- From: <kim@learningmachine.com>
- Date: Sun, 09 Dec 2018 13:26:46 -0800
- To: Credentials CG <public-credentials@w3.org>
Thanks to Manu Sporny for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2018-11-27/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-11-27
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0179.html
Topics:
1. Agenda Review
2. Introductions / Reintroductions?
3. Reminders and Events
4. Progress on Current Action Items
5. Work Items
6. Review summary of previous DID stories, questions,
painpoints meetings
7. DID Summary High Points
8. DID Explainer Template
Organizer:
Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
Scribe:
Manu Sporny
Present:
Christopher Allen, Moses Ma, Dmitri Zagidulin, Joe Andrieu,
Bohdan Andriyiv, Mike Lodder, Ganesh Annan, Manu Sporny, Jeff
Orgel, Heather Vescent, Lucas Parker, Dan Burnett, Samantha
Mathews Chase, Ryan Grant, Lionel Wolberger, Kim Hamilton Duffy,
Ken Ebert, Jonathan Holt, Ted Thibodeau, Jarlath O'Carroll,
Adrian Gropper, Drummond Reed
Audio:
https://w3c-ccg.github.io/meetings/2018-11-27/audio.ogg
Manu Sporny: I can scribe [scribe assist by Dmitri Zagidulin]
Dmitri Zagidulin: Ah, k, n/m
Manu Sporny is scribing.
Voip?
Kimhd goes over standard introduction, queueing, present+'ing,
etc.
Topic: Agenda Review
https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0179.html
Kim Hamilton Duffy: Pretty standard intro/reintro
Kim Hamilton Duffy: Possibly review of previous DID pain points,
stories - and then working session on DID Explainer for W3C TAG.
Kim Hamilton Duffy: They gave us a template that we should
consider
Joe Andrieu: There is a line item that says connections check,
since we've decided that that's more complicated than it's worth,
we don't need to go over it, but didn't update it in our
template.
Kim Hamilton Duffy: Oh, right. We need to update the template.
Topic: Introductions / Reintroductions?
Kim Hamilton Duffy: Anyone that's new that would like to
introduce themselves?
Kim Hamilton Duffy: Hi, I'm Kim, one of the 3 chairs of the
group - CTO at Learning Machine - we work on verifiable
credentials in the educational/occupational space, stems on work
from Open Badges.
Kim Hamilton Duffy: The idea is recipient-centric credentials -
I am also on the steering committees for RWoT and DIF, so looking
forward for further alignment with CCG and DIF.
Kim Hamilton Duffy: I'm excited to be a part of this community.
Topic: Reminders and Events
Kim Hamilton Duffy:
https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Kim Hamilton Duffy: W3C Strong Authentication and Identity
Workshop
Kim Hamilton Duffy: W3c Identity:
https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Manu Sporny: We're at capacity, but please still join if
possible and you really want to go -- only way to go now is if
someone else doens't come/accept.
Kim Hamilton Duffy: RWoT 8 - is coming up
Kim Hamilton Duffy: RWOT: http://weboftrust.info
Kim Hamilton Duffy: Also IIW - April
Kim Hamilton Duffy: IIW:
https://www.internetidentityworkshop.com/
Moses Ma: Two things to add - invited Jill to join and speak at
Strong Auth and Identity Workshop... ask her to sponsor RWoT.
Moses Ma: Asked Dr. Po Chi Wu to help w/ modeling revenue
possibilities for DID Developers... was hoping that someone with
a start up would host him and do a call w/ him.
Moses Ma: I can do it, but would like someone else, preferably a
startup, to take point on it.
Jarlath O'Carroll: II'm can host
Samantha Mathews Chase: Hey, I'd be happy to host a webinar
Topic: Progress on Current Action Items
Moses Ma: I'll send out details.
Samantha Mathews Chase: @Jarlath let's chat after the call
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Jarlath O'Carroll: @Samchase sounds good
Kim Hamilton Duffy: No updates really on action items / work
items...
Topic: Work Items
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/blob/master/work_items.md
Manu Sporny: Rhiaro to help spec editing [scribe assist by Kim
Hamilton Duffy]
Kim Hamilton Duffy: Welcome rhiaro -- very excited about getting
help w/ specs.
Joe Andrieu: Do we have other pending work items?
Manu Sporny: Not yet, will add them when we have specs.
Joe Andrieu: We need help w/ Work Breakdown Structure - need WBS
for 2019 as well.
Joe Andrieu: Year end paperwork and planning before the
holidays.
Christopher Allen: I'd like to add a bit of clarity, we have a
lot of work items, they need to move to be CCG reports, haven't
been making progress on them, some of them we may move to another
column if people aren't going to move them forward.
Christopher Allen: If one of those is important to you, start
thinking about when you can do so... for example, Credential
Handler API -- I'd like to know when that's going to be ready adn
when we want to turn it into a report.
Kim Hamilton Duffy: It would be nice to get clarity on those
before end of year.
Kim Hamilton Duffy: If you have something that's a work item,
send it to the mailing list so we know what we might cut...
Moses Ma: If you'd like to sign up to participate in the call
with Po Chi Wu to survey and analyse monetization models for DID
developers, please let us know here:
https://goo.gl/forms/2tKbmbi5cDQMUBaC2 - this will be moderated
by Samantha Chase.
Bohdan Andriyiv: @Moses @samchase @jarlath I have a business
model based on SSI to present on the zoom call.
Topic: Review summary of previous DID stories, questions, painpoints meetings
Manu Sporny: We want to be careful w/ Credential Handler API
Manu Sporny: So, we may want to put that on hiatus for now.
Christopher Allen:
https://docs.google.com/document/d/11sEvUhivMBt7DXBviqyEydvsnpOJY31O7KKw73eFdmc/edit#
Topic: DID Summary High Points
https://docs.google.com/document/d/11sEvUhivMBt7DXBviqyEydvsnpOJY31O7KKw73eFdmc/edit#
Christopher Allen: Feel free to suggest additional things - Joe
and I tried to capture what we could during our previous
meetings... talked a bit about stories, explaining DIDs, things
that happened... for example, push back on SSI, corps don't care,
and potential answers.
Christopher Allen: We also tried to capture common questions -
why do we need a new universal namespace, who manages keys, what
do you talk about when you talk about DIDs?
Christopher Allen: Last week, we tried to focus on what is it
about DIDs that solve these pain points... these are incomplete
lists - we don't need answers, but we would like to be sure that
we have ansewrs for a lot of these and can leverage them.
Christopher Allen: We have a primer in spec text, didn't explain
why -- DID Primer was explaining it to ourselves, we need to
explain underlying value proposition.
Christopher Allen: We can spend a couple of minutes if people
want to add stuff, then we can move on to drafting a new
document.
Bohdan Andriyiv: @Moses @samchase - i'll publish business model
description/deck before the call to CCG list
Heather Vescent: Where is the second document @ChristopherA
mentioned? Is that the DID Primer?
Kim Hamilton Duffy: The explainer, it sounds like some of the
things might solicit external information... is it possible that
the DID Explainer work can feed into DID Primer.
Jonathan Holt: Doc is read-only
Adrian Gropper: I wrote up 3 pages or so writing up use case on
DIDs, don't know if it's at the right level to serve the proper
purposes... just sent it to a couple of the Chairs, unclear from
description what contributions you expect other than list of
questions we should be concerned about.
Joe Andrieu: Yes, Adrian, thanks that was a great write up,
please share with rest of list... explainer framework from W3C
TAG is a particular framework that they would like to see
outlined... it's a bit more specific and constrained, I think
Adrian's work is great fodder, share it more widely.
Joe Andrieu: They want a more limited template... we need to
concisely answer their bullet points... then they can engage more
easily.
Christopher Allen: I also added to the bottom, if you have an
explainer that you don't know about, please add it to the bottom
of the list.
https://www.scuttlebutt.nz/
Adrian Gropper: Health records explainer:
https://docs.google.com/document/d/1AbhR3xFLXYB7h83iGqmhgF9N6Q5BM2thziwbrS2miqs/edit
Manu Sporny: I think we can learn from the Secure Scuttlebutt
community, look at their page, lift some ideas there.
Dmitri Zagidulin: Wanted to mention that Secure Scuttlebutt is
an example of a community that failed on the key recovery
problem... great example of what happens when you don't account
for key recovery.
Moses Ma: One of the ideas our group had is that someone should
build an Adobe XD mock up for DID product - would be something
useful here... if someone else wants to do that/work on it,
please let me know.
Christopher Allen:
https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit
Topic: DID Explainer Template
https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit
Manu Sporny: Let's talk through this document, get people that
want to write it.
Christopher Allen: I can begin a little bit... some of the
things that we could talk about are non-goals explicitly...
Christopher Allen: What scenarios do we want to focus on - what
two user scenarios, tricky design choices...
Christopher Allen: One of these choices was not doing real
names, for example, not a replacement for DNS - that was a tricky
design decision... what else?
Christopher Allen: Capture some of these things, that's what the
TAG wants, what are the alternatives - what does Solid or
BlockStack provide that is orthogonal?
Christopher Allen: This is open for editing.
Joe Andrieu: If there is a bullet point that expands and fits in
the section, please add it, don't just suggest it.
Joe Andrieu: If you are changing something, but really mean it
as a suggestion, then use suggest.
Joe Andrieu: In general, please dive in and write things up -
the process we're trying to catalyze, let's get something prior
to the Workshop in Seattle.
Joe Andrieu: Trying to turn bulletpoints into prose, get full
document, so kinda quick chaotic/chaordic stuff into a place
where we can get it to the W3C TAG.
Joe Andrieu: If you can provide stuff, please do
Christopher Allen: We literally want people to type in the
things they care about the most - do that now
Jonathan Holt: Define?
Manu Sporny: We are not trying to replace DNS, we're not trying
to replace Content-addressed networks.
Joe Andrieu: We are not trying to provide identity assurance.
Kim Hamilton Duffy: I have a separate question on use cases --
key scenarios -- saw Christopher typing in something about
education credentials
Kim Hamilton Duffy: In general, for key scenarios, can we use
outputs of previous meetings, explaining DIDs, are those worth
explaining?
Christopher Allen: I don't want to speak for everyone in VCWG,
but VCWG has discovered that the common "over 21" use case is
problematic on a number of fronts... the DMV was not intended to
be on age verification.
Christopher Allen: There is a lot of discussion about that, it
has also come up as a bad selective disclosure example... a nice
simple "I institution that subject graduated with a degree" is a
better type of default claim to be made.
Christopher Allen: That enables us to talk about institutions
changing, etc.
Drummond Reed: Why are we being the guinea pig?
Dmitri Zagidulin: (I would argue that although academic
credentials is an excellent example of a verifiable claim in
general, it is still a poor example of selective disclosure.
Because it's a high-value/high-threat credential, it will still
need to be tied intimately to identity verification, much like
the proof of age.)
Kim Hamilton Duffy: I had wanted to change the motivation slides
when we show DIDs, every time we try to do it, it breaks down -
ID string in driver's license doesn't really work as a DID.
Kim Hamilton Duffy: There is a long term applicability idea
Kim Hamilton Duffy: Institutions can go out of business, some
push back on that, but key rotation on recipient side is a
concern - key management is a concern.
Dan Burnett: Better to talk about getting a specific degree than
just graduating from an institution - also works for honorary
degrees
Kim Hamilton Duffy: I think I would like to help convert that
scenario, would be a lot more informative and get less push back
from Driver's license example.
Christopher Allen: Another thing that needs work is considered
alternatives... what are we competing against?
Joe Andrieu: In the area of scenarios, interstitial
jurisdictionality - when two parties need some sort of reliable
transaction and they don't have a common deferable authority
(different countries) and they are not goverend by UN Body - do I
need approval from a government to do business?
Joe Andrieu: This is how the Internet breaks a lot of things...
cross border transactions - getting your degree recognized in a
foreign country can be an issue.
Kim Hamilton Duffy: That's interesting because Learning Machine
customers talk about value in preventing fraud - educational
fraud is big, so that's a good angle as well.
Christopher Allen: I'm finding that crossing borders, changing
jurisdictions over time, is a useful topic by itself... it might
help at the end of it, scenario 1, there are similar problems in
educational space.
Mike Lodder: Medical is a good example
Christopher Allen: The VCs are bearer instruments and DIDs
enable bearer instruments to function, so that's something that
is unique and we really want to underline that.
Samantha Mathews Chase: I was about to say where all the bodies
are buried lol
Lionel Wolberger: I think the Mars Insight rover has dialed in
Kim Hamilton Duffy: We do have some good use cases in medical...
what about that - is medical as key scenario a good thing?
Samantha Mathews Chase: To dig a bit on what Manu said - show
less dire things that we can fix (even though they are powerful),
having those sorts of mundane things (like customer preferences),
carry truths about yoruself, or offload that sort of customer
acquisition into hands of user easily - those kinds of things
seems like the right path?
Manu Sporny: Yes
Samantha Mathews Chase: So, marketing tech is suffering, if we
can empower people to have control of that while helping
marketing folks, that would be a big upside.
Christopher Allen: I wanted to add to what Sam said - number of
nations that are talking about travel documents - work permits -
that allow for different type of travel - as an acceptable use
case for businesses and governments...
Christopher Allen: It's cross jurisdictional, leading people
into SSI w/o full DID stack - don't know if that's a separate use
case, or subset of jurisdiction, safer one as opposed to others.
Samantha Mathews Chase: I think the military specialties codes is
something to think about
Joe Andrieu: Maybe applying for job internationally incorporates
those other things... and it gets cross border
Samantha Mathews Chase: Google has made a search for them, that
could tie onto special skills recognized across border or just in
line with credentials that should be verified and recognized
Joe Andrieu: We may want to go further than "I have a degree"
Kim Hamilton Duffy: Yes, we need a scenario that's more
immediately forcing it.
Lionel Wolberger: +1 On limitations to federation
Adrian Gropper: If I was trying to explain this to a technical
group, I'd start by asking about the limitations of federation
with whatever use case they're familiar with... start with that,
rather than cast it in immigration or medicine... the fact that
we all understand what the limitations of federation wrt.
identity are, and that this is a solution.
Jonathan Holt: Yes, there was an interesting case in England in
NHS, that was not licensed from a foreign government, I'm on the
American Board of Physicians, it's about making claims on digital
assets, how do we represent that.
Jonathan Holt: Travelling across borders, typically hello world
in that, is immunization records - that is low hanging fruit for
the use case.
Drummond Reed: +1 To health care records and lifetime portability
Joe Andrieu: +1 For Manu or Sam to write up a scenario about user
preferences
Moses Ma: I did consulting gigs for the governments of Georgia
(the country) and Poland, their major universities expressed a
wish that American employers would at least know that they are
large or dominant universities. So they could be an interesting
use case for an educational credential.
Samantha Mathews Chase: Military occupation speciality - 250K
veterans per year, skills not recognized in their own country...
Heather Vescent: +1 Sam, this is a big area, and there are people
working in this space.
Christopher Allen: If you like one of the sections, put your
name on it, fill it out.
Ryan Grant: Note that this sounds like it's replacing editing of
the document - maybe we need to rename it for action item for
next week.
Samantha Mathews Chase: This doc link is where sorry?
Joe Andrieu:
https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit?usp=sharing
Moses Ma: Quite
Moses Ma: Quit
Received on Sunday, 9 December 2018 21:27:12 UTC