[MINUTES] W3C Credentials CG Call - 2017-10-24 12pm ET

Thanks to Manu Sporny for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2017-10-24/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-10-24

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0092.html
Topics:
  1. Reintroductions
  2. W3C TPAC
  3. DID Specification
  4. Digital Verification Cryptography
  5. JSON-LD and LD Signature Updates
  6. Credential Handler API
  7. Lifecycle Model
  8. Verifiable News
  9. Other Work Items
  10. Path for DID Spec Standardization
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Manu Sporny
Present:
  Manu Sporny, Christopher Allen, Jan Camenisch, Susan Bradford, 
  Drummond Reed, Dan Burnett, Moses Ma, Dave Longley, Mike Lodder, 
  Joe Andrieu, Ryan Grant, Adam Lake, Nathan George, David I. Lehn
Audio:
  https://w3c-ccg.github.io/meetings/2017-10-24/audio.ogg

Manu Sporny is scribing.
Christopher Allen:  Agenda today is a little loose, this is our 
  first real meeting after both RWoT5 and IIW. 
Christopher Allen:  Let's do introductions and reintroductions... 
  work items... discussion for possible new work items... we may 
  want to work on.
Christopher Allen:  We may also talk about credential handler 
  polyfill.
Christopher Allen:  There was also discussion on DID spec 
  hardening at IIW, we could add that to the end.
Christopher Allen:  Any new folks on the call today?
No new people, community is settling again into a regular set of 
  participants.

Topic: Reintroductions

Jan Camenisch:  Hi everyone, I'm Jan - worked a lot on anonymous 
  credentials and cryptographic algorithms for that.
Jan Camenisch:  Currently working with Sovrin/Evernym folks on 
  defining a format for the crypto interfaces for credentials that 
  we can agree on algorithms for that.

Topic: W3C TPAC

Christopher Allen:  TPAC Meeting coming up - opportunities to 
  spend some time on Wednesday presenting on Credentials CG and 
  Verifaible Claims.
Christopher Allen:  There is a VCWG time slot for CCG as well - 
  potentially talk about things that are higher level credentials.
Susan Bradford: Manu has Wed slot booked. Proposing talk on 
  vision for self sovereign web
Drummond Reed: Manu is proposing a talk called, "A Vision for a 
  Self-Sovereign Web"
Manu Sporny:  Don't worry about the Wednesday slot, I have that 
  booked. I'm proposing a talk titled "Self-Sovereign Web" (or a 
  vision for it) and the goal is to show a good broader vision for 
  this stuff at the Web, VCs, DIDs, Credential Handler API, how it 
  all comes together for a more self-sovereign Web. [scribe assist 
  by Dave Longley]
Dan Burnett: Friday time slot(s) in the VCWG meeting agenda can 
  be found here: 
  https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit#gid=0
Manu Sporny:  Would be good to have the chairs for CCG, VCWG, Web 
  Commerce IG, etc, all supporting unified vision. [scribe assist 
  by Dave Longley]
Christopher Allen: +1
Christopher Allen: I plan to be there.
Manu Sporny:  Other thing that just came up is the potential to 
  do a lightning talk in front of the whole AC. I've submitted 
  something there that is a boiled down version of that. If folks 
  are ok I'll take lead for presentations for then and the 
  lightning talk. If people want to help that would be super 
  awesome. Trying to get that done. [scribe assist by Dave Longley]
Drummond Reed: I will be there and would definitely like to help.
Christopher Allen:  If you want to help Manu with this, contact 
  him.
Moses Ma: 1+
Christopher Allen: https://w3c-ccg.github.io
Christopher Allen:  Work items - we did a process to identify 
  work items... getting consent for them... maybe we haven't been 
  as consistent in updating the work items on the Github page.
Moses Ma: Manu, I won't be at TPAC, can you or someone connect 
  with Ed Bice and handle coordinating with him?

Topic: DID Specification

Christopher Allen:  We clearly said we wanted the DID spec, 
  Digital Verification specs (LD Signatures), Verifiable Claims 
  security/privacy ecosystem, lifecycle docs.
Manu Sporny:  I'll take it all the way through Rebooting and if 
  Drummond can take it through IIW that would be awesome. [scribe 
  assist by Dave Longley]
Drummond Reed: Happy to
Manu Sporny:  Before Rebooting we proposed a number of changes to 
  the spec that we then implemented and put up on a Veres One test 
  net to make sure the concepts worked. At Rebooting there were 
  discussions and more changes to the DID spec. [scribe assist by 
  Dave Longley]
Manu Sporny:  The examples were updated and issue markers added. 
  Language was simplified and sections 1 and 2 updated. Sections 1 
  and 2 and very first part of 3 should flow now. [scribe assist by 
  Dave Longley]
Manu Sporny:  But IIW discussions happened and there are more 
  changes. [scribe assist by Dave Longley]
Drummond Reed:  There was a huge amount of interest in the DID 
  spec on the topic. I did a DID talk 3 times, so the good news is 
  that there is a lot of interest and buy into the vision.
Christopher Allen: 
  https://docs.google.com/document/d/1amDNmBqu8uXKeEqdoZ2RMaaxiUlqUKyKoyi8YgGWG6M/edit#
Drummond Reed:  At the same time, a bunch of developers came in 
  and asked for the details, had a bunch of conversations about how 
  keys and services were managed, a couple of long standing 
  questions around key selection and server selection... lots of 
  discussion, no final changes yet. Met with Christian and he 
  boiled down his concerns... hardened format.
Drummond Reed:  The picture that this is DIDs and DID Documents 
  are the foundation of a DPKI that describes that, folks are 
  agreeing with that, very universal thing.
Drummond Reed:  You should be able to take a DID and retrieve a 
  DID document, they want to simplify and harden the format.
Christopher Allen:  Do we discuss those changes in this group?
Manu Sporny:  First step is discussion. I think we need to have 
  discussion in the doc first to understand where everybody is 
  coming from. Based on that we need to figure out what changes 
  will be made to the document. [scribe assist by Dave Longley]
Christopher Allen: (Keys vs proofs I still don't agree in, obcap, 
  etc.0
Manu Sporny:  One of the problematic things here is that problems 
  were reintroduced with some of the new proposals. We need to make 
  sure people understand that. Putting all the keys in one thing, 
  putting all the services in one thing, making everything optional 
  -- these are problematic. [scribe assist by Dave Longley]
Manu Sporny:  There are a number of things I agreed with but also 
  other things where it's totally up in the air what we put in the 
  spec. [scribe assist by Dave Longley]
Drummond Reed:  We should proceeed with discussion as quickly as 
  we can, but hopefully we'll be able to work through quickly.
Christopher Allen:  Let's have a discussion about the less 
  controversial things... keys vs. proofs can come later... 
Drummond Reed: I was amazed at the level of interest/feedback at 
  IIW.
Dave Longley:  Can you make sure you put your concerns in the 
  hardening doc [scribe assist by Mike Lodder]
Manu Sporny:  That would be fine if there was agreement on 
  things, but there really isn't yet. Based on reading the 
  hardening proposal there's just agreement on DIDs and little 
  else. So the only option is putting both options in the spec 
  right now but that's confusing. [scribe assist by Dave Longley]
Christopher Allen:  There is a PR from manu, the spec we have 
  today, and a list of items for further discussion. There was no 
  way at IIW for them to go through the three days for them to go 
  through ocap. There was no way for them to talk about proofs and 
  not keys, etc. We at least need a proposal for the best of a 
  certain thing here. [scribe assist by Dave Longley]
Christopher Allen:  There would be a separate discussion about 
  things that are uncertain. [scribe assist by Dave Longley]
Manu Sporny:  It makes sense, I think some subset of the 
  community will feel alienated if we push forward with the current 
  proposal. I'm worried about that. One way we could do it is say 
  "Here's the Rebooting version" and someone else could put in the 
  "IIW version" and compare side by side. [scribe assist by Dave 
  Longley]
Manu Sporny:  We could also say "Here's the version from the end 
  of Rebooting and we have one implementation but say that a bunch 
  of issues were raised at IIW and include those. [scribe assist by 
  Dave Longley]
Manu Sporny:  Drummond what would you prefer to do? [scribe 
  assist by Dave Longley]
Mike Lodder: +1 Drummond so everyone can see why decisions were 
  made
Drummond Reed:  I think there's a benefit in showing the 
  progression. Fine to update with Rebooting Web of Trust and call 
  it the proposal after that and then have a discussion about the 
  hardening proposal and it's boiled down and there's a subsequent 
  decision and the whole thing is clear. [scribe assist by Dave 
  Longley]
Drummond Reed:  It will show the level of effort and scrutiny 
  going into this. [scribe assist by Dave Longley]
Drummond Reed:  I think that's a good thing. [scribe assist by 
  Dave Longley]
Christopher Allen:  From my perspective, we actually have people 
  beginning to implement stuff and they are leaning in the 
  direction of Rebooting and I'm hoping not to lose that momentum. 
  [scribe assist by Dave Longley]
Manu Sporny:  I just wanted to agree with Drummond's approach. 
  Post Rebooting this is the state that we're in, including all the 
  issues people had there. And then in the DID spec hardening 
  proposal we can have a discussion there and once it settles we 
  can apply those changes to the spec. [scribe assist by Dave 
  Longley]
Manu Sporny:  And we outline that very clearly in the spec. 
  [scribe assist by Dave Longley]
Manu Sporny:  So we have a cohesive document post Rebooting -- 
  and then fork that and experiment with the DID spec hardening 
  proposal. [scribe assist by Dave Longley]
Christopher Allen:  We'll create an action item... RWoT5 draft - 
  Manu will do that... Drummond, you'll continue the hardening 
  proposal... when they're ready (probably after TPAC), we'll 
  schedule an hour on this call to discuss.
Drummond Reed: Yes, I'm fine with coordinating discussion on the 
  DID spec hardening proposal.
Christopher Allen:  Moving on through high-level review - next 
  item on our website - Digital Verfication specs.
Joe Andrieu:  Is there a current PR on the work before RWoT.
Drummond Reed: I'm in favor of Joe cleaning up the language about 
  identity.
Joe Andrieu:  I want to do a PR for the DID spec...
Manu Sporny:  +1 To Joe cleaning up the stuff around identity in 
  the spec
Christopher Allen:  Joe and his team did a good job cleaning up 
  that stuff, so it's a post rebooting thing.

Topic: Digital Verification Cryptography

Christopher Allen:  Digital Verification specs - haven't made any 
  updates on that - hoping that Jan can start making progress on 
  cryptographic selective disclosure... I'm concerned that they may 
  have impact on others... no activity so far.
Christopher Allen: https://w3c-dvcg.github.io/
Jan Camenisch:  We did have specs for ABC4Trust project... we did 
  specs of IDEMix early on... ABC4Trust reached Microsoft what we 
  have in IDEMixer - working w/ Evernym to bring it to formats that 
  are consumable by this group here. Once we have that format done, 
  we can try to move it through this group.
Drummond Reed: +1 To having Jan bringing this work it.
Drummond Reed: In
Mike Lodder: +1 Jan
Manu Sporny:  +1 To Jan :)
Christopher Allen:  This is another thing that's limiting us in 
  our proposals...
Christopher Allen:  So +1 to bringing that into the group.
Christopher Allen: https://w3c-dvcg.github.io/
Jan Camenisch: Timeline for a first presentable draft would be 
  end of november

Topic: JSON-LD and LD Signature Updates

Manu Sporny:  There have been some behind the scenes updates for 
  the reference implementations for Linked Data Signatures, Dave 
  Longley put in support for contextualized nested graphs, so we 
  can do digital signatures around nested graphs more easily now. 
  [scribe assist by Dave Longley]
Manu Sporny:  So a credential encapsulates the claim as a nested 
  graph now. [scribe assist by Dave Longley]
Manu Sporny:  The good news is that that works now -- same thing 
  with VerifiableProfile and its credentials (these are nested 
  graphs). [scribe assist by Dave Longley]
Manu Sporny:  Another change made was that the JSON-LD signature 
  libraries did not throw an error when terms were unmapped (in the 
  @context) and now there's an option in the processor (and on by 
  default in the upcoming json-ld signatures lib) that will allow a 
  signature to be thrown (or any custom behavior) when unmapped 
  terms are detected. [scribe assist by Dave Longley]
Manu Sporny:  So two very important advances. [scribe assist by 
  Dave Longley]
Christopher Allen:  We do have a mailing list for DVCG topics - 
  since this isn't of concern to a number of people, I'd like to 
  drag in more cryptographers... maybe we can revive that 
  discussion list with these two things.

Topic: Credential Handler API

Christopher Allen:  Verifiable Claims Credential Handler API - 
  presented and demoed at RWoT5 - can we get a high level from Dave 
  Longley on this?
Christopher Allen:  When is the next deliverable on this... what 
  do you need?
Dave Longley: 
  https://docs.google.com/presentation/d/1qk9-6dpsZttrFr4qV-aID2L2OFTcKHL1epkzRgB8pZc/edit#slide=id.p3
Dave Longley: 
  https://github.com/w3c-ccg/credential-handler-api/issues
Dave Longley:  The main thing we're waiting on is feedback from 
  David Chadwick - he sent a slide deck showing how his demo worked 
  using what I believe is a native app version of this... he's 
  travelling this week, don't know if he can join today. 
  Differences between both approaches, pros and cons, number of 
  issues in issue tracker.
Dave Longley: 
  https://github.com/w3c-ccg/credential-handler-api/issues/1
Dave Longley:  I'm looking for feedback here - need to throw a 
  spec together for credential handler API... in terms of polyfill 
  - showing it at TPAC... in particular there is an issue that we'd 
  want more feedback on... signing the verifiable profile to do 
  proof of possession there... 
Dave Longley:  We just need more feedback at this point and to 
  put the spec together.
Christopher Allen:  We'll get that into our weekly queue.
Christopher Allen:  Since DavidC isn't here today, we can't make 
  progress on Credential Handler API and Lifecycle document.
Christopher Allen: https://w3c-ccg.github.io/

Topic: Lifecycle Model

Joe Andrieu:  The lifecycle model is going well, RWoT came up 
  with draft of our model last week - setup for weekly meetings, 
  going to try to push through - get a version on the human 
  experience that we should bless/publish as a completed task - 
  where are the verifiable claims in here - that's the lifecycle 
  that we want to include in that model... don't know what the 
  schedule looks like.
Christopher Allen:  The remaining things were not officially 
  approved - Joram, Verifiable News, ... are these candidates - 
  what else are we missing? What else do people want to have as 
  work items for this group?
Christopher Allen:  We don't want to meet more than once a week, 
  we don't want to overload the group, there are things that can 
  move independently.
Joe Andrieu: +1 Manu
Mike Lodder: +1 Manu
Drummond Reed: +1 To publishing the primers
Drummond Reed: +1 To less work items. Let's get the DID spec done 
  done.
Christopher Allen:  We may want to put these primers forward... 
  maybe first two primers.
Dave Longley: +1 To focusing on getting existing work items done

Topic: Verifiable News

Christopher Allen:  Moses, where are we with Verifiable News - 
  who else is participating?
Moses Ma:  I have Adam Sobieski and Ed Bice working on first 
  draft of whitepaper... after we get whitepaper, we'll develop a 
  set of slides that we can socialize... Ed has been working on a 
  proposal that he is submitting, working on whitepaper today, did 
  write a first pass...
Moses Ma:  It's more important to get money here to pay for 
  breakout session at TPAC.
Drummond Reed: Wow, cool, Moses!
Moses Ma:  I set him up with a few folks - he's shopping the idea 
  around now.
Drummond Reed: Even standards communities can use the help of 
  some billionaires ;-)
Christopher Allen:  We have to produce stuff in this community - 
  specs and collaboration around specs.
Christopher Allen:  We need to connect the dots - are we using 
  DIDs, Verifiable Claims, how does this fit into the credentials 
  ecosystem?
Christopher Allen:  If we're not reusing this stuff - maybe it 
  needs to be another community.
Moses Ma:  W3C staff want to push something through in the next 
  six months... but everyone agrees it's only a triage... they 
  don't want to play whack-a-mole... we need to fix this, 
  Verifiable Claims is the right way to do this.
Christopher Allen:  I've had some push back on whether or not 
  they belong in this CG... I'm leaning toward them being work 
  items, but they do need to be a Community consensus thing.

Topic: Other Work Items

Christopher Allen:  Who else wants to comment about Web of Trust 
  family - how to enable anonymous identities, how to enable web of 
  trust...
Joe Andrieu:  Given that I have 3 work products in that pipeline, 
  I do think there is a lot more work done - they're collaborative 
  and engaging in a community. It'll take a while to get them 
  through this consensus process so that they're proper 
  contributions. Amira, we focused on the human experience, there 
  is an iteration that needs to happen.
Manu Sporny:  The type of stuff that Joe's been doing, all these 
  lifecycle use case stuff, is stuff that W3C typically never does. 
  And I think that is to their detriment. There is no full blown 
  thought out human use cases. [scribe assist by Dave Longley]
Manu Sporny:  The use cases tend to be Joe wants to login into a 
  website and wants to use his Yubikey. [scribe assist by Dave 
  Longley]
Drummond Reed: +1 To publishing Joe's document as a community 
  document.
Manu Sporny:  I don't think your document goes through the W3C 
  standardization process but instead it is proof that we've done 
  the work establishing the purpose and design for the other 
  things. [scribe assist by Dave Longley]
Manu Sporny:  We can publish these things as community docs or 
  NOTEs. [scribe assist by Dave Longley]
Dan Burnett: Frustrating as it is, there is good reason W3C has 
  gone this way.  They strongly avoid defining anything that could 
  be considered user interface guidelines or instructions because 
  browsers have always distinguished themselves by UI.
Manu Sporny:  I think you're in new territory but I think it 
  would be really interesting to push that at W3C, it can be an 
  official W3C doc (as a NOTE) but I think it paints a beautiful 
  story around the human experience. [scribe assist by Dave 
  Longley]
Manu Sporny:  Pulling all those things in and having the 
  community work on them would be difficult and could be a 
  distraction at this point, but there are different communities 
  working on these things, where both types of docs are really 
  important. [scribe assist by Dave Longley]
Manu Sporny:  I think we can somehow get that work in here, 
  several different paths to take, lots of work to do, but worth 
  doing. [scribe assist by Dave Longley]
Christopher Allen:  I'd like to flip that around - I'd like to 
  see that these are community documents... perhaps we can get 
  other communities to do high quality community docs... Is there 
  anyone here that objects to working on this or adopting these 
  work items?
Drummond Reed:  I don't object, the opposite - it's a vital part 
  of our efforts.
Christopher Allen:  I'd like to draw more people into this 
  community - cryptocurrency folks - former PGP folks, etc.
Christopher Allen:  If we don't address some of the Web of Trust 
  stuff, if we only focus on major issuers, we're going to lose 
  them.
Manu Sporny:  +1 To bringing those people in... because 
  fundamentally, this is about decentralization.
Christopher Allen:  Given the status of items today - need a 
  better web page, describes what is what - what is pending - any 
  other thoughts on this topic or what do we talk about next week - 
  week before tpac... we cancel meeting during TPAC.
Drummond Reed: +1 To canceling meeting during TPAC
Drummond Reed: +1 To going over the presentation next week. I may 
  or may not be able to attend as I'm at the MIT Legal Forum on AI 
  & Blockchain workshop that day.
Christopher Allen:  Ok, then let's focus on presentations for 
  next Tueday.
Ryan Grant:  Do we need an updated DID spec?
Manu Sporny:  We don't need an updated DID spec...
Manu Sporny:  This is more about messaging what we're doing.

Topic: Path for DID Spec Standardization

Joe Andrieu:  Where are we wrt. DID spec standardization?
Christopher Allen:  This parallels what the Web Payments CG did - 
  get some broad support from various parties, propose WG process 
  get buy in.
Christopher Allen:  We're doing front-running on DID spec now... 
  circulating ideas at W3C, will eventually migrate to WG item.
Manu Sporny:  I think that's exactly it. Joe to be very specific, 
  at TPAC this year we're going to introduce the idea of DIDs going 
  standards track at W3C and they are critical part of bringing Web 
  Payments and VC together. It's something W3C really needs to do 
  -- showing a vision for that. [scribe assist by Dave Longley]
Manu Sporny:  We want to be able to slot the DID spec in there 
  because we spent this TPAC telling them how important this is. 
  [scribe assist by Dave Longley]
Manu Sporny:  The DID spec is currently slotted to go into W3C 
  for standardization and we need to do front running at TPAC so 
  that when a new WG rechartering happens maybe Spring next year, 
  the DID spec can be brought in. [scribe assist by Dave Longley]
Joe Andrieu:  Do we coordinate with the DIF people? They have DID 
  spec listed as an item. [scribe assist by Dave Longley]
Christopher Allen:  We've been told, verbally, that they don't do 
  specs, just implementations. [scribe assist by Dave Longley]
Christopher Allen:  My hope is that they'll work on getting their 
  implementation details into our specs. [scribe assist by Dave 
  Longley]
Dan Burnett:  Reminder that this group has 90 minutes at W3C TPAC 
  for discussion of anything that is CCG related. We'll broaden the 
  scope to talk about anything CCG wants to talk about.
Christopher Allen:  I'd like to walk through the list of items 
  that we're doing here with that group... 
Christopher Allen:  We'll have a meeting next week - review of 
  TPAC presentation - or at least a draft of them... if there are 
  other things that need to be done before TPAC, let me know. Hope 
  to see many of you at TPAC.

Received on Tuesday, 24 October 2017 19:56:52 UTC