[MINUTES] W3C Credentials CG Call - 2017-11-14 12pm ET

Thanks to Lionel Wolberger for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2017-11-14/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-11-14

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Nov/0032.html
Topics:
  1. Introduction to Mark Miller (Google)
  2. DID Spec Review
  3. Capabilities in Verifiable Credentials
  4. W3C TPAC 2017 Update
Action Items:
  1. Manu to complete #RWoT changes to DID spec
  2. Manu to complete Veres One DID Method spec by January.
  3. Joe to submit language edits to section 1, to sync with 
    Manu's release 2nd december.
  4. Drummond to have list of of hardening decisions to list next 
    week, weekly separate calls to follow.
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Lionel Wolberger
Present:
  Lionel Wolberger, Mark Miller, Drummond Reed, Frederico Sportini, 
  Manu Sporny, Christopher Allen, Chris Webber, Joe Andrieu, Nate 
  Otto, Adrian Gropper, Christian Lundkvist, Dave Longley, David I. 
  Lehn, Kim Hamilton Duffy, Adam Lake, Chris Chapman, Jarlath 
  O'Carroll
Audio:
  https://w3c-ccg.github.io/meetings/2017-11-14/audio.ogg

Lionel Wolberger is scribing.
Agenda review
1. Agenda Review (2 minutes) 2. Introductions & Re-Introduction 
  (3 minutes)  3. Status of Current Action Items (5 minutes) 4. 
  Review and discussion of status of DID spec 0.7, post 
  #RebootingWebOfTrust, #IIW & #TPAC, with goal to advance the 
  specification to 0.8 by end of year. (50 minutes)

Topic: Introduction to Mark Miller (Google)

Mark Miller:  Google research in ECMA script. Advancing object 
  capabilities security model
  ... at RWoT went through a revolution of reorienting a lot of 
  stuff with the object model
  ... made a lot of progress
Drummond Reed: Mark was able to attend the Rebooting the Web of 
  Trust #5 conference and gave us fantastic guidance about using 
  the object capabilities security model there.
Drummond Reed: Very glad to have him here.
Frederico Sportini:  Hi, Frederico Sportini
  ... CTO of ____
  ... developing an app on the Android Store implementing 
  spidchain.
Frederico Sportini: 
  https://play.google.com/store/apps/details?id=com.spidchain.app
Skipping action items for today. Need to improve this and make it 
  more easily available. 
Frederico Sportini: It's a late alpha more than a beta :D
Frederico Sportini: Still lots of features missing
Spidchain app description: Spidchain is a next generation 
  identity system. It protects your privacy because you are the 
  owner of all the data that identifies you.  With spidchain you 
  can login with one click to websites that requires certified 
  information.
Spidchain implements btcr, bitcoin testnet

Topic: DID Spec Review

  ... move spec number back to conform with W3C conventions.
Manu Sporny: https://w3c-ccg.github.io/did-spec/
  ... 0.7 was update from RWoT and other
  ... Discuss TPAC and other discussions, to move the spec up to 
  a revision and become v0.8
Manu Sporny:  DID spec link above
  ... Before W3C TPAC got approval to pull in the changeset of 
  all changes discussed, about 30 decent sized modifications
Christopher Allen: Section 1, 2, 3.1, 3.2 have changed
Manu Sporny:  Discussion re:hardening. Drummond leading.
  ... JoeA wants to update spec, instead of "identity" speak of 
  "identifiers"
  ... some other changes still to make post-RWoT and IIW
  ... aiming for 1st/2nd week December
Drummond Reed: I can give a short report on the DID spec 
  hardening proposal

ACTION: Manu to complete #RWoT changes to DID spec

Chris Webber:  Does this version incorporate the MarkM learnings?
Manu Sporny:  VCWG decided to ask CCG to pick kup object 
  capabilities
  ... two places where object capabilities can be put into the 
  system we have
  ... 1 layer- DID spec layer.
  ... Got push back on this.
  ... Direction- we state we strongly advise putting object 
  capabilities on the ___
Drummond Reed: +1 To the DID spec saying that DID method specs 
  SHOULD use object capabilities.
  ... In VC work, we say object capabilities should be the 
  primary mechanism for authorization to do things
  ... Propose doing object cap. in the verifiable claims layer
Drummond Reed: I know that Daniel Hardman, Evernym VP 
  Engineering, also agrees with that approach, i.e., object 
  capabilities in verifiable credentials.
Mark Miller:  The DID spec presented had a section attempting to 
  do a capbility-based authorization
  ... we realized by end of RWoT this text was broken, and it was 
  better to just remove it
Chris Webber:  There are aspects to putting it in the DID spec v 
  the methods spec

ACTION: Manu to complete Veres One DID Method spec by January.

Joe Andrieu:  Plans to dive into the identity stuff in section 1

ACTION: Joe to submit language edits to section 1, to sync with 
  Manu's release 2nd december.

Manu Sporny:  Move from talking about identity to talking about 
  decentralized identifiers and how they enable identity
Drummond Reed: +1 To JoeAndrieu making his editorial changes.
Joe Andrieu:  A OK
Christopher Allen:  Question, you said two weeks ago the best way 
  to move forward on hardening was to complete the RWoT draft.
  ... can you update on IIW discussions
Drummond Reed:  IIW discussion resulted in a Google Doc that has 
  collected comments
  ... some additional discussion at TPAC (not that much)
  ... suggest to have closure calls next week
  ... in Utah this week
  ... this thursday people are narrowing in on hardening that 
  they wish to discuss
  ... start scheduling dedicated calls, in addition to this 
  weekly CCG call;
  ... propose one per week
Christopher Allen:  DIF or CCG?
Christopher Allen:  Drummond to have hardening decisions by Sat.
Drummond Reed:  Susan Bradford to take task to propose schedule 
  of calls starting a week from now

ACTION: Drummond to have list of of hardening decisions to list 
  next week, weekly separate calls to follow.

Drummond Reed:  Will coordinate with Manu to avoid 'stepping on 
  each other'
Drummond Reed: Apologies, must go now, thanks

Topic: Capabilities in Verifiable Credentials

Chris Webber:  Recap of VCWG end of W3C TPAC
  ... reviewed, if we do not go down the capabilities route, we 
  will reproduce the problems we had with ACLs
  ... group was unanymous except for one observer
  ... does CCG agree to take up the credentials work? Do we need 
  a proper vote/poll here?
Christopher Allen:  Let's wait, we're not gated on the ocap 
  stuff.
  ... propose, the day Manu ships the next set of PR requests + 
  some days to accept those PRs
  ... then after that 7 more days
  ... leaving time for Thanksgiving celebrations in all of 
  this...
  ... cwebber is there anything else you need to move your things 
  forward?
Chris Webber:  A bit swamped now.
  ... Next month I can draft what Mark and I have written, then 
  resubmit it
  ... contingent on a consensus that this is worth doing
Manu Sporny: We should try to explore this path... +1
Christopher Allen: +1
Joe Andrieu: +1
Manu Sporny: +1
Christopher Allen:  Polling the crowd
Nate Otto: We should explore this path. +1
  ... no one against, many +1's
Adrian Gropper: +1
Christopher Allen:  Explanation of OCAP.. ?
Chris Webber:  We have a good angle on producing training 
  materials re: object capabilities
Christopher Allen:  Would like to publish general capabilities 
  material
  ... enable them with DID and specify them in the method specs
  ... IIW people were not at RWoT, so we need some more 
  discussion
Manu Sporny:  Hardening spec goes back to keys
  ... suggests a single array of keys
  ... and the services array
  ... before RWoT we had keys and services. At RWoT the consensus 
  was to move away from keys and more towards authorization 
  credentials
  ... and move services up
  ... hardening spec undoes those two changes
  ... in other words, IIW discussion kind of un-does the RWoT 
  discussions
  ... how we describe keys
  ... path dereferencing, services, serialization formats
  ... from the DID side we are getting key management material: 
  how keys are used
  ... discussion around cryptographic algorithms and their 
  application
  ... key issues now
  ... how we are listing keys and services (discussion re-opened)
Christopher Allen:  In BTCR we will have our own proofs, ...

Topic: W3C TPAC 2017 Update

Manu Sporny:  TPAC updates
Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2017Nov/0033.html
  ... sent an email out to the mailing list, report on how the 
  DID discussion went
  ... had good turnout from enterprise, Google, BBC
  ... about 45 people
  ... spent more time than planned due to interest
  ... Tim Berners Lee joined us for the DID discussion and 
  invited us to submit to the W3C architecture group for review
  ... this group reviews architecture for the web at large, the 
  highest group at the W3C who make a final determination
  ... they only review things they are very interested in
  ... was said (a W3C personage) "DNS is the achilles heel of the 
  web, any solution that ensures a better alternative is welcome to 
  consideration"
  ... were warned, DID is not a web fork
  ... DID is an alternative identifier that lives beside the DNS 
  system
  ... lives alongside
  ... and has its own applications
  ... a W3C staff member suggested some changes in how we 
  approach it
  ... so we have "problems of success"
  ... we have to fix up all the specs and do tag review
  ... if the TAC says it is important technology this is a big 
  upvote and results in less fighting and a smoother onramp into 
  W3C
Christopher Allen:  Credentials group approve
  ... formalkly charter a WG?
  ... or is this part of rechartering ?
Manu Sporny:  Easier to use an existing group
  ... same argument for linked data signature stuff
  ... recharter VC group in the following way:
  ... we did it, got data models done, but since we find these 
  DIDs with signatures,
  ... we put those specs through the W3C standarsd process
Christopher Allen:  A number of people here who are not members
  ... community allows anyone to participate
  ... example Evernym is a member
  ... others are not
Manu Sporny:  Two implementers are not enough to make it, the 
  group will collapse
  ... need UCorp, blockstack, ++ folks
  ... does not look good with just two implementers.
  ... how can we defend such a low number of implementers?
  ... need IPFS, blockstack on implementation
  ... when we have demonstrable implementations that is the exit 
  criteria
  ... need 4 or 5
  ... 460 members at W3C. Minimum in favor is 25 companies
  ... example: VC had 58 members in support, but there were only 
  about 20 people really there doing work
  ... we need to match those numbers
  ... 50 people supporting DIDs with 20 showing up
  ... not enough right now (!)
  ... bottom line: need commitments from more companies
  ... warning: if the WG is shut down it stays dark for 5 years
Christopher Allen:  DID spec, DID document, ...
  ... plan a new hackathon for January via KimH
Frederico Sportini: Hackaton would be great
Frederico Sportini: +1
  ... AFAIK Blockstack's latest release has an identifier at the 
  root,
  ... AFAIK no effort towards DID docs or Verifiable claims
  ... UPORT:
  ... Christian, where are you guys?
Christian Lundkvist:  Uport has the method spec
  ... at IIW we implemented the plugin for the universal resolver
  ... next on our roadmap:
  ... we have been doing some verifiable claims stuff
  ... an issue, it is a fair amount of work moving over from JSON 
  token VCs to JSON LD signatures
Christopher Allen:  The BTCR from the last hackathon
  ... there was a python library released (no C or C++)
Manu Sporny:  The crypto is implemented, and JSONLD should have 
  reference implementation in JScript
  ... when you have issues ping Dave, Manu, for examples
Christian Lundkvist:  The DID spec itself is a work in progress
  ... this is another challenge
Dave Longley: Btw, rdf canonicalization has a native 
  implementation now (that is currently integrated as a node.js 
  module): 
  https://github.com/digitalbazaar/rdf-canonize/tree/master/lib/native
  ... we have an implementation in a resolver that returns an 
  older version of a DID document
Dave Longley: This could be split out into a C library at some 
  point.
  ... that needs to be updated when we setetle
Christopher Allen: +1 On c lib
Christopher Allen:  +1 For Uport stepping up
  ... move to JSON-LD is key
  ... bitcoin curves
Adrian Gropper: +1 UPort for stepping up -
Christopher Allen: Remember! No meeting next week!
Nate Otto: Bye all; it was nice to be back in this group today! 
  See you again soon.

Received on Tuesday, 14 November 2017 19:00:15 UTC