[MINUTES] W3C Credentials CG Call - 2018-03-13 12pm ET

Thanks to Dave Longley for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-03-13/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-03-13

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Mar/0011.html
Topics:
  1. Introductions
  2. Announcements
  3. Report from Rebooting the Web of Trust 6
Action Items:
  1. Chairs to ensure that work items are sticky and have the 
    right company support
  2. Chairs to find people to produce DID use cases.
  3. Chairs to find people to produce DID charter.
  4. Chairs to drum up W3C Member company support for DID WG.
  5. Chairs to find people to work on DID test suite.
Organizer:
  Kim Hamilton Duffy and Christopher Allen and Joe Andrieu
Scribe:
  Dave Longley
Present:
  Dave Longley, Kim Hamilton Duffy, Andrew Hughes, Manu Sporny, 
  Markus Sabadello, Christopher Allen, Mike Xu, Joe Andrieu, 
  Drummond Reed, Nate Otto, David Chadwick, Ted Thibodeau, 
  Christian Lundkvist, Chris Webber, Moses Ma, Joe Kaplan
Audio:
  https://w3c-ccg.github.io/meetings/2018-03-13/audio.ogg

Dave Longley is scribing.
Kim Hamilton Duffy:  Markus mentioned adding DID Auth to work 
  items.
Kim Hamilton Duffy:  So introductions, who is it that spoke up 
  earlier?
Kim Hamilton Duffy:  Could you introduce yourself?

Topic: Introductions

Andrew Hughes:  Good to meet many of you at RWoT. I did a bunch 
  of stuff with Markus and the crew there.
Andrew Hughes:  I'm interested in federated identity and identity 
  assurance. And identity relationship management. All 
  complementary topics to the work here.
Andrew Hughes:  I do much work with KantaraInitiative.org - we 
  are starting to think about how to engage and bring in the new 
  concepts that are developing here and at RWOT. [scribe assist by 
  Andrew Hughes]
Kim Hamilton Duffy:  Thanks Andrew.

Topic: Announcements

Kim Hamilton Duffy:  Post DID reconciliation, implementers stand 
  up -- anyone want to report from that and we can remove from 
  announcements?
Manu Sporny:  Based on all the discussions we had around the DID 
  spec last week, we have proposed resolutions for almost every 
  issue. A few issues came in end of week we'll have to discuss. 
  PRs are starting to flow in, like 9.
Manu Sporny:  Hopefully more will come in over time, maybe 27 PRs 
  in waiting total.
Markus Sabadello: I joined the call at 17:07 same time as i 
  joined on IRC, but don't know my voip id
Manu Sporny:  Only about 9 are done. Many more to write up. All 
  things said, we believe that all of the major implementer issues 
  have been addressed in the spec now. There were a couple of 
  people that raised a couple of issues last week and we're dealing 
  with those.
Christopher Allen: Are you still meeting separately as a task 
  force?
Manu Sporny:  No significant implementer push back on the DID 
  spec right now. We know the portions that are well worn are 
  implementable. Per, at least the Veres One implementation, we're 
  using the spec and it's going well.
Manu Sporny:  Anything in a Google doc is now being pulled into 
  the spec or will have PRs shortly.
Kim Hamilton Duffy:  Thanks, Manu.
Kim Hamilton Duffy: IIW #26: April 3-5 
  https://www.eventbrite.com/e/internet-identity-workshop-iiwxxvi-26-2018a-tickets-39785360083
Mike Xu: Can someone post a link where these DID reconciliation 
  PRs are at?
Manu Sporny:  I haven't heard any mention of follow meetings so I 
  think the task force might be done.
Manu Sporny:  Drummond will need to weigh in.
Christopher Allen:  Ok, would like to take the item off if 
  finished.
Manu Sporny: Mikexu, https://github.com/w3c-ccg/did-spec/issues
Kim Hamilton Duffy:  Right after IIW there will be a Verifiable 
  Credentials F2F.

Topic: Report from Rebooting the Web of Trust 6

Joe Andrieu:  Yes, so some of this is process related. Also DID 
  Auth as a new action item. As requested, Markus put together a 
  work item. Notably, we could do something at My Data 2018, 
  presenting DIDs in the interop track.
Joe Andrieu:  We should entertain that work item and see if 
  there's enough support to do that as part of the group.
Christopher Allen: Url for proposal?
Kim Hamilton Duffy:  Any follow up we need at the moment? Do we 
  need to initiate the proposal process?
Joe Andrieu:  So this is the start of the proposal process, I 
  don't know if Markus is on the call.
Markus Sabadello:  Yes.
Joe Andrieu:  What support would you need to present DIDs in the 
  interop track?
Joe Andrieu:  How could we support you?
Drummond Reed: Note: I can't dial in; getting "all circuits are 
  busy"
Markus Sabadello:  I could present it myself, one idea would be 
  to have maybe a panel and a number of implementers talk about 
  that and present what they're doing. People presenting different 
  DID methods or resolvers, registration, etc. DIDs are a rare 
  example where interop seems to work in this space and My Data is 
  looking for.
Markus Sabadello:  If we had enough people presenting different 
  DID code bases doing a panel is one idea. Getting experiences, 
  what is everyone doing that. Working on this proposal would be as 
  simple as who would be willing to come.
Joe Andrieu:  For us in the CG, do we want to help Markus pull 
  together this panel, is that correct?
Markus Sabadello:  Yes.
Joe Andrieu:  Let me note as one of the RWoT guys, we want to do 
  something -- let's talk offline.
Joe Andrieu:  Regarding this work item, I'm suggesting to Kim as 
  chair that we put this up to see if we have enough support to 
  make this happen.
Christopher Allen: Do we have at least 2 people?
Christopher Allen: Anyone else going?
Joe Andrieu:  Only question is -- is there enough support to 
  adopt this as a work item?
Nate Otto: Would love to see it happen -- cannot make the trip 
  myself to https://mydata2018.org/ August 29-31 in Helsinki.
Manu Sporny: Drummond and I talked about having follow up DID 
  Spec Closure calls and agree that we won't have further calls 
  until we've worked the issues/PR list. If we have any remaining 
  issues after that, we'll start the calls back up.
Kim Hamilton Duffy:  Markus would you mind sending an email to 
  the group and stage reaction there and follow up next week? What 
  we're looking for is for people to sign up to support it.
Joe Andrieu:  And to find folks to be on the panel.
Christopher Allen: Our key point is to gauge  support — who else 
  might be there, wish to help, etc.
Kim Hamilton Duffy:  Any volunteers for action item workers?
Kim Hamilton Duffy:  (For status reports)
Joe Andrieu:  I just wanted to speak to spec-text training. I 
  know we've all been traveling and we may not get to this before 
  IIW. The co-chairs -- we don't know how to manage the spec text 
  stuff.
Manu Sporny:  Happy to do it.
Manu Sporny:  Happy to have anyone else who wants to modify spec 
  text, do PRs, etc.
Christopher Allen: I'd prefer next week.
Manu Sporny:  I'm traveling solid until IIW. Maybe this Friday, 
  let's take that offline and try and set up a call.
Joe Andrieu:  Thanks, Manu.
Christopher Allen: I'd love a copy of that.
David Chadwick:  Over the Christmas vacation period Manu spent 
  quite a long time with me and I've got a Word document that I 
  could share.
David Chadwick:  So we might be able to use this to avoid further 
  training.
Kim Hamilton Duffy:  Excellent, could you forward that to the 
  group please?
Christopher Allen: (Wow, davidc was choppy, then clear, then 
  choppy, etc.)
Dave Longley:  +1 To paste it into a Google doc
Dave Longley:  And let people edit and update it.
Kim Hamilton Duffy:  If you need help with getting into a Google 
  doc, send it to me and I'll forward it.
Nate Otto: I can hear perfectly, connected via onsip. Probably 
  not worth me speaking up for just a "canyouhearmenow?"
Kim Hamilton Duffy:  We're trying to get alignment with 
  Verifiable Credentials and Open Badges. We have a paper where 
  we're wrapped up on that. Following up with some implementations. 
  We've broken out peer claims questions.
Kim Hamilton Duffy:  We want to see more examples of Verifiable 
  Credentials coming from the education space specifically. That 
  will be a separate paper coming a little bit later.
David Chadwick: Like achughes I could not get linphone to work on 
  my mac, which is why I switched to onsip
Kim Hamilton Duffy:  We will kick off the on going task force 
  group meetings shortly.
Kim Hamilton Duffy:  More details to come.
Christopher Allen: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/README.md
Christopher Allen: The draft results
Christopher Allen:  Last week for three days we met at Santa 
  Barbara. Joe hosted and did a great job. I put a URL in IRC on 
  the drafts that were collaborated on there. Two categories - 
  Primary papers, people spent the most time. As a new experiment 
  we did "mandatory minor papers" with variety/odd ball topics.
Nate Otto: Kulpreet Singh submitted a mandatory minor paper on 
  passive storage networks. The mandatory minor was a nice element 
  of the event.
Christopher Allen:  In summary, there were 13 drafts are there. 
  Will continue meeting and get to final drafts. A number are 
  candidates for potential work items. Not everything will be 
  coming to the CCG, but the CCG might be interested in what's 
  going on. That's my intro.
Kim Hamilton Duffy:  I worked with Nate Otto on the 
  educational/occupational VC topic. Nate took the charge on 
  getting several options for VC/Open Badge alignment. There were 
  two primary options for the proposed data model. We are 
  interested in feedback from VC folks.
Christopher Allen: BTCR Outline Draft at 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/introducing_btcr.md
Kim Hamilton Duffy:  The next one was BTCR. What we're doing 
  there, during Rebooting, we spent a lot of time with minor 
  questions, things that are method-spec specific. We're trying to 
  figure out the right assumptions and defaults for the BTCR spec.
Christopher Allen: BTCR is a DID method
Kim Hamilton Duffy:  We decided to turn the RWoT paper into a 
  general paper with technical details. The motivation is to get on 
  the same page with all the remaining decisions and then that 
  we'll copy and paste into our method spec. We're hoping to get a 
  two for one out of that.
Nate Otto: https://bit.ly/openbadges-rwot6 - we'll be submitting 
  this via GitHub pull request tomorrow into the rwot6 drafts 
  folder, but then it'll be open for feedback on "is this a method 
  that you expect to be successful within both Open Badges-focused 
  and Verifiable Credentials-focused tools?")
Kim Hamilton Duffy:  I also really liked the mandatory minor 
  idea. I worked with Christian and Ryan Grant and Drummond and 
  Heather. We were talking about revocation. It started as a poorly 
  formed idea like most mandatory minor papers. We were doing a 
  light survey on approaches that were tried.
Christopher Allen: Survey of Cryptographic Key Recovery Methods 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/key_recovery_methods.md
Kim Hamilton Duffy:  And ones that may be successful in different 
  contexts. It was surprising/interesting for me. The biggest 
  highlight, when we talk about social recovery. You ask 
  brother/mom ... 3 of 5 people to help you recover your identity. 
  Drummond showed a work cloud and looked at key recovery. And huge 
  front and center was Google. Family members small. That indicates 
  to me that people are making a convenience trade off.
Kim Hamilton Duffy:  It may be a lot of effort for me to dig up 
  my mother and get them to do that. If there's an institution I 
  mostly trust that could be available online and that's more 
  convenient and an option. There were cultural bits that came into 
  play.
Kim Hamilton Duffy:  I am curious to turn that into something 
  more complete, a larger survey, even social aspects interesting.
Ted Thibodeau: Blink's direct-connect to digitalbazaar fails for 
  me through GoogleHome Wifi, works fine through Airport.  Bridging 
  through sip2sip works for both.
Ted Thibodeau: None of these are awesome, because workstation 
  processors get bogged down in other tasks (that's a lot of the 
  voice jitter that happens).  Same is true of WebEx, Skype, and 
  all the other voice chat tools.
Christian Lundkvist:  I also worked on the key recovery topic. 
  One of the things I want to do, I did a survey on 
  facebook/recovery feature. I want to share that. I can add that, 
  we have a Google doc for the key management session. It's 
  basically a walkthrough with screenshots of facebook's social 
  recovery.
Christian Lundkvist:  Interesting to see how they are doing that 
  there.
David Chadwick: Because of availability concerns, most people 
  prefer m of n key recovery.
Manu Sporny:  A couple of high level observations. Community 
  learning how to work together and crank out content. It did raise 
  a question in my mind with how to transition from RWoT to CCG. In 
  previous RWoT, DID spec was front and center and lots of people 
  on it. Now we had a transition.
Manu Sporny:  Not a lot of people working on it, just Drummond 
  and I working on issues, which is fine. We're seeing where the 
  edges of RWoT are. Creating new ideas, discussing them, 
  formalizing them, kicking out a doc and maybe refining a bit. But 
  per RWoT the DID spec isn't something to be worked on in that 
  community.
Manu Sporny:  And it's this group's job to carry it on and get 
  implementer feedback.
Kim Hamilton Duffy: For the remaining topics, we can use this for 
  structure: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/draft-documents
Manu Sporny:  Once we get more editorial passes then that spec 
  will be ready to move on from this group as well. I'm concerned 
  about that. We as the group that is transitioning that spec to 
  the next stage like a W3C group. We need to do some prep work to 
  transition it. Use cases doc, general proposal, charter for the 
  DID spec working group.
Manu Sporny:  Those are items I haven't heard anyone talking 
  about. Without those things the spec stops and it won't 
  transition.
Manu Sporny:  The thing that is most interesting was the process 
  of how we get things through. If we stopped right now, lots of 
  great ideas percolating at RWoT and refinement here, then we're 
  stuck.
Manu Sporny:  I'd like this group to understand getting things 
  onto W3C standards track and recruiting the right companies.
Manu Sporny:  We really need to spend some time working that 
  particular process problem or the work will stall at the next 
  stage.
Kim Hamilton Duffy:  That's a good action item for the chairs.

ACTION: Chairs to ensure that work items are sticky and have the 
  right company support

Kim Hamilton Duffy:  We'll need to bounce some ideas off of you, 
  Manu, to make sure we're tracking this.
Joe Andrieu:  I think we also need to get DID Auth as a proposed 
  work item.
Joe Andrieu:  We probably still need ... we still need to do DID 
  Auth within the CG and would that go over to the DID working 
  group?
Manu Sporny:  Not any time soon. And we're playing with fire 
  there. The worst thing we could do is propose a DID Auth WG and 
  the browser vendors could get really excited and take over and 
  then DID Auth will be purely through the browser and with browser 
  vendor wallets. We don't want that.
Manu Sporny:  We have to be very careful there.
Manu Sporny:  We do have one DID Auth spec right now which is the 
  Credential Handler API and I talked about that a bit. The general 
  approach is to try and standardize the messages that go back and 
  forth.
Manu Sporny:  We're too far way from that to propose any working 
  group.
Markus Sabadello: +Q about DID Auth
Joe Andrieu:  We should get DID Auth as a separate work item.
Manu Sporny:  I think DID Auth is talking about messages not the 
  protocols they travel over.
Christopher Allen:  Besides the actual spec, what of those is the 
  most time?
Dave Longley:  Comment about did auth and protocols [scribe 
  assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ....Most important is to get implementations 
  out, interop, functional code
Kim Hamilton Duffy: ...Need that before taking to w3c
Christopher Allen:  Which method specs should go into the WG, or 
  would the "how to write a method spec spec" be the only thing to 
  move to a WG?
Dave Longley:  We need to get some implementation built and 
  interworking tests done [scribe assist by David Chadwick]
Nate Otto: Badgr would love to work with a DID Auth provider or 
  develop open source who could expose a OAuth2 identity provider
Christopher Allen: DID Auth at #Rwot 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/did_auth_draft.md
Markus Sabadello:  We had a group of seven people working on DID 
  Auth. It is just browser-based login tool like with the 
  Credential Handler API, is it scanning a QR code with 
  challenge+response like uPort is doing, does it include 
  service-to-service protected secure channels? A lot of flows and 
  protocols and different scenarios that could fit under DID Auth.
Markus Sabadello:  Then discussions about the formats and 
  challenge/response, etc.
Markus Sabadello:  The way Manu said it -- designing the message 
  format independently from transports or bindings is good. It's 
  not just browser based.
Christian Lundkvist:  That's also how we're approaching it at 
  uPort. What we've been doing now is ... we've defined some 
  formats of the messages. We have several ways to get those to the 
  user. QR code or push notification or click on a link, etc. but 
  the messages are the same.
Markus Sabadello:  Besides that, I also have the opportunity with 
  British Columbia guys and I need to have some DID Auth stuff done 
  there by the end of the month and could present some of that here 
  and ask for feedback.
Kim Hamilton Duffy:  Excellent.
Kim Hamilton Duffy:  I'd be interested in that.
Manu Sporny:  To respond to Christopher's questions. What do we 
  need for the DID WG, what will take the most time? -- The answer 
  is that use cases will take the most time unless we have someone 
  like Joe working on them. Not fair to ask him to do all that.
Joe Andrieu:  Still takes time :)
Manu Sporny:  It can take a year and a half to do, we need to 
  pick 3-4 very important use cases and hold it to that. Charter is 
  required. They are easier. Especially newer charters and they 
  want you to be very focused. Like, you are creating a WG to do 
  one spec.
Manu Sporny:  Verifiable Credentials is an example of this, we 
  have a use cases doc and the VC data model spec and that's it. 
  The DID WG would probably have to generate something similar.
Manu Sporny:  If someone could do use cases for DIDs that would 
  be helpful, some of us know how to put a charter together in a 
  few weeks.
Manu Sporny:  And a core spec. We also want an operational test 
  suite. And we want two implementers minimum that step up. Like 
  Veres One, BTCR, Sovrin and show passing tests.
Manu Sporny:  The other thing that takes significant time, from a 
  calendar perspective, from an effort it's not super involved, and 
  that's drumming up support.
Manu Sporny:  Making sure that we get for example, IBM, MS 
  joining the WG. We have to get all that support a good six months 
  before proposing the group. We are hoping to present at this 
  year's TPAC. Which means we are 6 months out NOW. We need to 
  start this work. If we miss TPAC it gets much harder. And 6 
  months go fast.

ACTION: Chairs to find people to produce DID use cases.


ACTION: Chairs to find people to produce DID charter.

Manu Sporny:  If we had to put down a number of things we need to 
  do, we need to do use cases in parallel with the charter. If we 
  have a rough cut of those in two months, we start hitting every 
  company that would benefit from the company and show use cases, 
  spec, ask them to vote.
Manu Sporny:  Or join the work or both.

ACTION: Chairs to drum up W3C Member company support for DID WG.

Manu Sporny:  End of summer some time.

ACTION: Chairs to find people to work on DID test suite.

Manu Sporny:  This is making me very nervous because we don't 
  have a lot of time and don't have people assigned.
Manu Sporny:  I suggest we don't put DID method specs into the 
  WG. Any spec you say you are going to standardize you need two 
  implementers and a test suite.
Christopher Allen: It is quite likely there will be two 
  implementations of BTCR
Manu Sporny:  We need two companies doing the uPort protocol for 
  example, and I think that would be very difficult.
Christopher Allen: (Though in some ways slower as not being 
  backed commercially)
Manu Sporny:  I think we go in with the DID spec as is. Make it 
  short and sweet and just do that.
Manu Sporny:  And say the DID method specs are outside and refer 
  to them non-normatively.
Kim Hamilton Duffy:  Ok, I made some action items. I'm not sure 
  what's involved with drumming up company support but it sounds 
  like we need to get started right away on all of these.
Joe Andrieu:  Feedback for manu .... people thought we'd have DID 
  landia, but we ended up having a lot of two people papers. I 
  don't think that was indicative of community support for the DID 
  spec.
Christopher Allen:  I'm not sure how to plan this, but I feel 
  like we need to be careful at IIW ... with some preplanned 
  *messages* like DID use cases and the various other things. The 
  point of doing RWoT early was to give us time between it and IIW 
  where we can influence. We should think about how to take these 
  documents that are appropriate for the CCG to work on and 
  leverage that momentum to drive conferences talking about things 
  in the fall.
Manu Sporny:  There are no IPR concerns with directly adding a 
  DID method to the registry, Markus.
Christopher Allen: (I'd prefer PRs)
Manu Sporny:  I won't speak to the community process, from an IPR 
  perspective, what the registry is trying to do is track the 
  various DID method specs that are out there. CG process is up to 
  the chairs. The other response is to something Joe said.
Manu Sporny:  We shouldn't read too much into what happened at 
  RWoT. I didn't intend to insinuate anything, we've seen this with 
  lots of other work. Community doesn't know about the process and 
  thinks something is solved. It's the most dangerous thing to 
  happen in a standards setting org -- because that's how things 
  die. This is the point where it actually gets hard. Everything up 
  to this point is actually easy. We haven't dealt with the 
  politics or the grind or
Dave Longley:  Explaining it to someone new from a large company 
  that's new for the 50th time, etc.
Manu Sporny:  That's the part of the stage we're getting ready to 
  move into and because everyone kind of scattered and let the 
  editors "deal with the rest" or "there are others in the 
  community that will run with it" ... it doesn't leave us with 
  resources.
Manu Sporny:  To push the spec forward [at a critical time].
Manu Sporny:  I'm trying to wave the flag and say we're not done 
  yet! We need a ton of help!
Manu Sporny:  And we need orgs that depend on this to push it 
  through the standards group.
Kim Hamilton Duffy: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/draft-documents
Kim Hamilton Duffy:  I don't think Nathan is here, wanted to hear 
  a report on ABCs. I'd like to hear from Chris Webber as well, on 
  pet names, but also not here. If anyone else is here, please 
  queue yourself.
Chris Webber: Shoot
Chris Webber: I accidentally hung up with my ear
Moses Ma:  Dan and I are going to work on the roadmap group and 
  we'll prepare some notes and share them next week.
Moses Ma:  Our topic was creating a roadmap for adoption and ... 
  companies need for this group to do certain things and to get 
  approval to move forward. We have to publish a schedule and 
  express some other things and they'll sell internally.
Moses Ma:  Product roadmaps are needed internally by some 
  companies and expressing the things getting done and when. Also 
  need some materials. When people go to the site they aren't 
  seeing what a commercial site would offer in terms of an API, 
  etc. We just need some reorganization. Explaining exactly what's 
  needed -- there's a paper we uploaded with a list of 
  deliverables.
Moses Ma:  That would be good for getting larger companies to 
  support us.
Kim Hamilton Duffy:  Yes, that came up several times wrt getting 
  sponsorship from larger companies.
Chris Webber:  I just wanted to say that we were lucky to have 
  Mark Miller again this year and one of the concerns I had this 
  year was how people will be able to use these decentralized, 
  globally unique, but non-human readable identifiers. With 
  petnames we got a good sense for how to deal with that and build 
  UIs for it.
Moses Ma: Chris, you can look over the roadmap plan here: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/a-roadmap-for-ssi.md
Chris Webber:  We're getting the paper together and we're pretty 
  close.
Moses Ma: Christopher, sorry.
Joe Andrieu:  I just wanted to make some notes about the need for 
  us to be clear in our separation between RWoT and CCG and 
  VCWG/other WG. Different process requirements and consensus 
  drivers and IP regimes, etc. As chairs we haven't been clear 
  about it. There's a good pipeline here.
Joe Andrieu:  RWoT - CCG - WGs
Joe Kaplan:  Yes, we need to figure that out! [scribe assist by 
  Moses Ma]
Joe Andrieu:  Some of what you're doing Moses and figuring out 
  ... that's RWoT work and figuring out how to feed it into CCG is 
  good just don't want to be too early with it.
Kim Hamilton Duffy:  Thanks everyone!
Moses Ma: Bye all

Received on Tuesday, 13 March 2018 18:22:32 UTC