[MINUTES] W3C Credentials CG Call - 2017-07-18 12pm ET

Thanks to Adam Lake for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

http://w3c.github.io/vctf/meetings/2017-07-18/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-07-18

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0020.html
Topics:
  1. Introduction to Lionel Walberger
  2. Action Items
  3. DID Specification update
  4. Cryptography for Anonymous Credentials
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Adam Lake
Present:
  Adam Lake, Kim Hamilton Duffy, Drummond Reed, Lionel Wolberger, 
  Christopher Allen, Moses Ma, Manu Sporny, David Chadwick, Joe 
  Andrieu, Jan Camenisch, Nathan George, Maria Dubovitskaya, Adrian 
  Gropper, Adam Migus, Abbas Ali, David I. Lehn
Audio:
  http://w3c.github.io/vctf/meetings/2017-07-18/audio.ogg

Adam Lake is scribing.

Topic: Introduction to Lionel Walberger

Kim Hamilton Duffy:  Agenda: introductions then DID spec updates 
  and BTCR hackathon
Drummond Reed: Lionel, good to have you here
Lionel Wolberger:  Hi, I'm Lionel and have been an Engineering 
  Manager at Cisco for over 20 years, I participate in IIW, 
  involved with meeco, connected with Christopher recently and 
  found out about the VCCG. He enjoys scribing!

Topic: Action Items

Kim Hamilton Duffy: https://goo.gl/forms/z6t2IHQbK8ltRkXm2
Kim Hamilton Duffy: Poll ^^
Kim Hamilton Duffy: Current results: https://goo.gl/XFxqFH
Kim Hamilton Duffy:  Topic, naming options. We have a poll. Do we 
  want to keep the same name or change the name to something with 
  term "Self Sovereign"?
Christopher Allen: It is only 9 respondents yet, from 146 
  members.
Kim Hamilton Duffy:  A name with "Self Sovereign Identity" is in 
  the lead. Question--do we have administrative complications if we 
  rename the group? We tend to have high tolerance to said 
  complications.
Kim Hamilton Duffy:  We still don't have a high volume of input 
  on naming in the poll. Please participate.
Drummond Reed: In response to one comment I see there, I'm 
  personally fine with not using "identity", i.e., to call it the 
  "Self-Sovereign Technology CG"

Topic: DID Specification update

Manu Sporny: https://opencreds.github.io/did-spec/
Moses Ma: Chris, a side note: I met with the new head of 
  blockchain initiatives at Wells Fargo (after losing Jesse Lund to 
  IBM), and she would be willing to sponsor Boston event. I'll call 
  you later to chat about this.
Drummond Reed:  Kudos to Manu and Digital Bazaar for working on 
  the spec. It's up on github to follow w3c format.
Drummond Reed:  We were at DHS's Cyber Security Showcase where we 
  presented on the spec. We also had a spirited discussion There 
  are still open issues that we need to discuss.
Manu Sporny: Latest DID 1.0 spec: 
  https://opencreds.github.io/did-spec/
Manu Sporny: https://github.com/opencreds/did-spec/issues/
Manu Sporny:  Agree with Drummond on everything, +1. Digital 
  Bazaar, Evernym, and others are wanting to implement the spec. 
  All of the issues we ran into are noted in the spec.
Manu Sporny:  If you have an issue with the DID spec or the DID 
  method spec please raise issues so we can start tacking them.
Drummond Reed: In addition to Digital Bazaar, the SOV method 
  folks, the BTCR method folks, and the uPort method folks, the 
  Decentralized Identity Foundation is holding a hackathon next 
  week focused on a community resolver for DIDs.
Manu Sporny:  The major issue that came up is that there are 
  concerns around the use of keys, proofs, ambient authority, how 
  you do guardianship, how you list the proof of control keys...
Drummond Reed: So there is a lot of implementation activity going 
  on right now.
Manu Sporny:  Some of these discussions are easy, but the 
  guardian discussion may be more involved. Hopefully we can move 
  the spec forward over the next couple of months.
Moses Ma: I convinced the WF VP that identity, trust and 
  reputation in the blockchain era should be of great interest to a 
  bank, and is something that won't lead to price erosion for 
  financial services or cannibalization of their revenue model. Our 
  model of "3rd generation blockchain" reverberated with her - she 
  mentioned that none of the expensive market research reports 
  she's bought have discussed this emerging technology arena.
Kim Hamilton Duffy:  Questions about the DID spec and the issues 
  added. Should we talk about any of those issues now?
Manu Sporny:  There is a question around delegation and how it's 
  done. It's too big a discussion for right now. Maybe we can 
  address it at RWOT in October.
Christopher Allen: 
  https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0018.html
Christopher Allen: 
  https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0021.html
Christopher Allen:  I summarized my observations from the 
  hackathon via email. The main things are proofs vs keys. 
  Sometimes when we are talking about keys we shouldn't be. The 
  spec as a whole may be to big in scope. We may want to break it 
  up. There is a convention in IETF that a spec can't be final 
  until there are multiple implementations of it. We have a Digital 
  Bazaar, Sovrin, Uport, and other implementations...
Christopher Allen: Who else is implementing DIDs
Drummond Reed:  The session with Manu and Dave opened my eyes to 
  some questions around the spec. It's unsurprising that there are 
  questions about the spec as we dive deeper. To make progress at 
  the rate we want should we aim for a new draft by RWOT and add a 
  weekly meeting about the spec.
Manu Sporny: Yes, it can be any URI (any cryptographic object)
Christopher Allen: Jan, that is my point about proofs vs claims
Drummond Reed: I put a list above, but right now the list I have 
  is: BTCR method, uPort method, SOV method, Veres method
Manu Sporny:  Pseudonyms are supported by the spec
Drummond Reed: I don't know if the Consent Global team is still 
  working on a separate method for Ethereum
Drummond Reed: Many, what is "Veres One"?
Manu Sporny: DB's customer ledger for doing DIDs/DDOs
Manu Sporny: +1, Delegation very important
Drummond Reed: +1 To delegation being supported
David Chadwick:  Question about delegation. Any scalable solution 
  will need delegation. We don't want to shelf delegation.
Christopher Allen:  Delegation is important but we need to keep 
  it simple at first for security purposes.
Drummond Reed: +1 To keep delegation support in the DID spec as 
  simple as possible
Christopher Allen:  Solving delegation and guardianship from day 
  one is going to be challenging. I would like to pick the low 
  hanging fruit first.
David Chadwick:  There are different aspects of delegation. One 
  is the delegation of credential issuing rather than delegation 
  involving DIDs
Moses Ma: Is there a good Mac app for participating in IRC?
Drummond Reed: +1 To the refugee use case - that's very high on 
  Evernym's and Sovrin Foundation's use cases
Manu Sporny:  On delegation, we  have been thinking about that 
  for a while. Issuer delegation is somewhat easier. We are 
  interested in the holder/guardian delegation that allows say a 
  travel agency to book a flight for them after sharing a passport 
  credential. Or, delegation of credential to an NGO. We want to be 
  sure we are supporting delegation in the correct way sooner than 
  later because we don't want the result to be access control 
  lists.
Christopher Allen: :Time check
Drummond Reed:  +1 To manu. We are talking about a cryptographic 
  control primitive. We have customers for refugee use cases and we 
  need to be aligned with that.
Kim Hamilton Duffy:  Let's discuss the need for separate DID spec 
  meetings via the mailing list.
Kim Hamilton Duffy: 
Drummond Reed: +1 To a discussion or a poll on the mailing list 
  about dedicated calls on DID spec issues, at least between now 
  and the next Rebooting the Web of Trust meeting in October
Christopher Allen:  There is a node based app that allows you to 
  create a Self Sovereign ID on bitcoin. I suggest you try this out 
  soon. It's good to have something real and not just specs.
Joe Andrieu: Do you have a link for the node app?
Christopher Allen:  Data minimization is required by law in the 
  US and in the EU but it's not well defined.
Christopher Allen: 
  https://drive.google.com/open?id=0B8UHtBOakwo8cDg1M3JjRDBqUmM

Topic: Cryptography for Anonymous Credentials

Moses Ma: Question: About delegation, what would be a use case 
  for delegation for ICOs? Would someone delegate to their broker 
  dealer? I ask because I am personally very motivated by the 
  refugee use case, but I think if we include a use case that has 
  great value to the market directly, it would speed up adoption.
Manu Sporny: Moses, uses for delegation is any time you want 
  someone else to act on your behalf using your credential. So yes, 
  delegate to broker dealer to execute contracts on your behalf.
Kim Hamilton Duffy: BTCR tools following...
Kim Hamilton Duffy: BTRC DID creation: 
  https://github.com/WebOfTrustInfo/btcr-did-tools-js
Kim Hamilton Duffy: BTCR DID/DDO playground (in progress) 
  https://weboftrustinfo.github.io/btcr-tx-playground.github.io/
Kim Hamilton Duffy: Source for everything (including utilities 
  used by playground) is in WebOfTrustInfo github repo
Jan Camenisch:  See presentation here 
  https://drive.google.com/file/d/0B8UHtBOakwo8cDg1M3JjRDBqUmM/view
Moses Ma: Thanks Manu, I'll call you after your deadline to 
  discuss this as a proof of concept for our ICO. Also, I'm in DC 
  for an NSF panel on 9/13 and would love to meet for a coffee or 
  something.
Moses Ma: Kim is there a hackathon call after this?
Christopher Allen:  This is a joint meeting between the 
  Verifiable Claims group and the data verification community. I am 
  not sure the credentials groups is quite able to handle the deep 
  discussion on cryptography. There are a lot of powerful 
  technologies that we want to leverage.
Nathan George: For the notes, Hyperledger Indy is working on this 
  approach for Verifiable Claims here 
  https://github.com/hyperledger/indy-sdk and here 
  https://github.com/hyperledger/indy-anoncreds
Christopher Allen:  Question, how are we going to move 
  forward--how many people in the group are willing to dive deep 
  into cryptography? Do we want another group for this?
Manu Sporny:  Digital Bazaar is less interested in the deep down 
  details and more interested in how we deploy these technologies 
  to customers. We want to know how we can issue and verify claims 
  in a pseudonymous way. The deep crypto is useful but maybe not to 
  this meeting slot.
Manu Sporny:  We don't need to follow W3C process for community 
  groups. It's flexible.
Moses Ma: By the way, everyone, I'm releasing a new blockchain 
  book at the end of the month. I'd be happy to give a copy to 
  everyone on this call. Find out more here: 
  http://blockchaindesignsprint.strikingly.com/ or email me at 
  moses@ngenven.com. Thanks and see you next week!
Manu Sporny: +1 To move it to be a task force.
Christopher Allen:  I am kind of hearing as a proposal that data 
  verification be moved to a task force for this community rather 
  than it's own group. Does that make sense?
Manu Sporny:  Absolutely.
Kim Hamilton Duffy:  I am not sure how this is different that how 
  we currently have work items set up.
Manu Sporny:  Kim you are right, this is no different than the 
  other work items. Although the Digital Verification Group is 
  already a different group. Maybe we should merge groups.
Christopher Allen:  I concur that that is the proposal. It could 
  be that the difference between a work item and a task force is 
  that a task force has the potential of becoming a working group.
Christopher Allen:  As some point there may be a DID task force 
  that becomes a working group, for instance.
Manu Sporny:  I'd push back on some of that. Typically in CG's 
  you do work until it becomes obvious that it needs it's own 
  group. I suggest we stay away from thinking about how the group 
  will ultimately be split down the road. We should stay more 
  informal at this stage.
Jan Camenisch:  We need to define the algorithms sooner than 
  later.
Christopher Allen: Here is a start toward a CL sig spec 
  https://w3c-dvcg.github.io/lds-pseudonymous2016/
Kim Hamilton Duffy:  I would like to stick with prototyping for 
  now and not get bogged down by fragmentation.
Manu Sporny:  Agree with Kim and Jan. We want to do international 
  standardization around pseudonymous signatures.
Kim Hamilton Duffy:  Can the people working on Data Minimization 
  get together on how to start that work?
Kim Hamilton Duffy:  We'll get into more of the work item topics 
  next week.
Christopher Allen:  When I am talking about data minimization I 
  am not talking about selective disclosure--although it informs 
  selective disclosure. Data minimization is more primitive than 
  selective disclose. What do you all want to discuss next week?
Jan Camenisch: .. I won't be able to join the next 3 weeks - 
  vacation and travelling
Christopher Allen:  We have a topic for two weeks from now. We 
  don't have a specific topic for next week.
Kim Hamilton Duffy:  We can decide on a topic for next week on a 
  thread.
Moses Ma:  Should I have Wells Fargo contact you about sponsoring 
  RWOT?
Meeting adjourned

Received on Monday, 31 July 2017 15:36:42 UTC