Re: [MINUTES] W3C Credentials CG Call - 2018-11-20 12pm ET

Samantha Chase's excellent paper can be found here:
https://github.com/WebOfTrustInfo/rwot7/blob/master/topics-and-advance-readings/CanCurationMarketsEstablishSustainableTechnologyCommons.pdf


On 11/26/18 9:57 PM, Carlos Bruguera wrote:
> Thanks for the update.
>
> On this regard, can anybody share the link paper mentioned during the 
> call: /Furthering sustainable commons/? Appreciated.
>
> On Tue, Nov 27, 2018 at 10:58 AM <kim@learningmachine.com 
> <mailto:kim@learningmachine.com>> wrote:
>
>     Thanks to for scribing this week! The minutes
>     for this week's Credentials CG telecon are now available:
>
>     https://w3c-ccg.github.io/meetings/2018-11-20/
>
>     Full text of the discussion follows for W3C archival purposes.
>     Audio from the meeting is available as well (link provided below).
>
>     ----------------------------------------------------------------
>     Credentials CG Telecon Minutes for 2018-11-20
>
>     Agenda:
>     https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0129.html
>     Topics:
>       1. Introductions and Reintroductions
>       2. Announcements, reminders
>       3. Action items
>       4. Work Items
>       5. Pain points
>     Organizer:
>       Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
>     Scribe:
>
>     Present:
>       Christopher Allen, Bohdan Andriyiv, Andrew Hughes, Manu Sporny,
>       Dmitri Zagidulin, Ryan Grant, Brent Zundel, Moses Ma, Joe
>       Andrieu, Lucas Parker, Ted Thibodeau, Lionel Wolberger, Markus
>       Sabadello, Drummond Reed, Joe Kaplan, Sam Smith, Nate Otto,
>       Michaela Casaldi, Jarlath O'Carroll, Jeff Orgel, Chris Webber,
>       Andrew Rosen, Adrian Hope-Bailie
>     Audio:
>     https://w3c-ccg.github.io/meetings/2018-11-20/audio.ogg
>
>     Joe Andrieu: Connections
>     Ryan Grant: Does voip-ccg association still work if you do it?
>
>     Topic: Introductions and Reintroductions
>
>     Lionel Wolberger: ... Main topic, the pain points that DIs are
>       solving.
>     Drummond Reed: Note: I can only stay for the first 30 mins today.
>     Moses Ma:  Spoke with his partners about our work, and we have a
>       volunteer. Dr. Wu [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... VC who ran a $billion fund
>     Lionel Wolberger: ... Templates for DID monetization
>     Lionel Wolberger: .... List different ways we can monetize the
>       DID market
>     Manu Sporny: +1 To that effort, would be very helpful to the CCG.
>     Lionel Wolberger: ... Dr. Wu was a lead investor on Tivo, is good
>       at revenue models.
>     Joe Kaplan:  Will this be a work item? How can the community
>       support? [scribe assist by Lionel Wolberger]
>     Moses Ma:  Paper for next RWoT [scribe assist by Lionel
>       Wolberger]
>     Sam Smith:  Furthering sustainable commons, [scribe assist by
>       Lionel Wolberger]
>     Lionel Wolberger: ... If looking to monetize, this paper is
>       related. Will share it.
>     Moses Ma:  Let's have the community participate. Should stipulate
>       how a standard can create a fair method to enable monetization
>       models. [scribe assist by Lionel Wolberger]
>     S/Furhtering/Furthering
>     Lionel Wolberger: .... A mockup of the UX would be helpful,
>       perhaps in Adobe XD
>     Joe Kaplan:  Send email and we will follow up. [scribe assist by
>       Lionel Wolberger]
>     Lionel Wolberger: Jarlath to the mic!
>     Jarlath O'Carroll:  CEO and founder of Jobs___ [scribe assist by
>       Lionel Wolberger]
>     Lionel Wolberger: ... Connects students to jobs
>     Lionel Wolberger: ... Interested in CCG/VCs for credentials
>       regarding skills, etc
>
>     Topic: Announcements, reminders
>
>     Joe Kaplan:  Dec 10 workshop, Microsoft [scribe assist by Lionel
>       Wolberger]
>     Manu Sporny:  55 People are signed up, room for 15 more. [scribe
>       assist by Lionel Wolberger]
>     Manu Sporny:
>     https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html
>     Lionel Wolberger: ... Seeking more lawyers, regulatory and
>       compliance types
>     Lionel Wolberger: ... Seeking more European (GDPR) and China
>       focus
>     Lionel Wolberger: ... Still time to register!
>     Lionel Wolberger: ... Note that new proposals will compete with
>       some critical proposals that we must present at the workshop
>     Lionel Wolberger: ... Agenda is being formulated and will be
>       shared soon.
>     Lionel Wolberger: RWoT #8 planned for Feb22/28/Mar 01
>     Joe Kaplan:  Making decisions about location, to be announced
>       ASAP. [scribe assist by Lionel Wolberger]
>     Joe Kaplan:  IIW APril3-May 2. Not the same time as RWoT this
>       time ;-) [scribe assist by Lionel Wolberger]
>     Manu Sporny:  Barcelona proposal for RWoT [scribe assist by
>       Lionel Wolberger]
>     Moses Ma: +1 Barcelona
>     Lionel Wolberger: ... May be just after MWC (mobile world
>       congress)
>     Christopher Allen: Take train
>
>     Topic: Action items
>
>     Bohdan Andriyiv: +1 For Barcelona)
>     Joe Kaplan:  Planning to "create Amira as a repo" [scribe assist
>       by Lionel Wolberger]
>     Moses Ma: Can someone post URL to Sam's "Furthering sustainable
>       commons" paper
>     Joe Andrieu: https://github.com/w3c-ccg/community/issues/18
>     Manu Sporny: https://www.w3.org/2018/11/19-vcwg-minutes.html
>     Manu Sporny:  Meeting minutes on how to harmonize with Verifiable
>       Credentials [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... General pattern for addressing ZKPs
>     Lionel Wolberger: ...  Pattern to host ZKP even as binary BLOBs
>     Joe Andrieu:
>     https://github.com/w3c-ccg/community/blob/master/work_items.md
>
>     Topic: Work Items
>
>     Drummond Reed: The Sovrin community intends for ZKPs to NOT be a
>       "bizarre, out-of-the way format" :-)
>     Ryan Grant: +1 For Barcelona
>     Manu Sporny: Drummond -- I expected as much, :)
>     Manu Sporny:  OCAP in JS [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... Library implementation
>     BLOB = Bizarre Large Object </humor>
>     Manu Sporny:  Regarding, seeking additional funds for people to
>       implement tools [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... E.g. issue a new type of verfiable
>       credential, need to define a vocabulary, need a website where you
>       can go and CLICK to publish such a vocabulary
>     Lionel Wolberger: ... Cryptographic hash linking specification,
>       that is more detailed then just "use IPRS"
>     Lionel Wolberger: ... Will be useful to have a kind of "magnet
>       link"
>     Lionel Wolberger: ... This is a problem across the decentralized
>       blockchain space
>     Lionel Wolberger: ... Proposing an IETF specification
>     Nate Otto: +1 To magnet link IRIs for linked data
>     Lionel Wolberger: ... New problem emerging around vendor lockin
>       on digital wallets
>     Lionel Wolberger: ... Ensure that one vendor won't lock out
>       everyone else, by being specification conforming but not enabing
>       data portability
>     Lionel Wolberger: Manu: Exciting stuff +1
>     Drummond Reed: BTW, avoiding vendor lock-in is a primary goal of
>       DKMS, of which the plan is to start a Technical Committee at
>       OASIS. See http://bit.ly/dkmsv3
>     Manu Sporny:  Mag links will be important to endurance, the
>       ability for documents to be addressable over a period of years
>       [scribe assist by Lionel Wolberger]
>
>     Topic: Pain points
>
>     Manu Sporny: Drummond, What I was talking about goes beyond DKMS,
>       but yes, that work is important as well.
>     Chris Webber:  We accept the value of decentralization without
>       much consideration [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... We can now tease out the assumptions and
>       motivations behind this
>     Lionel Wolberger: ... These should be made overt in the DID
>       primer
>     Lionel Wolberger: ... Let's start with Vendor Lock-in
>     Lionel Wolberger: ... Many standards and protocols ended up being
>       locked-in due to some inherent centrality
>     Lionel Wolberger: ... Example: Twitter had lots of apps in a
>       broad ecosystem, but by Twitter controlling the API Keys they
>       constrained that ecosystem
>     Lionel Wolberger: ... In federated DIDs, some parties took
>       protocols that were intended to be two way
>     Lionel Wolberger: ... But then only implemented one side
>     Lionel Wolberger: \
>     Manu Sporny:  Every market vertical has its own motivation for
>       needing DIDs [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... In Healthcare DIDS are useful for X,Y,Z
>     Lionel Wolberger: ... In banking DIDs are useful for doing n,m,o
>     Lionel Wolberger: ... Local, provincial and federal governments
>       do not want to be the system of record for identifiers
>     Lionel Wolberger: ... It's all knowledge based stuff
>     Lionel Wolberger: ... These organizations do not want to control
>       knowledge based identifiers as opposed to cryptographic
>       identifiers
>     Lionel Wolberger: ... Since they are almost guaranteed that the
>       funding creating the system diminishes over time
>     Lionel Wolberger: ... As the systems grow, the funding shrinks
>       and can even be cut
>     Lionel Wolberger: ... Making the central system suceptible to
>       failure
>     Andrew Hughes: Identifiers are useful. The fatal flaw (in our
>       opinion) is that useful widely-usable identifiers end up with
>       central authorities or defacto authorities that have ‘kill
>       switches’. Also all ‘authorities’ must inevitably become
>       high-value attach target infrastructure while at the same time
>       facing funding pressures (because it goes into the background as
>       infrastructure). Decentralization has the promise of a
>       globally-shared namespace that involved de[CUT]
>     Andrew Hughes: Governance and operations but universal
>       resolvability.
>     Lionel Wolberger: ... Organizations are excited that the DID
>       enables use without hosting it
>     Lionel Wolberger: ... Though when you point out the cost, their
>       enthusiasm cools a bit
>     Q
>     Chris Webber:  Borders are a pain point [scribe assist by Lionel
>       Wolberger]
>     Lionel Wolberger: ... Borders between countries. Borders between
>       companies.
>     Lionel Wolberger: ... Different ways we evaluate and think about
>       trust
>     Lionel Wolberger: ... Everybody's trust requirements are
>       different, in sometimes subtle, sometimes kajor ways
>     Lionel Wolberger: ... A centralized federated system demands tha
>       tthe trust model propagate throughout the system and mark all
>       interactions
>     Lionel Wolberger: ... A decentralized system will support
>       variation in those trust rules
>     Lionel Wolberger: ... You may want to rely on something that
>       other people dont need or dont want to pay for
>     Drummond Reed: Gotta run now. Bye.
>     Lionel Wolberger: ... Back in SSL, we defined client certs, and
>       almost no one ended up adopting that
>     Joe Kaplan:  In solving the double spend problem, we ended up
>       defining DIDs [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... Interstitial jurisdictionality
>     Lionel Wolberger: ... There are well defined jurisdictions
>     Lionel Wolberger: Inbetween these well defined jurisdictions
>       there are interactions
>     Lionel Wolberger: ... In these interstices we interact
>     Lionel Wolberger: ... How can we have an interaction outside a
>       jurisdiction
>     Lionel Wolberger: ... E.g. a soviet union master of science, how
>       will another country e.g. the UK evaluate that
>     Andrew Rosen:  Identifiers are useful. [scribe assist by Lionel
>       Wolberger]
>     Lionel Wolberger: ... These have kill switches
>     Lionel Wolberger: ... DID offers governance but still
>       resolvability
>     Lionel Wolberger: ... Identifiers are useful. The fatal flaw (in
>       our opinion) is that useful widely-usable identifiers end up with
>       central authorities or defacto authorities that have ‘kill
>       switches’. Also all ‘authorities’ must inevitably become
>       high-value attach target infrastructure while at the same time
>       facing funding pressures (because it goes into the background as
>       infrastructure). Decentralization has the promise of a
>       globally-shared namesp[CUT]
>     Lionel Wolberger: ... Governance and operations but universal
>       resolvability.
>     Sam Smith:  Offloading personal data liability, avoiding toxic
>       data [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... Focusing on construction sites, new
>       construction to create a safety wifi network to mark things on a
>       job site, track
>     Lionel Wolberger: ... Generates a safety plan and a 3D model of
>       the space from floor plans
>     Lionel Wolberger: ... Sam showed them overlays in the wallet
>     Lionel Wolberger: ... Proof of data without cost of storage
>     Lionel Wolberger: ... Given these watches (apple watch) will you
>       accept this token?
>     Lionel Wolberger: ... If this succeeds, no one has to store the
>       data, then through an overlay or an OAuth scope
>     Lionel Wolberger: ... Hit the threshold
>     Lionel Wolberger: ... This way create a non-surveillance
>       ecosystem
>     Lionel Wolberger: Audio problem
>     Lionel Wolberger: Go on
>     Manu Sporny:  Centralized ID providers, e.g. legal entity
>       identifier and large corporations [scribe assist by Lionel
>       Wolberger]
>     Lionel Wolberger: ... These are interested in upgrading their
>       identifiers
>     Lionel Wolberger: ... E.g. a company whose business model is
>       issuing identifiers
>     Lionel Wolberger: ... They seek the addition of a layer of
>       cryptography to mitigate and prevent theft
>     Lionel Wolberger: ... They could roll their own crypto, or more
>       simply adopt DIDs
>     Lionel Wolberger: ... Centralized authorities want to upgrade
>       their ecosystem and add cryptography
>     Lionel Wolberger: *** Can someone scribe temporarily, I will drop
>       and rejoin ****
>     Bohdan Andriyiv:  One of the issues is longevity in identifiers.
>       [scribe assist by Manu Sporny]
>     Bohdan Andriyiv:  If I have an identifier, and I want a signature
>       on something, providers can disappear, there is no certainty that
>       these centralized identifiers will stay. So I think this is one
>       of the reasons that digital signatures were not widely adopted.
>       [scribe assist by Manu Sporny]
>     Bohdan Andriyiv:  DIDs solve this problem. [scribe assist by Manu
>       Sporny]
>     Lionel Wolberger: Manu, i'm back
>     Bohdan Andriyiv:  Question to manu - governments do not want to
>       manage records of centralized identifiers - I do think
>       governments still want those lists - they still have databases,
>       data stores, records of who paid how much in taxes, who received
>       how much and benefits, they need to keep this data, they don't
>       want to manage passwords for people. [scribe assist by Manu
>       Sporny]
>     Lionel Wolberger: ... Still a need to retain the data, just not
>       manage the task force and make it more secure
>     Markus Sabadello:  Regarding large companies interested in
>       upgrading their IDs to DIDs [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... I have an IETF draft to discover DIDs based
>       on the domain name system
>     Lionel Wolberger: ... Large companies are interested in using
>       domain names for discovery
>     Markus Sabadello:
>     https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/
>     Manu Sporny: +1, That's really neat work that's going on.
>     Joe Kaplan:  In the digital realm things are easily faked [scribe
>       assist by Lionel Wolberger]
>     Lionel Wolberger: ... Public key/private key issues
>     Lionel Wolberger: ... How do you verify that something is not
>       fake
>     Lionel Wolberger: ... That is a pain point that DIDs solve
>     Jarlath O'Carroll: @Lionel - there was a discussion about VC and
>       Jobs earlier, can you please post the link to the details of this
>       work in the feed again (I missed it)?
>     Chris Webber:  Keep in mind we had PGP keys for decades and they
>       were decentralized [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... They did not spread everywhere because
>     Lionel Wolberger: ... (A) they were not vendor agnostic nor
>       future proof
>     Lionel Wolberger: .. .DIDs are rotateble so allow technological
>       upgrades
>     Lionel Wolberger: ... The crypto is separated from the actual
>       identifer
>     Lionel Wolberger: ... Another reason why PGP fingerprints did not
>       achieve wide market adoption
>     Lionel Wolberger: ... Due to the complications of rotating them
>     Lionel Wolberger: ... Revocation was extremely difficult, you
>       needed the original key material
>     Lionel Wolberger: ... You had to notify people
>     Lionel Wolberger: ... A number of DID methods have fast and
>       efficient ways to notify about revocation and rotation
>     Adrian Hope-Bailie:  Questions back to Markus, etc [scribe assist
>       by Lionel Wolberger]
>     Lionel Wolberger: ... I use corporate centralized user IDs in
>       general today
>     Lionel Wolberger: ... If DIDs would be linked to domain names or
>       email addresses
>     Lionel Wolberger: ... Would the service provider only persist the
>       DID and not the email address?
>     Lionel Wolberger: ... Let's say I use finger
>     Markus Sabadello:  Yes, your understanding is correct. [scribe
>       assist by Lionel Wolberger]
>     Adrian Hope-Bailie:  That sounds like a powerful value statement.
>       [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... That ability sounds quite valuable
>     Lionel Wolberger:  Something that wasn't mentioned - DID process
>       of creating an identifier feels like it's lower friction, more
>       lightweight. [scribe assist by Manu Sporny]
>     Lionel Wolberger:  So many more digital interactions, so many
>       more devices, feels like a better way to interact given the
>       complexity of devices today. [scribe assist by Manu Sporny]
>     Manu Sporny:  Responding to Bohdan [scribe assist by Lionel
>       Wolberger]
>     Lionel Wolberger: ... The general assertion is that governments
>       must continue to manage data
>     Lionel Wolberger: ... But the identifier is really secondary to
>       their interest
>     Markus Sabadello: FYI the August CCG list archive has some
>       discussion on pros/cons of discovering DIDs from DNS:
>     https://lists.w3.org/Archives/Public/public-credentials/2018Aug/thread.html
>     Lionel Wolberger: ... E.g. in the USA the SocSec number is being
>       used as an identifier but SecSec admin wants to stop this
>     Lionel Wolberger: ... SSA does not really need the identifier,
>       they just need to provide their services
>     Lionel Wolberger: ... This is what we mean by saying geovernments
>       do not want to be identifier providers
>     Lionel Wolberger: ... It is not their core value proposition
>     Lionel Wolberger: ... They still need an identity proofing
>       process, of course
>     Lionel Wolberger: ... But then they would not have the
>       responsibility to maintain and track the identifier
>     Lionel Wolberger: ... Keep in mind, they still have to store the
>       ID and that is an attack surface honeypot
>     Lionel Wolberger: ... They will benefit from the VC architecture,
>       where they store that they had a verified credential and can tear
>       down and not store a lot of the artifacts of the proving process
>       itself
>     Chris Webber:  We are trying to move away from knowledge based
>       security (e.g. you know my SocSec#, you know my birthdate)
>       [scribe assist by Lionel Wolberger]
>     Manu Sporny: Yep, Knowledge Based Authentication is usually a bad
>       thing...
>     Lionel Wolberger: ... Human memorizability for DIDs was an
>       argument that we had
>     Lionel Wolberger: ... I (Chris) advocated for non-memorizable
>       IDs, I wanted it to be underlying
>     Lionel Wolberger: ... But people may want DIDs to last a lifetime
>     Lionel Wolberger: ... That is not prevented by the standard,
>       though this would be an inappropriate use
>     Lionel Wolberger: ... I dont want to give my BTCR identifer, I
>       want to give a more safe identifer.
>     Adrian Hope-Bailie:  Responding to Manu, that the credentials are
>       not retained [scribe assist by Lionel Wolberger]
>     Lionel Wolberger: ... Huge synergy with the upcoming technology
>       that more and more data stores will be held by individuals
>     Lionel Wolberger: ... This is a good argument for DIDs in the
>       broadest sense
>     Joe Kaplan:  Adding pain points from previous notes. [scribe
>       assist by Lionel Wolberger]
>     Lionel Wolberger: ... Things change. Email addresses change.
>       Phone numbers change. Technologies change. Organizations change.
>     Lionel Wolberger: ... The organization that could have verified
>       your deed does not exist anymore.
>     Lionel Wolberger: ... Fakes are a pain point. Signatures prevent
>       this, but signatures need PKI
>     Lionel Wolberger: ... Over-identification is a pain point.
>     Lionel Wolberger: ... Identifier misuse. Successful and useful
>       IDs tend to get used for more things
>     Lionel Wolberger: ... Burden of management: DIDs will be easier
>       for companies and organizations.
>     Lionel Wolberger: ... Jurisdictional boundaries, where different
>       groups for different reasons need their own identifiers.
>     Andrew Hughes: Pain point - vendor lock-in
>     A world of pain (points) </h>
>     Chris Webber:  One size trust does not fit all [scribe assist by
>       Lionel Wolberger]
>     Manu Sporny: Good summary, is really going to help write the W3C
>       TAG primer
>     Lionel Wolberger: ... You get to decide what your trust model is
>     Moses Ma: Bye y'all, have a great thanksgiving!
>     Lionel Wolberger: HAPPY TURKEY DAY
>     Joe Kaplan:  See you [scribe assist by Lionel Wolberger]
>
>
>
>
>

-- 

*Moses Ma | Managing Partner*

moses.ma@futurelabconsulting.com | moses@ngenven.com

v+1.415.568.1068 | skype mosesma | /linktr.ee/moses.tao/ 
<http://linktr.ee/moses.tao>

FutureLab provides strategy, ideation and technology for breakthrough 
innovation and third generation blockchains.

Learn more at /www.futurelabconsulting.com/ 
<http://futurelabconsulting.com>. For calendar invites, please cc: 
mosesma@gmail.com


Or whet your appetite by reading /Agile Innovation/ 
<http://www.amazon.com/Agile-Innovation-Revolutionary-Accelerate-Engagement/dp/B00SSRSZ9A> 
| /Blockchain Design Sprint/ 
<https://www.amazon.com/Blockchain-Design-Sprint-Workbook-Implement/dp/1548592714> 
| my blog at /psychologytoday.com/ 
<http://www.psychologytoday.com/blog/the-tao-innovation>.

Received on Tuesday, 27 November 2018 08:09:23 UTC