 
  eligibility to work, first responder attributes, so on. Shared 
  responsibility with DHS and FEMA, local as well.
Anil John:  There are use cases there but not going there or 
  recommending to customers without having foundation proved or 
  disproven.
Anil John:  Companies working on this will give us an answer or 
  tell us to go somewhere else to spend our time on.
Anil John:  That is DHS' interest in the technology and why we're 
  funding the projects.
Manu Sporny:  For those new to the call you can type: "q+" to get 
  on the speaker queue.
Manu Sporny:  Please add yourself if you have any questions.
Manu Sporny:  If you don't want to speak or can't, you can type 
  into the chat channel.
Manu Sporny:  Everyone in this group is trying to figure out what 
  the architecture for a self-sovereign/user centric identity 
  system would be like. We're also trying to translate that into 
  specs to take through W3C process.
Manu Sporny:  Could you give us your thoughts on that ... are you 
  looking for products or standards or a hybrid?
Anil John:  I don't have a clear answer. This is a conversation 
  that I know people in self-sovereign identity people have heard 
  this speech from me before. My concern in general is that there's 
  a drive ... everyone agrees that there is value in individuals 
  controlling their data and their ability to assert whatever you 
  define as identity. My comment to that has always been "great", 
  but in general the adoption or lack thereof in this space has 
  always been driven by imbalance in power of asserters of info and 
  consumers of info.
Anil John:  Consumers have a lot of power in accepting or 
  rejecting that. If you want those people to accept your 
  self-sovereign identity or any other type of identity, it needs 
  to be vouched for and trusted ... by someone the relying party 
  trusts.
Anil John:  I haven't seen an effort to address that particular 
  point, more like an effort to create an identity production 
  thing. Large scale lives or dies on that. The authoritative 
  nature of the claims and how you prove that authoritative nature 
  is critical to address.
Manu Sporny:  Great, thank you, Anil.
Arie Y. Levy-Cohen:  I have a comment on self-sovereign identity 
  control points just made.
Arie Y. Levy-Cohen:  With regards to self-sovereign identity, 
  fine and good for we the people ... I'm sure that there are 
  regulatory and governmental reasons for not relinquishing control 
  over identities to people themselves might be an issue, but isn't 
  that solved somehow with an elegant layer of permissioning 
  depending on the circumstance?
Anil John:  Yes, and I think I agree with you. At a higher level, 
  it's irrelevant to someone who is trusting an assertion ... maybe 
  too strong of a word, doesn't matter where it's from but more 
  that someone is standing behind it and that they can trust that 
  entity.
Anil John:  That needs to be addressed by whatever mechanism you 
  put into place. That seems to be lost in the noise.
Manu Sporny:  I think part of the issue that we've always had in 
  this group is terminology, but we've heard enough of it to 
  understand that what Anil is saying is something we hold to be 
  true in this group. The consumers of the credentials need to be 
  able to trust the issuers and it needs to be dynamic some 
  consumers will trust one set others a different set.
Manu Sporny:  Self-sovereign can be part of the solution... I see 
  this as a good sign, we're gaining momentum.
Eric Korb: +1
Anil John:  I slightly disagree, the person that issues the 
  claims might be disparate from the person who is vouching for 
  them on behalf of the person.
David Chadwick: Plastic cards provide a good model of how they 
  work in practice today
Anil John:  It is irrelevant to me who is the issuer, an org, an 
  individual, what is important to me is who is standing behind it.
Anil John:  It doesn't need to be the same identity.
Manu Sporny:  Yes, absolutely, I think there's a lot of alignment 
  on that.
Anil John:  Yes, digital signatures also give you this -- it 
  doesn't matter who is presenting a credential, it matters who 
  makes the claim (who is standing behind it)
Manu Sporny:  There's also some discussion in the IRC channel.
Alok Bhargava:  I just have one clarification that I'm looking 
  for, the point that Anil just made, I don't think that's related 
  to technology.
Manu Sporny:  No, I think it's somewhat related, but is 
  technology agnostic.
Alok Bhargava:  I think whether we support the notion that he 
  brought up, what tech to use is a separate question.
Manu Sporny:  Yes, and that's part of the technical work we've 
  been doing and will continue doing.
Dave Longley:  Because we were talking about how technology may 
  or may not have to do w/ separating who is making an assertion 
  and who is making it. The technology that we're working on here 
  is very different from service-centric. Instead, we have 
  decoupled those who make the assertion from those who verify the 
  assertion. [scribe assist by Manu Sporny]

Topic: Other Introductions

Alex Oberhauser:  Hi Alex Oberhauser, I'm the CTO of Cambridge 
  Blockchain. [scribe assist by Manu Sporny]
Jen Behrens:  Hi, I specializes in privacy and policy analysis, 
  governance, data analytics, information technology, and identity 
  management solutions. My main focus is on privacy compliance and 
  the implementation of trust framework governance structures for 
  pilot programs as awarded by the National Strategies for Trusted 
  Identities in Cyberspace (NSTIC).

Topic: United Nations ID2020 Summit Recap

Manu Sporny: 
  https://twitter.com/ChristopherA/status/733671106612199426
Christopher Allen:  I just put a twitter status into IRC that you 
  can go to see my slides.
Christopher Allen:  It was at the UN. It's a big deal, we had 
  ambassadors and policy makers, etc. there. Goal to bring the 
  legal, gov't side of things (legal code) to the technologies who 
  have software code.
Christopher Allen:  Goal is leaving no one behind, provide legal 
  identity for all, a UN mission, to do by 2030. 16.9 million or 
  19.6 (I forget exact number), leave no one behind, want 
  partnerships with technologists and they want innovation. Call to 
  action. We want to do a lot of education, interesting blockchain 
  opportunities, need policy commitments, balancing short term and 
  long term needs.
Christopher Allen:  Slide 3, what can get in the way? There are 
  risks, but we need to protect communities, not create new 
  problems, we don't want to become ... "digital colonialists" into 
  these worlds. We need to figure out the appropriate role of gov't 
  and lots of individual challenges around adoption.
Christopher Allen:  Next slide about specific problems with 
  identity, carrier problems, people who don't have voice, tilted 
  toward first world, lots of issues in the financial sector, want 
  to give access but also protect people. Information rights and 
  records to be careful. Next slide is the reality. 10 million 
  stateless people in the world and 1.5 billion without 
  citizenship. How do we handle refugees and voters. Need a unified 
  vision.
Christopher Allen:  Be careful with regard that identity could be 
  weaponized.
Manu Sporny: Christopher talking through 
  https://twitter.com/ChristopherA/status/733671106612199426
Christopher Allen:  We talked about best practices and what the 
  role of biometrics is. Talked about what tech can do to make this 
  a reality, want individual freedom. I was quite pleased to hear 
  an ambassador use the term self-sovereign identity. We need to be 
  flexible.
Christopher Allen:  I think that's a good summary, the event was 
  very much a high level overview, there were opportunities for 
  meeting and networking but not for creating specific initiatives 
  or documents, proclamations or things of that nature. The want to 
  do another one a year from now. I used this to lead into 
  Rebooting Web of Trust.
Christopher Allen: Self-Sovereign Identity as a concept was well 
  received 
  http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
Manu Sporny:  Thanks, Christopher. Before we go on, event was 
  deeply moving. Was about people who are most vulnerable on this 
  planet and how identity and identifiers could be something that 
  could help. Tying the work that we're doing ehre to people in 
  refugee camps that could use these techs to make their lives 
  better was one deeply important and moving. And two we were able 
  to make contact with a number of people that are on the ground in 
  these refugee camps and people that are trying to prevent human 
  trafficking and view identity as a way of reducing it.
Manu Sporny:  We have access to a number of people that are doing 
  that and before we didn't. Now in Web Payments and in Credentials 
  work there are a number of people who want to help people in 
  vulnerable positions and but now we've made contact with peopel 
  on the ground and hopefully we can tighten up the feedback loop 
  to build something to help people in these positions.
Manu Sporny:  Anil did you have comments on the event?
Anil John:  It was a good event, it was remarkable in that there 
  were three different communities there, policy makers, 
  technologists (very heavy on blockchain front), and people with 
  deep pockets.
Anil John:  I look forward to seeing how the problem that 
  supposedly brought them all together will motivate them toward a 
  common goal. I was heart broken by the challenge and the issue 
  but I wasn't overly enthusiastic over what came out of it other 
  than as a networking event.
Christopher Allen: +1 Anil
Brian Sletten:  I was just curious if the negative side of 
  identity side came up as a concern.
Christopher Allen: That was a big part of what my goal at ID2020 
  was to make sure those issues were brought up.
Manu Sporny:  Absolutely, it also became a big part of the 
  discussion at Rebooting Web conference. A number of people who 
  work at refugee camps w/Syrians have said that many Syrians dont' 
  want to be identified because exposing their identity would allow 
  people back home to be harmed.
Manu Sporny:  It could create a terrible event. So there was 
  focus on tracking and the dangers that come with that.
Christopher Allen:  Something that fed into the next day, there 
  has to be some better understanding on the ground. There are some 
  warm places to sleep but it requires a handprint to enter and 
  people would rather sleep in the mud and cold because of a 
  general fear of the identity tech.
Christopher Allen:  We need to understand these types of things 
  at all levels.
Manu Sporny:  Absolutely, any questions, concerns before next 
  topic?
None

Topic: Rebooting Web of Trust Design Workshop Recap

Christopher Allen: 
  https://github.com/WebOfTrustInfo/ID2020DesignWorkshop/
Manu Sporny:  There was an event directly after ID2020.
Manu Sporny:  Christopher has been putting these together.
Christopher Allen:  We had some documents to capture, photos, 
  whitewalls, etc. The goal of a design workshop is to have a 
  facilitated discussion and create output that can be iterated 
  upon by the community. Goal was to have five whitepapers out of 
  the conference and other benefits of bring people and ideas 
  together.
Christopher Allen:  At the link in IRC there are advanced 
  readings.
Christopher Allen:  There to give people context and focus.
Christopher Allen:  We did a report about the results from our 
  last conference to make sure people are on the same page. Then 
  went through an exercise to imagine 2021 and to look at the 
  differences and the language issues and places where people 
  disagreed and such. By middle of first day driving into topics 
  and Manu and Wayne had already addressed things like differences 
  with proof of publication and so forth, other projects brought 
  up. In the end we'll have 8-9 whitepapers/specifications come out 
  of this design shop over the next couple of weeks as people have 
  a chance to massage the info. I'd like to have people from the 
  design shop say what it was like from their side but I'm very 
  positive about it and the results. Architecture for 
  self-sovereign ID, decentralized identifiers, identity 
  correlation info, lots of great stuff.
Manu Sporny:  Wayne, any thoughts on the workshop?
Wayne Vaughn:  Great workshop, 40-50 people there, tech founders, 
  lead engineers, from NYC area. I had brought chainpoint protocol 
  info ... lets you provide a verifiable proof of publication. Very 
  much related to the proof of publication work Manu is doing.
Wayne Vaughn:  We had taken a previous version of chainpoint and 
  done it in JSON-LD and it turns out that it was very much like 
  Manu's ... done indepdnently, very close, very interesting. After 
  working together it is clear we're all working on the same path 
  and a clear path forward.
Wayne Vaughn:  For something we can propose to standardize.
Christopher Allen: Focus was to capture and ship ideas, not just 
  talk.
Manu Sporny:  Thank you, that's just one example of like 30 
  similar experiences there. One example is a breakout group got 
  the VCTF architecture and worked on it themselves and there was 
  huge overlap with what we've done ... lots of deep technical 
  expertise from each blockchain company talking about to have 
  decentralized identifiers and proof of publication, associating 
  creds with blockchains ,etc.
Kerri Lemoie: +1 Decentralized identifiers and sharing amongst 
  chains
Manu Sporny:  I cannot underscore how deeply technical the people 
  in the room were and I'd say that they may even have more 
  experience in implementing things than this group which is saying 
  something because we have heavy hitters in this group.
Manu Sporny:  People looked at the VCTF architecture and didn't 
  throw it out, instead iterated on it and we're going to have 
  those folks come to this group and present.
Manu Sporny:  One of those folks is a person that worked on the 
  email standard and he also worked on the domain system standard 
  we depend on.
Manu Sporny:  So we've also got Christopher Allen who worked on 
  TLS as well, so very heavy hitters in this space.
Christopher Allen: (The review of vc use cases was really 
  transformative of them)
Manu Sporny:  We got a bunch of really good comments on the 
  architecture and we'll be getting those into the group, comments 
  on the use cases, etc.
Manu Sporny: https://www.w3.org/2016/04/blockchain-workshop/
Christopher Allen:  I just wanted to close to say that there's 
  going to be a W3C blockchain meet up at the end of June and we're 
  hoping to revise more items at that conf and it appears so far 
  from the survey that the last week of Sept will be when we have 
  another Rebooting Web of Trust in SF, Microsoft will host.
Christopher Allen:  So people can keep in their heads if they 
  will be joining and participating.
Manu Sporny:  Awesome and I dropped the link to the W3C 
  blockchain workshop in IRC.
Christopher Allen: Www.weboftrust.info
Manu Sporny:  Any questions Rebooting Web of Trust Workshop or 
  work that happened there and it's relation to what we're doing 
  here?
Christopher Allen: Vermont bill H.868, passed by house and 
  senate, expected to be signed by the Governor Peter Shumlin any 
  day now, has around page 307 a section § 1913 titled "Blockchain 
  Enabling" 
  http://legislature.vermont.gov/assets/Documents/2016/Docs/BILLS/H-0868/H-0868%20As%20Passed%20by%20Both%20House%20and%20Senate%20Official.pdf 
   KEYQUOTES:  * As used in this section, “blockchain technology” 
  means a mathematically secured, chronological, and decentra[CUT]
None

Topic: Recent Vermont Legal Finding

Christopher Allen:  In the house and senate in Vermont, they 
  passed bill H.868 with section "blockchain enabling" ... which is 
  says any mathematically secured ledger [more specific legal 
  text]... but that allows for both bitcoin like blockchains and 
  other types. They are saying that an electronic record in a 
  blockchain shall be considered self-authenticating which comes 
  from previous digital signature legislation which means you can 
  use it for business activity. The date and time of a record in 
  the blockchain can be considered fact, you can know who the 
  person is that recorded that record.
Christopher Allen:  There are some caveats here, the bill doesn't 
  say the validity about the truthfulness of that record but it's 
  basically reversing burden of proof on this, doesn't require 
  state gov't to use this at this point, but it does say that the 
  legality or authorization of an activity which is verified 
  through blockchain ... so later if you put your proofs on bitcoin 
  and the govt says they don't like bitcoin, your proofs are still 
  valid even if the blockchain is used for something else.
Christopher Allen:  I met the guy who helped draft it and trying 
  to recruit him and other political people to get similar things 
  added. If I were to do one thing differently, I'd change format 
  as per an international standard.

Topic: Update on Work Items

Manu Sporny:  Thank you Christopher -- update on work items. I 
  want to iterate to the group that this group will not become 
  "blockchain blockchain blockchain", we just had a lot of events 
  about it. This is just a heads up about what just happened and 
  we're concentrating on a single call.
Christopher Allen: (I'm at MIT media lab and some good verified 
  credentials interest here)
Dan Burnett: Claims data model draft spec:  
  http://opencreds.org/specs/source/claims-data-model/
Carla Casilli: Blockchainz 'R us. ;) Great to hear all of this 
  activity.
Manu Sporny:  Dan Burnett, can you give us an update on the data 
  model spec?
Dan Burnett:  Not enough time to cover everything, I sent an 
  email about it. The main ones are that there's a JWT example, I 
  renamed Credential to be TBDCredential because we didn't pick a 
  prefix, we just need to decide that, that's probably the biggest 
  item other than review. I updated examples to be as real as I 
  could.
Dan Burnett:  I haven't decided what we want to say in the intro 
  but not go too far in making people think this is a decision vs. 
  some ideas.
Dan Burnett:  There's a big topic on the list and we can discuss 
  that sometime.
Christopher Allen: (At some point I would like to see that 
  optional proof of publication be a requirement of any alternative 
  forms)
Shane McCarron: Use cases updates?
Manu Sporny:  Thank you. Charter hasn't been updated, use cases 
  had several hours on it at design workshop changes are pending, 
  haven't updated the FAQ, got data model spec updated from Dan, 
  survey results in a holding pattern but found someone to update 
  that doc and produce it. Still need someone to write a one page 
  summary for W3C AC reps. Architecture document got a tremendous 
  amount of work this weekend at the workshop.
Manu Sporny:  This is a group of six people at workshop that did 
  a review of the use cases, no contact with this group previously 
  and in the next 2 weeks or so they'll get the review to you, 
  Shane.
Manu Sporny:  We've got about a month to get this in front of the 
  Web Payments IG and then push it to W3C for a vote.
Manu Sporny:  We have the first three weeks of June to get it 
  done.
Kerri Lemoie: Excellent call. Thank you
Manu Sporny:  Sorry the call was so packed today, we're out of 
  time -- thanks to all and we'll see you all next week at 11am 
  same channel.
Carla Casilli: Thanks, Manu. Congrats on all of the work!
Received on Tuesday, 24 May 2016 19:03:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC