- From: <kimdhamilton@gmail.com>
- Date: Wed, 11 Dec 2019 10:56:44 -0800
- To: Credentials CG <public-credentials@w3.org>
Thanks to Adrian Gropper for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2019-12-03/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2019-12-03 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2019Dec/0001.html Topics: 1. Introductions and Reintroductions 2. Announcements and Reminders 3. Action Items 4. did:key method Organizer: Christopher Allen and Joe Andrieu and Kim Hamilton Duffy Scribe: Adrian Gropper Present: Justin Richer, Christopher Allen, Amy Guy, Manu Sporny, Yancy Ribbens, Dave Longley, Markus Sabadello, Chris Winczewski, Alexander Hripak, Sumita Jonak, Dan Burnett, Ted Thibodeau, Adrian Gropper, Jonathan Holt, Ganesh Annan, Joe Andrieu, Dmitri Zagidulin, Jeff Orgel, Brent Shambaugh, Kim Hamilton Duffy, David Chadwick Audio: https://w3c-ccg.github.io/meetings/2019-12-03/audio.ogg Christopher Allen: https://lists.w3.org/Archives/Public/public-credentials/2019Dec/0001.html Christopher Allen: https://www.w3.org/community/credentials/join Christopher Allen: https://w3c-ccg.github.io/meetings/ Adrian Gropper is scribing. Topic: Introductions and Reintroductions Christopher Allen: Markus for reintroduction Markus Sabadello: Danube Tech, working on DID since the first, co-editor on the DID spec Topic: Announcements and Reminders Christopher Allen: https://w3c-ccg.github.io/announcements/ Christopher Allen: Announcements and reminders... not needing xmas eve or NE eve, so we have a break at the end of December. ... regular DID-resolution calls on Thursdays Markus Sabadello: Will have a call this week - not decided for rest of year Markus Sabadello: Info about DID Resolution calls: https://docs.google.com/document/d/1qYBaXQMUoB86Alquu7WBtWOxsS8SMhp1fioYKEGCabE/ Christopher Allen: Asking for progress on active work items ... hold the date of March 16-20 for next RwOT in Buenos Aires. Formal announcement later this week. Topic: Action Items Christopher Allen: https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 Christopher Allen: https://github.com/w3c-ccg/community/issues/87 ... Progress on action items? Review 4 items to thalk about. Need instruction on SIP - Issue #87 - need volunteer help define the procedures for SIP calls Christopher Allen: I can write up onsip in the browser [scribe assist by Amy Guy] ... If you have problems besides Mac and iPhone also add as requirement in this issue. Call for volunteer! ... Amy volunteers. Could have another person as well. ... back to the active... Action Manu and Dan on renaming the repo Manu Sporny: The AI as is does not make sense. Maybe we need a repo. Manu will create one right now. Brent Shambaugh: Linphone never seems to work for me. It did years ago. :( Christopher Allen: Review WebKMS - 2 proposed work items DIDkey and WebKMS Christopher Allen: https://github.com/w3c-ccg/community/issues/99 ... please get your comment on these as official work items and we will be scheduling a call on WebKMS ... any action items other people want to clear or add??? Manu Sporny: I just created https://github.com/w3c-ccg/vcwg-maintenance -- for VCWG Maintenance issues. Christopher Allen: https://github.com/w3c-ccg/community/issues/98 ... tahke a look at community repo to track. Going to primary discussion: Proposal to add DID-key as work item ... meets the criteria and interest from other organization but need another organization as leader joining the other proposers on this Topic: did:key method Christopher Allen: https://digitalbazaar.github.io/did-method-key/ ... method text at - Manu take over? Manu Sporny: https://github.com/w3c-ccg/community/issues/98 Manu Sporny: https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0085.html Manu Sporny: DID-key request raised in Issue #98, then email, attemot to create the simplest DID method possible, just by having the DID expand to a DID doc without going out to a chain ... useful for short term interactions that require use of crypto such as a pairwise relationship that is temporary and then bootstraps into a communication and signatures Manu Sporny: https://digitalbazaar.github.io/did-method-key/ ... super simple: only operations supported are Create and Read - don't use if Update needed - se a ledger-based mechanism if you need those ... Need another editor for an official work item in order to proceed but easy because it's nearly done Markus Sabadello: Original keys discussion included U and D and reached reduced consensus. It's a great method with these as optional. Christopher Allen: Confused on things like a DID document based on expanding the key and giving it all authority. Are there any ways to constrian. As a cryptographer this is really broad. Would prefer a DID doc signed by that key. A little confused. Jonathan Holt: How do you create? Christopher Allen: (I note that BTCR also expands an implicit DID solely from the DID value) Manu Sporny: Algorithm in the spec. DID key is an encoding of the public key itself. Say, 32 bytes and expand them into a DID document. No resoution is needed. Jonathan Holt: I see, in-line with prefix of multicodec and multibase Markus Sabadello: Some older discussion about making Update and Deactivate optional for DIDs: https://github.com/w3c-ccg/did-spec/pull/55 ... to Christoper's - yes we do expand to full authority including VC, key agreements, one key to rule them all. We did consider doing a signature or more and decided to use DID peer for those kind of things. Discussed overlap with DID-peer and that isprobably better - for the more complex cases Christopher Allen: I suggest use once! ... Be careful not to use DID-key. There are ways to convert DID-key to DID-peer. Ack that crypto would be concern. Kim Hamilton Duffy: https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0089.html Kim Hamilton Duffy: Asking some f/u questions from the mailing list. Orie asking about multiple key representations. Oliver Terbu asking about editorship? Dan Burnett: PLEASE MUTE, EVERYONE Dave Longley: +1 It's still a resolver, but no network required Dave Longley: No network or storage required. Manu Sporny: Yes, Markus is right, there is a resolution process.... I should've said no remote network required. Markus Sabadello: Comment on terminology - resolver is still required for expansion but it is very simple - There should be no assumption that any storage or remote network is involved. Trivial resolution Christopher Allen: DID-peer addressed. IPFS-style key representations - need a process for how new key types are added. Markus Sabadello: Uniresolver.io has experimental support for this (but may be outdated a bit), e.g.: https://uniresolver.io/#did:key:z6Mkfriq1MqLBoPWecGoDLjguo1sB9brj6wT3qZ5BxkKpuP6 Dan Burnett: Nacl == salt? Manu Sporny: What about DID nacl? differs only in key encoding - Oliver invited to coedit. Kim Hamilton Duffy: Ah, I see Christopher Allen: Dan, nacl is the most used library for 25519 keys Kim Hamilton Duffy: Thanks Manu Dan Burnett: https://nacl.cr.yp.to/index.html <-- nacl/sodium/etc. refers to libraries used to implement Daniel Bernstein's ed25519/curve25519 crypto. [scribe assist by Dave Longley] Dan Burnett: ChristopherA, yep, just wondering about how we should pronounce the did method name :) ... DID key spec uses MultiCodec is very compact - allows us to express the key types - MultiBase is also used - should be able to express all the popular key formats ... adding to MultiCodec is as simple as a PR. Manu is editor. ... Markus is right - we still need resolution but you don'tneed to go to network. Difference from DID-git is no signature check Kim Hamilton Duffy: Manu you said this is done? https://github.com/w3c-ccg/community/issues/93 Kim Hamilton Duffy: Answered my own question, yes Christopher Allen: Using MultiBase and MultiCoded but theoretically could use other key verification methods. Dave Longley: Did:simple ? :) Kim Hamilton Duffy: Fyi, VCWG maintenance repo is here: https://github.com/w3c-ccg/vcwg-maintenance. Thanks for creating it Manu Manu Sporny: We're flexible on other types like a post-quantum could be expressed with DID-key. Could be added without changing the spec. Christopher Allen: I'm enamoured of D Longley's DID simple. At a higher level, is there a risk that too many people use it improperly. Warn never to reuse this DID. Dave Longley: Did:tmp Jonathan Holt: TO Markus's point, still a resolution. I get different results from different parsers. I do like MultiBase and MultiCoded. Manu Sporny: https://digitalbazaar.github.io/did-method-key/#create Dave Longley: Notes that `did:key` implies there's just "one key" already Manu Sporny: Deterministic algorithm is pretty simple. Interesting expansion for ...19 key. As far as misuse, yes, people will use it for the wrong purposes like persist it.Should write about this in the security sections. ... there are systems that will forbid creation of a pubic-facing DID-key - only doing it where customers are protected. Christopher Allen: There's weird things -would like to see it ued with HD keys where you need to point to a specific sub-key - so anybdy can verify ... worried about the name Key. That has long-term implications. Would prefer tempkey orsomething else in the root of the name Manu Sporny: We can rename the identifier to when we pick this up as work item. Sure let's start with three specific keys and then expand to HD keys later. Markus Sabadello: Emphasizing temporary nature, could build an expiration, but makes it more comples. Kim Hamilton Duffy: Need another person. Mention a one-week notice? Christopher Allen: Chairs prefer multiple parties and consensus for work items - can approve this but prefer more input - do we have an idea of when? Manu Sporny: David C and Oliver may be co-editors. Will address the issues raised today. Timeline: hope is 6 months for v1 spec. It's had enough circulation as is. ... I'd like it to be picked up ASAP. David Chadwick: We're using keyID as subjectID. Happy to participate in editing the document. Christopher Allen: Consensus not required for this. Chairs will confirm and let you know this week. Kim Hamilton Duffy: +1 Christopher Allen: +1 Joe Andrieu: I think we can approve today. Kim Hamilton Duffy: Yes Manu Sporny: Great, thanks to the group for the discussion! :) Christopher Allen: Confirm that this is added to the Work Items list. Kim Hamilton Duffy: Manu -- I'll kick off the next steps and ping you when everything's ready Manu Sporny: Thanks kimhd ! :) ... not enough time for next work item. Anyone else? On longer term agenda need volunteers for CG repo on digital verification ... chairs challenged - will propose archiving that and moving soe topics into CCG. ... CCG needs to review charter. If interested in these process items, will show leadership in community. Can be done in one or two months and get bragging rights. Please help with these short term items. Kim Hamilton Duffy: Next week we'll be focusing on a task force for Academic Credentials. Manu Sporny: EDV call invite: https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0142.html Joe Andrieu: Did we talk about the EDV call? Another one on Friday. Christopher Allen: We had a call about EDV before Thanksgiving. We have some consensus. 75 people was amazing but still missing Solid or IPFS. Where will this work be hosted. Dmitri Zagidulin: There was Solid representation on the last call. Jonathan Holt: Uh, um. present+ Christopher Allen: Seek IPFS representation and please come to this Friday's call. Brent Shambaugh: I find this an interesting topic. It may be useful. Look forward to spec discussions.. I am glad I jumped in today.
Received on Wednesday, 11 December 2019 18:56:50 UTC