- From: David Chadwick <D.W.Chadwick@kent.ac.uk>
- Date: Wed, 1 Nov 2017 12:02:29 +0000
- To: public-credentials@w3.org
Here are some corrections to the minutes regards David On 31/10/2017 18:30, msporny@digitalbazaar.com wrote: > Thanks to Mike Lodder for scribing this week! The minutes > for this week's Credentials CG telecon are now available: > > https://w3c-ccg.github.io/meetings/2017-10-31/ > > Full text of the discussion follows for W3C archival purposes. > Audio from the meeting is available as well (link provided below). > > ---------------------------------------------------------------- > Credentials CG Telecon Minutes for 2017-10-31 > > Agenda: > https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0116.html > Topics: > 1. Status of Action Items > 2. Credential Handler API > 3. W3C TPAC Planning > 4. Post RWoT DID Spec > Organizer: > Kim Hamilton Duffy and Christopher Allen > Scribe: > Mike Lodder > Present: > Mike Lodder, Kim Hamilton Duffy, David Chadwick, Christopher > Allen, Ryan Grant, Dave Longley, Joe Andrieu, Manu Sporny, Susan > Bradford, David I. Lehn, Adrian Gropper > Audio: > https://w3c-ccg.github.io/meetings/2017-10-31/audio.ogg > > Mike Lodder is scribing. > > Topic: Status of Action Items > > Kim Hamilton Duffy: Will cover the DID PR > David Chadwick: Lifecycle document - haven't updated the > document to Markdown yet. > Christopher Allen: Need more clarity on the webpage about what's > been reviewed work items as opposed to what still needs to be > reviewed > Christopher Allen: Also not sure about WoT items having been > approved / voted > Ryan Grant: +1 > Kim Hamilton Duffy: I will clarify work items that have been > voted on vs approved > Dave Longley: +1 > Kim Hamilton Duffy: Deadline passed last week for DID PR > Joe Andrieu: Can we get the PR url? > Manu Sporny: We just want to know if the new set of changes are > a step in the right direction. We still need to fix some language > things from RWOT > Christopher Allen: +1 > Kim Hamilton Duffy: Pr: > https://github.com/w3c-ccg/did-spec/pull/22 > Manu Sporny: Does everyone believe that the PR overall improves > the spec? > Christopher Allen: No issues with PR but I haven't done a formal > review > Ryan Grant: Believe the PR is ok with direction > Dave Longley: I recommend +1 for merging -- and outstanding > problems get a new, specific github issue > Mike Lodder: +1 Dlongley > Ryan Grant: It doesn't have "//" that results in a location > Manu Sporny: DID are URL's, maybe introduce the concept of DID > needs to be redone > > Topic: Credential Handler API > > Kim Hamilton Duffy: DavidC should take the lead on discussing > API spec > Dave Longley: +1 Reword introduction, more focus on stable ID vs. > "new" thing that isn't quite a URL (which it isn't) > Dave Longley: > https://docs.google.com/presentation/d/1qk9-6dpsZttrFr4qV-aID2L2OFTcKHL1epkzRgB8pZc/edit#slide=id.p3 > <-- slides from David Chadwick > Kim Hamilton Duffy: Credential API github issue: > https://github.com/w3c-ccg/credential-handler-api/issues/1 > David Chadwick: FIDO protocol was used and keys are stored not not -> on > the smartphones and computers > David Chadwick: Presented to others at EIC 2017 Munich, and some attendees > from JOSE / Web > Authentication said that the FIDO spec is > now out of date delete next line ----- > David Chadwick: To look at other specs at W3C ----- > David Chadwick: FIDO spec is being replaced by W3C Web Auth and IETF token binding specs. The interface is easy to use and tested with > hospital patients > David Chadwick: Hospital patients like it much better > David Chadwick: With his interface users didn't need to enter > usernames or passwords > Dave Longley: https://w3c-ccg.github.io/credential-handler-api/ > Dave Longley: Web authentication should be viewed as > complementary vs alternative to credential handler api > Dave Longley: What are the reasons why your approach is easier > Dave Longley: How does this stuff work on the web? > David Chadwick: Credentials are on the device > David Chadwick: Its easier to use because there are less steps > involved > David Chadwick: Manu's was cumbersome and complex > David Chadwick: The phone handles the logic and allows the user > to choose which VCs to use and give his > consent > Dave Longley: Credentials handler can potentially live on the > device or can live on the web in a secure location > Ryan Grant: That was/is my question: how are credentials > reestablished in case the device is lost? David Chadwick: If the device is lost the user must register with the issuers again (unless he already has a backup device holding the credentials) > Dave Longley: The interface is dependent on the software > implementer > Dave Longley: The point is to have the browser do the minimum > amount of work > David Chadwick: Agreed > The protocols need to be standardized to allow > for mixing and matching of the various system components > Ryan Grant: Where are the separation of concerns addressed? > David Chadwick: I would like the protocol between the inspector > and holder to be standardized > Dave Longley: +1 For standardizing the "policy"/"query" and > response > David Chadwick: Whatever approach we choose should be compatible > with how browsers are today > Ryan Grant: I understand the focus and will consider lost devices > a problem to be solved by implementaitons. > Manu Sporny: Agree that the way to get browser adoption is to > make the browser vendors do as little as possible. > Mike Lodder: +1 Rgrant, that problem is up to the vendor To > solve > Dave Longley: Credential handler api is lower than the layer > that DavidC was talking about > Christopher Allen: Time check. TPAC review is critical path. > David Chadwick: Allowing multiple wallets adds lots of > complexity > Dave Longley: Different wallets can provide different > credentials > Kim Hamilton Duffy: Do we have any action items to close out > this topic > Ryan Grant: Do we have consensus that it fits? > Ryan Grant: I think so > Manu Sporny: I don't think this is an item that gets closed out > Kim Hamilton Duffy: Manu will guide us through TPAC David Chadwick: I would like Manu to add a slide to say that W3C Web Auth protocol can be used by VCs. This will also help VCs to be supported by others in W3C. > > Topic: W3C TPAC Planning > > Manu Sporny: Give a heads up to W3C group about what we are > trying to do > Manu Sporny: A Vision for a Self-Sovereign Web: > https://docs.google.com/presentation/d/1woq0pZD872NvhBIu90GIZMf8MQLWCtXM1NCx8n6s0VM/edit > Joe Andrieu: +1 On slide deck, btw. That's my review. =) > Manu Sporny: This shows how to combine: credential handler, > DIDs, and web payments > Manu Sporny: And addresses some use cases > Manu Sporny: Here's how we are doing it > Manu Sporny: How to refine the pitch for self sovereign web > Kim Hamilton Duffy: What time constraints are there for the > chairs to review our proposals > Ryan Grant: Go Oma! > Kim Hamilton Duffy: To start a slide deck to address the action > items > Ryan Grant: Very visual slides, loved it > Christopher Allen: I'm limited on time. I'm hoping that I don't > have to spend all day Wednesday. > Ryan Grant: Meh > Christopher Allen: We said last week there will be no call next > week. > David Chadwick: +1 > > Topic: Post RWoT DID Spec > > Christopher Allen: We should first dive into post #RWOT spec > first, then Post IIW DID spec. > Susan Bradford: Drummond is confirmed to attend > Kim Hamilton Duffy: No meeting next week but we will dive into > DID spec stuff after that > > > > >
Received on Wednesday, 1 November 2017 12:04:18 UTC