Re: [MINUTES] W3C Credentials CG Call - 2018-06-26 12pm ET

Just a correction, I'm Sam Chase, not sam smith


*Samantha Mathews**-------------------------------------------------------*
*Co-Founder & CEO, Venn.Agency*
*The best way to predict the future is to build it.*
*Phone:* 323-740-9425  Linkedin
*-------------------------------------------------------*
*samantha@venn.agency <samantha@venn.agency>*

On Thu, Jun 28, 2018 at 9:01 PM, <kim@learningmachine.com> wrote:

> Thanks to Manu Sporny for scribing this week! The minutes
> for this week's Credentials CG telecon are now available:
>
> https://w3c-ccg.github.io/meetings/2018-06-26/
>
> Full text of the discussion follows for W3C archival purposes.
> Audio from the meeting is available as well (link provided below).
>
> ----------------------------------------------------------------
> Credentials CG Telecon Minutes for 2018-06-26
>
> Agenda:
>   https://lists.w3.org/Archives/Public/public-credentials/
> 2018Jun/0143.html
> Topics:
>   1. Introductions
>   2. Agenda Review
>   3. Announcements & Reminders
>   4. Progress on Current Action Items
>   5. Work Items
>   6. Focal Use Cases for DID WG
>   7. Muscians and Influencers
> Organizer:
>   Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
> Scribe:
>   Manu Sporny
> Present:
>   Lucas Parker, Dmitri Zagidulin, Ted Thibodeau, Chris Boscolo,
>   Heather Vescent, Kulpreet Singh, Bohdan Andriyiv, Christopher
>   Allen, Manu Sporny, Joe Andrieu, Kim Hamilton Duffy, Sam Smith,
>   Ryan Grant, Benjamin Young, David I. Lehn, Drummond Reed, Adrian
>   Gropper, David Challener, Jarlath O'Carroll, Samantha Mathews
>   Chase, Chris Webber
> Audio:
>   https://w3c-ccg.github.io/meetings/2018-06-26/audio.ogg
>
> Kim Hamilton Duffy:
>   https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1
> d_2S90Q_lQ0y8M/edit?usp=sharing
> Manu Sporny is scribing.
>
> Topic: Introductions
>
> Simon: Hi, Simon from uPort, first time on this call.
> Karuzas
> Kulpreet Singh:  Working on Clue... been lurking, doing some DID
>   integration in the CLU protocol... Go implementation of BTCR, any
>   help would be appreciated.
>
> Topic: Agenda Review
>
> Agenda is here -
>   https://lists.w3.org/Archives/Public/public-credentials/
> 2018Jun/0143.html
>
> Topic: Announcements & Reminders
>
> Kim Hamilton Duffy:  We will have the summer BTCR outreach, July
>   the 16th - have an action to send out an initial planning meeting
>   for that... where are people with their implementations?
> Kim Hamilton Duffy:  Next is MyData in Helsinki - August
>   29th-31st, no DID panel, but quite a few people from CCG giving
>   talks on various aspects of DIDs.
> Kim Hamilton Duffy:  Next RWoT VII - we think it will be week of
>   Sept. 24th in Toronto.
> Sam Smith: Have we tried Ryerson re: Toronto?
> Kim Hamilton Duffy: TPAC: https://www.w3.org/2018/10/TPAC/
> Kim Hamilton Duffy:  TPAC is October 23rd-25th, Mountain View -
>   early bird discounts open now
> Dmitri Zagidulin: Tpac is opposite of IIW, huh? :(
> Kim Hamilton Duffy:  IIW is at the same time as TPAC
> Joe Andrieu:  Dan Buchner said we do have the space... final
>   confirmation on details today. Wanted to queue up 90 day advanced
>   window to Manu?
>
> Topic: Progress on Current Action Items
>
> Manu Sporny:  Yes, we'll probably not be able to coordinate w/
>   W3C on their workshop end of September, we're out of time.
> Kim Hamilton Duffy: Recently:
>   https://github.com/w3c-ccg/community/issues?utf8=%E2%9C%
> 93&q=is%3Aissue+is%3Aclosed+updated%3A2018-06-22
> Manu Sporny:  Can you point to an explainer of why participation
>   in the vote would require travel? [scribe assist by Ryan Grant]
> Ryan Grant:  It doesn't require travel... it requires you to be a
>   W3C member
> Kim Hamilton Duffy:  Opencreds update, dlehn did that
> Kim Hamilton Duffy:  Verifiable news - asked sandro to pick it up
> Kim Hamilton Duffy:  Spec text version of registries process -
>   updates went into both specs.
> Kim Hamilton Duffy:  Mydata panel - not doing that, but having
>   other CCG members give talks.
> Christopher Allen:  Were there any documents on opencreds that
>   aren't just historical but need to be brought forward?
> https://opencreds.org/specs/
> David I. Lehn: Just to note, the thing i did was just to add a
>   blurb to redirect to the new sites.  i didn't check that all old
>   things there are on new sites.
> Manu Sporny:  I think everything has been moved over to W3C CCG
> Kim Hamilton Duffy:  Sounds like W3C Workshop will be November.
> Christopher Allen:  Financially, the Lyon one is expensive - how
>   important is it if there is going to be one in November.
> Hi all ! I really like the generic DID scheme, is there somewhere
>   a proposed Method scheme with Verifiable Claims maybe through the
>   lense of smart contracts?
> Drummond Reed: Manu, can you say more about that? What do
>   anticipate is going to be a problem?
> Sam Smith: Can you point me to the basic background of these
>   politics you are speaking of?
> Joe Andrieu: @Sam I'd be surprised if there's anything in
>   writing.
> Ryan Grant:  I again have a question about travel: how can remote
>   participants in W3C express their support in a way that does not
>   allow brigading to interrupt the work?  is it possible to
>   incorporate online elements in a "workshop"? [scribe assist by
>   Ryan Grant]
> Heather Vescent: I will scribe
> Drummond Reed: FYI, I can't go to Leon due to the conflict with
>   IIW. But I could go to a workshop in November.
> Manu Sporny:  Where people can participate [scribe assist by Kim
>   Hamilton Duffy]
> Heather Vescent: OK, will let you do it Kim.
> Kim Hamilton Duffy: ...Rebooting and hackathon are open -- anyone
>   can participate in those
> Kim Hamilton Duffy: ...TPAC is specifically for W3C members
> Kim Hamilton Duffy: ...Not worth the expense if you are not a
>   member, but there is remote participation (Similar to this)
> Kim Hamilton Duffy: ...W3c workshops: we try hard to have remote
>   access and allow input. They tend to be open, but tend to limit
>   some attendees
> Kim Hamilton Duffy: ...E.g. journalists aren't usually welcome
>   because big company reps feel uncomfortable speaking openly
> Kim Hamilton Duffy: ...The vote is only open to W3C membership
> Kim Hamilton Duffy: ...That's why it's important to whip up
>   support among w3c members
> Ryan Grant:  Does a paying W3C member have to attend to vote?
>   [scribe assist by Ryan Grant]
> Ryan Grant:  Does a paying w3c member have to attend to vote
>   [scribe assist by Kim Hamilton Duffy]
> Manu Sporny:  No, can do remotely [scribe assist by Kim Hamilton
>   Duffy]
> Kim Hamilton Duffy: ...Vote doesn't happen unless w3c mgmt
>   believes it should happen (but that's rare)
> Kim Hamilton Duffy: ...E.g. they may delay the vote many months
>   while issues are worked thru
> Kim Hamilton Duffy: ...How this goes down is mostly a political
>   process
> Kim Hamilton Duffy: ...E.g. VC stalled for 6 months due to behind
>   the scenes
> Kim Hamilton Duffy:  Hackathon date TBD -- September 27th and
>   28th... want to get folks engaged in Hackathon.
> Joe Andrieu:  We'd love to support deployed DID methods at the
>   hackathon.
> Kim Hamilton Duffy:
>   https://github.com/w3c-ccg/community/issues/18
> Kim Hamilton Duffy:  Ping on JWK cryptosuite specs... issue 18
> Kim Hamilton Duffy:  We have that assigned to uPort - weren't
>   able to assign it to ChristianLundkvist - any updates from uPort?
>
> Topic: Work Items
>
> Kim Hamilton Duffy:  Any status to report?
> Kim Hamilton Duffy:
>   https://github.com/w3c-ccg/community/blob/master/work_items.md
>
> Topic: Focal Use Cases for DID WG
>
> Kim Hamilton Duffy:
>   https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZf
> EQaTQEm_AOs3_Q/edit?usp=sharing
> Adrian Gropper:  A prescription for Alice - use case is a patient
>   accessing a physican online.
> Adrian Gropper:  Getting a prescription that she takes to a
>   pharmacy in person and its fulfilled... the prescription is the
>   verifiable credential... identities DIDs of individuals involved.
> Adrian Gropper:  The particular questions that I'd like to talk
>   about with the group that are represented in the use case, we
>   need to have a use case that has specific regulations at some
>   point.
> Adrian Gropper:  Health-related and prescription related security
>   analysis - defend what we're doing as this stuff moves forward.
> Hi all ! I really like the generic DID scheme, is there somewhere
>   a proposed Method scheme with Verifiable Claims maybe through the
>   lense of smart contracts?
> Adrian Gropper:  There are a lot of hypotheticals - protect
>   privacy against collusion/tracking... trying to pick one example
>   of how we engineer for one aspect of privacy.
> Joe Andrieu:  Adrian, great use case - there is a threat model
>   approach that we're using in VCWG which is a good place for
>   security analysis / privacy engineering.
> Joe Andrieu:  If Alice's identity is never assured... is that
>   compliant with regulations today?
> Adrian Gropper:  It depends on the prescription... if it's not a
>   controlled substance, the answer is yes.
> Adrian Gropper:  Prescriptions can be for various reasons - up to
>   relationship w/ doctor. For example, doctor can dispense to alice
>   keeping only the record in the doctor's office, nobody needs to
>   know.
> Adrian Gropper:  There are lots of examples of this... good case
>   for privacy engineering as well as security analysis... have to
>   pay attention to licensed professionals in DID universe...
>   otherwise we're not doing much different from federated identity.
> Sam Smith: Cannabis is a controlled substance and there are a lot
>   of online doctor script services, this would fit in that model,
>   no?
> Adrian Gropper:  What makes DID totally unique is the fact that
>   it can be fully decentralized and fits w/ verifiable
>   credentials... we're trying to get Venn diagram of licensed
>   professionals, peers, patients.
> David Challener:  Question about this - today when we have
>   prescriptions, the pharmacist needs to know all prescriptions I'm
>   taking for drug interactions. Health insurance needs to
>   understand what I'm taking, different pharma to reduce costs. All
>   that has happened to me in last 60 days... why do we want
>   anonymity here when we don't have it today?
> Adrian Gropper:  We've spent a quarter of our time worrying about
>   privacy-related issues. There are hundreds of use cases ... ways
>   we could complicate this use case along the lines of what you
>   mention. The reason to do privacy engineering, and the reason we
>   want to adopt these principles is to have a hierarchy for the
>   kinds of restrictions/uses that you mention.
> Adrian Gropper:  Privacy engineering means that you start with a
>   foundation that is as privacy preserving as you can manage...
>   data minimization, regulatory minimization - build through
>   privacy engineering, as you have a reason - pharmacist monitor
>   all prescriptions, that's a different use case.
> Adrian Gropper:  There are lots of things we could privacy
>   engineer in a hierarchy, this particular use case is talking
>   about the bottom of that hierarchy, what is a reasonable set of
>   regulations and security issues that already exist that we could
>   use as a baseline.
> Adrian Gropper:  Build on top of infrastructure - as a baseline.
> David Challener:  What's the problem you're trying to solve?
> Adrian Gropper:  It's not abstract at all.
> Ryan Grant: I'd answer this as follows: doctors may want you to
>   have only one medical persona, but there is no reason for your
>   medical persona to be the same as your work persona.  This is
>   quite different from having "anonymity" in your medical dealings.
>    Furthermore, doctors are sometimes wrong, and protocol
>   infrastructure should not assume their perfection.
> Sam Smith:  I can speak to this personally - planned parenthood
>   is for a lot of people that can't access doctors... a young woman
>   would need to get a simple scrip.
> Sam Smith:  Doctors also provide marijuana prescriptions online.
> Sam Smith:  There is also something to be said here for at risk
>   youth - someone that could verify they are who they are.
> Sam Smith:  Providing some non-controlled substance prescription
>   online.
> Christopher Allen:  There is also birth control, etc.
> Adrian Gropper:  That is the goal with this use case - find
>   lowest common denominator that has this element of certified
>   responsible individual rather than institution, has an aspect of
>   non-controlled substance... so we don't have to defend the more
>   charged use cases.
> Adrian Gropper:  Trying to bring in relationship between licensed
>   professional and individual.
> Kim Hamilton Duffy: Freezing the q for this topic at Joe
> David Challener:  I still don't understand... giving someone a
>   prescription w/o knowing who they are is illegal.
> Adrian Gropper:  It's not illegal. I'm a physician.
> Adrian Gropper:  This is not hypothetical, this is a real use
>   case.
> Joe Andrieu:  One of the drivers for this, David, is to challenge
>   some of those assumptions that is given.
> Joe Andrieu:  To the extent that it is legal, how can we
>   rearchitect so we don't have baked in privacy problems.
> David Challener:  That's the best answer I've heard.
> Kim Hamilton Duffy:  Let's wrap up and move discussion to mailing
>   list.
> David Challener: Where do I find the discussion about the
>   Washington law?
> Adrian Gropper:  Where in our process are we going to have a
>   security analysis?
> Joe Andrieu:  Good question - the way I think we do this is
>   through threat model approach in VCWG.
> Joe Andrieu:  We've asked for a bunch of use cases, getting
>   engagement - as a communtiy, why are different people
>   contributing... we'll need to pick a handful of focal use cases,
>   will refine them... do a threat model, etc.
> Adrian Gropper:  Thanks
> David Challener: Btw, what I said was: Giving a prescription you
>   ahve been given by a doctor to someone else is illegal.
> David Challener: (Sort of like buying alchohol for a minor)
>
> Topic: Muscians and Influencers
>
> Joe Andrieu: @Sam I'll send an email
> Sam Smith:  I grew up with the Internet, I was a DJ - met people
>   online, met via MySpace, etc. I'd host people, they'd host me...
>   when algorithmic fees were introduced to SoundCloud, I noticed
>   the whole industry change.
> Sam Smith:  3Rd party models, led to the downfall of many
>   platforms.
> Sam Smith:  What's frustrating is that because there are so many
>   platforms now, they look at their numbers... SoundCloud has
>   become garbage... Spotify was elitist artist thing... hurt a lot
>   of people, focused on touring.
> Sam Smith:  No real way to "claim your ID"... it doesn't help
>   anyone to convey the information they want to convey because I
>   don't know how people are finding me... I don't know how people
>   show up in search results. People just use the search result,
>   images aren't even her.
> Sam Smith:  Services offer a "blue check", but is there a way
>   that we can connect all the streaming data to a single counter
>   that is attached to an ID that I own?
> Heather Vescent: The dream of the indie web of the early 00s!!
> Joe Andrieu: +1 For a simple use case for public personalities /
>   celebrities / entertainers.
> Ryan Grant: +1
> Sam Smith:  Also wondering if there is a way for that to hold a
>   directory that points to archiv.org -- lots of stuff that I have
>   screenshots of just doesn't exist on the Web yet. Archival of art
>   will be lost
> Drummond Reed: +1
> Sam Smith:  We need to think about how we practice our own acts
>   of archival.
> Benjamin Young: S/archiv.org/archive.org
> Heather Vescent: This could be applied to all content creators...
>   including bloggers, writers, vloggers, etc.
> Sam Smith:  Wondering if people can help me to make this
>   possible.
> Sam Smith:  I have a crude prototype - trying to explore archival
>   of self - verified entertainers presskit.
> Jarlath O'Carroll: Thank you for these real world examples of how
>   these solutions could effect change
> Adrian Gropper:  I just wanted comment - look in terms of agency
>   - you can't do much how institutions archive stuff about you
>   other than to have your own agent that tracks those things and
>   that can combine/recombine them in ways that you control.
> Adrian Gropper:  This individual agency is something that's not
>   typically considered.
> Joe Andrieu: +1 Kim (we can pick up did-auth next week)
> Kim Hamilton Duffy: Can we get a scribe for when Manu drops off?
> Bohdan Andriyiv:  I think Samantha's use case is about how to
>   prove ownership over digital assets... this use case is handled
>   on ValidBook by "statement of ownership"
> Bohdan Andriyiv:  Everyone is going to have a base identity -
>   they can link to that identity - any digital asset.
> Sam Smith: Can a real time streaming data counter be tied to a
>   signature?
> Kim Hamilton Duffy: Freezing q for use case #13 at Manu so we can
>   get to Sam's other use cases
> Heather Vescent:  This is interesting - started out as indie and
>   then were acquried by corporations - see this split in a couple
>   of different ways... direct experiences about that - being an OG
>   blogger, then stuff I wrote disappearing, cut advertising based
>   revenue model... reclaiming contnet on corporate platforms.
> Heather Vescent:  There is another methodology - foresaw this,
>   created our own brand anchored to a domain - with DNS, you still
>   don't own it forever, but you have a bit more control over it...
>   aggregate it. Those domains can be fluid. May not want content
>   from a previous blog when you were younger to be mixed w/
>   professional life.
> Heather Vescent:  There are two inputs - 1) content you've
>   created on your own - indieweb, and 2) digital natives that have
>   grown up using the platforms that were given to them w/o
>   understanding that they don't own their content.
> Heather Vescent:  Don't know if these are two different use
>   cases... multiple media - samantha is coming from music
>   background, I'm coming from writing background.
> Sam Smith:  Yes, Heather hit the heart of the issue - can we not
>   just have the reclaiming oru view - not just content, metrics of
>   your views.
> Dmitri Zagidulin: The view count, by itself, is a pretty
>   complicated issue, in decentralized terms.
> Kim Hamilton Duffy: Can we get a scribe?
> Joe Andrieu: Cheers, Manu
> Sam Smith:  Still your responsibility for now. Collect it in a
>   way.
> Dmitri Zagidulin: We're basically talking about an ecosystem of
>   trusted verifiers
> Heather Vescent:  Reputation associated with content - aggregated
>   reputation - another layer on top of the content.
> Kim Hamilton Duffy: Warning to those on q: moving to use case
>   14/15
> Kim Hamilton Duffy:  Moving sam's second use to next week [scribe
>   assist by Heather Vescent]
> Christopher Allen:  I'm hearing the free association that feels
>   like, Sam's created fans/associations with fans, but does not own
>   the association and the fan does not own the association. Those
>   associations are owned by the platform where she put her content
>   & the fans are. [scribe assist by Heather Vescent]
> Heather Vescent: ... When Sam moves platforms, those associations
>   are lost.
> Heather Vescent: ... The associations can be portable.
> Heather Vescent: ... Can't take my thousands of followers from
>   twitter to mastedon.
> Heather Vescent: ... That is the user story I am hearing that is
>   new.
> Heather Vescent: ... Privacy for the fans.
> Sam Smith:  Like a decentralized RSS feed [scribe assist by
>   Heather Vescent]
> Christopher Allen:  It's a 2 way VC [scribe assist by Heather
>   Vescent]
> Kulpreet Singh: +1 Decentralised RSS :)
> Dmitri Zagidulin: As far as decentralized RSS, I'd definitely
>   point people to the Social Web Working Group's work, on
>   ActivityPub and so on
> Kim Hamilton Duffy: We'll end with Bohdan
> Joe Andrieu: I've got to drop. Thanks, all!
> Heather Vescent: Bodin: archiving. I have a soundcloud account,
>   but it closes, so I have to prove that it was mine before I can
>   port it. Solution: Take a snapshot of your soundcloud account,
>   sign it with your digital identity, you can prove you were the
>   owner of that account.
> Heather Vescent: ... Needs to have interoperability between
>   platforms (e.g. leaving spotify, them allowing portability.)
> Sam Smith: Is there a universal avatar work being done?
> Ryan Grant: Thanks!
>
>
>
>
>