- From: <msporny@digitalbazaar.com>
- Date: Mon, 31 Jul 2017 11:36:19 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Adam Lake for scribing this week! The minutes for this week's Credentials CG telecon are now available: http://w3c.github.io/vctf/meetings/2017-07-18/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2017-07-18 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0020.html Topics: 1. Introduction to Lionel Walberger 2. Action Items 3. DID Specification update 4. Cryptography for Anonymous Credentials Organizer: Kim Hamilton Duffy and Christopher Allen Scribe: Adam Lake Present: Adam Lake, Kim Hamilton Duffy, Drummond Reed, Lionel Wolberger, Christopher Allen, Moses Ma, Manu Sporny, David Chadwick, Joe Andrieu, Jan Camenisch, Nathan George, Maria Dubovitskaya, Adrian Gropper, Adam Migus, Abbas Ali, David I. Lehn Audio: http://w3c.github.io/vctf/meetings/2017-07-18/audio.ogg Adam Lake is scribing. Topic: Introduction to Lionel Walberger Kim Hamilton Duffy: Agenda: introductions then DID spec updates and BTCR hackathon Drummond Reed: Lionel, good to have you here Lionel Wolberger: Hi, I'm Lionel and have been an Engineering Manager at Cisco for over 20 years, I participate in IIW, involved with meeco, connected with Christopher recently and found out about the VCCG. He enjoys scribing! Topic: Action Items Kim Hamilton Duffy: https://goo.gl/forms/z6t2IHQbK8ltRkXm2 Kim Hamilton Duffy: Poll ^^ Kim Hamilton Duffy: Current results: https://goo.gl/XFxqFH Kim Hamilton Duffy: Topic, naming options. We have a poll. Do we want to keep the same name or change the name to something with term "Self Sovereign"? Christopher Allen: It is only 9 respondents yet, from 146 members. Kim Hamilton Duffy: A name with "Self Sovereign Identity" is in the lead. Question--do we have administrative complications if we rename the group? We tend to have high tolerance to said complications. Kim Hamilton Duffy: We still don't have a high volume of input on naming in the poll. Please participate. Drummond Reed: In response to one comment I see there, I'm personally fine with not using "identity", i.e., to call it the "Self-Sovereign Technology CG" Topic: DID Specification update Manu Sporny: https://opencreds.github.io/did-spec/ Moses Ma: Chris, a side note: I met with the new head of blockchain initiatives at Wells Fargo (after losing Jesse Lund to IBM), and she would be willing to sponsor Boston event. I'll call you later to chat about this. Drummond Reed: Kudos to Manu and Digital Bazaar for working on the spec. It's up on github to follow w3c format. Drummond Reed: We were at DHS's Cyber Security Showcase where we presented on the spec. We also had a spirited discussion There are still open issues that we need to discuss. Manu Sporny: Latest DID 1.0 spec: https://opencreds.github.io/did-spec/ Manu Sporny: https://github.com/opencreds/did-spec/issues/ Manu Sporny: Agree with Drummond on everything, +1. Digital Bazaar, Evernym, and others are wanting to implement the spec. All of the issues we ran into are noted in the spec. Manu Sporny: If you have an issue with the DID spec or the DID method spec please raise issues so we can start tacking them. Drummond Reed: In addition to Digital Bazaar, the SOV method folks, the BTCR method folks, and the uPort method folks, the Decentralized Identity Foundation is holding a hackathon next week focused on a community resolver for DIDs. Manu Sporny: The major issue that came up is that there are concerns around the use of keys, proofs, ambient authority, how you do guardianship, how you list the proof of control keys... Drummond Reed: So there is a lot of implementation activity going on right now. Manu Sporny: Some of these discussions are easy, but the guardian discussion may be more involved. Hopefully we can move the spec forward over the next couple of months. Moses Ma: I convinced the WF VP that identity, trust and reputation in the blockchain era should be of great interest to a bank, and is something that won't lead to price erosion for financial services or cannibalization of their revenue model. Our model of "3rd generation blockchain" reverberated with her - she mentioned that none of the expensive market research reports she's bought have discussed this emerging technology arena. Kim Hamilton Duffy: Questions about the DID spec and the issues added. Should we talk about any of those issues now? Manu Sporny: There is a question around delegation and how it's done. It's too big a discussion for right now. Maybe we can address it at RWOT in October. Christopher Allen: https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0018.html Christopher Allen: https://lists.w3.org/Archives/Public/public-credentials/2017Jul/0021.html Christopher Allen: I summarized my observations from the hackathon via email. The main things are proofs vs keys. Sometimes when we are talking about keys we shouldn't be. The spec as a whole may be to big in scope. We may want to break it up. There is a convention in IETF that a spec can't be final until there are multiple implementations of it. We have a Digital Bazaar, Sovrin, Uport, and other implementations... Christopher Allen: Who else is implementing DIDs Drummond Reed: The session with Manu and Dave opened my eyes to some questions around the spec. It's unsurprising that there are questions about the spec as we dive deeper. To make progress at the rate we want should we aim for a new draft by RWOT and add a weekly meeting about the spec. Manu Sporny: Yes, it can be any URI (any cryptographic object) Christopher Allen: Jan, that is my point about proofs vs claims Drummond Reed: I put a list above, but right now the list I have is: BTCR method, uPort method, SOV method, Veres method Manu Sporny: Pseudonyms are supported by the spec Drummond Reed: I don't know if the Consent Global team is still working on a separate method for Ethereum Drummond Reed: Many, what is "Veres One"? Manu Sporny: DB's customer ledger for doing DIDs/DDOs Manu Sporny: +1, Delegation very important Drummond Reed: +1 To delegation being supported David Chadwick: Question about delegation. Any scalable solution will need delegation. We don't want to shelf delegation. Christopher Allen: Delegation is important but we need to keep it simple at first for security purposes. Drummond Reed: +1 To keep delegation support in the DID spec as simple as possible Christopher Allen: Solving delegation and guardianship from day one is going to be challenging. I would like to pick the low hanging fruit first. David Chadwick: There are different aspects of delegation. One is the delegation of credential issuing rather than delegation involving DIDs Moses Ma: Is there a good Mac app for participating in IRC? Drummond Reed: +1 To the refugee use case - that's very high on Evernym's and Sovrin Foundation's use cases Manu Sporny: On delegation, we have been thinking about that for a while. Issuer delegation is somewhat easier. We are interested in the holder/guardian delegation that allows say a travel agency to book a flight for them after sharing a passport credential. Or, delegation of credential to an NGO. We want to be sure we are supporting delegation in the correct way sooner than later because we don't want the result to be access control lists. Christopher Allen: :Time check Drummond Reed: +1 To manu. We are talking about a cryptographic control primitive. We have customers for refugee use cases and we need to be aligned with that. Kim Hamilton Duffy: Let's discuss the need for separate DID spec meetings via the mailing list. Kim Hamilton Duffy: Drummond Reed: +1 To a discussion or a poll on the mailing list about dedicated calls on DID spec issues, at least between now and the next Rebooting the Web of Trust meeting in October Christopher Allen: There is a node based app that allows you to create a Self Sovereign ID on bitcoin. I suggest you try this out soon. It's good to have something real and not just specs. Joe Andrieu: Do you have a link for the node app? Christopher Allen: Data minimization is required by law in the US and in the EU but it's not well defined. Christopher Allen: https://drive.google.com/open?id=0B8UHtBOakwo8cDg1M3JjRDBqUmM Topic: Cryptography for Anonymous Credentials Moses Ma: Question: About delegation, what would be a use case for delegation for ICOs? Would someone delegate to their broker dealer? I ask because I am personally very motivated by the refugee use case, but I think if we include a use case that has great value to the market directly, it would speed up adoption. Manu Sporny: Moses, uses for delegation is any time you want someone else to act on your behalf using your credential. So yes, delegate to broker dealer to execute contracts on your behalf. Kim Hamilton Duffy: BTCR tools following... Kim Hamilton Duffy: BTRC DID creation: https://github.com/WebOfTrustInfo/btcr-did-tools-js Kim Hamilton Duffy: BTCR DID/DDO playground (in progress) https://weboftrustinfo.github.io/btcr-tx-playground.github.io/ Kim Hamilton Duffy: Source for everything (including utilities used by playground) is in WebOfTrustInfo github repo Jan Camenisch: See presentation here https://drive.google.com/file/d/0B8UHtBOakwo8cDg1M3JjRDBqUmM/view Moses Ma: Thanks Manu, I'll call you after your deadline to discuss this as a proof of concept for our ICO. Also, I'm in DC for an NSF panel on 9/13 and would love to meet for a coffee or something. Moses Ma: Kim is there a hackathon call after this? Christopher Allen: This is a joint meeting between the Verifiable Claims group and the data verification community. I am not sure the credentials groups is quite able to handle the deep discussion on cryptography. There are a lot of powerful technologies that we want to leverage. Nathan George: For the notes, Hyperledger Indy is working on this approach for Verifiable Claims here https://github.com/hyperledger/indy-sdk and here https://github.com/hyperledger/indy-anoncreds Christopher Allen: Question, how are we going to move forward--how many people in the group are willing to dive deep into cryptography? Do we want another group for this? Manu Sporny: Digital Bazaar is less interested in the deep down details and more interested in how we deploy these technologies to customers. We want to know how we can issue and verify claims in a pseudonymous way. The deep crypto is useful but maybe not to this meeting slot. Manu Sporny: We don't need to follow W3C process for community groups. It's flexible. Moses Ma: By the way, everyone, I'm releasing a new blockchain book at the end of the month. I'd be happy to give a copy to everyone on this call. Find out more here: http://blockchaindesignsprint.strikingly.com/ or email me at moses@ngenven.com. Thanks and see you next week! Manu Sporny: +1 To move it to be a task force. Christopher Allen: I am kind of hearing as a proposal that data verification be moved to a task force for this community rather than it's own group. Does that make sense? Manu Sporny: Absolutely. Kim Hamilton Duffy: I am not sure how this is different that how we currently have work items set up. Manu Sporny: Kim you are right, this is no different than the other work items. Although the Digital Verification Group is already a different group. Maybe we should merge groups. Christopher Allen: I concur that that is the proposal. It could be that the difference between a work item and a task force is that a task force has the potential of becoming a working group. Christopher Allen: As some point there may be a DID task force that becomes a working group, for instance. Manu Sporny: I'd push back on some of that. Typically in CG's you do work until it becomes obvious that it needs it's own group. I suggest we stay away from thinking about how the group will ultimately be split down the road. We should stay more informal at this stage. Jan Camenisch: We need to define the algorithms sooner than later. Christopher Allen: Here is a start toward a CL sig spec https://w3c-dvcg.github.io/lds-pseudonymous2016/ Kim Hamilton Duffy: I would like to stick with prototyping for now and not get bogged down by fragmentation. Manu Sporny: Agree with Kim and Jan. We want to do international standardization around pseudonymous signatures. Kim Hamilton Duffy: Can the people working on Data Minimization get together on how to start that work? Kim Hamilton Duffy: We'll get into more of the work item topics next week. Christopher Allen: When I am talking about data minimization I am not talking about selective disclosure--although it informs selective disclosure. Data minimization is more primitive than selective disclose. What do you all want to discuss next week? Jan Camenisch: .. I won't be able to join the next 3 weeks - vacation and travelling Christopher Allen: We have a topic for two weeks from now. We don't have a specific topic for next week. Kim Hamilton Duffy: We can decide on a topic for next week on a thread. Moses Ma: Should I have Wells Fargo contact you about sponsoring RWOT? Meeting adjourned
Received on Monday, 31 July 2017 15:36:42 UTC