Verifiable Claims Telecon Minutes for 2017-03-14 from msporny@digitalbazaar.com on 2017-03-20 (public-credentials@w3.org from March 2017)

From: <msporny@digitalbazaar.com>
Date: Mon, 20 Mar 2017 09:29:50 -0400
To: Credentials CG <public-credentials@w3.org>
Message-Id: <1490016590182.0.5199@zoe>
Thanks to Joe Andrieu for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2017-03-14/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2017-03-14

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Mar/0005.html
Topics:
  1. Agenda review and Introductions
  2. Status of Verifiable Claims WG Creation
  3. No meeting on 3/28 (reminder)
  4. DO_NOT_CORRELATE flag discussion
  5. WoT use case
  6. Action Item Review (https://goo.gl/V4XTBT)
  7. Suggestions for next week agenda
Action Items:
  1. Manu to put together proposal for anti-correlation technique 
    for VC Data Model.
Organizer:
  Manu Sporny
Scribe:
  Joe Andrieu
Present:
  Joe Andrieu, Dan Burnett, Sean Bohan, Angus Champion de 
  Crespigny, Christopher Allen, Manu Sporny, Matt Stone, Richard 
  Varn, Nate Otto, Nathan George, Kim (Hamilton) Duffy, Drummond 
  Reed, Gregg Kellogg, David I. Lehn, Rob Trainer, Matthew Larson, 
  Eric Korb, David Ezell, Adam Lake
Audio:
  http://w3c.github.io/vctf/meetings/2017-03-14/audio.ogg

Joe Andrieu is scribing.
Dan Burnett: Any changes to agenda? ... none.

Topic: Agenda review and Introductions

Sean Bohan:  I'm a product manager at at Evernym and will be 
  joining the calls on a regular basis from now on.
Angus Champion de Crespigny:  Hi, I'm Angus and I lead Blockchain 
  Strategy for Finance at Ernst & Young. Good to be here.
Christopher Allen: Welcome Angus!
Sean Bohan: Welcome Angus
Manu Sporny: Awesome to see you here, Angus, welcome!
Angus Champion de Crespigny: Thank you all!

Topic: Status of Verifiable Claims WG Creation

Matt Stone:  A few tweaks suggested to charter. Recognition that 
  there is high interest. Some push back around privacy. Discussion 
  about scope.
Matt Stone:  Payments, educations, multi/other. as potential 
  frames of attention for the effort.
Manu Sporny:  Please speak up if payments is important (in 
  charter process)

Topic: No meeting on 3/28 (reminder)

Richard Varn:  We started in payments, so we'll be sending 
  something in, in support. Important that it's kept in the 
  charter.

Topic: DO_NOT_CORRELATE flag discussion

Manu Sporny:  
  https://github.com/opencreds/vc-data-model/issues/41
Manu Sporny:  Much of the criticism to-date is focused on 
  privacy, resulting in a lot of recent focus on privacy.
Manu Sporny:  At the data model there is no way to say "do not 
  correlate" or only use data for this purpose
Manu Sporny:  Sometimes this is called consent receipts
Manu Sporny:  Need to express that the individual requests 
  non-correlation.
Manu Sporny:  This is a flag. it isn't inherently enforceable. 
  that is up to local jurisdictions.
Manu Sporny:  Need to be able to say "I don't want my information 
  to be used outside the system"
Manu Sporny:  Need to counter the confusion around our commitment 
  to privacy
Joe Andrieu:  Manu, I appreciate how you framed that, especially 
  some of the "purpose binding" things you raised. [scribe assist 
  by Manu Sporny]
Joe Andrieu:  My concern with the name of the flag is that the 
  word "correlate" is very vague. Sometimes, correlating 
  information with itself ... like "i'm 6 feet tall, but don't 
  correlate that with me", doesn't make sense. [scribe assist by 
  Manu Sporny]
Joe Andrieu:  How do we do purpose binding? THat's how GDPR and 
  EU is thinking about it. [scribe assist by Manu Sporny]
Sean Bohan:  Without having consequences attached, but perhaps 
  revocation and pairwise identifiers could help prevent 
  correlation from the start
Christopher Allen:  Perhaps folding in anti-correlation 
  approaches, such as UProve and others. Perhaps we could reverse 
  it, to say "this is correlatable"
Christopher Allen:  Also renaming it might work. Purpose binding 
  might not be the right thing however.
Manu Sporny:  Perhaps anti-correlation is a poor phrase. perhaps 
  the flip is good. The problem is we are always emitting data. 
  General agreement with comments.
Nate Otto: "Do not correlate" would mesh better with previous 
  initiatives like Do Not Track that have some support in legal 
  jurisdictions than the reverse "Please feel free to correlate 
  me".
Manu Sporny:  Pair-wise identifiers? What do you mean, Sean?
Nathan George:  An identifier is created for both sides in the 
  relationship
Nathan George:  You could correlate, but it would leave both 
  sides with clarity about whether or not correlation is intended 
  and intentional
Manu Sporny:  There isn't a singular technical solution for this.
Manu Sporny:  There's just so much data we are sending out
Manu Sporny:  Fairly easy for people to collude, e.g., 
  advertising networks
Manu Sporny:  That doesn't mean we shouldn't work on it, but is 
  the flag the back up to enable this?
Manu Sporny:  Privacy loss happens when privacy expectations 
  aren't met (quoting Joe from github)
Manu Sporny:  Being able to be explicit may help. multiple 
  protections. Defense in depth.
Manu Sporny:  When we apply those approaches together you may 
  have better results than later
  ... (than otherwise)
Christopher Allen:  No problem referring to a document that 
  specifies applicable terms of use
Christopher Allen:  That may be sufficient as a hammer
Christopher Allen:  If its out of scope of the protocol, I'd 
  rather have it as a reference
Christopher Allen: BTW, the Bitcoin LIghtning Network uses Tor by 
  default.
Christopher Allen: It is a payment network.
Dan Burnett: Yes, this can give a false sense of security
Joe Andrieu:  I like that you've brought up advertising network, 
  we could tag a claim that we share, it needs to be in a 
  verifiable claim. Feels like a false positive. I like 
  CHristopher's proposal, link to terms of use. [scribe assist by 
  Manu Sporny]
Manu Sporny:  We could have something like a creative commons for 
  privacy. we have a link friendly data model. so that seems like 
  the foundation for a good proposal, linking to a terms of use
Manu Sporny:  First line of defense is technical, but the linked 
  terms of use could be the back up

ACTION: Manu to put together proposal for anti-correlation 
  technique for VC Data Model.

Topic: WoT use case

Christopher Allen:  Two issues on this topic. The "story" 
  document. The use case story of a child of refugees who wishes to 
  participate without risking family.
Christopher Allen:  The story is to drive the PGP use case: what 
  are the specific peer-to-peer minimum capabilities to replace PGP
Christopher Allen:  Things like "trust on first use", where a 
  verifiable claim could be useful. These are low hanging fruit
Manu Sporny:  Christopher, Joe, Adam, Nathan and I had a call 
  last week about a demo at RWOT IV that demonstrates progress on 
  shipping code
Christopher Allen: The story in use cases: 
  https://github.com/opencreds/vc-use-cases/issues/31
Manu Sporny:  The WoT use case was discussed as a demo, 
  specifically the PGP "I am a person" and countersigned by others
Christopher Allen: The data format for Web of Trust: 
  https://github.com/opencreds/vc-data-model/issues/32
Manu Sporny:  Going to try to get something by April
Manu Sporny:  PGP is fairly geeky. people who use it understand 
  the underlying tech.
Manu Sporny:  This population commonly uses GitHub, so maybe we 
  can use it to start digitally attest using that identity 
  namespace using verifiable claims
Christopher Allen: This also demonstrates the peer oriented of 
  verifiable claims.
Manu Sporny:  Next steps, try to show something at RWoT IV
Christopher Allen:  This use case would demonstrate the 
  commitment by our group that anyone can be a peer
Christopher Allen:  Are there examples in education? Like "I was 
  in a class with that person" Rather than a one-way claim.

Topic: Action Item Review (https://goo.gl/V4XTBT)

Kim (Hamilton) Duffy:  Hoping to make a pass at that, this week
Dan Burnett:  Chairs are in contact. It's an ongoing process
Sean Bohan: +1 For JoeA
Joe Andrieu:  I've unzipped the file!
Manu Sporny:  Spoken with uPort. They are interested.

Topic: Suggestions for next week agenda

Manu Sporny:  It's conference season.
Manu Sporny:  Let's get these different venues in the 
  conversation.
Manu Sporny:  If you'd like to run your slide decks by the group, 
  that'd be great to discuss in the group
Drummond Reed: The number of conferences coming up this spring is 
  INSANE
Manu Sporny: It is INSANE! :)
Drummond Reed: I do like the idea of sharing decks so we can take 
  advantage of seeing the best ways of explaining VC
Christopher Allen:  There are multiple conferences going on. 
  Would love to meet up with anyone at these conferences. But they 
  are also going to add a challenge to participating in the calls.
Joe Andrieu:  With regard to the Joram demo feedback, time is the 
  issue now... [scribe assist by Manu Sporny]
Joe Andrieu:  Any further items about the Joram demo?
Manu Sporny:  Yes, will try to read and provide feedback. [scribe 
  assist by Manu Sporny]
Christopher Allen:  Would like to see it published by RWoT IV
Joe Andrieu:  Me too.
Received on Monday, 20 March 2017 13:30:36 UTC