[MINUTES] W3C Credentials CG Call - 2019-08-13 12pm ET

Thanks to Brent Shambaugh for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-08-13/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-08-13

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2019Aug/0048.html
Topics:
  1. Announcements and Reminders
  2. DID WG Charter and outreach
  3. Agents, Hubs, and More
Organizer:
  Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
  Brent Shambaugh
Present:
  William Claxton, Christopher Allen, Kim Hamilton Duffy, Joe 
  Andrieu, Manu Sporny, Ted Thibodeau, Dmitri Zagidulin, Dave 
  Longley, Adrian Gropper, Markus Sabadello, Sumita Jonak, Ryan 
  Grant, Oliver Terbu, Brent Zundel, Brent Shambaugh, Moses Ma, Dan 
  Burnett, Ganesh Annan, Kayode Ezike, Daniel Hardman, Benjamin 
  Young, Jonathan Holt, Justin Richer, Daniel Buchner, Ken Ebert
Audio:
  https://w3c-ccg.github.io/meetings/2019-08-13/audio.ogg

William Claxton: Voip 7dc is wmclaxton
Sumita Jonak: Kim sounds garbled
Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
  https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
Kim Hamilton Duffy: 
  https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
Please be advised, my connection is spotty today, so I likely 
  will be on mute mostly
Brent Shambaugh is scribing.
Kim Hamilton Duffy:  Introductions. any new participants?
Kim Hamilton Duffy:  Danmcg would you like to introduce yourself? 
  Or Karen ?
Kim Hamilton Duffy:  Sumita ?
Sumita Jonak:  This is Sumita from USAA
Kim Hamilton Duffy:  Reintroductions, Ryan Grant?
Ryan Grant:  My name is Ryan Grant, I run a company called 
  Digital Contract Design. I am interested in btcr.
  ... I worked on the bitcoin reference implementation for DIDs
Kim Hamilton Duffy:  Next week we'll report on the btcr hackathon

Topic: Announcements and Reminders

Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/
  ... the announcements are at the link. Are we still having 
  decicated DID calls?
Kim Hamilton Duffy: https://zoom.us/j/7077077007, 1-2:30PM PT / 
  20:00-21:30 UTC
Markus Sabadello:  Yes, we will probably be shifting to DID 
  resolver now that the DID spec has been published.
Kim Hamilton Duffy: Thursdays
Markus Sabadello: 
  https://docs.google.com/document/d/1qYBaXQMUoB86Alquu7WBtWOxsS8SMhp1fioYKEGCabE/
Kim Hamilton Duffy: 
  https://www.meetup.com/Vienna-Digital-Identity-Meetup/events/262359964/
Kim Hamilton Duffy:  September 1st, Vienna meetup right before 
  RWoT in Prague
Kim Hamilton Duffy: https://www.weboftrust.info/
  ... we can take the train afterwards to prague.
Kim Hamilton Duffy: http://rwot9.eventbrite.com
  ... Sept 3-6 it RWoT 9 in Prague
Kim Hamilton Duffy: 
  https://dustycloud.org/blog/activitypub-conf-2019/
  ... then september 7-8 is an activity pub conference in prague
Kim Hamilton Duffy: https://mydata2019.org/
  ... TPAC is sept ??? in Fukuoka Japan
Daniel Hardman: I can't get onto SIP. sip:ccg@96.89.14.196 
  doesn't connect for me in linphone, and US phone: +1.540.274.1034 
  x6306 (the number given in github page instructions) makes me the 
  only participant in the call.
Daniel Hardman: How is everybody else dialing in?
  ... Then MyData in Helsinki, more info at the link
Joe Andrieu:  Two things: the deadline for the RWoT discount is 
  this friday.
  ... please get you paper in to get the discount.
Joe Andrieu: 
  https://www.eventbrite.com/e/holochain-hackathon-in-prague-tickets-68086108383
  ... the other item is a holochain hackathon in prague following 
  our event at the same venue

Topic: DID WG Charter and outreach

Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0000.html
Manu Sporny:  The DID WG charter is open for review by the public
  ... anyone can provide comments
  ... if you are not a W3C company, but want to support the work, 
  you can send a supportive email.
  ... companies and universities are the main focus, especially 
  large, multi-billion dollar companies.
  ... but everyone should respond and say they are supportive.
  ... please abstain from making "anti" statements
  ... be positive
Manu Sporny: https://www.w3.org/2002/09/wbs/33280/did-wg-2019/
  ... please reach out to your networks and have them respond.
  ... the actual vote (for W3C members) can be made by following 
  the other link
  ... we are looking for 22 members to vote positively, but 
  hoping to get much more than that.
  ... don't wait
  ... we've got two weeks to drum up support
Manu Sporny:  I am personally going to send out the link to other 
  W3C AC members
Kim Hamilton Duffy:  A question, I'm no longer a W3C member. What 
  can a multi-university consortium do? does the W3C care about 
  them?
Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0000.html
Manu Sporny:  Yes, they would like new members, so they are 
  interested in ensuring the success of the recommendations and 
  technology.
Manu Sporny: Mail actions: [ respond to this message ]
Kim Hamilton Duffy:  Even if it isn't a company
Manu Sporny:  Yes, follow the link to directly respond to the 
  message.
  ... at the bottom is the link to respond.
Joe Andrieu:  What is the next step for the DID spec?
  ... markus_sabadello did some work to publish
Manu Sporny: https://w3c-ccg.github.io/did-spec/CGFR/2019-08-10/
Manu Sporny:  Markus_sabadello did a fantastic job getting the 
  spec published. the chairs need to call for approval of the 
  community group to hand over the spec to the working group.
  ... asking for objections to making this the community group 
  final report.
Manu Sporny: Chairs should use the button on this page: 
  https://www.w3.org/community/credentials/
  ... after a week or so without objections, that will carry. 
  then the chairs should use the
Manu Sporny:  Can the chairs check that on the call?
  ... "publish report" button
  ... only the chairs have the power to publish the report.
Manu Sporny: 
  https://www.w3.org/community/credentials/spec/publish
  ... at that point it will give you a link
  ... you put the URL markus_sabadello provided, but only after 
  the 7 day vote.
Manu Sporny:  To distill: chairs ask for a 7 day review, then 
  publish, then ask everyone to make IPR commitments.
  ... that enables the DIDWG to pick it up and move forward.
Joe Andrieu:  Do we need help from staff to publish to a W3C 
  domain name? I can follow up
Dan Burnett:  If someone made a contribution, but don't agree. It 
  doesn't mean the WG can't use the document, but the group may 
  need to remove the content that hasn't been agreed to
  ... that's why it is so important to make thies IPR commitment
Markus Sabadello:  People can continue to raise PRs and Issues, 
  they will be carried over to the WG
Dan Burnett: People may find this useful as background: 
  https://www.w3.org/community/about/agreements/summary/
Manu Sporny: 
  https://github.com/w3c-ccg/did-spec/graphs/contributors
  ... so if you see needed changes, you don't need to object.
Manu Sporny:  These are the people who need to be chased down: 
  manu, dave, daniel hardman, amy guy, drummond, etc.
Kim Hamilton Duffy:  To reiterate: Christopher already sent out 
  the DID WG charter for review.
  ... we have maybe 5 days left. If no objections are filed by 
  the CCG my then , it will be accepted by the group.

Topic: Agents, Hubs, and More

Kim Hamilton Duffy: 
  https://docs.google.com/presentation/d/1zeoIwdYPItgXjjqeUcqDGUCJ-tfx-k__H3ry5Uu1UK0/edit?usp=sharing
Dan Burnett: To clarify on GitHub issues, the WG will make a 
  decision about how it wants to proceed.  We will (strongly) 
  encourage the WG to copy all existing issues to the new WG.
Kim Hamilton Duffy:  No need to scribe, because the presentation 
  has the contents
  ... this has been discussed many places, but not here yet. So 
  this is an informational session.
  ... please add yourself to the queue if I mess up :)
Kim Hamilton Duffy:  Slide 3: we will invite experts to give deep 
  dives on each method
Kim Hamilton Duffy: 
  https://medium.com/decentralized-identity/rhythm-and-melody-how-hubs-and-agents-rock-together-ac2dd6bf8cf4
Kim Hamilton Duffy:  Slide 6, the medium post is a really good 
  starting point
Kim Hamilton Duffy:  Slide 7 - sometimes it is unclear what is 
  meant by the terminology e.g., storage, wallets, protocols
Kim Hamilton Duffy:  Slide 8 has secure data hubs added in
  ... the callout markers are not intended to have anything to do 
  with positioning in the venn diagram
Manu Sporny:  I really like this additive approach. I'm wondering 
  if there is a progression where we'll see Solid Pods added in.
Kim Hamilton Duffy:  I would be interested in that informally.
Dmitri Zagidulin: I'd certainly be interested in helping fit 
  Solid Pods into that venn diagram
  ... Solid profiles have a lot of interesting characteristics. 
  Similar to DIDs
  ... pods are meant for self sovereign dat storage. picking 
  apart the terminology will be important
Christopher Allen:  I wanted to add. there are a number of other 
  parties who may want to contribute their stacks. IPFS Agorics, 
  the solid folk. a few others from the DWeb camp
  ... these three in the slides may be just the beginning.
Kim Hamilton Duffy:  We have a few folk, they have experience in 
  these various other things.
Jonathan Holt:  Aries agents - are there other agents?
Kim Hamilton Duffy:  I've only encountered that in the informal 
  sense
Adrian Gropper:  Quick comment. it would be nice in this overview 
  to introduce aspects of privacy or privacy engineering across the 
  different aspects
Manu Sporny: https://w3c-ccg.github.io/credential-handler-api/
Manu Sporny:  Agents is such a broad thing, a lot of things could 
  fall underneath. the credential-handler-api is it an agent? It is 
  dumb, but can be used as a conduit for credential exchange
  ... I'm also concerned we're going to run out of time
Joe Andrieu: +1 For holding the queue
Manu Sporny: +1 For holding the queue
Kim Hamilton Duffy:  What I'm inclined to do is to keep the 
  current queue, and plow through the slides.
Justin Richer: Sorry I forgot to open the chat, can someone point 
  me to the slide deck?
Justin Richer: @Manu thanks
Kim Hamilton Duffy: 
  http://www.cis.syr.edu/~wedu/Teaching/CompSec/LectureNotes_New/Capability.pdf
Kim Hamilton Duffy:  I encourage you to take a look at that
Kim Hamilton Duffy:  Slide 11 -
  ... I need to understand more about Authorization Method 
  agnostic
Kim Hamilton Duffy:  Query/search of encrypted documents feels 
  maybe out of place for a base-level spec
Kim Hamilton Duffy:  I feel like I've done the least justice to 
  agents - slide 12
Kim Hamilton Duffy:  The interesting thing (referring to slide 7) 
  the data oriented vs the action oriented makes a lot of sense.
  ... there seems to be a clear set of things that agents are 
  doing that makes sense.
Adrian Gropper: This sequence diagram might be helpful: 
  https://www.websequencediagrams.com/#invite=KJKVCyJ03X&from=agropper%40gmail.com&name=Public
  ... there are clear things happening elsewhere
Kim Hamilton Duffy:  I want to set up a straw man: identity 
  hubs/secure data hubs are both storage level
  ... we need to tease apart the goals and responsibilities of 
  both.
Daniel Buchner:  I was originally on the queue to say at 
  microsoft, we are working on an enterprise agent to hold keys
  ... on the hubs/agents slide. Hubs does describe actions.
  ... we recognized that task-based flows follow the same 
  paradigm. It generalizes the process so you don't need a bunch of 
  protocols for different events.
Joe Andrieu:  I want to throw holochain into the mix, how does it 
  fit in this conversation?
  ... also, we haven't sent out the email for review of the final 
  did spec.
Manu Sporny:  One of the things we may be missing is the use 
  cases that led to the current designs. for example,
  ... secure data hubs is I have a wallet  with things I feel are 
  mine. the spec came from the desire to prevent a digital storage 
  provider from being able to snoop
  ... also portability, I don't want to be locked into my data 
  provider
  ... the third thing: what is the minimal set of features other 
  communities could use to build on top of
  ... secure data hubs are agnostic to authorization  mechanisms 
  so they can be used by many different organizations.
Dave Longley: I think "strawman 2" is probably pretty close ... 
  secure data hubs are more fundamental and only focused on storage 
  that is encrypted/decrypted client-side ... vs. identity hubs 
  seem to do more and have more relaxed characteristics but need a 
  storage backend ... and agents clearly have different 
  responsibilities
Kim Hamilton Duffy: I can answer that kezike -- no there is no 
  dedicated presentation for each, but we do give a brief overview 
  in groups
  ... the secure/encrypted search is important because otherwise 
  the server will be able to peek inside your data. avoiding 
  surveillance capitalism
Joe Andrieu: Gotta run. thanks, all.
Kim Hamilton Duffy:  We are at time
Kim Hamilton Duffy: Sorry kezike, did that answer your question? 
  I wanted to give Daniel a chance to respond
Daniel Buchner:  When we talk about low level things. hubs allow 
  search tags that are not encrypted because when we look at 
  methods for doing this are really expensive.
  ... is it really possible for this to scale?
Manu Sporny:  We spent a lot of time making sure the design is 
  compute-efficient. we can go into that in more detail in the 
  future.
Daniel Buchner: So you're pushing indexes from the client to the 
  server that are hash keyed?
Kim Hamilton Duffy:  That can be a follow up session
Manu Sporny: Daniel, effectively,yes... with some handwaving :)
Kim Hamilton Duffy:  I have a lot of questions about how that 
  happens
Ryan Grant: I'd like to understand the encryption/search design 
  better as well.
Daniel Buchner: Just trying to figure this out, because we looked 
  at multiple ways to do this, and all sort of break when you take 
  it out of cottage industry/hobbyist realm
Daniel Buchner:  We think we have something that works at the 
  enterprise level :) [scribe assist by Manu Sporny]
Manu Sporny: But would love feedback on it, happy to share our 
  solution in this group.

Received on Sunday, 18 August 2019 23:55:52 UTC