- From: <kim@learningmachine.com>
- Date: Fri, 21 Dec 2018 19:40:29 -0800
- To: Credentials CG <public-credentials@w3.org>
Thanks to Lionel Wolberger for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2018-12-18/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-12-18
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2018Dec/0068.html
Topics:
1. Introductions
2. Announcements and Reminders
3. 2018 Year in Review
Action Items:
1. prime a discussion on PR changes to DID
2. look at security model (as opposed to just cryptograph) or
threat model of DIDs
3. address requests for clarity on correlation and privacy
claims of DIDs
Organizer:
Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
Lionel Wolberger
Present:
Adrian Gropper, Joe Andrieu, Ryan Grant, Brent Zundel, Ted
Thibodeau, Christopher Allen, Amy Guy, Dan Burnett, Manu Sporny,
Heather Vescent, Benjamin Young, Lionel Wolberger, Ken Ebert,
Isaac Patka, Lucas Parker, Jarlath O'Carroll, Samantha Mathews
Chase, Kim Hamilton Duffy, Chris Boscolo, Dmitri Zagidulin,
Michaela Casaldi, Moses Ma, Chris Webber, Matt Stone, Kaliya
Young, Bohdan Andriyiv, Mike Schwartz, Mike Lodder, Sam Smith
Audio:
https://w3c-ccg.github.io/meetings/2018-12-18/audio.ogg
Joe Andrieu: Thanks, Chris!
Lionel Wolberger is scribing.
Christopher Allen: Please take note of the IPR policy, anyone
can join, but to contribute you must agree to the IPR policy.
[scribe assist by Manu Sporny]
Christopher Allen: Instructions for joining are here --
https://w3c-ccg.github.io/ [scribe assist by Manu Sporny]
Kim Hamilton Duffy: Scribe list:
https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing)
Lionel Wolberger is scribing.
Agenda:
Kim Hamilton Duffy: Note scribe list has been updated for
freshness
Topic: Introductions
Isaac Patka: First meeting, introducing himself
Working for Bloom
Decentralized identity solution in fintech
Interested in being compliant with the proposed standards here.
Welcome, Isaac (ditto)
Intro: Benjamin Young, working for Wiley & Sons
Always had credentialing issues. Wiley interested in VCs and the
ecosystem to solve publishing related issues.
Welcome, Benjamin!
Christopher Allen: https://w3c-ccg.github.io/announcements/
Topic: Announcements and Reminders
RWoT Feb 27-March 1, might move a bit. Looking at Barcelona.
Should have that closed by Jan 8
IIW April 30-May2, Mountain View
NO MEETING NEXT TWO WEEKS. Update your calendars. Next meeting
Jan 8
Manu Sporny: Will we review strong identity workshop
Chris Webber: Added to agenda
Chris Webber: We use github issues to manage our action items.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Christopher Allen:
https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Samantha Mathews Chase: Can i get a couple of moments help with
my use case for the DID explanation doc if there is time? stuck
on a piece of it.
Christopher Allen:
https://github.com/w3c-ccg/community/labels/action%3A%20review%20next
Dan Burnett: Eq?
Chris Webber: DID resolver specification status?
Kim Hamilton Duffy: I don't see Markus
Manu Sporny: Veres One DID method status
Good progress, a new testnet that is almost feature complete is
near production.
No ETA right now, but work is progressing, lots of testing, LB
work
Testing the DID method, looking good.
D2 should roll out in Jan, then D3 will come after that
... and that will be the DID method spec that we need.
Chris Webber: Looking forward to that!
@Manu ... are there GitHub repos for the Veres One test net code
you just mentioned?
Christopher Allen:
https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action%3A+ccg%22
Manu Sporny: @John_BCGov -- yep...
https://github.com/veres-one/veres-one -- but don't try to run it
unless you really know what you're doing -- we'll have packages
out shortly (in a month or so) -- please wait for those.
Thx
Samantha Mathews Chase:
https://docs.google.com/document/d/1JIWWs8YTWP83Hao5UXyrgpddYu9F0v8lGDUo0Usor10/edit?usp=sharing
this is the correct doc yes? for DID explainer
Manu Sporny: @Lionel_Wolberger, we need like 10 more engineers :P
Chris Webber: CCG created the VCWG so is obligated to review its
specification
Kim Hamilton Duffy: Correct Sam
Ideally, someone who was not involved deeply in the process.
... Who is willing to read the spec. Volunteer.
Isaac Patka: I can look from our perspective
Lionel Wolberger: Manu, Chris: +1
Isaac Patka: Github.com/ipatka
Dan Burnett: CCG coordination goes very well. This transition
request, we can argue we have a good and continuous relationship
... but this review will be critical, as it is done by someone
not party to the work that happened so far
... your work will really contribute.
Christopher Allen:
https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action%3A+chairs%22
Christopher Allen:
https://github.com/w3c-ccg/community/issues?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+no%3Alabel
Heather Vescent: Voicing concern about DID monetization
Manu Sporny: +1 To samchase
... the two words monetizing & ID should not be in the same
sentence
... proposing: Solutions for SSI
Heather Vescent: +1 Sam
Chris Webber: Is this for a future report or a white paper.
Kim Hamilton Duffy: Manu you should jump the q
Joe Andrieu: We did discuss it, briefly.
Joe Andrieu: The sense of it was to use the lighter weight RWOT
Manu Sporny: +1 Sam, to remove "monetizing"
... this does seem to be an RWoT paper since the scope of the
group should be the spec itself and not the ecosystem
Moses Ma: I'm totally fine to change monetization to business
model and move our brainstorming to RWOT...
... this doc feels exploratory, so it may be better in RWoT
Kim Hamilton Duffy: +1 To RWOT move
Moses Ma: And the plan is to write a paper for RWOT
Joe... wishing you a fast recovery, reading your notes.
Joe Andrieu: Thanks, Lionel
Kim Hamilton Duffy: Respec questions, what is that.
Kim Hamilton Duffy: Respec
... that is what we use
Kim Hamilton Duffy: Tutorial: https://youtu.be/0eQXU6Z-A6Q
Kim Hamilton Duffy: Doc to respec:
https://lists.w3.org/Archives/Public/spec-prod/2018JulSep/0003.html
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/29#issuecomment-445563626
Kim Hamilton Duffy: These resources will help anyone needing
help with Respec
... if you are blocked or on hold, just let the chairs know.
Chris Webber: Work items for CCG process, registries process.
WIll need repos for those.
... older items that we inherited *DID engagement spreadsheet
and model * polyfill * specifications
... we would like clarity around these items. complete/ archive
??
Agenda: unassigned items
Agenda: Results of strong auth workshop
Manu Sporny:
https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Manu Sporny: W3C Workshop on Strong Authentication & Identity
was pulled together
... from the AUTH community and the IDENTITY community
... broad community to find out what is state of the art
... W3C encourages these discussions to uncover if
specifications are needed, and which standards body should host
that work
... Presentations start the day, then discussion, then common
areas of consensus
... then work items are curated
Christopher Allen: Draft minutes of workshop
https://www.w3.org/Security/strong-authentication-and-identity-workshop/minutes.html
... generally a workshop report results from the meeting
... the minutes are available and not under IPR restrictions
Manu Sporny: The report should be out in Jan
Christopher Allen: Presentations were at
https://drive.google.com/open?id=1aegR1T_TmLJzD27Rj2tgJCQfH8eLBdi2
... it was well attended with about 70 people
Chris Webber: I attended, I would add: there was a wide variety
of presentations including DID discussion from people not
actively involved in the CCG
... it felt like there is already a DID standard, but, there
isn't
Kim Hamilton Duffy: On a good path to reconciling differences.
Joe Andrieu: I'm good, Chris
... Got an opportunity to test out the new DID strategy
starting with the Verfiable Claim (education)
... and it worked, there was less pushback on that motivating
example
... lesson learned, leave out "registries" next time
Lionel Wolberger: Microsoft was hosting, I believe? What was
their position? They have huge identity plays in progress and
they tend to be interested in innovation, but sometimes they
don't move. [scribe assist by Manu Sporny]
Kaliya Young: Let's just say that they had multiple
perspectives. :) [scribe assist by Manu Sporny]
Schizophrenic
Chris Webber: Microsoft is a big player with many legacy
systems, with other MS people wanting to innovate
Christopher Allen: Microsoft has legacy stuff and so they have
that legacy stuff, and they have some future looking stuff, so it
was as much Microsoft talking to each other as to the rest of the
community. [scribe assist by Manu Sporny]
Agenda: Explainer
Chris Webber: Anyone taking the lead on that? Anyone feel they
own it? Next steps?
Joe Andrieu: I thought I was leading the charge. Dan Burnett also
volunteered to help.
Manu Sporny: +1 To JoeAndrieu leading the charge! :)
Manu Sporny: Suggest deadline of mid-Jan to coincide with the
auth workshop report.
... It should reach the 480+ companies in the W3C, with 60+
companies saying a WG is called for
Chris Webber: Since CCG next meeting is Jan 8th, that seems a
good target
Christopher Allen: Ack?
Joe Andrieu: It's just time on task
... what actions do we need to take to make this target?
>>Cue here, the sounds of silence<<
Joe Andrieu: Sounds right!
Christopher Allen:
http://nbviewer.jupyter.org/github/WebOfTrustInfo/rwot7/blob/master/final-documents/convincing-dad.pdf
Dan Burnett: Will try to make that target.
Christopher Allen:
https://github.com/w3c-ccg/community/blob/master/Credentials%20Community%20Group%202018%20WBS.2.pdf
Topic: 2018 Year in Review
Joe Andrieu: I was thinking we could just go through those
quickly and say whether we (2) completed it (1) made some
progress or (0) didn't make progress
Moses Ma: Voice call died for me
Dan Burnett: Final reports become input to standards-track work
that can become Recommendations
Chris Webber: Review of the tasks and activities that went on in
the last year.
Manu Sporny: Looking at the PDF file
... reconciliation draft is done, that is a major achievement,
there is only one DID spec now.
... no big disagreements left (v1.1.1.1) DONE!
... DID Method Registry is done and we refer to other specs in
that registry
... some specs are asking to be added to the registry, they are
pretty solid
... Test Suite: Non-existant. no progress in 2018.
1.1.1.4 Cryptographic review: still needs more work particularly
the proofs and signatures
... in other groups there is discussion
... there was a proof of correctness in another group
Mike Schwartz: Open PRs in the spec
... will those PRs help or hurt?
Manu Sporny: Yes, we probably do need those done, tho your
concern is justified
ACTION: prime a discussion on PR changes to DID
Mike Schwartz: Affirms that he will get to it.
Manu Sporny: Let's start in Jan before RWoT
Moses Ma: Q
Chris Webber: Not so much a crypto review, we may need a
security review
Lionel Wolberger: It sounds like you're asking for threat
modeling? [scribe assist by Manu Sporny]
... e.g. you start trusting the keys from here
ACTION: look at security model (as opposed to just cryptograph)
or threat model of DIDs
Moses Ma: Can also call it failure mode analysis.
ACTION: address requests for clarity on correlation and privacy
claims of DIDs
Moses Ma: We need to game out how to a phishing organization
might game the system.
Lionel Wolberger: Might include in that correlatability and
privacy violations.
What would you phish?
Moses Ma: Thrreat model, a phishing company, could they pose as
a valid DID service?
Chris Webber: DID resolver services would not be the right model
Heather Vescent: Are you suggesting a kind of pentesting?
Ryan Grant: Done threat modelling, and is including more DID
things there
... happy to collect threat model questions
Lionel Wolberger: Manu: Echo suggestion for more threat modelling
+1
... have not red teamed these systems.
Mike Lodder: DREAD or STRIDE?
... surfacing this work (which seems to be going on inside
corporations)
... Veres One volunteers for a pen test, dread, strident
Jarlath O'Carroll: RE: earlier discussion (couldn't respond
earlier) - if you need someone to review spec/doc over the
Holidays from a somewhat lay person's perspective, then I'm happy
to do so ... if so, please let me know the details
... ecosystem red teaming, ecosystem threat models, would be
essential to being thought leaders
... We were criticized for allowing different key formats
... this came from people experienced in jot work
... based on seeing Evernym Sovrin Ethereum Bitcoin RChain
Veres One
Mike Lodder: +1 To COSE
... feels like COSE expressions of key formats would be
compact, fit into JSON LD
... CBOR Object Signing and Encryption (COSE) protocol...
Chris Webber: Have spoken with Brave, we opened the door.
... The variety on the keys might be here because we are a
multi-party system
... multiple choices enable things like "I have a Sovrin key
and you have a Veres One key"
... the same keys can be registered on both systems
Dan Burnett: This is the crux of the "Interop" question we heard
at the workshop
... that can be secure
... Interop comes up BECAUSE we chose not to stipulate one DID
for all
Samantha Mathews Chase: Interop has to be incentivized.
Moses Ma: Revenue models brainstorming-- DID Business Models
does sound better
Samantha Mathews Chase: No DID anything it's not a business
... will share a link to the great work in the brainstorming
(DM to get that from Moses)
Samantha Mathews Chase: It's a standard that opens doors for new
markets
... follow-up in January , invited ____ <<-- name?
Sam Smith: Interop
Happy holidays everyone ... see you in 2019!
... this index will work somewhat like the internet archive
... will each entity help pay for sustaining the
interoperability?
Moses Ma: Let me know if you want the recording link for the DID
monetization/business model brainstorming call.
Chris Webber: No discussion at that level
... they do each charge something
Sam Smith: I suggest this approach
... setting sustainable costing would be helpful
Chris Webber: We can add that to agendas next year
Agenda: Plus and Delta
... no time for audio
... put into IRC highlights (BIG PLUS)
Heather Vescent: Could we do a survey, where people could submit
appreciative and critical feedback anon?
... or changes you would like to see
Lionel Wolberger: +1 To survey !
Manu Sporny: Plus - we doubled the size of the community and met
tons of new great people as a result!
Joe Andrieu: @Sam it might be worth checking out the Veres One
financial model. The net net is that each method advocate has
their own business questions to answer
Heather Vescent: Plus can then send to the list.
Heather Vescent: I will volunteer to create/run the survey
Heather Vescent: I am the data/researcher master. ;-)
Samantha Mathews Chase: +1 For survey
Heather Vescent: My pleasure
Lionel Wolberger: +1 Chairs run clear meetings, with clear
agenda, goals, rules of engagement
Samantha Mathews Chase: Thanks Heather!!
Joe Andrieu: That's a wrap for 2018!!! Thanks, Everyone!
Dan Burnett: Good job, Chairs!
+100 To the thanks for the chairs
Ditto
Samantha Mathews Chase: You guys have really been a highlight in
my year!
Moses Ma: Happy holidays!
Samantha Mathews Chase: Thanks
Manu Sporny: +1 Hooray for Chairs!
Received on Saturday, 22 December 2018 03:40:58 UTC