[MINUTES] W3C Credentials CG Call - 2019-12-03 12pm ET

Thanks to Adrian Gropper for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-12-03/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-12-03

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2019Dec/0001.html
Topics:
  1. Introductions and Reintroductions
  2. Announcements and Reminders
  3. Action Items
  4. did:key method
Organizer:
  Christopher Allen and Joe Andrieu and Kim Hamilton Duffy
Scribe:
  Adrian Gropper
Present:
  Justin Richer, Christopher Allen, Amy Guy, Manu Sporny, Yancy 
  Ribbens, Dave Longley, Markus Sabadello, Chris Winczewski, 
  Alexander Hripak, Sumita Jonak, Dan Burnett, Ted Thibodeau, 
  Adrian Gropper, Jonathan Holt, Ganesh Annan, Joe Andrieu, Dmitri 
  Zagidulin, Jeff Orgel, Brent Shambaugh, Kim Hamilton Duffy, David 
  Chadwick
Audio:
  https://w3c-ccg.github.io/meetings/2019-12-03/audio.ogg

Christopher Allen: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Dec/0001.html
Christopher Allen: https://www.w3.org/community/credentials/join
Christopher Allen: https://w3c-ccg.github.io/meetings/
Adrian Gropper is scribing.

Topic: Introductions and Reintroductions

Christopher Allen:  Markus for reintroduction
Markus Sabadello:  Danube Tech, working on DID since the first, 
  co-editor on the DID spec

Topic: Announcements and Reminders

Christopher Allen: https://w3c-ccg.github.io/announcements/
Christopher Allen:  Announcements and reminders... not needing 
  xmas eve or NE eve, so we have a break at the end of December.
  ... regular DID-resolution calls on Thursdays
Markus Sabadello:  Will have a call this week - not decided for 
  rest of year
Markus Sabadello: Info about DID Resolution calls: 
  https://docs.google.com/document/d/1qYBaXQMUoB86Alquu7WBtWOxsS8SMhp1fioYKEGCabE/
Christopher Allen:  Asking for progress on active work items
  ... hold the date of March 16-20 for next RwOT in Buenos Aires. 
  Formal announcement later this week.

Topic: Action Items

Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Christopher Allen: https://github.com/w3c-ccg/community/issues/87
  ... Progress on action items? Review 4 items to thalk about. 
  Need instruction on SIP - Issue #87 - need volunteer help define 
  the procedures for SIP calls
Christopher Allen:  I can write up onsip in the browser [scribe 
  assist by Amy Guy]
  ... If you have problems besides Mac and iPhone also add as 
  requirement in this issue. Call for volunteer!
  ... Amy volunteers. Could have another person as well.
  ... back to the active... Action Manu and Dan on renaming the 
  repo
Manu Sporny:  The AI as is does not make sense. Maybe we need a 
  repo. Manu will create one right now.
Brent Shambaugh: Linphone never seems to work for me. It did 
  years ago. :(
Christopher Allen:  Review WebKMS - 2 proposed work items DIDkey 
  and WebKMS
Christopher Allen: https://github.com/w3c-ccg/community/issues/99
  ... please get your comment on these as official work items and 
  we will be scheduling a call on WebKMS
  ... any action items other people want to clear or add???
Manu Sporny: I just created 
  https://github.com/w3c-ccg/vcwg-maintenance -- for VCWG 
  Maintenance issues.
Christopher Allen: https://github.com/w3c-ccg/community/issues/98
  ... tahke a look at community repo to track. Going to primary 
  discussion: Proposal to add DID-key as work item
  ... meets the criteria and interest from other organization but 
  need another organization as leader joining the other proposers 
  on this

Topic: did:key method

Christopher Allen: 
  https://digitalbazaar.github.io/did-method-key/
  ... method text at - Manu take over?
Manu Sporny: https://github.com/w3c-ccg/community/issues/98
Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0085.html
Manu Sporny:  DID-key request raised in Issue #98, then email, 
  attemot to create the simplest DID method possible, just by 
  having the DID expand to a DID doc without going out to a chain
  ... useful for short term interactions that require use of 
  crypto such as a pairwise relationship that is temporary and then 
  bootstraps into a communication and signatures
Manu Sporny: https://digitalbazaar.github.io/did-method-key/
  ... super simple: only operations supported are Create and Read 
  - don't use if Update needed - se a ledger-based mechanism if you 
  need those
  ... Need another editor for an official work item in order to 
  proceed but easy because it's nearly done
Markus Sabadello:  Original keys discussion included U and D and 
  reached reduced consensus. It's a great method with these as 
  optional.
Christopher Allen:  Confused on things like a DID document based 
  on expanding the key and giving it all authority. Are there any 
  ways to constrian. As a cryptographer this is really broad. Would 
  prefer a DID doc signed by that key. A little confused.
Jonathan Holt:  How do you create?
Christopher Allen: (I note that BTCR also expands an implicit DID 
  solely from the DID value)
Manu Sporny:  Algorithm in the spec. DID key is an encoding of 
  the public key itself. Say, 32 bytes and expand them into a DID 
  document. No resoution is needed.
Jonathan Holt: I see, in-line with prefix of multicodec and 
  multibase
Markus Sabadello: Some older discussion about making Update and 
  Deactivate optional for DIDs: 
  https://github.com/w3c-ccg/did-spec/pull/55
  ... to Christoper's - yes we do expand to full authority 
  including VC, key agreements, one key to rule them all. We did 
  consider doing a signature or more and decided to use DID peer 
  for those kind of things. Discussed overlap with DID-peer and 
  that isprobably better - for the more complex cases
Christopher Allen: I suggest use once!
  ... Be careful not to use DID-key. There are ways to convert 
  DID-key to DID-peer. Ack that crypto would be concern.
Kim Hamilton Duffy: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0089.html
Kim Hamilton Duffy:  Asking some f/u questions from the mailing 
  list. Orie asking about multiple key representations. Oliver 
  Terbu asking about editorship?
Dan Burnett: PLEASE MUTE, EVERYONE
Dave Longley: +1 It's still a resolver, but no network required
Dave Longley: No network or storage required.
Manu Sporny: Yes, Markus is right, there is a resolution 
  process.... I should've said no remote network required.
Markus Sabadello:  Comment on terminology - resolver is still 
  required for expansion but it is very simple - There should be no 
  assumption that any storage or remote network is involved. 
  Trivial resolution
Christopher Allen:  DID-peer addressed. IPFS-style key 
  representations - need a process for how new key types are added.
Markus Sabadello: Uniresolver.io has experimental support for 
  this (but may be outdated a bit), e.g.: 
  https://uniresolver.io/#did:key:z6Mkfriq1MqLBoPWecGoDLjguo1sB9brj6wT3qZ5BxkKpuP6
Dan Burnett: Nacl == salt?
Manu Sporny:  What about DID nacl? differs only in key encoding - 
  Oliver invited to coedit.
Kim Hamilton Duffy: Ah, I see
Christopher Allen: Dan, nacl is the most used library for 25519 
  keys
Kim Hamilton Duffy: Thanks Manu
Dan Burnett:  https://nacl.cr.yp.to/index.html <-- 
  nacl/sodium/etc. refers to libraries used to implement Daniel 
  Bernstein's ed25519/curve25519 crypto. [scribe assist by Dave 
  Longley]
Dan Burnett: ChristopherA, yep, just wondering about how we 
  should pronounce the did method name :)
  ... DID key spec uses MultiCodec is very compact - allows us to 
  express the key types - MultiBase is also used - should be able 
  to express all the popular key formats
  ... adding to MultiCodec is as simple as a PR. Manu is editor.
  ... Markus is right - we still need resolution but you 
  don'tneed to go to network. Difference from DID-git is no 
  signature check
Kim Hamilton Duffy: Manu you said this is done? 
  https://github.com/w3c-ccg/community/issues/93
Kim Hamilton Duffy: Answered my own question, yes
Christopher Allen:  Using MultiBase and MultiCoded but 
  theoretically could use other key verification methods.
Dave Longley: Did:simple ? :)
Kim Hamilton Duffy: Fyi, VCWG maintenance repo is here: 
  https://github.com/w3c-ccg/vcwg-maintenance. Thanks for creating 
  it Manu
Manu Sporny:  We're flexible on other types like a post-quantum 
  could be expressed with DID-key. Could be added without changing 
  the spec.
Christopher Allen:  I'm enamoured of D Longley's DID simple. At a 
  higher level, is there a risk that too many people use it 
  improperly. Warn never to reuse this DID.
Dave Longley: Did:tmp
Jonathan Holt:  TO Markus's point, still a resolution. I get 
  different results from different parsers. I do like MultiBase and 
  MultiCoded.
Manu Sporny: 
  https://digitalbazaar.github.io/did-method-key/#create
Dave Longley: Notes that `did:key` implies there's just "one key" 
  already
Manu Sporny:  Deterministic algorithm is pretty simple. 
  Interesting expansion for ...19 key. As far as misuse, yes, 
  people will use it for the wrong purposes like persist it.Should 
  write about this in the security sections.
  ... there are systems that will forbid creation of a 
  pubic-facing DID-key - only doing it where customers are 
  protected.
Christopher Allen:  There's weird things -would like to see it 
  ued with HD keys where you need to point to a specific sub-key - 
  so anybdy can verify
  ... worried about the name Key. That has long-term 
  implications. Would prefer tempkey orsomething else in the root 
  of the name
Manu Sporny:  We can rename the identifier to when we pick this 
  up as work item. Sure let's start with three specific keys and 
  then expand to HD keys later.
Markus Sabadello:  Emphasizing temporary nature, could build an 
  expiration, but makes it more comples.
Kim Hamilton Duffy:  Need another person. Mention a one-week 
  notice?
Christopher Allen:  Chairs prefer multiple parties and consensus 
  for work items - can approve this but prefer more input - do we 
  have an idea of when?
Manu Sporny:  David C and Oliver may be co-editors. Will address 
  the issues raised today. Timeline: hope is 6 months for v1 spec. 
  It's had enough circulation as is.
  ... I'd like it to be picked up ASAP.
David Chadwick:  We're using keyID as subjectID. Happy to 
  participate in editing the document.
Christopher Allen:  Consensus not required for this. Chairs will 
  confirm and let you know this week.
Kim Hamilton Duffy: +1
Christopher Allen: +1
Joe Andrieu:  I think we can approve today.
Kim Hamilton Duffy:  Yes
Manu Sporny: Great, thanks to the group for the discussion! :)
Christopher Allen:  Confirm that this is added to the Work Items 
  list.
Kim Hamilton Duffy: Manu -- I'll kick off the next steps and ping 
  you when everything's ready
Manu Sporny: Thanks kimhd ! :)
  ... not enough time for next work item. Anyone else? On longer 
  term agenda need volunteers for CG repo on digital verification
  ... chairs challenged - will propose archiving that and moving 
  soe topics into CCG.
  ... CCG needs to review charter. If interested in these process 
  items, will show leadership in community. Can be done in one or 
  two months and get bragging rights. Please help with these short 
  term items.
Kim Hamilton Duffy:  Next week we'll be focusing on a task force 
  for Academic Credentials.
Manu Sporny: EDV call invite: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Nov/0142.html
Joe Andrieu:  Did we talk about the EDV call? Another one on 
  Friday.
Christopher Allen:  We had a call about EDV before Thanksgiving. 
  We have some consensus. 75 people was amazing but still missing 
  Solid or IPFS. Where will this work be hosted.
Dmitri Zagidulin:  There was Solid representation on the last 
  call.
Jonathan Holt: Uh, um. present+
Christopher Allen:  Seek IPFS representation and please come to 
  this Friday's call.
Brent Shambaugh: I find this an interesting topic.  It may be 
  useful. Look forward to spec discussions.. I am glad I jumped in 
  today.

Received on Wednesday, 11 December 2019 18:56:50 UTC