[MINUTES] W3C Credentials CG Call - 2018-11-06 12pm ET

Thanks to Manu Sporny and Heather Vescent for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2018-11-06/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2018-11-06

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0070.html
Topics:
  1. Introductions
  2. Update on Action Items
  3. Work Items
  4. W3C TPAC 2018
  5. IIW
Organizer:
  Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
Scribe:
  Manu Sporny and Heather Vescent
Present:
  Kim Hamilton Duffy, Dave Longley, Heather Vescent, Manu Sporny, 
  Joe Andrieu, Andrew Hughes, Ted Thibodeau, Kulpreet Singh, Jeff 
  Orgel, Ken Ebert, Brent Shambaugh, Dmitri Zagidulin, Matt Stone, 
  Brent Zundel, Michaela Casaldi, Ganesh Annan, Christopher Allen, 
  Lionel Wolberger, Samantha Mathews Chase, Daniel Buchner, 
  Drummond Reed, Ryan Grant
Audio:
  https://w3c-ccg.github.io/meetings/2018-11-06/audio.ogg

Manu Sporny is scribing.
Joe Andrieu:  Welcome to the call...
Joe covers standard boilerplate meeting stuff.
Heather Vescent is scribing.
Brent Shambaugh: I cannot seem to get it to work on Linux.
Joe Andrieu:  Agenda and plan for meeting. Report out from TPAC & 
  IIW
Joe Andrieu:  Communications about DIDs don't nail what we see as 
  important about these technologies. Want to discuss developing 
  value props.
Joe Andrieu:  Introductions??

Topic: Introductions

Michaela Casaldi:  Just joined. Work for Onfido, an identity 
  provider. Looking into distributed id. On the product side. 
  Exploring what we can do.
Manu Sporny:  CEO of Digital Bazaar. Have spent lot of time ~15 
  years, pushing VCs, DIDs and stuff like that. One of the 
  companies implementing a lot of the technology we talk about 
  here.
Joe Andrieu: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Joe Andrieu:  W3C workshop. Dec 10-11 in Redmond at Microsoft.
Manu Sporny:  If you are going, get your position statement in 
  this week.
Manu Sporny: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/
Christopher Allen: The only added the email address a week or so 
  ago.
?? Are there examples of position statements?
Manu Sporny: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html#position-statements
Manu Sporny: Please send position statements (HTML, text, or PDF 
  preferred) to group-identity-ws-pc@w3.org.
Manu Sporny:  No. Link to position statement at this email 
  address (manu's link)
Christopher Allen: Apparently you need a position statement.
Christopher Allen: Form wasn't enough
Andrew Hughes:  Is a position statement mandatory?
Manu Sporny:  We might be overattended, and those without a 
  position statement will be dropped.
Manu Sporny: 
  https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html#position-statements
Christopher Allen: The email wasn't available until Friday of 
  TPAC
Manu Sporny:  Re: position statement, if you really really want 
  to attend, submit a position statement. It's a ranking criteria 
  if we have too many people who want to attend.
Joe Andrieu:  Save the Date - next RWOT - Feb 27-March 1, 2019, 
  Location TBD (could be Europe)
Kim Hamilton Duffy: I think that's all Joe
Lionel Wolberger: +Present
Christopher Allen: I put it in my presentation that I made 
  yesterday
Heather Vescent:  IIW is April 30-May 2: 
  https://www.internetidentityworkshop.com/
Kim Hamilton Duffy: Thanks Heather; updating the announcements 
  now

Topic: Update on Action Items

Joe Andrieu:  Update on Action Items: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aissue+is%3Aopen+label%3A%22action+item%22
Kim Hamilton Duffy:  Spec-Text Training is closed.
Manu Sporny: +1, Thank you Bohdan! :)
Andrew Hughes:  Thanks to Bodin (sp?) who did the editing.
Samantha Mathews Chase: Is there a link to this vidoe?

Topic: Work Items

Joe Andrieu:  Work items: 
  https://github.com/w3c-ccg/community/blob/master/work_items.md
Joe Andrieu:  DID Use case update: Graphical representation of 
  the DID Use cases here. We need to take this to another level of 
  sophistication, and incorporate TPAC feedback. Also want to see 
  specific  situation based use cases to explain ...xyz...
Lionel_Wolberger_: Data minimization, what are the next actions 
  needed on this.
Joe Andrieu:  Take RWOT published doc and move to SpecText.
ReSpec converter that Sandro did...
  ... check out the video to do this. Link: 
  https://www.youtube.com/watch?v=0Sn7co2eSCo
Dmitri Zagidulin: Super buggy or not, that tool is /amazing/
Manu Sporny:  Sandro Hawke has a tool to convert gdocs to 
  SpectText
  ... suggest that Lionel_Wolberger_ use this tool.
Dmitri Zagidulin: *Kimhd: he was showing it during tpac, I was 
  super impressed.*
  ... Sandro is working with credible web re: Fake News. Looking 
  at potentially using VC and other stuff we are working to make 
  progress on their work. Propose to invite Sandro into here and 
  hear what he's been doing. Re: reputation stuff.
Samantha Mathews Chase: Very cool thanks
Manu Sporny: +1 On dog fooding our own work.
Samantha Mathews Chase:  My RWOT paper was on tracking 
  attribution. Have talked with Manu to use this for our call. This 
  is an important subject. Have talked with other groups with 
  varied success.
Joe Andrieu: +1 For chocolate puddinging our work
Samantha Mathews Chase: Lol
Samantha Mathews Chase: I get it tho
Joe Andrieu:  TPAC report out.

Topic: W3C TPAC 2018

Manu Sporny:  It went really great. We had 50-55 at the DID 
  breakout session. Kim did the DID working group proposal/intro. 
  It was awesome and perfect. There were 200+ in that room (of the 
  480 companies) and it was well received. We had buttons. (As me 
  about Decentralized identifiers.) We specifically asked for 
  objections, and got only 1. And the objection was that I want you 
  to do more than DIDs. Haven't seen other objections behind the 
  scenes.
  ... there is still more work to do. But I would be surprised if 
  the DID working group didn't happen. Please show up in Redmond if 
  you want this to happen.
Joe Andrieu:  Could you comment on the support and the 
  breakthrough re: WebAuthN?
Manu Sporny:  Before TPAC, we did an experiment with 
  authenticator devices (e.g. yubico, cryptographic keys in 
  hardware) we extended them to support VCs and DIDs and we dropped 
  into that working group. We needed them to enable one feature to 
  make them work. Submitted the proposal for them to do it. Group 
  decided to support that use case.
Daniel Buchner: I can provide some details on this, if you'd like
  ... WebAuthN also interested in web authentication, and they 
  might do it in their next charter. This all demonstrates 
  traction.
Daniel Buchner: Sure
Kim Hamilton Duffy:  In the meeting after TPAC - wants to know 
  specific use cases to move that forward.
Daniel Buchner:  Group is working in ... we need to make sure it 
  can be used in these areas, FIDO, WebAuthN. This might be why 
  there was a change/acceptance from some folks.
Joe Andrieu:  Someone gave a shout out to Kim Cameron that the 
  next step is for FIDO to support DIDs.
Drummond Reed:  That was the most unexpected news, re WebAuthN. I 
  was stunned. Congrats! Shout out to Daniel.
Joe Andrieu:  People like it because it solves a problem.
Drummond Reed:  When we got the news at IIW, people were 
  thrilled.
Ted Thibodeau: 
  https://twitter.com/csuwildcat/status/1047608587944484864
Ryan Grant:  Re: FIDO, my understanding is token signs a secret a 
  website can understand. How can this be changed to help interop 
  DIDs?
Ted Thibodeau: "It definitely needs to work with existing 
  systems, so companies can interop with the code/implementations 
  they have in-market, and that's something we're going to work a 
  lot on in 2019, including extension of things like WebAuthn and 
  FIDO to support DIDs."
Dave Longley:  We did a demo at TPAC, WebAuthN with DID Auth 
  (credential handler).
  ... describing how it works
Kim Hamilton Duffy:  One of the big things we talked about - 
  relationship btwn JWTS & JSON LD.
  ... one category is around usability and lack of tooling 
  support.

Topic: IIW

Joe Andrieu: [Please jump on the queue if you went to IIW]
  ... get this on everyone radar to discuss.
Daniel Buchner: 
Daniel Buchner:  Good stuff at IIW, DID ref skilling, went into 
  the authentication pieces. Context mapping documents.
Heather Vescent:  I went to IIW as well... [scribe assist by Manu 
  Sporny]
Heather Vescent:  Lots of new people, huge event, almost sold 
  out. [scribe assist by Manu Sporny]
Heather Vescent:  Lot of new people, Kaliya and I did the intro 
  to SSI -- mostly new people there. Lots of sessions on DIDs/SSI - 
  Sam Chase brought a really cool person that talked about VR and 
  identity [scribe assist by Manu Sporny]
Heather Vescent:  That's something that's interesting, overlap w/ 
  other communities and what we're doing here... communication of 
  what we're doing is really important. [scribe assist by Manu 
  Sporny]
Heather Vescent:  I did talk on SSI on Money 20/20 the weekend 
  before... we are doing a lot of really interesting stuff here and 
  we don't control the narrative. It's important for us to support 
  clear communication of what we're doing. [scribe assist by Manu 
  Sporny]
Heather Vescent:  Not just inside our community -- but 
  banking/fintech space think they're going to solve this problem 
  as well because they "own" identity/KYC - we need to get 
  organized about taking this knowledge and expanding it beyond our 
  internal space. [scribe assist by Manu Sporny]
Heather Vescent:  Kaliya and I have tried doing that - business 
  model is problematic, we need to figure out a way to support 
  communication. [scribe assist by Manu Sporny]
Heather Vescent:  Last day, really interesting session -- trying 
  to find session. [scribe assist by Manu Sporny]
SSI stack: 
  https://drive.google.com/file/d/1YGdxdVB7tS9MI9-QIIDZsvT2eZgnAXDj/view?usp=sharing
Heather Vescent:  Session on "SSI Stack" [scribe assist by Manu 
  Sporny]
Drummond Reed: I have joined the call but there is a ton of noise 
  right now in the SLC airport so it's going to be hard to talk.
Heather Vescent:  I found this interesting... [scribe assist by 
  Manu Sporny]
Heather Vescent:  Anyone here in this session? [scribe assist by 
  Manu Sporny]
Drummond Reed: Daniel was in that session
Heather Vescent:  Another session on "Myths of SSI" - run by 
  Timothy Ruff and Rouven... [scribe assist by Manu Sporny]
Heather Vescent:  That was an interesting conversation... it was 
  a great IIW. [scribe assist by Manu Sporny]
Jeff Orgel:  Had a great time, really rich IIW - a few things to 
  touch on - Sam showed up with Liam - great edge thinking. [scribe 
  assist by Manu Sporny]
Jeff Orgel:  Phils' daughter did an "Ask the Millenial" 
  session... value space there, how they perceive their identity. 
  [scribe assist by Manu Sporny]
Jeff Orgel:  Drummond announced STFv2... Markus announced 
  something as well - logging in / recovering DID. [scribe assist 
  by Manu Sporny]
Drummond Reed: The "edge thinking" that Samantha and Liam brought 
  was all about where self-sovereign identity could fit with VR and 
  AR and digital twins or avatars. It was mind-blowing.
Drummond Reed: Liam showed live demos using various cutting-edge 
  VR headsets including Magic Leap.
Jeff Orgel:  Futurist talking about cyborg future - really 
  interesting, what we want when cybernetics become more of a 
  thing... let's talk about path to get there. [scribe assist by 
  Manu Sporny]
Jeff Orgel:  Really rich IIW. Sam and Liam brought great energy. 
  Phi's daughter did a session, Ask a millenial about identity. 
  Drummond announced TPAC update. Markus accomplished something... 
  it was first time. And there was a lady, futurist, talking about 
  cyborg futures, what would we all want when the cybernetic space 
  becomes real. Let's talk about the path to get there
Daniel Buchner: Markus showed a prototype of a Universal DID 
  Registrar
Joe Andrieu:  Use last minutes to introduce ...
Daniel Buchner: Which our team was hoping to work with him on
Daniel Buchner: We want to ensure that reg API surfaces and 
  experiences are formulated in accordance with a common spec
Joe Andrieu:  Re: shaping the narrative and well meant questions 
  from allies, trying to help us distill the message. B/c our 
  examples don't show why this is so important.
  ... what is the canonical use case?
  ... why does decentralized help?
  ... are there folks at TPAC to help set this up.
Andrew Hughes:  My question about DIDs is why do we need a new 
  universal namespace? Why don’t the existing ‘universal’ name 
  spaces suffice? [scribe assist by Andrew Hughes]
Christopher Allen: 
  https://docs.google.com/presentation/d/15M0tdSS1dRMVdJdVgBlFap8JwiuFdvocZ0AAu7c1eBk
Christopher Allen:  Asked after TPAC to present to companies and 
  a Zurich meetup. And tried to address the different things people 
  have raised.
  ... it's a better story, but it's not there.
  ... Get push back, corporations don't care, governments don't 
  care. So I separated these in the preso.
Daniel Buchner: Clearly they aren't aware of some intentions of 
  some companies that I would bet are far larger than theirs - and 
  some governments...
  ... how do we convince governments and corporations.
Christopher Allen: (Also, I welcome comments and criticisms on 
  that presentation)
Christopher Allen: (And people can reuse it as needed)
Heather Vescent:  I had an idea in this space - based on some of 
  the feedback from Money 20/20 - most of the people there come 
  from banking/fintech - I know a lot of the people in that space - 
  they don't get DIDs/SSI any of that stuff. [scribe assist by Manu 
  Sporny]
Jeff Orgel: ? What was Marcus' 1st time effort if we have a 
  moment?
Samantha Mathews Chase: For companies, the argument I lean into 
  is offloading liability and enabling a 'perfect information' 
  system. That they can achieve the same value from data without 
  seeing it through this new 'airlocked' layer by requesting 
  credentials.People can be responsible for sharing these 
  credentials and then it is complicit information not consent 
  engineering. This saves the company money and eliminates the 
  guesswork and social engineering aspect of marketing
Heather Vescent:  The feedback I got was - "oh, this is an 
  interesting way to do corporate identity". When we think about it 
  for individual identity, value for individuals, privacy, etc... 
  for cybersecurity space... increasing corporate security, whole 
  idea of corporate identity is really interesting. [scribe assist 
  by Manu Sporny]
Heather Vescent:  Not limiting, or expanding use cases beyond 
  individuals to multiple entities that need identity... that might 
  be a good focus. [scribe assist by Manu Sporny]
Samantha Mathews Chase: I like that heather,thanks
Christopher Allen: Slides 22 also resonated
Joe Andrieu:  Yes, think there is really interesting stuff in 
  that space that's not solely about SSI. [scribe assist by Manu 
  Sporny]
Christopher Allen:  One of the things I discovered by accident, 
  about borders, resonanted well in Switzerland. It was almost like 
  it was in the wrong part of the presentation. [scribe assist by 
  Manu Sporny]
Christopher Allen:  One of the things I discovered by accident - 
  my slide 22, about borders, resonated well (due to Switzerland?) 
  it was like it was in the wrong part of the preso (it was in the 
  SSI section). But this is something that keeps coming back in the 
  decentralized thing. What are the borders and edges.
  ... they are all under renegociation.
Joe Andrieu:  Let's talk about this more in future weeks.

Received on Saturday, 10 November 2018 20:48:35 UTC