- From: <msporny@digitalbazaar.com>
- Date: Tue, 13 Mar 2018 14:22:04 -0400
- To: Credentials CG <public-credentials@w3.org>
Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2018-03-13/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-03-13
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2018Mar/0011.html
Topics:
1. Introductions
2. Announcements
3. Report from Rebooting the Web of Trust 6
Action Items:
1. Chairs to ensure that work items are sticky and have the
right company support
2. Chairs to find people to produce DID use cases.
3. Chairs to find people to produce DID charter.
4. Chairs to drum up W3C Member company support for DID WG.
5. Chairs to find people to work on DID test suite.
Organizer:
Kim Hamilton Duffy and Christopher Allen and Joe Andrieu
Scribe:
Dave Longley
Present:
Dave Longley, Kim Hamilton Duffy, Andrew Hughes, Manu Sporny,
Markus Sabadello, Christopher Allen, Mike Xu, Joe Andrieu,
Drummond Reed, Nate Otto, David Chadwick, Ted Thibodeau,
Christian Lundkvist, Chris Webber, Moses Ma, Joe Kaplan
Audio:
https://w3c-ccg.github.io/meetings/2018-03-13/audio.ogg
Dave Longley is scribing.
Kim Hamilton Duffy: Markus mentioned adding DID Auth to work
items.
Kim Hamilton Duffy: So introductions, who is it that spoke up
earlier?
Kim Hamilton Duffy: Could you introduce yourself?
Topic: Introductions
Andrew Hughes: Good to meet many of you at RWoT. I did a bunch
of stuff with Markus and the crew there.
Andrew Hughes: I'm interested in federated identity and identity
assurance. And identity relationship management. All
complementary topics to the work here.
Andrew Hughes: I do much work with KantaraInitiative.org - we
are starting to think about how to engage and bring in the new
concepts that are developing here and at RWOT. [scribe assist by
Andrew Hughes]
Kim Hamilton Duffy: Thanks Andrew.
Topic: Announcements
Kim Hamilton Duffy: Post DID reconciliation, implementers stand
up -- anyone want to report from that and we can remove from
announcements?
Manu Sporny: Based on all the discussions we had around the DID
spec last week, we have proposed resolutions for almost every
issue. A few issues came in end of week we'll have to discuss.
PRs are starting to flow in, like 9.
Manu Sporny: Hopefully more will come in over time, maybe 27 PRs
in waiting total.
Markus Sabadello: I joined the call at 17:07 same time as i
joined on IRC, but don't know my voip id
Manu Sporny: Only about 9 are done. Many more to write up. All
things said, we believe that all of the major implementer issues
have been addressed in the spec now. There were a couple of
people that raised a couple of issues last week and we're dealing
with those.
Christopher Allen: Are you still meeting separately as a task
force?
Manu Sporny: No significant implementer push back on the DID
spec right now. We know the portions that are well worn are
implementable. Per, at least the Veres One implementation, we're
using the spec and it's going well.
Manu Sporny: Anything in a Google doc is now being pulled into
the spec or will have PRs shortly.
Kim Hamilton Duffy: Thanks, Manu.
Kim Hamilton Duffy: IIW #26: April 3-5
https://www.eventbrite.com/e/internet-identity-workshop-iiwxxvi-26-2018a-tickets-39785360083
Mike Xu: Can someone post a link where these DID reconciliation
PRs are at?
Manu Sporny: I haven't heard any mention of follow meetings so I
think the task force might be done.
Manu Sporny: Drummond will need to weigh in.
Christopher Allen: Ok, would like to take the item off if
finished.
Manu Sporny: Mikexu, https://github.com/w3c-ccg/did-spec/issues
Kim Hamilton Duffy: Right after IIW there will be a Verifiable
Credentials F2F.
Topic: Report from Rebooting the Web of Trust 6
Joe Andrieu: Yes, so some of this is process related. Also DID
Auth as a new action item. As requested, Markus put together a
work item. Notably, we could do something at My Data 2018,
presenting DIDs in the interop track.
Joe Andrieu: We should entertain that work item and see if
there's enough support to do that as part of the group.
Christopher Allen: Url for proposal?
Kim Hamilton Duffy: Any follow up we need at the moment? Do we
need to initiate the proposal process?
Joe Andrieu: So this is the start of the proposal process, I
don't know if Markus is on the call.
Markus Sabadello: Yes.
Joe Andrieu: What support would you need to present DIDs in the
interop track?
Joe Andrieu: How could we support you?
Drummond Reed: Note: I can't dial in; getting "all circuits are
busy"
Markus Sabadello: I could present it myself, one idea would be
to have maybe a panel and a number of implementers talk about
that and present what they're doing. People presenting different
DID methods or resolvers, registration, etc. DIDs are a rare
example where interop seems to work in this space and My Data is
looking for.
Markus Sabadello: If we had enough people presenting different
DID code bases doing a panel is one idea. Getting experiences,
what is everyone doing that. Working on this proposal would be as
simple as who would be willing to come.
Joe Andrieu: For us in the CG, do we want to help Markus pull
together this panel, is that correct?
Markus Sabadello: Yes.
Joe Andrieu: Let me note as one of the RWoT guys, we want to do
something -- let's talk offline.
Joe Andrieu: Regarding this work item, I'm suggesting to Kim as
chair that we put this up to see if we have enough support to
make this happen.
Christopher Allen: Do we have at least 2 people?
Christopher Allen: Anyone else going?
Joe Andrieu: Only question is -- is there enough support to
adopt this as a work item?
Nate Otto: Would love to see it happen -- cannot make the trip
myself to https://mydata2018.org/ August 29-31 in Helsinki.
Manu Sporny: Drummond and I talked about having follow up DID
Spec Closure calls and agree that we won't have further calls
until we've worked the issues/PR list. If we have any remaining
issues after that, we'll start the calls back up.
Kim Hamilton Duffy: Markus would you mind sending an email to
the group and stage reaction there and follow up next week? What
we're looking for is for people to sign up to support it.
Joe Andrieu: And to find folks to be on the panel.
Christopher Allen: Our key point is to gauge support — who else
might be there, wish to help, etc.
Kim Hamilton Duffy: Any volunteers for action item workers?
Kim Hamilton Duffy: (For status reports)
Joe Andrieu: I just wanted to speak to spec-text training. I
know we've all been traveling and we may not get to this before
IIW. The co-chairs -- we don't know how to manage the spec text
stuff.
Manu Sporny: Happy to do it.
Manu Sporny: Happy to have anyone else who wants to modify spec
text, do PRs, etc.
Christopher Allen: I'd prefer next week.
Manu Sporny: I'm traveling solid until IIW. Maybe this Friday,
let's take that offline and try and set up a call.
Joe Andrieu: Thanks, Manu.
Christopher Allen: I'd love a copy of that.
David Chadwick: Over the Christmas vacation period Manu spent
quite a long time with me and I've got a Word document that I
could share.
David Chadwick: So we might be able to use this to avoid further
training.
Kim Hamilton Duffy: Excellent, could you forward that to the
group please?
Christopher Allen: (Wow, davidc was choppy, then clear, then
choppy, etc.)
Dave Longley: +1 To paste it into a Google doc
Dave Longley: And let people edit and update it.
Kim Hamilton Duffy: If you need help with getting into a Google
doc, send it to me and I'll forward it.
Nate Otto: I can hear perfectly, connected via onsip. Probably
not worth me speaking up for just a "canyouhearmenow?"
Kim Hamilton Duffy: We're trying to get alignment with
Verifiable Credentials and Open Badges. We have a paper where
we're wrapped up on that. Following up with some implementations.
We've broken out peer claims questions.
Kim Hamilton Duffy: We want to see more examples of Verifiable
Credentials coming from the education space specifically. That
will be a separate paper coming a little bit later.
David Chadwick: Like achughes I could not get linphone to work on
my mac, which is why I switched to onsip
Kim Hamilton Duffy: We will kick off the on going task force
group meetings shortly.
Kim Hamilton Duffy: More details to come.
Christopher Allen:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/README.md
Christopher Allen: The draft results
Christopher Allen: Last week for three days we met at Santa
Barbara. Joe hosted and did a great job. I put a URL in IRC on
the drafts that were collaborated on there. Two categories -
Primary papers, people spent the most time. As a new experiment
we did "mandatory minor papers" with variety/odd ball topics.
Nate Otto: Kulpreet Singh submitted a mandatory minor paper on
passive storage networks. The mandatory minor was a nice element
of the event.
Christopher Allen: In summary, there were 13 drafts are there.
Will continue meeting and get to final drafts. A number are
candidates for potential work items. Not everything will be
coming to the CCG, but the CCG might be interested in what's
going on. That's my intro.
Kim Hamilton Duffy: I worked with Nate Otto on the
educational/occupational VC topic. Nate took the charge on
getting several options for VC/Open Badge alignment. There were
two primary options for the proposed data model. We are
interested in feedback from VC folks.
Christopher Allen: BTCR Outline Draft at
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/introducing_btcr.md
Kim Hamilton Duffy: The next one was BTCR. What we're doing
there, during Rebooting, we spent a lot of time with minor
questions, things that are method-spec specific. We're trying to
figure out the right assumptions and defaults for the BTCR spec.
Christopher Allen: BTCR is a DID method
Kim Hamilton Duffy: We decided to turn the RWoT paper into a
general paper with technical details. The motivation is to get on
the same page with all the remaining decisions and then that
we'll copy and paste into our method spec. We're hoping to get a
two for one out of that.
Nate Otto: https://bit.ly/openbadges-rwot6 - we'll be submitting
this via GitHub pull request tomorrow into the rwot6 drafts
folder, but then it'll be open for feedback on "is this a method
that you expect to be successful within both Open Badges-focused
and Verifiable Credentials-focused tools?")
Kim Hamilton Duffy: I also really liked the mandatory minor
idea. I worked with Christian and Ryan Grant and Drummond and
Heather. We were talking about revocation. It started as a poorly
formed idea like most mandatory minor papers. We were doing a
light survey on approaches that were tried.
Christopher Allen: Survey of Cryptographic Key Recovery Methods
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/key_recovery_methods.md
Kim Hamilton Duffy: And ones that may be successful in different
contexts. It was surprising/interesting for me. The biggest
highlight, when we talk about social recovery. You ask
brother/mom ... 3 of 5 people to help you recover your identity.
Drummond showed a work cloud and looked at key recovery. And huge
front and center was Google. Family members small. That indicates
to me that people are making a convenience trade off.
Kim Hamilton Duffy: It may be a lot of effort for me to dig up
my mother and get them to do that. If there's an institution I
mostly trust that could be available online and that's more
convenient and an option. There were cultural bits that came into
play.
Kim Hamilton Duffy: I am curious to turn that into something
more complete, a larger survey, even social aspects interesting.
Ted Thibodeau: Blink's direct-connect to digitalbazaar fails for
me through GoogleHome Wifi, works fine through Airport. Bridging
through sip2sip works for both.
Ted Thibodeau: None of these are awesome, because workstation
processors get bogged down in other tasks (that's a lot of the
voice jitter that happens). Same is true of WebEx, Skype, and
all the other voice chat tools.
Christian Lundkvist: I also worked on the key recovery topic.
One of the things I want to do, I did a survey on
facebook/recovery feature. I want to share that. I can add that,
we have a Google doc for the key management session. It's
basically a walkthrough with screenshots of facebook's social
recovery.
Christian Lundkvist: Interesting to see how they are doing that
there.
David Chadwick: Because of availability concerns, most people
prefer m of n key recovery.
Manu Sporny: A couple of high level observations. Community
learning how to work together and crank out content. It did raise
a question in my mind with how to transition from RWoT to CCG. In
previous RWoT, DID spec was front and center and lots of people
on it. Now we had a transition.
Manu Sporny: Not a lot of people working on it, just Drummond
and I working on issues, which is fine. We're seeing where the
edges of RWoT are. Creating new ideas, discussing them,
formalizing them, kicking out a doc and maybe refining a bit. But
per RWoT the DID spec isn't something to be worked on in that
community.
Manu Sporny: And it's this group's job to carry it on and get
implementer feedback.
Kim Hamilton Duffy: For the remaining topics, we can use this for
structure:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/draft-documents
Manu Sporny: Once we get more editorial passes then that spec
will be ready to move on from this group as well. I'm concerned
about that. We as the group that is transitioning that spec to
the next stage like a W3C group. We need to do some prep work to
transition it. Use cases doc, general proposal, charter for the
DID spec working group.
Manu Sporny: Those are items I haven't heard anyone talking
about. Without those things the spec stops and it won't
transition.
Manu Sporny: The thing that is most interesting was the process
of how we get things through. If we stopped right now, lots of
great ideas percolating at RWoT and refinement here, then we're
stuck.
Manu Sporny: I'd like this group to understand getting things
onto W3C standards track and recruiting the right companies.
Manu Sporny: We really need to spend some time working that
particular process problem or the work will stall at the next
stage.
Kim Hamilton Duffy: That's a good action item for the chairs.
ACTION: Chairs to ensure that work items are sticky and have the
right company support
Kim Hamilton Duffy: We'll need to bounce some ideas off of you,
Manu, to make sure we're tracking this.
Joe Andrieu: I think we also need to get DID Auth as a proposed
work item.
Joe Andrieu: We probably still need ... we still need to do DID
Auth within the CG and would that go over to the DID working
group?
Manu Sporny: Not any time soon. And we're playing with fire
there. The worst thing we could do is propose a DID Auth WG and
the browser vendors could get really excited and take over and
then DID Auth will be purely through the browser and with browser
vendor wallets. We don't want that.
Manu Sporny: We have to be very careful there.
Manu Sporny: We do have one DID Auth spec right now which is the
Credential Handler API and I talked about that a bit. The general
approach is to try and standardize the messages that go back and
forth.
Manu Sporny: We're too far way from that to propose any working
group.
Markus Sabadello: +Q about DID Auth
Joe Andrieu: We should get DID Auth as a separate work item.
Manu Sporny: I think DID Auth is talking about messages not the
protocols they travel over.
Christopher Allen: Besides the actual spec, what of those is the
most time?
Dave Longley: Comment about did auth and protocols [scribe
assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ....Most important is to get implementations
out, interop, functional code
Kim Hamilton Duffy: ...Need that before taking to w3c
Christopher Allen: Which method specs should go into the WG, or
would the "how to write a method spec spec" be the only thing to
move to a WG?
Dave Longley: We need to get some implementation built and
interworking tests done [scribe assist by David Chadwick]
Nate Otto: Badgr would love to work with a DID Auth provider or
develop open source who could expose a OAuth2 identity provider
Christopher Allen: DID Auth at #Rwot
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/did_auth_draft.md
Markus Sabadello: We had a group of seven people working on DID
Auth. It is just browser-based login tool like with the
Credential Handler API, is it scanning a QR code with
challenge+response like uPort is doing, does it include
service-to-service protected secure channels? A lot of flows and
protocols and different scenarios that could fit under DID Auth.
Markus Sabadello: Then discussions about the formats and
challenge/response, etc.
Markus Sabadello: The way Manu said it -- designing the message
format independently from transports or bindings is good. It's
not just browser based.
Christian Lundkvist: That's also how we're approaching it at
uPort. What we've been doing now is ... we've defined some
formats of the messages. We have several ways to get those to the
user. QR code or push notification or click on a link, etc. but
the messages are the same.
Markus Sabadello: Besides that, I also have the opportunity with
British Columbia guys and I need to have some DID Auth stuff done
there by the end of the month and could present some of that here
and ask for feedback.
Kim Hamilton Duffy: Excellent.
Kim Hamilton Duffy: I'd be interested in that.
Manu Sporny: To respond to Christopher's questions. What do we
need for the DID WG, what will take the most time? -- The answer
is that use cases will take the most time unless we have someone
like Joe working on them. Not fair to ask him to do all that.
Joe Andrieu: Still takes time :)
Manu Sporny: It can take a year and a half to do, we need to
pick 3-4 very important use cases and hold it to that. Charter is
required. They are easier. Especially newer charters and they
want you to be very focused. Like, you are creating a WG to do
one spec.
Manu Sporny: Verifiable Credentials is an example of this, we
have a use cases doc and the VC data model spec and that's it.
The DID WG would probably have to generate something similar.
Manu Sporny: If someone could do use cases for DIDs that would
be helpful, some of us know how to put a charter together in a
few weeks.
Manu Sporny: And a core spec. We also want an operational test
suite. And we want two implementers minimum that step up. Like
Veres One, BTCR, Sovrin and show passing tests.
Manu Sporny: The other thing that takes significant time, from a
calendar perspective, from an effort it's not super involved, and
that's drumming up support.
Manu Sporny: Making sure that we get for example, IBM, MS
joining the WG. We have to get all that support a good six months
before proposing the group. We are hoping to present at this
year's TPAC. Which means we are 6 months out NOW. We need to
start this work. If we miss TPAC it gets much harder. And 6
months go fast.
ACTION: Chairs to find people to produce DID use cases.
ACTION: Chairs to find people to produce DID charter.
Manu Sporny: If we had to put down a number of things we need to
do, we need to do use cases in parallel with the charter. If we
have a rough cut of those in two months, we start hitting every
company that would benefit from the company and show use cases,
spec, ask them to vote.
Manu Sporny: Or join the work or both.
ACTION: Chairs to drum up W3C Member company support for DID WG.
Manu Sporny: End of summer some time.
ACTION: Chairs to find people to work on DID test suite.
Manu Sporny: This is making me very nervous because we don't
have a lot of time and don't have people assigned.
Manu Sporny: I suggest we don't put DID method specs into the
WG. Any spec you say you are going to standardize you need two
implementers and a test suite.
Christopher Allen: It is quite likely there will be two
implementations of BTCR
Manu Sporny: We need two companies doing the uPort protocol for
example, and I think that would be very difficult.
Christopher Allen: (Though in some ways slower as not being
backed commercially)
Manu Sporny: I think we go in with the DID spec as is. Make it
short and sweet and just do that.
Manu Sporny: And say the DID method specs are outside and refer
to them non-normatively.
Kim Hamilton Duffy: Ok, I made some action items. I'm not sure
what's involved with drumming up company support but it sounds
like we need to get started right away on all of these.
Joe Andrieu: Feedback for manu .... people thought we'd have DID
landia, but we ended up having a lot of two people papers. I
don't think that was indicative of community support for the DID
spec.
Christopher Allen: I'm not sure how to plan this, but I feel
like we need to be careful at IIW ... with some preplanned
*messages* like DID use cases and the various other things. The
point of doing RWoT early was to give us time between it and IIW
where we can influence. We should think about how to take these
documents that are appropriate for the CCG to work on and
leverage that momentum to drive conferences talking about things
in the fall.
Manu Sporny: There are no IPR concerns with directly adding a
DID method to the registry, Markus.
Christopher Allen: (I'd prefer PRs)
Manu Sporny: I won't speak to the community process, from an IPR
perspective, what the registry is trying to do is track the
various DID method specs that are out there. CG process is up to
the chairs. The other response is to something Joe said.
Manu Sporny: We shouldn't read too much into what happened at
RWoT. I didn't intend to insinuate anything, we've seen this with
lots of other work. Community doesn't know about the process and
thinks something is solved. It's the most dangerous thing to
happen in a standards setting org -- because that's how things
die. This is the point where it actually gets hard. Everything up
to this point is actually easy. We haven't dealt with the
politics or the grind or
Dave Longley: Explaining it to someone new from a large company
that's new for the 50th time, etc.
Manu Sporny: That's the part of the stage we're getting ready to
move into and because everyone kind of scattered and let the
editors "deal with the rest" or "there are others in the
community that will run with it" ... it doesn't leave us with
resources.
Manu Sporny: To push the spec forward [at a critical time].
Manu Sporny: I'm trying to wave the flag and say we're not done
yet! We need a ton of help!
Manu Sporny: And we need orgs that depend on this to push it
through the standards group.
Kim Hamilton Duffy:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/draft-documents
Kim Hamilton Duffy: I don't think Nathan is here, wanted to hear
a report on ABCs. I'd like to hear from Chris Webber as well, on
pet names, but also not here. If anyone else is here, please
queue yourself.
Chris Webber: Shoot
Chris Webber: I accidentally hung up with my ear
Moses Ma: Dan and I are going to work on the roadmap group and
we'll prepare some notes and share them next week.
Moses Ma: Our topic was creating a roadmap for adoption and ...
companies need for this group to do certain things and to get
approval to move forward. We have to publish a schedule and
express some other things and they'll sell internally.
Moses Ma: Product roadmaps are needed internally by some
companies and expressing the things getting done and when. Also
need some materials. When people go to the site they aren't
seeing what a commercial site would offer in terms of an API,
etc. We just need some reorganization. Explaining exactly what's
needed -- there's a paper we uploaded with a list of
deliverables.
Moses Ma: That would be good for getting larger companies to
support us.
Kim Hamilton Duffy: Yes, that came up several times wrt getting
sponsorship from larger companies.
Chris Webber: I just wanted to say that we were lucky to have
Mark Miller again this year and one of the concerns I had this
year was how people will be able to use these decentralized,
globally unique, but non-human readable identifiers. With
petnames we got a good sense for how to deal with that and build
UIs for it.
Moses Ma: Chris, you can look over the roadmap plan here:
https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/a-roadmap-for-ssi.md
Chris Webber: We're getting the paper together and we're pretty
close.
Moses Ma: Christopher, sorry.
Joe Andrieu: I just wanted to make some notes about the need for
us to be clear in our separation between RWoT and CCG and
VCWG/other WG. Different process requirements and consensus
drivers and IP regimes, etc. As chairs we haven't been clear
about it. There's a good pipeline here.
Joe Andrieu: RWoT - CCG - WGs
Joe Kaplan: Yes, we need to figure that out! [scribe assist by
Moses Ma]
Joe Andrieu: Some of what you're doing Moses and figuring out
... that's RWoT work and figuring out how to feed it into CCG is
good just don't want to be too early with it.
Kim Hamilton Duffy: Thanks everyone!
Moses Ma: Bye all
Received on Tuesday, 13 March 2018 18:22:32 UTC