Re: [MINUTES] W3C Credentials CG Call - 2018-11-20 12pm ET

Thank you!

On Tue, Nov 27, 2018 at 3:10 PM Moses Ma <moses.ma@futurelabconsulting.com>
wrote:

> Samantha Chase's excellent paper can be found here:
>
> https://github.com/WebOfTrustInfo/rwot7/blob/master/topics-and-advance-readings/CanCurationMarketsEstablishSustainableTechnologyCommons.pdf
>
>
> On 11/26/18 9:57 PM, Carlos Bruguera wrote:
>
> Thanks for the update.
>
> On this regard, can anybody share the link paper mentioned during the
> call: *Furthering sustainable commons*? Appreciated.
>
> On Tue, Nov 27, 2018 at 10:58 AM <kim@learningmachine.com> wrote:
>
>> Thanks to  for scribing this week! The minutes
>> for this week's Credentials CG telecon are now available:
>>
>> https://w3c-ccg.github.io/meetings/2018-11-20/
>>
>> Full text of the discussion follows for W3C archival purposes.
>> Audio from the meeting is available as well (link provided below).
>>
>> ----------------------------------------------------------------
>> Credentials CG Telecon Minutes for 2018-11-20
>>
>> Agenda:
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2018Nov/0129.html
>> Topics:
>>   1. Introductions and Reintroductions
>>   2. Announcements, reminders
>>   3. Action items
>>   4. Work Items
>>   5. Pain points
>> Organizer:
>>   Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
>> Scribe:
>>
>> Present:
>>   Christopher Allen, Bohdan Andriyiv, Andrew Hughes, Manu Sporny,
>>   Dmitri Zagidulin, Ryan Grant, Brent Zundel, Moses Ma, Joe
>>   Andrieu, Lucas Parker, Ted Thibodeau, Lionel Wolberger, Markus
>>   Sabadello, Drummond Reed, Joe Kaplan, Sam Smith, Nate Otto,
>>   Michaela Casaldi, Jarlath O'Carroll, Jeff Orgel, Chris Webber,
>>   Andrew Rosen, Adrian Hope-Bailie
>> Audio:
>>   https://w3c-ccg.github.io/meetings/2018-11-20/audio.ogg
>>
>> Joe Andrieu: Connections
>> Ryan Grant: Does voip-ccg association still work if you do it?
>>
>> Topic: Introductions and Reintroductions
>>
>> Lionel Wolberger: ... Main topic, the pain points that DIs are
>>   solving.
>> Drummond Reed: Note: I can only stay for the first 30 mins today.
>> Moses Ma:  Spoke with his partners about our work, and we have a
>>   volunteer. Dr. Wu [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... VC who ran a $billion fund
>> Lionel Wolberger: ... Templates for DID monetization
>> Lionel Wolberger: .... List different ways we can monetize the
>>   DID market
>> Manu Sporny: +1 To that effort, would be very helpful to the CCG.
>> Lionel Wolberger: ... Dr. Wu was a lead investor on Tivo, is good
>>   at revenue models.
>> Joe Kaplan:  Will this be a work item? How can the community
>>   support? [scribe assist by Lionel Wolberger]
>> Moses Ma:  Paper for next RWoT [scribe assist by Lionel
>>   Wolberger]
>> Sam Smith:  Furthering sustainable commons, [scribe assist by
>>   Lionel Wolberger]
>> Lionel Wolberger: ... If looking to monetize, this paper is
>>   related. Will share it.
>> Moses Ma:  Let's have the community participate. Should stipulate
>>   how a standard can create a fair method to enable monetization
>>   models. [scribe assist by Lionel Wolberger]
>> S/Furhtering/Furthering
>> Lionel Wolberger: .... A mockup of the UX would be helpful,
>>   perhaps in Adobe XD
>> Joe Kaplan:  Send email and we will follow up. [scribe assist by
>>   Lionel Wolberger]
>> Lionel Wolberger: Jarlath to the mic!
>> Jarlath O'Carroll:  CEO and founder of Jobs___ [scribe assist by
>>   Lionel Wolberger]
>> Lionel Wolberger: ... Connects students to jobs
>> Lionel Wolberger: ... Interested in CCG/VCs for credentials
>>   regarding skills, etc
>>
>> Topic: Announcements, reminders
>>
>> Joe Kaplan:  Dec 10 workshop, Microsoft [scribe assist by Lionel
>>   Wolberger]
>> Manu Sporny:  55 People are signed up, room for 15 more. [scribe
>>   assist by Lionel Wolberger]
>> Manu Sporny:
>>
>> https://www.w3.org/Security/strong-authentication-and-identity-workshop/cfp.html
>> Lionel Wolberger: ... Seeking more lawyers, regulatory and
>>   compliance types
>> Lionel Wolberger: ... Seeking more European (GDPR) and China
>>   focus
>> Lionel Wolberger: ... Still time to register!
>> Lionel Wolberger: ... Note that new proposals will compete with
>>   some critical proposals that we must present at the workshop
>> Lionel Wolberger: ... Agenda is being formulated and will be
>>   shared soon.
>> Lionel Wolberger: RWoT #8 planned for Feb22/28/Mar 01
>> Joe Kaplan:  Making decisions about location, to be announced
>>   ASAP. [scribe assist by Lionel Wolberger]
>> Joe Kaplan:  IIW APril3-May 2. Not the same time as RWoT this
>>   time ;-) [scribe assist by Lionel Wolberger]
>> Manu Sporny:  Barcelona proposal for RWoT [scribe assist by
>>   Lionel Wolberger]
>> Moses Ma: +1 Barcelona
>> Lionel Wolberger: ... May be just after MWC (mobile world
>>   congress)
>> Christopher Allen: Take train
>>
>> Topic: Action items
>>
>> Bohdan Andriyiv: +1 For Barcelona)
>> Joe Kaplan:  Planning to "create Amira as a repo" [scribe assist
>>   by Lionel Wolberger]
>> Moses Ma: Can someone post URL to Sam's "Furthering sustainable
>>   commons" paper
>> Joe Andrieu: https://github.com/w3c-ccg/community/issues/18
>> Manu Sporny: https://www.w3.org/2018/11/19-vcwg-minutes.html
>> Manu Sporny:  Meeting minutes on how to harmonize with Verifiable
>>   Credentials [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... General pattern for addressing ZKPs
>> Lionel Wolberger: ...  Pattern to host ZKP even as binary BLOBs
>> Joe Andrieu:
>>   https://github.com/w3c-ccg/community/blob/master/work_items.md
>>
>> Topic: Work Items
>>
>> Drummond Reed: The Sovrin community intends for ZKPs to NOT be a
>>   "bizarre, out-of-the way format" :-)
>> Ryan Grant: +1 For Barcelona
>> Manu Sporny: Drummond -- I expected as much, :)
>> Manu Sporny:  OCAP in JS [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... Library implementation
>> BLOB = Bizarre Large Object </humor>
>> Manu Sporny:  Regarding, seeking additional funds for people to
>>   implement tools [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... E.g. issue a new type of verfiable
>>   credential, need to define a vocabulary, need a website where you
>>   can go and CLICK to publish such a vocabulary
>> Lionel Wolberger: ... Cryptographic hash linking specification,
>>   that is more detailed then just "use IPRS"
>> Lionel Wolberger: ... Will be useful to have a kind of "magnet
>>   link"
>> Lionel Wolberger: ... This is a problem across the decentralized
>>   blockchain space
>> Lionel Wolberger: ... Proposing an IETF specification
>> Nate Otto: +1 To magnet link IRIs for linked data
>> Lionel Wolberger: ... New problem emerging around vendor lockin
>>   on digital wallets
>> Lionel Wolberger: ... Ensure that one vendor won't lock out
>>   everyone else, by being specification conforming but not enabing
>>   data portability
>> Lionel Wolberger: Manu: Exciting stuff +1
>> Drummond Reed: BTW, avoiding vendor lock-in is a primary goal of
>>   DKMS, of which the plan is to start a Technical Committee at
>>   OASIS. See http://bit.ly/dkmsv3
>> Manu Sporny:  Mag links will be important to endurance, the
>>   ability for documents to be addressable over a period of years
>>   [scribe assist by Lionel Wolberger]
>>
>> Topic: Pain points
>>
>> Manu Sporny: Drummond, What I was talking about goes beyond DKMS,
>>   but yes, that work is important as well.
>> Chris Webber:  We accept the value of decentralization without
>>   much consideration [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... We can now tease out the assumptions and
>>   motivations behind this
>> Lionel Wolberger: ... These should be made overt in the DID
>>   primer
>> Lionel Wolberger: ... Let's start with Vendor Lock-in
>> Lionel Wolberger: ... Many standards and protocols ended up being
>>   locked-in due to some inherent centrality
>> Lionel Wolberger: ... Example: Twitter had lots of apps in a
>>   broad ecosystem, but by Twitter controlling the API Keys they
>>   constrained that ecosystem
>> Lionel Wolberger: ... In federated DIDs, some parties took
>>   protocols that were intended to be two way
>> Lionel Wolberger: ... But then only implemented one side
>> Lionel Wolberger: \
>> Manu Sporny:  Every market vertical has its own motivation for
>>   needing DIDs [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... In Healthcare DIDS are useful for X,Y,Z
>> Lionel Wolberger: ... In banking DIDs are useful for doing n,m,o
>> Lionel Wolberger: ... Local, provincial and federal governments
>>   do not want to be the system of record for identifiers
>> Lionel Wolberger: ... It's all knowledge based stuff
>> Lionel Wolberger: ... These organizations do not want to control
>>   knowledge based identifiers as opposed to cryptographic
>>   identifiers
>> Lionel Wolberger: ... Since they are almost guaranteed that the
>>   funding creating the system diminishes over time
>> Lionel Wolberger: ... As the systems grow, the funding shrinks
>>   and can even be cut
>> Lionel Wolberger: ... Making the central system suceptible to
>>   failure
>> Andrew Hughes: Identifiers are useful. The fatal flaw (in our
>>   opinion) is that useful widely-usable identifiers end up with
>>   central authorities or defacto authorities that have ‘kill
>>   switches’. Also all ‘authorities’ must inevitably become
>>   high-value attach target infrastructure while at the same time
>>   facing funding pressures (because it goes into the background as
>>   infrastructure). Decentralization has the promise of a
>>   globally-shared namespace that involved de[CUT]
>> Andrew Hughes: Governance and operations but universal
>>   resolvability.
>> Lionel Wolberger: ... Organizations are excited that the DID
>>   enables use without hosting it
>> Lionel Wolberger: ... Though when you point out the cost, their
>>   enthusiasm cools a bit
>> Q
>> Chris Webber:  Borders are a pain point [scribe assist by Lionel
>>   Wolberger]
>> Lionel Wolberger: ... Borders between countries. Borders between
>>   companies.
>> Lionel Wolberger: ... Different ways we evaluate and think about
>>   trust
>> Lionel Wolberger: ... Everybody's trust requirements are
>>   different, in sometimes subtle, sometimes kajor ways
>> Lionel Wolberger: ... A centralized federated system demands tha
>>   tthe trust model propagate throughout the system and mark all
>>   interactions
>> Lionel Wolberger: ... A decentralized system will support
>>   variation in those trust rules
>> Lionel Wolberger: ... You may want to rely on something that
>>   other people dont need or dont want to pay for
>> Drummond Reed: Gotta run now. Bye.
>> Lionel Wolberger: ... Back in SSL, we defined client certs, and
>>   almost no one ended up adopting that
>> Joe Kaplan:  In solving the double spend problem, we ended up
>>   defining DIDs [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... Interstitial jurisdictionality
>> Lionel Wolberger: ... There are well defined jurisdictions
>> Lionel Wolberger: Inbetween these well defined jurisdictions
>>   there are interactions
>> Lionel Wolberger: ... In these interstices we interact
>> Lionel Wolberger: ... How can we have an interaction outside a
>>   jurisdiction
>> Lionel Wolberger: ... E.g. a soviet union master of science, how
>>   will another country e.g. the UK evaluate that
>> Andrew Rosen:  Identifiers are useful. [scribe assist by Lionel
>>   Wolberger]
>> Lionel Wolberger: ... These have kill switches
>> Lionel Wolberger: ... DID offers governance but still
>>   resolvability
>> Lionel Wolberger: ... Identifiers are useful. The fatal flaw (in
>>   our opinion) is that useful widely-usable identifiers end up with
>>   central authorities or defacto authorities that have ‘kill
>>   switches’. Also all ‘authorities’ must inevitably become
>>   high-value attach target infrastructure while at the same time
>>   facing funding pressures (because it goes into the background as
>>   infrastructure). Decentralization has the promise of a
>>   globally-shared namesp[CUT]
>> Lionel Wolberger: ... Governance and operations but universal
>>   resolvability.
>> Sam Smith:  Offloading personal data liability, avoiding toxic
>>   data [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... Focusing on construction sites, new
>>   construction to create a safety wifi network to mark things on a
>>   job site, track
>> Lionel Wolberger: ... Generates a safety plan and a 3D model of
>>   the space from floor plans
>> Lionel Wolberger: ... Sam showed them overlays in the wallet
>> Lionel Wolberger: ... Proof of data without cost of storage
>> Lionel Wolberger: ... Given these watches (apple watch) will you
>>   accept this token?
>> Lionel Wolberger: ... If this succeeds, no one has to store the
>>   data, then through an overlay or an OAuth scope
>> Lionel Wolberger: ... Hit the threshold
>> Lionel Wolberger: ... This way create a non-surveillance
>>   ecosystem
>> Lionel Wolberger: Audio problem
>> Lionel Wolberger: Go on
>> Manu Sporny:  Centralized ID providers, e.g. legal entity
>>   identifier and large corporations [scribe assist by Lionel
>>   Wolberger]
>> Lionel Wolberger: ... These are interested in upgrading their
>>   identifiers
>> Lionel Wolberger: ... E.g. a company whose business model is
>>   issuing identifiers
>> Lionel Wolberger: ... They seek the addition of a layer of
>>   cryptography to mitigate and prevent theft
>> Lionel Wolberger: ... They could roll their own crypto, or more
>>   simply adopt DIDs
>> Lionel Wolberger: ... Centralized authorities want to upgrade
>>   their ecosystem and add cryptography
>> Lionel Wolberger: *** Can someone scribe temporarily, I will drop
>>   and rejoin ****
>> Bohdan Andriyiv:  One of the issues is longevity in identifiers.
>>   [scribe assist by Manu Sporny]
>> Bohdan Andriyiv:  If I have an identifier, and I want a signature
>>   on something, providers can disappear, there is no certainty that
>>   these centralized identifiers will stay. So I think this is one
>>   of the reasons that digital signatures were not widely adopted.
>>   [scribe assist by Manu Sporny]
>> Bohdan Andriyiv:  DIDs solve this problem. [scribe assist by Manu
>>   Sporny]
>> Lionel Wolberger: Manu, i'm back
>> Bohdan Andriyiv:  Question to manu - governments do not want to
>>   manage records of centralized identifiers - I do think
>>   governments still want those lists - they still have databases,
>>   data stores, records of who paid how much in taxes, who received
>>   how much and benefits, they need to keep this data, they don't
>>   want to manage passwords for people. [scribe assist by Manu
>>   Sporny]
>> Lionel Wolberger: ... Still a need to retain the data, just not
>>   manage the task force and make it more secure
>> Markus Sabadello:  Regarding large companies interested in
>>   upgrading their IDs to DIDs [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... I have an IETF draft to discover DIDs based
>>   on the domain name system
>> Lionel Wolberger: ... Large companies are interested in using
>>   domain names for discovery
>> Markus Sabadello:
>>   https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/
>> Manu Sporny: +1, That's really neat work that's going on.
>> Joe Kaplan:  In the digital realm things are easily faked [scribe
>>   assist by Lionel Wolberger]
>> Lionel Wolberger: ... Public key/private key issues
>> Lionel Wolberger: ... How do you verify that something is not
>>   fake
>> Lionel Wolberger: ... That is a pain point that DIDs solve
>> Jarlath O'Carroll: @Lionel - there was a discussion about VC and
>>   Jobs earlier, can you please post the link to the details of this
>>   work in the feed again (I missed it)?
>> Chris Webber:  Keep in mind we had PGP keys for decades and they
>>   were decentralized [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... They did not spread everywhere because
>> Lionel Wolberger: ... (A) they were not vendor agnostic nor
>>   future proof
>> Lionel Wolberger: .. .DIDs are rotateble so allow technological
>>   upgrades
>> Lionel Wolberger: ... The crypto is separated from the actual
>>   identifer
>> Lionel Wolberger: ... Another reason why PGP fingerprints did not
>>   achieve wide market adoption
>> Lionel Wolberger: ... Due to the complications of rotating them
>> Lionel Wolberger: ... Revocation was extremely difficult, you
>>   needed the original key material
>> Lionel Wolberger: ... You had to notify people
>> Lionel Wolberger: ... A number of DID methods have fast and
>>   efficient ways to notify about revocation and rotation
>> Adrian Hope-Bailie:  Questions back to Markus, etc [scribe assist
>>   by Lionel Wolberger]
>> Lionel Wolberger: ... I use corporate centralized user IDs in
>>   general today
>> Lionel Wolberger: ... If DIDs would be linked to domain names or
>>   email addresses
>> Lionel Wolberger: ... Would the service provider only persist the
>>   DID and not the email address?
>> Lionel Wolberger: ... Let's say I use finger
>> Markus Sabadello:  Yes, your understanding is correct. [scribe
>>   assist by Lionel Wolberger]
>> Adrian Hope-Bailie:  That sounds like a powerful value statement.
>>   [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... That ability sounds quite valuable
>> Lionel Wolberger:  Something that wasn't mentioned - DID process
>>   of creating an identifier feels like it's lower friction, more
>>   lightweight. [scribe assist by Manu Sporny]
>> Lionel Wolberger:  So many more digital interactions, so many
>>   more devices, feels like a better way to interact given the
>>   complexity of devices today. [scribe assist by Manu Sporny]
>> Manu Sporny:  Responding to Bohdan [scribe assist by Lionel
>>   Wolberger]
>> Lionel Wolberger: ... The general assertion is that governments
>>   must continue to manage data
>> Lionel Wolberger: ... But the identifier is really secondary to
>>   their interest
>> Markus Sabadello: FYI the August CCG list archive has some
>>   discussion on pros/cons of discovering DIDs from DNS:
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2018Aug/thread.html
>> Lionel Wolberger: ... E.g. in the USA the SocSec number is being
>>   used as an identifier but SecSec admin wants to stop this
>> Lionel Wolberger: ... SSA does not really need the identifier,
>>   they just need to provide their services
>> Lionel Wolberger: ... This is what we mean by saying geovernments
>>   do not want to be identifier providers
>> Lionel Wolberger: ... It is not their core value proposition
>> Lionel Wolberger: ... They still need an identity proofing
>>   process, of course
>> Lionel Wolberger: ... But then they would not have the
>>   responsibility to maintain and track the identifier
>> Lionel Wolberger: ... Keep in mind, they still have to store the
>>   ID and that is an attack surface honeypot
>> Lionel Wolberger: ... They will benefit from the VC architecture,
>>   where they store that they had a verified credential and can tear
>>   down and not store a lot of the artifacts of the proving process
>>   itself
>> Chris Webber:  We are trying to move away from knowledge based
>>   security (e.g. you know my SocSec#, you know my birthdate)
>>   [scribe assist by Lionel Wolberger]
>> Manu Sporny: Yep, Knowledge Based Authentication is usually a bad
>>   thing...
>> Lionel Wolberger: ... Human memorizability for DIDs was an
>>   argument that we had
>> Lionel Wolberger: ... I (Chris) advocated for non-memorizable
>>   IDs, I wanted it to be underlying
>> Lionel Wolberger: ... But people may want DIDs to last a lifetime
>> Lionel Wolberger: ... That is not prevented by the standard,
>>   though this would be an inappropriate use
>> Lionel Wolberger: ... I dont want to give my BTCR identifer, I
>>   want to give a more safe identifer.
>> Adrian Hope-Bailie:  Responding to Manu, that the credentials are
>>   not retained [scribe assist by Lionel Wolberger]
>> Lionel Wolberger: ... Huge synergy with the upcoming technology
>>   that more and more data stores will be held by individuals
>> Lionel Wolberger: ... This is a good argument for DIDs in the
>>   broadest sense
>> Joe Kaplan:  Adding pain points from previous notes. [scribe
>>   assist by Lionel Wolberger]
>> Lionel Wolberger: ... Things change. Email addresses change.
>>   Phone numbers change. Technologies change. Organizations change.
>> Lionel Wolberger: ... The organization that could have verified
>>   your deed does not exist anymore.
>> Lionel Wolberger: ... Fakes are a pain point. Signatures prevent
>>   this, but signatures need PKI
>> Lionel Wolberger: ... Over-identification is a pain point.
>> Lionel Wolberger: ... Identifier misuse. Successful and useful
>>   IDs tend to get used for more things
>> Lionel Wolberger: ... Burden of management: DIDs will be easier
>>   for companies and organizations.
>> Lionel Wolberger: ... Jurisdictional boundaries, where different
>>   groups for different reasons need their own identifiers.
>> Andrew Hughes: Pain point - vendor lock-in
>> A world of pain (points) </h>
>> Chris Webber:  One size trust does not fit all [scribe assist by
>>   Lionel Wolberger]
>> Manu Sporny: Good summary, is really going to help write the W3C
>>   TAG primer
>> Lionel Wolberger: ... You get to decide what your trust model is
>> Moses Ma: Bye y'all, have a great thanksgiving!
>> Lionel Wolberger: HAPPY TURKEY DAY
>> Joe Kaplan:  See you [scribe assist by Lionel Wolberger]
>>
>>
>>
>>
>>
>>
> --
>
> *Moses Ma | Managing Partner*
>
> moses.ma@futurelabconsulting.com | moses@ngenven.com
>
> v+1.415.568.1068 | skype mosesma | *linktr.ee/moses.tao*
> <http://linktr.ee/moses.tao>
>
> FutureLab provides strategy, ideation and technology for breakthrough
> innovation and third generation blockchains.
>
> Learn more at *www.futurelabconsulting.com*
> <http://futurelabconsulting.com>. For calendar invites, please cc:
> mosesma@gmail.com
>
>
> Or whet your appetite by reading *Agile Innovation*
> <http://www.amazon.com/Agile-Innovation-Revolutionary-Accelerate-Engagement/dp/B00SSRSZ9A>
> | *Blockchain Design Sprint*
> <https://www.amazon.com/Blockchain-Design-Sprint-Workbook-Implement/dp/1548592714>
> | my blog at *psychologytoday.com*
> <http://www.psychologytoday.com/blog/the-tao-innovation>.
>