- From: <msporny@digitalbazaar.com>
- Date: Tue, 31 Oct 2017 14:30:30 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Mike Lodder for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2017-10-31/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2017-10-31 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0116.html Topics: 1. Status of Action Items 2. Credential Handler API 3. W3C TPAC Planning 4. Post RWoT DID Spec Organizer: Kim Hamilton Duffy and Christopher Allen Scribe: Mike Lodder Present: Mike Lodder, Kim Hamilton Duffy, David Chadwick, Christopher Allen, Ryan Grant, Dave Longley, Joe Andrieu, Manu Sporny, Susan Bradford, David I. Lehn, Adrian Gropper Audio: https://w3c-ccg.github.io/meetings/2017-10-31/audio.ogg Mike Lodder is scribing. Topic: Status of Action Items Kim Hamilton Duffy: Will cover the DID PR David Chadwick: Lifecycle document - haven't updated the document to Markdown yet. Christopher Allen: Need more clarity on the webpage about what's been reviewed work items as opposed to what still needs to be reviewed Christopher Allen: Also not sure about WoT items having been approved / voted Ryan Grant: +1 Kim Hamilton Duffy: I will clarify work items that have been voted on vs approved Dave Longley: +1 Kim Hamilton Duffy: Deadline passed last week for DID PR Joe Andrieu: Can we get the PR url? Manu Sporny: We just want to know if the new set of changes are a step in the right direction. We still need to fix some language things from RWOT Christopher Allen: +1 Kim Hamilton Duffy: Pr: https://github.com/w3c-ccg/did-spec/pull/22 Manu Sporny: Does everyone believe that the PR overall improves the spec? Christopher Allen: No issues with PR but I haven't done a formal review Ryan Grant: Believe the PR is ok with direction Dave Longley: I recommend +1 for merging -- and outstanding problems get a new, specific github issue Mike Lodder: +1 Dlongley Ryan Grant: It doesn't have "//" that results in a location Manu Sporny: DID are URL's, maybe introduce the concept of DID needs to be redone Topic: Credential Handler API Kim Hamilton Duffy: DavidC should take the lead on discussing API spec Dave Longley: +1 Reword introduction, more focus on stable ID vs. "new" thing that isn't quite a URL (which it isn't) Dave Longley: https://docs.google.com/presentation/d/1qk9-6dpsZttrFr4qV-aID2L2OFTcKHL1epkzRgB8pZc/edit#slide=id.p3 <-- slides from David Chadwick Kim Hamilton Duffy: Credential API github issue: https://github.com/w3c-ccg/credential-handler-api/issues/1 David Chadwick: FIDO protocol was used and keys are stored not the smartphones and computers David Chadwick: Presented to others from JOSE / Web Authentication and they say its now out of date David Chadwick: To look at other specs at W3C David Chadwick: The interface is easy to use and tested with hospital patients David Chadwick: Hospital patients like it much better David Chadwick: With his interface users didn't need to enter usernames or passwords Dave Longley: https://w3c-ccg.github.io/credential-handler-api/ Dave Longley: Web authentication should be viewed as complementary vs alternative to credential handler api Dave Longley: What are the reasons why your approach is easier Dave Longley: How does this stuff work on the web? David Chadwick: Credentials are on the device David Chadwick: Its easier to use because there are less steps involved David Chadwick: Manu's was cumbersome and complex David Chadwick: The phone handles the logic and allows the user to choose consent Dave Longley: Credentials handler can potentially live on the device or can live on the web in a secure location Ryan Grant: That was/is my question: how are credentials reestablished in case the device is lost? Dave Longley: The interface is dependent on the software implementer Dave Longley: The point is to have the browser do the minimum amount of work David Chadwick: The protocols need to be standardized to allow for mixing and matching Ryan Grant: Where are the separation of concerns addressed? David Chadwick: I would like the protocol between the inspector and holder to be standardized Dave Longley: +1 For standardizing the "policy"/"query" and response David Chadwick: Whatever approach we choose should be compatible with how browsers are today Ryan Grant: I understand the focus and will consider lost devices a problem to be solved by implementaitons. Manu Sporny: Agree that the way to get browser adoption is to make the browser vendors do as little as possible. Mike Lodder: +1 Rgrant, that problem is up to the vendor To solve Dave Longley: Credential handler api is lower than the layer that DavidC was talking about Christopher Allen: Time check. TPAC review is critical path. David Chadwick: Allowing multiple wallets adds lots of complexity Dave Longley: Different wallets can provide different credentials Kim Hamilton Duffy: Do we have any action items to close out this topic Ryan Grant: Do we have consensus that it fits? Ryan Grant: I think so Manu Sporny: I don't think this is an item that gets closed out Kim Hamilton Duffy: Manu will guide us through TPAC Topic: W3C TPAC Planning Manu Sporny: Give a heads up to W3C group about what we are trying to do Manu Sporny: A Vision for a Self-Sovereign Web: https://docs.google.com/presentation/d/1woq0pZD872NvhBIu90GIZMf8MQLWCtXM1NCx8n6s0VM/edit Joe Andrieu: +1 On slide deck, btw. That's my review. =) Manu Sporny: This shows how to combine: credential handler, DIDs, and web payments Manu Sporny: And addresses some use cases Manu Sporny: Here's how we are doing it Manu Sporny: How to refine the pitch for self sovereign web Kim Hamilton Duffy: What time constraints are there for the chairs to review our proposals Ryan Grant: Go Oma! Kim Hamilton Duffy: To start a slide deck to address the action items Ryan Grant: Very visual slides, loved it Christopher Allen: I'm limited on time. I'm hoping that I don't have to spend all day Wednesday. Ryan Grant: Meh Christopher Allen: We said last week there will be no call next week. David Chadwick: +1 Topic: Post RWoT DID Spec Christopher Allen: We should first dive into post #RWOT spec first, then Post IIW DID spec. Susan Bradford: Drummond is confirmed to attend Kim Hamilton Duffy: No meeting next week but we will dive into DID spec stuff after that
Received on Tuesday, 31 October 2017 18:30:54 UTC