- From: <msporny@digitalbazaar.com>
- Date: Tue, 13 Feb 2018 15:19:38 -0500
- To: Credentials CG <public-credentials@w3.org>
Thanks to Mike Lodder for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2018-02-13/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2018-02-13 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0023.html Topics: 1. Announcements 2. DID Authentication 3. Object Capabilities Resolutions: 1. Create an Education and Occupational Credentials Task Force as described in https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html 2. Adopt the Linked Data Object Capabilities specification as a work item. Organizer: Christopher Allen and Kim Hamilton Duffy and Joe Andrieu Scribe: Mike Lodder Present: Mike Lodder, Joe Andrieu, Manu Sporny, Kim Hamilton Duffy, Christopher Allen, Moses Ma, Drummond Reed, Dave Longley, Ryan Grant, Nate Otto, Adrian Gropper, Ted Thibodeau, Jarlath O'Carroll, Chris Webber, Greg Linklater, Markus Sabadello, Benjamin Young, Andrew Hughes, Sam Smith, David Chadwick, David I. Lehn, Lionel Wolberger, Mark Miller Audio: https://w3c-ccg.github.io/meetings/2018-02-13/audio.ogg Mike Lodder is scribing. Joe Andrieu: Give Marcus 5 minutes to talk about DID-AUTH Joe Andrieu: Bulk of the call will focus on Object Capabilities Manu Sporny: Need time to discuss DID-Spec Kim Hamilton Duffy: Please cover verifiable credentials Christopher Allen: Need to cover verifiable credentials/claims especially before the next RWoT Topic: Announcements Moses Ma: Also, has everyone seen this? https://www.forbes.com/sites/ktorpey/2018/02/12/microsoft-to-embrace-decentralized-identity-systems-built-on-bitcoin-and-other-blockchains/#3ec187195ada Joe Andrieu: Disc golf tournament with RWoT Joe Andrieu: Going to update the functional identity primer Joe Andrieu: Want a 5 minute presentation on the primers Joe Andrieu: Announcement - reconciliation draft for DID-Spec before RWoT Christopher Allen: Some of us are trying to align ourselves on manu's code changes, will that week long stand up work for everyone else Joe Andrieu: IIW is coming up, will send out discount code Joe Andrieu: Verifiable claims meet up that same week Kim Hamilton Duffy: Updates have been made to various work items Kim Hamilton Duffy: @Mike-lodder -- I'll do that Manu Sporny: DID Spec we are in post hardening phase Manu Sporny: Digital Bazaar is actively coding against the latest version Manu Sporny: I have processed many of the last issues either as things to do and will not do Manu Sporny: Only closing issues that were consensus exists Kim Hamilton Duffy: Update on action items [scribe assist by Kim Hamilton Duffy] Manu Sporny: And why its being closed Kim Hamilton Duffy: Kim finished these action items - Chairs to add potential works items section to main W3C-CCG page (educational, object capabilities, etc.) (Kim) - Add updated Credentials Community Group 2018 WBS graphic onto landing page (Kim) - Add link to WBS on home page (Kim) - Chairs to create VC examples repo Manu Sporny: For two more weeks will try to close as many of those as possible so implementers can be sure of their implementations Kim Hamilton Duffy: Kim finished these action items: Chairs to add potential works items section to main W3C-CCG page (educational, object capabilities, etc.) (Kim); Add updated Credentials Community Group 2018 WBS graphic onto landing page (Kim); Add link to WBS on home page (Kim); Chairs to create VC examples repo Christopher Allen: Manu - when can we tag features as finalized and have confidence in them Manu Sporny: Still in pre 1.0 phase of the DID Spec Manu Sporny: Using semantic versioning on the DID Spec Kim Hamilton Duffy: Kimhd is also closing these action items: Chairs to assign Joe as owner of CCG process, Chairs to assign Manu as Registry Process owner [scribe assist by Kim Hamilton Duffy] Manu Sporny: We have not been categorizing issues in the prerelease phase Christopher Allen: When do categorize versions as finished like 0.9 or 0.10 Manu Sporny: Usually done by signaling the community that a version is done or for a specific version is still being worked on Kim Hamilton Duffy: Kimhd closing action item: W3C-CCG to complete reconciliation of #RebootingWebOfTrust & Hardening changes (All, due end of January _https://github.com/w3c-ccg/did-spec/pull/41_) *COMPLETE* [scribe assist by Kim Hamilton Duffy] Kim Hamilton Duffy: Kimhd closing action item Sending out additional details about RWoT in Santa Barbara (Joe)*COMPLETE* [scribe assist by Kim Hamilton Duffy] Manu Sporny: No real hard and fast rule to communicate this Manu Sporny: These are living specs, stable are versions that have been approved by W3C Joe Andrieu: Would like this more formalized, where are we and how do we do living standards Joe Andrieu: We can take the discussion offline Drummond Reed: Will have one more DID Spec closure call this Thursday Drummond Reed: Just covering issues management until all can be resolved online Drummond Reed: We should have many implementations of DID Method Specs at RWoT Joe Andrieu: http://rwot6.eventbrite.com Drummond Reed: I would like to see coming out of RWoT multiple V1 specs Kim Hamilton Duffy: Looking for feedback on Edu/Occ VC - as described in https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html PROPOSAL: Create an Education and Occupational Credentials Task Force Manu Sporny: +1 To Occedu VC Task Force Dave Longley: +1 Kim Hamilton Duffy: Ready to finish that Ryan Grant: +1 Kim Hamilton Duffy: Will link final proposal Nate Otto: +1 To occupational/educational task force (will participate) Kim Hamilton Duffy: Still need to shape the remaining work items with the task force Manu Sporny: +1 Kim Hamilton Duffy: Some short term and others long term, to meet once a week similar to DID Spec hardening Dave Longley: +1 Nate Otto: There are specific work items for this task force, but likely to do more discovery around work items that are not yet fully defined. We'll start with an Open Badges/Verifiable Credentials unification proof of concept. (Asserting an Open Badge in a VC envelope) Joe Andrieu: Call for consensus for the task force Adrian Gropper: +1 Ted Thibodeau: +1 Drummond Reed: +1 Mike Lodder: +1 Jarlath O'Carroll: +1 Chris Webber: +1 Kim Hamilton Duffy: +1 Joe Andrieu: +1 Greg Linklater: +1 Christopher Allen: +1 RESOLUTION: Create an Education and Occupational Credentials Task Force as described in https://lists.w3.org/Archives/Public/public-credentials/2018Feb/0013.html Joe Andrieu: Formally approved to create the task force Christopher Allen: @Joe May be a good example of exploration work item Markus Sabadello: Selected by British Colombia government to implement a working version for DID-AUTH Topic: DID Authentication Markus Sabadello: BC Gov has many scenarios where DID-AUTH is applicable Markus Sabadello: DID-AUTH is basically proving control over a DID-Doc Markus Sabadello: DID-AUTH is proof of control and endpoints over TLS Markus Sabadello: Applies to browsers, QR codes Dave Longley: Credential handler provides a DID-AUTH mechanism via the browser Markus Sabadello: Service-to-service endpoints, and as log in mechanisms Markus Sabadello: Idea is to implement everything in an open way and DID Method agnostic Markus Sabadello: Looking for any feedback on this Markus Sabadello: https://bcdevexchange.org/opportunities/opp-initial-reference-implementation-of-decentralized-authentication--did-auth--and-authorization-mechanisms Joe Andrieu: Is there a DID-AUTH spec work item Markus Sabadello: Not yet but I am working some documentation that could become the basis for a spec Manu Sporny: https://w3c-ccg.github.io/credential-handler-api/ Manu Sporny: We have done some work in this area also in the credential-handler which is DID-AUTH in the browser and verifiable credentials Manu Sporny: The core messages themselves can be reused in the BCGov implementation Dave Longley: And the original design was to create messages that could flow over different mediums, not just the browser. Manu Sporny: The messages are medium independent Manu Sporny: Demo to credential handler: https://youtu.be/qdbDu1oV0PI Dave Longley: A "Verifiable Credential" can simply be a "PublicKeyCredential" which is just an assertion that you have a certain public key ... which can be checked by going to a DID ledger. Manu Sporny: And technically, this is already a work item for the group -- https://w3c-ccg.github.io/credential-handler-api/ Joe Andrieu: We will be creating a work item for DID-Auth Dave Longley: And the credential handler API supports any Verifiable Credential -- so it covers that simple "DID AUTH" case as well as others. Topic: Object Capabilities Joe Andrieu: Cwebber and mark miller have been working Object Capabilities and use cases Chris Webber: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md Chris Webber: Object Capabilities are a way to security through a flow rather than a typical access control list (all) Chris Webber: Acl Chris Webber: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/lds-ocap.md Chris Webber: Object capabilities using a linked data system Dave Longley: Ocap: "just use a key to get in" vs. acls: "a list that says who can do things" Chris Webber: https://w3c-ccg.github.io/ld-ocap/ Chris Webber: The newer specification has some minor changes made since the previous RWoT Manu Sporny: Looking here: https://w3c-ccg.github.io/ld-ocap/#ocap-by-example Dave Longley: Note: ocaps vs. acls .... using a key (ocap) is better because it only fits into a particular lock -- using a list with names on it (acl) makes it too easy to trick those people into doing things for others that weren't intended. Chris Webber: Attenuated keys are used for restricted capabilities Chris Webber: https://github.com/digitalbazaar/ldocap.js/blob/first-pass/js/ld-ocap.js Chris Webber: Ccg wants to take this spec on now that more details have been written Chris Webber: Close to first working implementation Joe Andrieu: Will do a formal consensus call to adopt ocap as a work item Manu Sporny: Ocap for decentralized permissions with DID's and verifiable credentials/claims Manu Sporny: Verse one will use ocap and no acls Dave Longley: Very simple version of a DID that uses ocap: https://gist.github.com/dlongley/1762f214f18d8cc63af8ff2853c1c5e1 Manu Sporny: We believe we've figured out a way to integrate this into linked data signatures Dave Longley: The gist shows how this fits really nicely with the approach taken with the DID spec so far. Ryan Grant: What about this should be method specific Ryan Grant: What is the recommendation for someone who wants to integrate this Manu Sporny: At RWoT there was hesitation to integrate this at the general DID Spec level Manu Sporny: This is still experimental Joe Andrieu: Lost my voip Joe Andrieu: I'm surprised IRC is still responsive. Joe Andrieu: Chris or Kim? Could you take over moderating? Manu Sporny: We don't feel comfortable recommending yet at the general level yet because each method will have specifics that are different Christopher Allen: Ocap architecture is not new, but has not been successful because the need has not been sufficient, acl has been adequet Manu Sporny: Yes, I didn't mean to imply that that ocap is a "new concept"... it definitely isn't and a LOT of thought/implementation has gone into it. Christopher Allen: We're finally reaching a point where the weight of the acl system is hurting us Drummond Reed: I think we need to differentiate between using the OCAP model with a particular Sovrin method and using it as a general pattern of authorization between DID subjects. Both are important. Manu Sporny: I was just saying that it's new to this group and new to "blockchains", which are new themselves... so... LOTS of NEW stuff going on, which makes some organizations very nervous about deployment. Adrian Gropper: How much of this is interacting with DIF Drummond Reed: DIF is pursuing a hub model are trying to solve the same problem that ocap solves but their thinking isn't far enough along yet Ryan Grant: If veres one is doing anything with ocap outside of DID updates and if other method specs should consider it with their own Drummond Reed: Verifiable credentials is a general pattern to do ocap Manu Sporny: Chris has a great part of the spec that he wrote that goes into how all this fits together: https://w3c-ccg.github.io/ld-ocap/#relationship-to-vc Drummond Reed: Sovrin is planning to use it PROPOSAL: Adopt the Linked Data Object Capabilities specification as a work item. Kim Hamilton Duffy: +1 Ryan Grant: +1! Chris Webber: +1 Drummond Reed: +1 Christopher Allen: +1 As a work item Dave Longley: +1 Mike Lodder: +1 Ted Thibodeau: +1 Adrian Gropper: +1 Benjamin Young: +1 Joe Andrieu: +1 RESOLUTION: Adopt the Linked Data Object Capabilities specification as a work item. Joe Andrieu: For the record, these +1s were for adopting the LD-OCAP specification as a work item of CCG Moses Ma: Question for Manu: How does LD-OCAP work with or compete against SOLID? Manu Sporny: Moses, its complementary Manu Sporny: Open questions are should ocap be the required way to do this? Ryan Grant: Thanks manu! so far, i hear a layer of abstraction. Moses Ma: See you all in Santa Barbara!
Received on Tuesday, 13 February 2018 20:25:23 UTC