- From: <msporny@digitalbazaar.com>
- Date: Tue, 13 Jun 2017 14:15:29 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Kim Hamilton Duffy for scribing this week! The minutes for this week's Credentials CG telecon are now available: http://w3c.github.io/vctf/meetings/2017-06-13/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2017-06-13 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2017Jun/0065.html Topics: 1. Introductions 2. Action Items 3. Community Group Naming 4. Interaction with Banking/Finance Industry 5. Planning for W3C TPAC 6. Work Item Review 7. RDF Dataset Canonicalization 8. Privacy and Security Requirements Action Items: 1. Chairs to work on technologies pitch for TPAC Organizer: Kim Hamilton Duffy and Christopher Allen Scribe: Kim Hamilton Duffy Present: Kim Hamilton Duffy, Christopher Allen, Dave Longley, Glen Braun, David I. Lehn, Drummond Reed, Adrian Gropper, Matt Stone, Manu Sporny, Sean Bohan, Adam Lake, Nathan George, Noah Thorp, David Chadwick, Joe Andrieu, Abbas Ali Audio: http://w3c.github.io/vctf/meetings/2017-06-13/audio.ogg Kim Hamilton Duffy is scribing. Christopher Allen: Reviewing agenda Christopher Allen: Add separate discussion item about meeting in Burlingame? Dave Longley: Add item about what to do with DID spec, what is desired outcome? Christopher Allen: We'll discuss after results Topic: Introductions Glen Braun: Working with local company called RChain, helping with ID work, studying Sovrin. Studying Open Badges David I. Lehn: With Digital Bazaar, helping with implementations Topic: Action Items Manu permissions work item complete Christopher Allen: Please fill out group work item priorities poll here: https://docs.google.com/forms/d/e/1FAIpQLSdFk3KhzzmIesDUV4PziQQsKkW-ExiSeRUEenQe8_IqqjWbiQ/viewform?c=0&w=1 Poll deadline target next week Christopher Allen: Ideally 1 per org Christopher Allen: Naming goals constraints and pitfalls -- in progress, will talk about later. new name and mission stmt -- should be done end of month Christopher Allen: Meetings with Digital Verification groups, how does this work Kim Hamilton Duffy: We haven't gotten that many new votes on the poll, we have around 13-15 votes so far... support on lifecycle, browser APIs, DIDs, are in the lead. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Privacy and security requirements are also supported - get your votes in as soon as possible. [scribe assist by Manu Sporny] Drummond Reed: How will things proceed? Drummond Reed: BTW, I just joined the IRC. Can someone post the link to the poll again? Christopher Allen: 2 More of discussions about work items, tally which were highest, who will be champion and actually work on poll items Joe Andrieu: https://docs.google.com/forms/d/e/1FAIpQLSdFk3KhzzmIesDUV4PziQQsKkW-ExiSeRUEenQe8_IqqjWbiQ/viewform?c=0&w=1 Christopher Allen: Want items that are doable and shippable, won't take too long Topic: Community Group Naming Christopher Allen: Naming status "Self Sovereign CG". concern: makes it difficult to speak to banks. Feeling at an impasse Christopher Allen: OTOH everyone know what "Credentials CG" means. questions/comments? Kim Hamilton Duffy: I was wondering - what's the concern w/ the banks - it might imply that we're working toward too much of a decentralized solution? [scribe assist by Manu Sporny] Christopher Allen: Manu will follow up on kimhd's question Drummond Reed: +1 For SS CG. Industry buying into that term Drummond Reed: SS speaks strongly to paradigm shift; individual control of their data Drummond Reed: Has become a technology category Adrian Gropper: +1 For SS CG for the same reasons as Drummond Kim Hamilton Duffy: +1 To Drummond's statement Matt Stone: Concern with SST -- is it too implementation focused? Credentials is narrower in scope, people will pick up on more quickly Manu Sporny: Presentation to 80-100 bank execs. Tried all, they reacted positively to (1) Credentials, (2) VC, (3) SST Manu Sporny: They did not grok SST. Perhaps this use has not hit this audienc Sean Bohan: Anyone have a URL for that paper? Manu Sporny: Of people who were aware, different connotation. Swedish context from 80s? Drummond Reed: Ironically, Manu's point is one of the reasons I am in favor of "self-sovereign" is that it is a new technology category, and that means it can gain meaning as the use of the term grows. Drummond Reed: Note that the Perkins Coie law firm just released a white paper on self-sovereign identity: https://www.virtualcurrencyreport.com/wp-content/uploads/sites/13/2017/05/Perkins-Coie-Self-Sovereign-Identity-and-Distributed-Ledger-Technology_Framing-the-Legal-Issues-1.pdf Manu Sporny: In general, SST term is taking off. Google search on term top results are DID spec, etc Drummond Reed: +1 To SSI being highly aligned with GDPR Manu Sporny: We will have to educate certain audiences, which is not a great marketing approach Drummond Reed: The term is gaining great traction in the EU because of that alignment. Manu Sporny: SST or SSCG are fine choices Christopher Allen: Is torn. Has seen poor uses of term "SS" in the wild, beginning to be coopted. So may be preferable to reclaim the narrative and mission/goals. Adam Lake: What about "Self Sovereign Credentials"? Christopher Allen: Would forming a separate CG cause political problems with w3c? Dave Longley: -1 To creating new groups Drummond Reed: -1 To creating a new group Manu Sporny: Should focus on group we have rather than diffuse energy Kim Hamilton Duffy: Also -1 to new group Adrian Gropper: Also -1 to new group Manu Sporny: I like Self Sovereign Credentials more than Self Sovereign Technology Manu Sporny: It has continuity w/ the "old" group Christopher Allen: Close agenda item for now. We need more ppl who care about this here. e.g. Christian Lundkvist, other RWoT members Drummond Reed: "Self-Sovereign Technology CG" is a broader term and a bigger tent Nathan George: I also prefer keeping credentials in the title Manu Sporny: It introduces the "new thing" we want to go with... Matt Stone: Also -1 on new group - let's keep this energy consolidated. I could rally around Self-Sovereign Credentials. Topic: Interaction with Banking/Finance Industry Adrian Gropper: I prefer SST for the same reason as Drummond Christopher Allen: Read Manu's banking presentation and feedback Manu Sporny: Will clean up email with his summary and send to group Topic: Planning for W3C TPAC Christopher Allen: Should we have our own meeting during that? Christopher Allen: Could be good opportunity to get message out about new name. Drummond Reed: Note that this meeting will come shortly after the next IIW Oct 17-19 in Mountain View Manu Sporny: Suggests creating pitches. Weds is plenary (?) day...introduce new work that's experimental. 468 companies in W3C ; would be good to do a presentation on DID, signature schemes, ... that this group is working on. Suggest this group does those sort of pitches rather than face to face meeting Manu Sporny: May not get a lot more ppl joining CG as an outcome. But we should pitch the specs we're working on to W3C group on weds. This is separate from CG having F2F meeting Drummond Reed: Manu, when is the VC WG F2F meeting? Manu Sporny: Last 2 days of W3C TPAC... Nov 9th/10th, I think? Will have to check schedule. It's on the Thu/Fri. ACTION: Chairs to work on technologies pitch for TPAC Manu Sporny: Drummond, Burlingame, CA ... https://www.w3.org/2017/11/TPAC/ Manu Sporny: Drummond, Nov 6-10. Topic: Work Item Review Dave Longley: https://decentralized-identity.github.io/working-groups Dave Longley: DID spec is listed as doc in DIF. Does this mean that WG is iterating on the spec? What is that group doing with the spec? Implementations of spec? Dave Longley: Desired outcome -- this group takes on specs, work on it in open community; other groups can work on implementations. His understanding is Drummond agrees Drummond Reed: Dave is absolutely right - DIF is focused on implementations, and in the Identifiers, Names, and Discovery WG, specifically a community DID resolver. The DID spec should, if the members of this CG agree, come to this group. Christopher Allen: Meeting with D. Buchner to discuss later this week Drummond Reed: Strongly agree. Natural home for spec is this CG. Enthusiastic about taking on in this group Drummond Reed: Standards in standards orgs, implementations in implementation orgs Manu Sporny: +1 To what Drummond said, very supportive of that direction. Dave Longley: https://docs.google.com/presentation/d/1L4iclqqxtQ75nsp8iZhURyMnKPN9NEsRLwZSpesMTv8/edit?usp=sharing Topic: RDF Dataset Canonicalization Dave Longley: Domain champions are he and manu Dave Longley: Work item primarily about how we express claims Dave Longley: Esp. data format for claims about someone Dave Longley: Concern is that multiple ways to express graph Dave Longley: To check and verify, we need to ensure canonical representation Dave Longley: Problem how to determine claim has not changed, which representation was signed Dave Longley: RDF dataset canon. is a solution. produces unique form of graph Dave Longley: Output of alg can be compared, hashed and digitally signed. outcome is same no matter which input rep. Dave Longley: Can ensure same claim Drummond Reed: +1 To renaming spec to RDF Data Canonicalizaton Dave Longley: Canonicalization is more accurate term. should rename. spec needs review, clarification (why useful), and should have rigorous proof of correctness Dave Longley: There are multiple implementations of this. 1st version was in 2012 and iterations since. Mature. Dave Longley: https://json-ld.github.io/normalization/spec/ is location of current spec. would like to work on in this group Nathan George: One area of disconnect. Selective disclosure schemes (uproof etc) need a rigorous def of which slots are available for signing. role of norm. is filled by signature scheme itself. normalization from RDF ends up being redundant. There is overlap between sel. dis. and RDF canon that should be addressed Drummond Reed: Don't different signature schemes need to support different canonicalization algorithms? Manu Sporny: Drummond - that's it! Dave Longley: Yes Drummond Reed: Coming from the XDI graph world, I can guarantee you that canonicalization of the graph is every bit as important as Dave is saying. Christopher Allen: Impressed with effort to create canon that works across formats. Working in multiple implementation. Concerns with how it connects to others? Propose get rid of "RDF" in title and instead focus on value proposition Drummond Reed: But Nathan is also correct that the CL sig scheme uses a totally different approach. Manu Sporny: Drummond, yes, but as Nathan was mentioning - CamLys signatures don't need to normalize, because they already have a template. Drummond Reed: And that's goodness too. Christopher Allen: Second suggestion: being to make open to other things like selective disclosure Manu Sporny: Drummond, in short - Linked Data Signatures is designed to support both... CL-Signatures wouldn't use RDF Dataset Normalization. Manu Sporny: Drummond, they'd use something more like this - https://w3c-dvcg.github.io/lds-pseudonymous2016/ Drummond Reed: +1 To robust support for selective disclosure - there are multiple ways to do it Manu Sporny: Note the 3.3 Examples section Christopher Allen: Instead of hash for entire dataset, break down into hash tree. provide hash of things that are not disclosed Nathan George: There are several signature schemes that are important (and useful) for ledger-like use cases of Verifiable claims that I think are worth making space for (even if we don't address them head on) Nathan George: We should clear room for tree-like signatures, group signature and a few others to help project ledger consensus outside of a DLT (but that may or may not be in scope for this group) Manu Sporny: Nage, absolutely agree - hopefully we've done that... happy to explain how. Dave Longley: This is just canon piece, does not talk about signature schemes Dave Longley: RDF work addresses ordering part. can discuss how to make that work with selective disclosure. This only addresses getting a graph in canonical order Dave Longley: Flexible in what we can do with output Noah Thorp: Nothing urgent from me Kim Hamilton Duffy: +1 To adding to the work item scope some investigation, narrative around how it can work with other schemes Topic: Privacy and Security Requirements https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#heading=h.r1fldju9aslx David Chadwick: See outline in "Privacy & Security Requirements for Credentials Ecosystem" of https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit#heading=h.r1fldju9aslx Christopher Allen: (BTW, if folks who done presentations can you make sure their link is added to the work items document?) David Chadwick: "Except in cases of abuse" -- issuer and inspector should have recourse in case of user abuse Christopher Allen: Where is line between VC and SST groups in terms of scope? Manu Sporny: Some items DavidC covered may belong in VC WG. Some requirements of SS are stricter than the general case. Manu Sporny: One way to approach: state a principle, see where it belong Nathan George: +1 To the "big tent" approach to keep the generalizations as adoptable as possible Manu Sporny: For each item DavidC mentioned, ensure weaker version is listed in VC group, but stronger version is available in this group David Chadwick: Concept of high security credentials that should not be released to anyone outside the org. Nothing in the technology would stop stepping outside restrictions of employer (kimhd: not sure I captured this statement correctly) Christopher Allen: Focus on differences between groups Kim Hamilton Duffy: We have Jan Camenisch signed up two weeks from now... [scribe assist by Manu Sporny] Drummond Reed: FYI, I will not be able to attend next week's meeting - I have an all day meeting with BYU Internet Security Research Labs Joe Andrieu: I gotta run. See you next week. Manu Sporny: FILL OUT THE POLL: https://docs.google.com/forms/d/e/1FAIpQLSdFk3KhzzmIesDUV4PziQQsKkW-ExiSeRUEenQe8_IqqjWbiQ/viewform?c=0&w=1 Christopher Allen: Let's make sure to invite more folks to these meetings and build our community! [scribe assist by Manu Sporny]
Received on Tuesday, 13 June 2017 18:15:59 UTC