- From: <msporny@digitalbazaar.com>
- Date: Thu, 04 May 2017 10:32:51 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:
http://w3c.github.io/vctf/meetings/2017-05-02/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2017-05-02
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2017Apr/0084.html
Topics:
1. Finalize CG Reports, hand-off to WG
2. Trip Reports
3. Working Group Membership
4. Suggestions for next week
Resolutions:
1. Publish 2017-05-01 drafts as Final Reports. Gather feedback
until this coming Friday, and publish final specifications if no
objections.
Action Items:
1. Chairs to send resolution to the mailing list inviting
objections if there are any.
2. Manu to work with Chairs to get sign-off on IPR for specs.
Organizer:
Manu Sporny
Scribe:
Dave Longley
Present:
Dave Longley, Matt Stone, Manu Sporny, Christopher Allen, Gregg
Kellogg, Matthew Larson, Adam Migus, Adam Lake, David I. Lehn,
Rob Trainer, Joe Andrieu, Richard Varn, Kelly Cooper
Audio:
http://w3c.github.io/vctf/meetings/2017-05-02/audio.ogg
Dave Longley is scribing.
Matt Stone: Any newcomers that haven't introduced themselves
yet?
Topic: Finalize CG Reports, hand-off to WG
Matt Stone: We've got some booking keeping and clean up to do
for the WG. To get a crisp hand off point for the docs that are
in flight right now (data model spec and use cases).
Matt Stone: When the WG begins we can inherit the CG's doc and
we need a clear start for attribution and IPR, etc.
Matt Stone: There are some PRs going and we have some open
issues. We need to figure out as a group where we declare that
these are the docs that the WG should begin with.
Matt Stone: We probably want the WG to take over the docs at
that point.
Manu Sporny: I can speak a bit to that.
Manu Sporny: Last night I went ahead and prepped two final CG
docs, they don't have to be the actual final docs. We've pulled
in everything but one final PR that doesn't have any IPR in it,
it's a non-normative section.
Manu Sporny: At this point we can freeze the docs and ask for
IPR commitments. Typically this group decides that we want to
freeze the docs. Then there's an interface on the CG site that
can say "these are the final specs" and the chairs can do that.
Manu Sporny: The group freezes the docs, the editors prep them,
and then we wait a bit and then the chairs publish the docs
through the CG site and we ask for anyone who has contributed
content to the specs. That is anyone who has done PRs to the
spec.
Manu Sporny: They must explicitly release IPR -- they've already
implicitly done this, we are just gathering explicit ones. We're
past the point where we should be that concerned where IPR slips
into these docs that we don't want in there, but the final report
is an explicit statement saying that content is released to W3C
and their patent free policy, etc.
Manu Sporny: So we want the handoff to be really clean. The
final CG specs are done, if anyone on the call believes that we
get something else important into the speak they should speak up
now or on the mailing list. If we don't hear from anyone, the
chairs should publish the final reports and then we get
commitments from everyone who contributed. Takes 2-4 weeks and I
think we can get it done before the WG spins up.
Manu Sporny: Any questions?
Matt Stone: You did it for the both the data model and the use
case doc?
Manu Sporny: Yes, I sent an email to the mailing list last night
with the static doc locations, those are frozen, the files don't
change.
Christopher Allen: The data document does not provide anything
about signature formats or anything of that nature.
Manu Sporny: Yes, but to be clear, the WG can do whatever they
want to these specs as long as it's in charter. The WG can decide
to add/remove whatever from the specs.
Christopher Allen: The design spec wise, is that we say that the
recommended signature formats are in a separate document or ?
Manu Sporny: That's up to the WG to decide. That's a
conversation for them.
Manu Sporny: The charter says we have to recommend signature
formats that we believe work with Verifiable Claims, so we'll do
that in the WG.
Manu Sporny: That's my expectation.
Manu Sporny: Did that make sense?
Christopher Allen: Yes, I'd like to get the data format done and
stylistically/architecture wise mention future signature
mechanisms, specs, etc. We can decide that later as you said.
Christopher Allen: I'm at crypto this week and I've been talking
about long term signatures, the only thing that satisfies that
are hash signatures, which are huge. Things for marriage
certs/college degrees, etc. I want to make sure we can talk about
those things later.
Manu Sporny: Yes, we can. My expectation is that VC won't
mandate that you must use, for example RSA, we'd allow the entity
that's issuing the VC what algorithms/mechanisms work best for
the types of claims they are issuing.
Christopher Allen: I think we need more than just that. It's one
thing that you're talking about a claim that's renewable for a
period of time but there may be sub cases where you have to talk
about why you should use one signature over another.
Manu Sporny: Yes, like a signatures best practices document.
Privacy considerations may also need its own document because it
may take a lot more space than the data model itself. The same
could be true for signature formats/best practices, etc.
Typically the way this happens in the doc is that you put it in
the main doc and it grows until it's unwieldy and the WG agrees
to move it to a separate spec. The WG decides what to produce,
the charter is only a guide for that, as long as the work is in
scope you can produce more docs.
Matt Stone: Ok, thanks, Manu for the overview and what to
expect. Can we take down some actions to make sure we get this
done over the next 2 weeks?
Manu Sporny: Yes, first, the proposal is to publish the two
links that I sent out last night as the final report. The chairs
need to put forward a proposal and we should +1/-1 on the call
today and we can proceed as long as there are no objections. We
need to do the same on the mailing list and give people a week to
object. If there are no objections after that the chairs can
publish them as the final reports on the CG site.
Manu Sporny: Verifiable Claims Use Cases (CG Final Report) -
https://opencreds.github.io/vc-use-cases/CGFR/2017-05-01/
Manu Sporny: Verifiable Claims Data Model and Representations
(CG Final Report) -
https://opencreds.github.io/vc-data-model/CGFR/2017-05-01/
Matt Stone: Should we just let this hang as uncommitted? The
remaining PR https://github.com/opencreds/vc-data-model/pull/38
Manu Sporny: Because there's no IPR in it we don't need to be
that concerned about it.
Manu Sporny: The suggestion is, let's just wait and pull it into
the document later.
Christopher Allen: I'd prefer to wait on the PR.
Manu Sporny: We're going to give ownership of the repo over to
the WG.
Manu Sporny: So it should be really clean.
Dave Longley: +1 To that then.
PROPOSAL: Publish 2017-05-01 drafts as Final Reports. Gather
feedback until this coming Friday, and publish final
specifications if no objections.
Gregg Kellogg: +1
Dave Longley: +1
Matt Stone: +1
Manu Sporny: +1
Matthew Larson: +1
Adam Migus: +1
Adam Lake: +1
Christopher Allen: +1
RESOLUTION: Publish 2017-05-01 drafts as Final Reports. Gather
feedback until this coming Friday, and publish final
specifications if no objections.
ACTION: Chairs to send resolution to the mailing list inviting
objections if there are any.
Matt Stone: Can you track down the committers?
Manu Sporny: Yes, I can work with the chairs offline to walk
through the process, we will send direct emails to each one of
the committers to sign off on the IP
ACTION: Manu to work with Chairs to get sign-off on IPR for
specs.
Christopher Allen: Could I ask if the trip reports could be
swapped with the next item in the agenda?
Matt Stone: Sure.
Matt Stone: One more thing before we move onto the next item in
the agenda. This is just a validation of what Manu mentioned
earlier. Since the WG will take ownership of the repo, all the
issues and discussions will follow as well. So there's nothing we
have to do with those as well?
Manu Sporny: The three repositories end up being handed over to
the W3C organization.
Manu Sporny: Right now it's in the opencreds organization and it
will be handed to W3C, all the issues, teams, etc. will
automatically move over.
Dave Longley: CG continues to work on things? Protocol things?
In open creds space? [scribe assist by Manu Sporny]
Manu Sporny: Correct, slight wrench in there. We may want to
spin down the opencreds repo and use the VC CG repo instead.
Dave Longley: +1 To that
Matt Stone: +1 To using the new name
Manu Sporny: We should use the new name so people don't get
confused.
Manu Sporny: Opencreds is 3 years old or so.
Gregg Kellogg: The repo or the organization?
Manu Sporny: The organization, the VC CG organization.
Matt Stone: In the W3C, there is an opencreds page there where
we're all listed as members, is there some naming/branding we
need to do?
Gregg Kellogg: https://github.com/w3c-vc
Manu Sporny: The naming on the W3C side is Verifiable Claims,
the WG. It's confused right now ... there's opencreds, VC CG and
VC WG, the CG needs to decide what name to use going forward.
Manu Sporny: The discussion should be around "Should we be
called the Credentials CG or rebrand to the Verifiable Claims CG"
there are pluses and minuses.
Christopher Allen: Will the groups start splitting? I'd like to
see the CG be a little broader.
Matt Stone: Broader than Credentials?
Christopher Allen: I just mean not tie explicitly to the WG,
there are things that the CG can do that VCWG can't do, so
untying them a bit is useful.
Matt Stone: +1 To ChristopherA
Manu Sporny: +1 To that, the CG is going to deal with everything
the WG can't deal with right now or isn't chartered to take on.
So things like protocol, decentralized identifiers.
Manu Sporny: The things we know we need for a good healthy
ecosystem but we weren't able to charter the WG to do yet.
Dave Longley: +1
Christopher Allen: I'd almost like to see it be Credentials
Infrastructure or something like that that covers the entirety of
the problem, but it's not a topic for today.
Matt Stone: We probably need an agenda item for next week that
is scheduled for CG calls and how we're going to keep the broader
discussion alive and have the WG start to focus. We'll want
someone on the CG side to take a chair role and keep those
driving forward.
Christopher Allen: Who is the current chair?
Matt Stone: It's Richard and I.
Matt Stone: We'll be moving to the WG, can't do both.
Christopher Allen: I'd be interested in talking about that, can
take it offline.
Matt Stone: Let's do the next agenda item. Next up is trip
reports.
Topic: Trip Reports
Christopher Allen: I wanted to report the last couple of
weeks... Manu did you report last week since Rebooting?
Manu Sporny: No, this is the first call I've been able to join.
Christopher Allen: Why don't you start out and I'll close.
Manu Sporny: Ok, sounds good. A couple of events that happened
before RWoT (Rebooting Web of Trust), I'll cover those first. We
went to IETF to move the signature stuff forward, that has to do
with Koblitz signatures that bitcoiners/ether people are using.
It had to do with signing HTTP messages, etc. We met with a
number of people at IETF, we met with the X-chairs of the JOSE
working group, Jim Schaad, we met with folks that were involved
with JWS and JWT, specifically, John Bradley from Ping Identity
and Mike Jones from MS. We tried to figure out a way to harmonize
the work at IETF and the work at VC. The good news is that we
came out of it with a pretty solid harmonization strategy.
Manu Sporny: The reason we couldn't use JWTs still stands, but
we can do a variant of JWS. By doing that, we get to reuse all of
the security analysis that has gone into JWS. The challenge that
we had before IETF was going to be a fairly 6mo-2yr security
review on our signatures even though they don't fundamentally do
anything new... you have to go through IETF process, then you get
your stuff through. If we can reuse JWS we get to skip 2 years of
work. I sat down with John Bradley and Mike Jones and came up
with something with JWS that we believe will work for the VC
community, the signature doesn't change all that much, just the
signature value. We pay a penalty of around 20 bytes per
signature, which isn't nearly as bad as before where docs were
going to double in size each time you added signatures. That was
unworkable. The new format allows us to only add an additional 20
bytes now.
Manu Sporny: That's all really great news because it means that
we can continue on, there's harmony between IETF and W3C on the
signature stuff, we skip politics and time.
Manu Sporny: We had the theory down at IETF and when we met at
RWoT ... and a number of people joined us and wanted to do
implementation. We had Kim Hamilton from MIT/blockcerts.
Manu Sporny: Kim did the implementation in JavaScript,
BigCHainDB implementation in python (missed one more)
Manu Sporny: We came in with an idea for how to do it from IETF
and we left RWoT with 3 interoperable implementations. It all
seemed to work nicely. It also opened the door to do Koblitz
signatures using the same mechanism.
Manu Sporny: The signature stuff became really aligned and all
good news.
Manu Sporny: Other things happened at RWot around decentralized
key management and authentication. We still don't have fully
interop implementations of DID specs, but DB and Evernym have
committed to that. Christopher Allen can speak to people working
on the bitcoin/ethereum specs that are related. The community
seems to be working really well together, actually generating
code, shipping products, really good, Christopher go ahead,
please cover anything I missed.
Christopher Allen: We made real progress on a particular
reconciliation with real code in three languages. The DID specs
are moving forward, bitcoin and ethereum ones getting mature to
match the Sovrin one. Other interesting work, around articulating
reputation and other types of issues. Lots of higher level issues
to continue. We're going to have another RWoT in October in
Boston. First week of October. If people are interested in
participating. Part of the reason why it was scheduled then was
to fit in with 3 other conferences in Paris, security and
privacy, eurocrypt, and privacy on the blockchain workshop. Those
all went very well and CFRG meeting. We mentioned that we've got
a secp256k1 spec, talked about advantages, got some reluctance to
open up the political can of worms they've had in the past which
is understandable, but the more important thing was that after
this meeting Jim Schaad, who is the editor for the JOSE standards
said that if there's a reasonable spec for secp256k1 as an
internet draft that he's more than willing with his editor powers
to add that as an acceptable cipher suite to JOSE without
requiring a full CFRG review and a chair of CFRG said that was
acceptable to him. That would let us bring in communities that
use this alternative curve. I'm at Eurocrypt this week and since
we're talking about educational use cases and the institution I
worked with doesn't even exist made me realize long term
signatures are important. I've been doing research into hash
signatures which are inefficient and slow but crypto experts
believe it's a strong long term tech (quantum resistant, etc.)
it's a great way to have a long term sig. It's 43k per signature,
which is significant but it may be worth the extra effort to have
something last that long.
Christopher Allen: If anyone has any questions they can talk to
manu or myself.
Manu Sporny: Wanted to follow up on hash based signatures. We
met with a Canadian company working on hash based signatures and
they are very interested in working with the VC group to get that
sort of signature in. There's interest in that space, we can't
necessarily move quickly on it but keep it in the back of our
minds, especially because we've got a company packed with post
quantum cryptoggraphers. It's useful multiple decades out, long
lasting stuff.
Christopher Allen: Definitely says something as a requirement
for our docs and the future, there's a big difference between a
claim that you can get reissued ... claims that have short
expiration dates, etc. and these long term claims, interesting
from privacy and security point of view.
Matt Stone: That was a great update, both of you guys, thank you
very much. Pretty exciting activity going on out there? Any more
questions or comments on trip reports?
No other comments
Matt Stone: So, WG membership is the next topic.
Topic: Working Group Membership
Matt Stone: Everyone should have gotten a notice that the WG was
created, if you want to participate please join. The first
meeting will be the 16th of May. Call in information will be in
the invitation to members of the WG, you need to join the WG to
get the call in details, etc.
Matt Stone: It's W3C member only.
Matt Stone: We'll then be resuming work on the data model and
use cases and so on when we get together next.
Topic: Suggestions for next week
Matt Stone: There are a couple of action items to finish up the
docs from the CG, we'll do an update on that and make sure that's
wrapped up. Any other topics we need to keep in mind for the
agenda next week?
Manu Sporny: I'm wondering if we want to start ... there are a
number of people who will be on the WG call, I'm wondering if we
should do some preplanning on the topics we want to cover first.
There's a question around when we'll have a F2F meeting if we'll
have one in the summer, there are terminology issues we should
tackle up front, we'll need to bring people online pretty quickly
once the WG starts up, we'll want to understand what docs we want
to publish and we should have another discussion on that. We may
want to have some discussions before the WG starts up to prime
these discussions.
Manu Sporny: We may want to have a discussion about that next
week.
Manu Sporny: We to come up with topics to get into the WG to be
ready to discuss.
Christopher Allen: I'd like to see a new kick off for the CG.
The WG is going to kick off on its own. Starting fresh sort of
(new kickoff) with the CG would be great. There's a broader issue
of decentralized identity we'd like to have a place to
discuss/post reports, etc. and come up with new docs.
Christopher Allen: There may be things that are in the
decentralized identity community that don't belong in the WG or
VC.
Matt Stone: Yeah, I think accepting a narrowed charter for the
WG was fine given that the CG would keep working and feeding into
a new WG/new charter in the future. So the CG keeps working on
the next set of ideas.
Matt Stone: One of the things we were talking about on the chair
calls as a matter of convenience, it would be nice if the CG and
WG calls were back to back. So many of us are participating in
both, if we need to slide extra time in the CG or WG we may have
flexibility to do that.
Christopher Allen: Maybe that's just an agenda item and maybe
the CG can have a longer meeting once a month on the same day as
VC. Does the CG, with its new goals need to meet weekly, etc.?
Manu Sporny: The other thing, I've been hearing this second hand
was to put the calls back-to-back, the other upside that I heard
was that it would time box the CG call if it was 30 minutes
before the WG, we'd see a bunch of people leave at the 30 minute
mark. Two one-hour calls back to back is asking a lot, but a 30
min CG call directly before/after the WG is a pretty good idea.
Everyone's just there and they've blocked the time out. The
benefit for having it before is there's a hard stop, whereas
after the call it can expand. If the chairs are diligent and it's
30 minutes only, to mop up after the WG, then that might work.
With the possibility to extend if we really need that time.
Christopher Allen: Please not before :)
Matt Stone: We could change the WG start time to half-past if we
don't want to go earlier.
Christopher Allen: +1 On that
Matt Stone: I'd rather not go earlier than what we're currently
scheduled.
Matt Stone: Any more input?
Matt Stone: On next week.
No other input.
Matt Stone: That concludes our meeting for the day.
Received on Thursday, 4 May 2017 14:33:24 UTC