- From: <gannan@digitalbazaar.com>
- Date: Tue, 10 Jul 2018 14:52:29 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Ryan Grant for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2018-07-10/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-07-10
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2018Jul/0013.html
Topics:
1. Introductions
2. Announcements and Reminders
Action Items:
1. Chairs follow up on concerns about funding, recognition,
contribution to commons
2. Open issue regarding DID resolution in WG charter
Organizer:
Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
Ryan Grant
Present:
Christopher Allen, Andrew Hughes, Dmitri Zagidulin, Chris Webber,
Heather Vescent, Ganesh Annan, Markus Sabadello, Joe Andrieu,
Ryan Grant, Kulpreet Singh, Manu Sporny, Dan Burnett, Kim
Hamilton Duffy, Ted Thibodeau, Moses Ma, Samantha Mathews Chase,
Benjamin Young, Bohdan Andriyiv, Christian Lundkvist, Pelle
Brændgaard, Nate Otto, Irene Hernandez, Eric Olszewski
Audio:
https://w3c-ccg.github.io/meetings/2018-07-10/audio.ogg
Ryan Grant is scribing.
Topic: Introductions
Kim Hamilton Duffy: On to reintroductions
Ted Thibodeau: I work for OpenLink software. active for several
years. working in VC/credentials working group.
Ted Thibodeau: Works for openLink software. active for several
years. working in VC/credentials working group.
Kim Hamilton Duffy: Bulk of meeting to be about uPort proposal
Kim Hamilton Duffy: Reminders about using the queuing mechanism
and strict timeboxing.
Topic: Announcements and Reminders
Kim Hamilton Duffy: Announcements:
https://w3c-ccg.github.io/announcements/
Kim Hamilton Duffy: Summer BTCR virtual hackathon is next week.
we have a zoom room and will have standup meetings MWThF, and Tu
after this meeting.
... planning meeting tomorrow afternoon. invites to anyone
interested.
Kim Hamilton Duffy: https://www.w3.org/2018/10/TPAC/
... Helsinki MYDATA 2018 — August 29-31 Helsinki, Finland.
#RebootingWebOfTrust VII — September 24-26th, Toronto. Also
27-28th DID/Verifiable Credential Hackathon (F2F). TPAC —
October 23rd-26th, Lyon, France.
... IIW — October 23rd-25th, Mountain View
Kim Hamilton Duffy: Moses is organizing a conference.
introduction forthcoming.
Kim Hamilton Duffy:
https://businessofblockchain.com/web/virtual-summits/blockchain-id
Moses Ma: Link posted. GMSI-web co-producing. share the link.
Moses Ma: Publishers want to see "traction", to test their
resource allocation.
Moses Ma: Day2 is more public. more availability for speaking.
email Moses for speaking options.
Moses Ma: Please support. thanks!
Samantha Mathews Chase: Where is the link for this?
Heather Vescent: Will the registration details be shared with
the community?
Moses Ma: We get the entire signup list, but it will be held
closely so as not to invite spam.
Heather Vescent: What's the transparency on that ownership?
Moses Ma: How about a governance group?
Heather Vescent: If our social capital is being used to build
the community, then we should have a sense of ownership.
Moses Ma: Let's resolve this via a governance group
Heather Vescent: If we're co-creating this, then we should have
a commons-based ownership model
Kim Hamilton Duffy: Jumping in: library of references that
you're advocating looks useful to w3c-ccg as well
Moses Ma: Entire library will remain open source
Manu Sporny: I hear you Heather, and want to speak in support of
Moses' efforts. it's working in concert with the multi-year
efforts we've got going. we don't know of ways to build this
without engaging with these business models. it's a balancing
act.
Heather Vescent: It's just very inconsistent what gets funded...
technology gets funded, but other things do not.
Manu Sporny: It's a good trade off.
Manu Sporny: Maybe there's a CRT that gets created that can
manage that list and its best use. unfortunately, we need to
make these decisions rather quickly. everyone's participation is
based on their own acceptance.
Heather Vescent: It's a huge red flag. Moses is doing great
work, but we need a way for people who don't fit this business
model to see their work valued. i'm going to advocate for
everyone in the community to get value out of the work they're
putting in.
Moses Ma: Please share or blog about this virtual summit:
https://businessofblockchain.com/web/virtual-summits/blockchain-id/
Kim Hamilton Duffy: Let's do further work to address these
concerns. action item: <something>
ACTION: Chairs follow up on concerns about funding, recognition,
contribution to commons
Manu Sporny: We're trying to get a WG charter proposal started
Kim Hamilton Duffy: https://w3c-ccg.github.io/did-wg-charter/
Manu Sporny: DID WG Charter -
https://w3c-ccg.github.io/did-wg-charter/
Manu Sporny: W3C staff resources and members' own resource get
allocated based on these charters.
Manu Sporny: The current charter is "done enough for review"
Manu Sporny: Review it. understand that we have to be
"super-hyper focused"
Manu Sporny: It says that we're going to produce this document,
and nothing more.
Manu Sporny: And test suite
Manu Sporny: And that's it. please read and raise issues in
issue tracker.
Manu Sporny: See email for details.
Markus Sabadello: Q regarding DID resolution: would DID
resolution be in scope for the WG charter? one spec or multiple?
Manu Sporny: We could add it. we need to have this
conversation. it needs a spec that has been incubated.
expanding the scope may risk objections. the first WG charter
draft is narrowed to data model and DID spec.
Manu Sporny: If you and Dmitri can commit to the work to do the
spec, then we can put it in there.
Manu Sporny: This is for community to decide.
Kim Hamilton Duffy: Let's open an issue.
ACTION: Open issue regarding DID resolution in WG charter
Manu Sporny: We do have two implementations -- Markus and
Dmitri...
Christopher Allen: Reminder that we'll need a second
implementation.
Dmitri Zagidulin: We have a Java and a Javascript
implementation.
Kim Hamilton Duffy: DID Primer PR:
https://github.com/w3c-ccg/did-primer/pull/2
Kim Hamilton Duffy: On to the DID primer. is it ready to merge?
Andrew Hughes: Reporting progress, there were some distractions.
recording regarding github repo and respec document has been
posted.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/18
Kim Hamilton Duffy: JWK crypto suite specifications.
Andrew Hughes: Will get back on the did-primer: respec format
today
Kim Hamilton Duffy: Who should we assign this issue #18 to?
Dmitri Zagidulin: I'm definitely interested in participating in
issue #18
Bohdan Andriyiv: Achuges (y)
Kim Hamilton Duffy: Create a spec that demonstrates how you
express a JWK using a LD Cryptosuite. Create a spec that
demonstrates how you express a Verifiable Credential as a JWT
Implementations and test suites for those specs
Andrew Hughes: The raw recording for the tutorial session by manu
on setting up a github repo and also a respec doc is here:
https://youtu.be/vcL3ffgGEJM
Christopher Allen: This is realted to uPort, so let's fold it
into that.
Kim Hamilton Duffy: Last call for work items
Christian Lundkvist: One of the things that happened was that
Mike Jones (JWT at MSFT) submitted some additions to secp256k1 to
the JWT spec.
... did anyone else see that?
... i think that got through the IETF, but I don
Pelle Brændgaard: Yes it did
... don't know the details
Kim Hamilton Duffy: Thanks, we can look into that.
Kim Hamilton Duffy: On to work items.
Kim Hamilton Duffy: Work items:
https://github.com/w3c-ccg/community/blob/master/work_items.md
Kim Hamilton Duffy:
https://medium.com/uport/a-complete-list-of-uports-protocols-libraries-and-solutions-63e9b99b9fd6
Kim Hamilton Duffy: Moving on to uport DID proposal
Pelle Brændgaard: I'm missing some mailing list context.
Christian Lundkvist: People are interested in recent changes and
work on DID methods.
Pelle Brændgaard: Over the last few months, we've proposed an
Ethereum contract
Pelle Brændgaard: That allows key revocation, using multiple
keys, etc. we want some community to support it.
Pelle Brændgaard: The base is an Ethereum address.
Pelle Brændgaard: It also supports smart contracts (Ethereum
small pieces of code)
Pelle Brændgaard: Does not support signing...
Pelle Brændgaard: You can add a signing key to it
Pelle Brændgaard: Goals were: Ethereum compatible, does
identities, simple to add, edit, and resolve.
Pelle Brændgaard: This supports our did:uport method.
Christian Lundkvist: A philosophy that we've come to is that
unlike previous requirements to create an (expensive) blockchain
transaction, our new thinking is that the hash of a public key is
the identity, so that the supporting smart contract can handle
key revocations. thus to onboard, you do not need any blockchain
transactions.
Christian Lundkvist: Further on in the lifecycle, you may beed
to do a key revocation, and that is the point of the blockchain
transaction
Markus Sabadello: I was workign with the author fo the ERC725
proposal. what is the difference between your new proposal and
that one. i guess not needing to create a new smart contract to
create an identity is a big one. plus <lossage>
Pelle Brændgaard: Yes, ERC725 requires posting a contract. and
it doesn't rely on verifiable claims.
Pelle Brændgaard: ERC780 would allow you to make lossage claims.
Pelle Brændgaard: Service endpoints require the contract to be
posted.
Manu Sporny: Having read through things at a high level, parts
look familiar and parts don't.
Manu Sporny: DID spec outlines various steps to get something
done. do you have a document with steps like that?
Manu Sporny: I'm also seeing a lot of JWTs and i don't know
where those are used.
Pelle Brændgaard: We do have docs
Pelle Brændgaard: We can update
Pelle Brændgaard: We have a JWT library. it should be simple
enough to plug into any other layer. we would encourage someone
to do that.
Pelle Brændgaard: We don't have that need right now.
Christian Lundkvist: We have not crated a formal DID method spec
for this.
Christian Lundkvist: It had been in flux, but we want to create
the spec, to make sure we're compatible.
Pelle Brændgaard: Our current document
https://github.com/uport-project/ethr-did-registry/blob/develop/README.md
Christopher Allen: If i create an identity, and it's not on a
blockchain, where is it?
Christopher Allen: Q2: someone has a uport id and a verifiable
claim signed by another party (that is not necessarily a jwt <--
sounds like "jot")
Pelle Brændgaard: We use event logs
Pelle Brændgaard: Cheap way of storing things on the blockchain
that is kept by the blockchain.
Pelle Brændgaard: There is no longer a need to go to ipfs for
this.
Pelle Brændgaard: We are looking at ways of supporting more
complex structured data as well
Pelle Brændgaard: But that's not finalized
Pelle Brændgaard: This will be for public users that want to
post information about themselves, which we envision being for
businesses.
Pelle Brændgaard: We have a javascript library.
Kim Hamilton Duffy: This one?
https://github.com/uport-project/did-resolver
Pelle Brændgaard: This will be good for BTCR support, and is a
very simple method.
Pelle Brændgaard: Yes thats it kimhd
Christian Lundkvist: The way i see it is that the claims
themselves are always stored offchain, using JWT (versus LDS)
this DID method should be completely agnostic to that. you can
imaging taking any form of data that references this and it
should be able to be resolved (in an orthoganal manner)
Christopher Allen: Will you be at the post RWOT hackathon?
Pelle Brændgaard: We'll look at it.
Pelle Brændgaard: We can add other methods into our app as well.
Pelle Brændgaard: We're trying to bridge the various blockchains
and formats.
Christian Lundkvist: We also have a plugin for Markus's
universal resolver
Bohdan Andriyiv: Security of uPort DID not anchored in
blockchain?
Bohdan Andriyiv: How do you resolve once anchored?
Bohdan Andriyiv: Will you be able to have the same DID as used
in other blockchains? how will security of this be resolved?
Bohdan Andriyiv: Same DID on Ethereum and Bitcoin
Bohdan Andriyiv: Do users see the DIDs?
Bohdan Andriyiv: Can humans select the DIDs, and will they
acquire vanity value?
Pelle Brændgaard: We do "a lookup that isn't actually really a
lookup"
Pelle Brændgaard: First we check onchain for changes to the DID
Pelle Brændgaard: If there are no changes, then the (hashed)
address is the public key
Pelle Brændgaard: This is the same trick that Ethereum uses for
recoverable signatures -something- added height and recovery
bytes.
Music starts to play from Kulpreet Singh device when he
accidentally mutes it. Cue Samantha Mathews Chase skillfully
singing a sensational solo about DIDs over the hold music. Rumble
of laughter ensues...
Ryan Grant: Lol!!!!
Nate Otto: Ok, that's hilarious.
Irene Hernandez: Hahaha
Heather Vescent: It's kinda sexist actually.
Moses Ma: Is there a link for this song?
Samantha Mathews Chase: I'm available for parties, birthdays,
weddings
Eric Olszewski: Well, it's nice that hackers are paying attention
Pelle Brændgaard: Recoverable signatures should be usable with
Bitcoin as well.
Pelle Brændgaard: <Blee bloop>
Christian Lundkvist: If you anchor on two chains, that's not
really supported. when you first create the identity, you need
to go to a specific Ethereum contract as the refernece point, to
look for updates.
Christian Lundkvist: If no updates, you generate a DID Document
directly from the public key.
Christian Lundkvist: There's no way to senibly do this on
multiple chains.
Christian Lundkvist: And to the later question about someone
else registering your DID, it's not a security risk because to
use it, you will need to be able to sign with the private key.
Markus Sabadello: When the DID document is created, will it
contain public keys?
Markus Sabadello: Asking for clarification
Heather Vescent: IT WAS NOT ME.
Pelle Brændgaard: -Is back- we require an Ethereum address to
resolve.
Markus Sabadello: Here's an open issue on whether to store
Ethereum addresses vs public keys in DID document:
https://github.com/w3c-ccg/did-spec/issues/56
Samantha Mathews Chase: Yeah i just started singing lol sorry
Ryan Grant: Rgrant: what languages are you asking for DID method
resolver code in?
Christian Lundkvist: Our library is in Javascript.
Pelle Brændgaard: We're working on Java and Swift as well
Pelle Brændgaard: ... Incidents
Pelle Brændgaard: The first thing is to have a generic DID
resolver for that language
Pelle Brændgaard: It should be in a way that makes sense for
that language and platform
Eric Olszewski: Are you working on any integrations with LDAP?
Pelle Brændgaard: Short answer: no
Pelle Brændgaard: Markus I will update that PR to reflect our
current format, which we came to through talks on the mailing
list
Christian Lundkvist: We've had talks with MSFT about those
things, but not anything that is really concrete. we have some
ideas.
Manu Sporny: Are you talking about Ethereum DID method or DID in
general?
Pelle Brændgaard: I will have to leave now. Thanks everyone
Eric Olszewski: In general
Manu Sporny: Very interesting.
Manu Sporny: Reach out if you want to collaborate on that
Nate Otto: If you like songs in the genre of decentralized
identity and credentials, you might like
https://www.youtube.com/watch?v=Xf_b-PojsMw
Christian Lundkvist: One of the more interesting things is
connecting Kerberos to Active Directory and then using PKI
capability of Kerberos to sign with your DID.
Kim Hamilton Duffy: Over time. see you next week
Moses Ma: Thanks and bye!
Manu Sporny: Ericolszewski - msporny@digitalbazaar.com to start
:)
Kulpreet Singh: Sorry for the accidental mute ;)
Received on Tuesday, 10 July 2018 18:52:53 UTC