- From: <msporny@digitalbazaar.com>
- Date: Tue, 30 May 2017 13:54:33 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Drummond Reed for scribing this week! The minutes for this week's Credentials CG telecon are now available: http://w3c.github.io/vctf/meetings/2017-05-30/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2017-05-30 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2017May/0057.html Topics: 1. Community Group Scope and Naming 2. Verifiable Claims Browser API and Browser Polyfill 3. Lifecycle of a Verifiable Claim 4. Data Minimization and Selective Disclosure Report 5. Decentralized Identifier Spec Organizer: Kim Hamilton Duffy and Christopher Allen Scribe: Drummond Reed Present: Drummond Reed, Manu Sporny, Ryan Grant, Maria Dubovitskaya, Markus Sabadello, Adam Lake, Kim Hamilton Duffy, Christopher Allen, David Chadwick, Joe Andrieu, Harlan Wood, Sean Bohan, Dave Longley, Dan Burnett, David I. Lehn Audio: http://w3c.github.io/vctf/meetings/2017-05-30/audio.ogg Drummond Reed is scribing. Manu Sporny: Clarified that we are going to be talking about both Federal Task Force and other topics Ryan Grant: Hi, I've been participating in the Rebooting Web of Trust Workshops. Focused on DID spec and DID method specifications Maria Dubovitskaya: Works with IBM research and Jan Camenisch on privacy-preserving credentials Markus Sabadello: Markus Sabadello is with DanubeTech in Vienna Austria. Working on Sovrin, verifiable claims, Sovrin, and XDI Adam Lake: Works with Digital Bazaar, very interested in self-sovereign identity and independence on the Web Kim Hamilton Duffy: Bariska: Works with IBM research and Jan Camenisch on privacy-preserving credentials Christopher Allen: Reviews action items Kim Hamilton Duffy: Send last call for additional CG work items before poll DUE FRIDAY MAY 26th [DONE] [scribe assist by Manu Sporny] Kim Hamilton Duffy: Create poll for priorities on work items, ~3 weeks snapshot poll results for prioritization - DUE TUESDAY MAY 30th [IN-PROGRESS] [scribe assist by Manu Sporny] Christopher Allen: First draft of CG Mission Statement for review - DUE JUNE 6th [ON HOLD Re: NAME & MISSION] https://docs.google.com/document/d/1kxm6yGnGAVgNTLMYft_cz2zW3c1AE8uSCy4i5A6OhG8/edit?usp=sharing [scribe assist by Manu Sporny] Christopher Allen: Create a new proposal for how Digital Verification CG integrates DUE JUNE 6th [ON HOLD re: NAME & MISSION] [scribe assist by Manu Sporny] Manu Sporny: ALL: Approve New Name and Mission Statement - DUE JUNE 27th Manu Sporny: Clarifies that only W3C chairs can update community docs Topic: Community Group Scope and Naming Christopher Allen: At the last meeting, there was a motion to unite the two community groups Christopher Allen: The open issue is the name of the unified group. "Credentials" is overused Manu Sporny: Needs to appear before the US Fed Secure Payments Task Force next week and give them a formal name of this group Manu Sporny: Proposes "Digital Verification Community Group" Manu Sporny: Favors that name because it's a "big tent" Manu Sporny: Wants to avoid the term "Identity" since it is so overloaded David Chadwick: The term "credential" is more accurate Ryan Grant: Asks about the term "identity" - why is it overloaded? Manu Sporny: The W3C has said that it is not a topic they want to tackle Manu Sporny: The security community got upset about the use of the term "credential" because in their view a credential is strictly a username/password Manu Sporny: "Decentralized Verification" is another option, but that's also vague. David Chadwick: "Credential" is broader than username/password David Chadwick: It would be correct to use "credentials" in the meaning of the term we all understand Manu Sporny: Agrees, but our opinions on the suitability of the term really don't matter to some of the major players at W3C. They can then block the work behind the scenes. Manu Sporny: The words "identity" and "credential" are trigger words for that reaction David Chadwick: The word "verification" is too vague Joe Andrieu: His concern about "verification" is only about the signature of the issuer, not whether the claim is true. So he'd like to be able to retain that, Ryan Grant: Proven control of keys David Chadwick: What about "digital cards"? Ryan Grant: "Proof of key control" Christopher Allen: That term also has challenges Joe Andrieu: Digital Assertions? Ryan Grant: "Control assertions" Joe Andrieu: Digital Attestations? Christopher Allen: Would like to find a term that also attracts digital cryptographers Kim Hamilton Duffy: +1 Digital Attestations Christopher Allen: Appreciates why Manu needs to move the process forward to establish a name for the U.S. Fed presentation Ryan Grant: +1 Digital Attestations Joe Andrieu: Likes "digital" as a prefix, but looking for a term that is larger than "claims" Adam Lake: +1 Digital Attestations Joe Andrieu: Secure attestations? Drummond Reed: The challenge with "Digital Attestations" is that it sounds just like Verifiable Claims https://github.com/w3c/vc-data-model/issues/47 Manu Sporny: We are trying to establish that this community group has a larger scope than Verifiable Claims Christopher Allen: Wants to make sure that the scope includes reputation systems that describe claims and proofs. Used the example of R3. Also E&Y. Manu Sporny: Self-Sovereign Technology Community Group? Christopher Allen: This also came up at Rebooting the Web of Trust in Paris. The term "attestation" was used for a subtype of verifiable claim Kim Hamilton Duffy: The term "attestation" is also pretty loaded Manu Sporny: +1 To what KimHD is saying... we should get some of these ideas down.... Ryan Grant: +1 For crowsourced sense of specific<-->general, and which words in/out Drummond Reed: "Self- Sovereign Technology Community Group" is not bad Harlan Wood: Our Portable Reputation Toolkit work that Christoper A was referring to: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/final-documents/reputation-toolkit.pdf Adam Lake: Self-Sovereign Technology is not much longer than "verifiable claims" I think Self-Sovereign sums up the collective effort of the group Joe Andrieu: There's also a notion of "decentralized" at the core of our approach. Sean Bohan: Manu, is there a date you need a name by? Christopher Allen: We're running out of time for this agenda item, but recognize that it needs to be resolved Manu Sporny: Sean - by Thursday :P Manu Sporny: That's when the slides are due Christopher Allen: Attribute-based credentials Christopher Allen: Attribute certifications Adam Lake: Decentralization is a strategy to achieve Self-Sovereignty--Self-Sovereignty is the goal it seems to me. Harlan Wood: +1 For "Self-Sovereign Technology Community Group". Inspiring to us, and likely sounds irrelevant to those who might block other names... Adam Lake: Interesting shift from trying to name the specs to using the name of the goal [scribe assist by Ryan Grant] Christopher Allen: I love the SS idea (obviously) but it may alienate some, as you can use this tech with centralized as well. Maria Dubovitskaya: Worked on ABC for Trust, which was all about privacy-preserving credentials and authentication. This was published by Microsoft and IBM. Manu Sporny: That's true, ChristopherA - SS may alienate large corporates/governments. Adam Lake: If SS can be centralized then why does it alienate? Harlan Wood: Sovereign is a loaded word ;) Joe Andrieu: Have we seen any evidence that SS alienates corporates/governments? That seems apocryphal so far. Drummond Reed: I am finding that the term "self-sovereign" is getting more traction in the market as a specific term of the industry. Joe Andrieu: +1 To avoid the name conversation, Manu Ryan Grant: Maybe manu could call it X... working towards Self Sovereign Identity. Manu Sporny: Perhaps he should just try to avoid the name in this presentation Drummond Reed: I am okay with Digital Verification WG Adam Lake: It seems like GDPR that SS would be appealing to the EU https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSym Harlan Wood: I'm finding SS a great descriptive word. Experts and muggles alike immediately get it, and love it. Adam Lake: "Governments" Drummond Reed: SS tech is *definitely* appealing to GDPR Topic: Verifiable Claims Browser API and Browser Polyfill Dave Longley: https://docs.google.com/presentation/d/1-RJMifQthi-vJJ2X4UCjQAtkklgxmlk4LWnHupuibHw/edit?usp=sharing Kim Hamilton Duffy: Also +1 on SS Dave Longley: Assumes he and Manu would be the main champions for this Dan Burnett: DIgital Self-Sovereign tEChnology Track (DISSECT) Harlan Wood: LOL Dave Longley: A polyfill provides a Web API that is not yet natively supported in a browser Dave Longley: A Web API polyfill will let people register a "wallet" to store verifiable claims and share them with other sites Manu Sporny: We're on slide 5 Dave Longley: A Web API for verifiable claims will work like other Web APIs like the Payments API. In fact those other APIs are designed to be extended for functions like these. Ryan Grant: Slide 8's did would be legal as: did:nop:1324 Dave Longley: Doing this in a polyfill lays the groundwork for browsers to natively implement the API and those APIs will take over from the polyfill Dave Longley: https://demo.authorization.io/ Dave Longley: Digital Bazaar has an implementation of a polyfill that works now. It lets you register a DID, receive a claim, and then share it with another site. Manu Sporny: Dave's referring to slide 6 - the one with the links Dave Longley: There are a number of ways we can go with this. The preso includes links to source code of the demo. The last few slides show what the Javascript code looks like. Dave Longley: The Web API abstracts the digital wallet so that the developer does not need to care where or how the credentials are stored Christopher Allen: https://docs.google.com/document/d/1W0r6TOaJXGcDP4qOzOIEfSymub4nRSLrBmtBqyDf06I/edit?usp=sharing Topic: Lifecycle of a Verifiable Claim Joe Andrieu: http://bit.ly/joram100 Harlan Wood: Thanks Dave, great stuff! Christopher Allen: Suggests that people add notes about a Web API to the Work Items document David Chadwick: Volunteered as a champion for the Lifecycle of a Verifiable Claim work Christopher Allen: Another example of a use-case in this style (not mature) is the Web Of Trust Use Case at https://github.com/w3c/vc-use-cases/issues/31 Joe Andrieu: The work is a prose description of the 15 steps of a user interacting with the system—in this case a Syrian refugee arriving in Greece Joe Andrieu: Talks through the 15 steps as shown in the use case document Joe Andrieu: The goal is to present what the user experience would be throughout the lifecycle of the technology without the technical details so one can focus on the actual use and benefits Topic: Data Minimization and Selective Disclosure Report https://github.com/w3c-dvcg Manu Sporny: https://w3c-dvcg.github.io/lds-pseudonymous2016/ Christopher Allen: We have a number of topics around data minimization and selective disclosure, including CL signatures Christopher Allen: Other approaches do simpler forms of data minimization and selective disclosure, but these have not been expressed in detail, so we need a document that explains and explores the options. Christopher Allen: Right now he is the lead on this item, and is seeking other champions Drummond Reed: I can talk about current DID spec on next call [scribe assist by Manu Sporny] Topic: Decentralized Identifier Spec Drummond Reed: DID Implementer’s Draft 10: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/final-documents/did-implementer-draft-10.pdf Drummond Reed: This is work that started here with the VCTF and DIDs for Verifiable Claims... we moved it forward under DHS S&T... and Rebooting Web of Trust last year. [scribe assist by Manu Sporny] Drummond Reed: It's an identifier format that can work with any ledger or decentralized identifier technology. It doesn't rquire centralized registration authority, standardized JSON-LD object/DDO, associated w/ public keys, key rotation control block, service endpoints. [scribe assist by Manu Sporny] Christopher Allen: Asks that if you know others who are interested in this work, send them email and make sure they know that this is a new Community Group with a big tent. Encourage them to participate in the next few calls. Kim Hamilton Duffy: A poll is going to come out this afternoon Sean Bohan: Thanks Christopher and Kim! Christopher Allen: Thanks everyone for participating and looks forward to next week
Received on Tuesday, 30 May 2017 17:55:04 UTC