Re: [MINUTES] W3C Credentials CG Call - 2019-02-12 12pm ET from Brent Zundel on 2019-02-18 (public-credentials@w3.org from February 2019)

From: Brent Zundel <brent.zundel@evernym.com>
Date: Mon, 18 Feb 2019 11:12:15 -0700
To: Kim Hamilton Duffy <kim@learningmachine.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAHR74YUuD9uVTAP5X89eQBtxNFzoedFA0=H1Nz8oMc9mpUGMmQ@mail.gmail.com>
Gotta say, I like my new moniker.

On Sun, Feb 17, 2019, 18:48 <kim@learningmachine.com> wrote:

> Thanks to Brent Shambaugh for scribing this week! The minutes
> for this week's Credentials CG telecon are now available:
>
> https://w3c-ccg.github.io/meetings/2019-02-12/
>
> Full text of the discussion follows for W3C archival purposes.
> Audio from the meeting is available as well (link provided below).
>
> ----------------------------------------------------------------
> Credentials CG Telecon Minutes for 2019-02-12
>
> Agenda:
>
> https://lists.w3.org/Archives/Public/public-credentials/2019Feb/0017.html
> Topics:
>   1. Introductions
>   2. announcements
>   3. Action Items
>   4. Use Cases
> Organizer:
>   Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
> Scribe:
>   Brent Shambaugh
> Present:
>   Jeff Orgel, Vaughan Emery, Heather Vescent, Bohdan Andriyiv, Kim
>   Hamilton Duffy, Amy Guy, Brent Zundel, Mike Lodder, Joe Andrieu,
>   Markus Sabadello, Adrian Gropper, Brent Shambaugh, Ted Thibodeau,
>   Will Abramson, Ken Ebert, Benjamin Young, Jonathan Holt,
>   Christopher Allen, Andrew Hughes, Ganesh Annan, Dmitri Zagidulin,
>   Yancy Ribbens, Dave Longley, Manu Sporny, Moses Ma
> Audio:
>   https://w3c-ccg.github.io/meetings/2019-02-12/audio.ogg
>
> Kim Hamilton Duffy: Sorry, having problems connecting on sip,
>   trying voice
> Kim Hamilton Duffy: Well darn, can't dial in either; busy signal
>   :)
> Kim Hamilton Duffy: I'll keep trying sip
> Joe Andrieu: I'm having dialin issues too
> Brent Shambaugh is scribing.
> Joe Andrieu: Third time the charm
> Ted Thibodeau: 1000 Blessings on Kim for formatting the agenda in
>   plaintext (so it's readable/usable via the archives link)
> Kim Hamilton Duffy: Pipe up if you can't connect
> I connected by phone
> Kim Hamilton Duffy: Is anyone on IRC having problems connecting?
> Mike Lodder: No problems using SIP
> Jeff Orgel: Phone no prob - long ago rarely
> Jonathan Holt: I'm on the phone just fine today using skype, but
>   in the past i have had issues
> I'll scribe
> Brent Shambaugh is scribing.
> Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
>
> Topic: Introductions
>
> Will Abramson:  I'm new, first time properly on the call
>   ... managed to get in this time
>   ... researching at Edinburgh, privacy preserving crypto
>   ... hope to be at RWoT
> Kim Hamilton Duffy:  For re-introductions, Dave Longley
> Dave Longley:  I'm the CTO of Digital Bazaar, we focus on
>   blockchain tech, DIDs, etc
>
> Topic: announcements
>
> Kim Hamilton Duffy: http://rwot8.eventbrite.com
> Kim Hamilton Duffy:  RWoT in Barcelona
> Kim Hamilton Duffy:
>
> https://github.com/w3c/verifiable-claims/tree/master/f2f/2019-03-Barcelona
>   ... register soon, early bird discount is over, but you can
>   still get a topic paper discount
> Andrew Hughes:  Please register soon if you haven't yet, and
>   please submit papers
> Joe Andrieu:  Want to mention we are past the paper deadline, so
>   get it in. Also, the last day is the 22nd to register before
>   on-site pricing kicks in
> Kim Hamilton Duffy: https://www.internetidentityworkshop.com
> Kim Hamilton Duffy:  IIW is in May
>
> Topic: Action Items
>
> Kim Hamilton Duffy:
>
> https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
> Christopher Allen: The #RebootingWebOfTrust topic papers are
>   listed at https://github.com/WebOfTrustInfo/rwot8-barcelona
> Joe Andrieu: https://github.com/w3c-ccg/did-spec/pull/168
> Kim Hamilton Duffy:  Updating ABNF for DIDs, that was originally
>   the topic for today, but we are talking about  something else.
> Joe Andrieu:  Dmitry just submitted a PR that everyone should
>   look at
> Dmitri Zagidulin:  Please take a look, we will be adding some
>   more, but we wanted to clarify the confusion between the DID and
>   the DID reference
> Kim Hamilton Duffy:  Action item for all: review that PR
> Manu Sporny:  We have a crypto suite registry that the community
>   manages, I will type something up now
> Jonathan Holt: ?Link to LD crypto suite
> Kim Hamilton Duffy:
>   https://github.com/w3c-ccg/community/issues/44
> Kim Hamilton Duffy:  Address request for clarity and privacy
>   claims for DIDs
>   ... the problem here is that the people who were to be assigned
>   were not taggable, but are now
>   ... the issue is that we claim that DIDs reduce
>   correlatability, but haven't done a lot to talk about that
> Kim Hamilton Duffy:
>   https://github.com/w3c-ccg/community/issues/43
>   ... Ryan and Lionel are not here, so no updates on the next one
>   either
>   ... we'll get to that next week
> Kim Hamilton Duffy:
>   https://github.com/w3c-ccg/community/issues/18
>   ... next JWK cryptosuite implementation, action item for uPort.
>   ... we wanted someone from uPort to show how to express a JWT
>   with the JWK cryptosuite.
> Kim Hamilton Duffy: I'm going to try to switch to audio
> Kim Hamilton Duffy: I mean voice
> Christopher Allen:  I'm not seeing examples of JWTs in DID method
>   specs, could we take this to the next level ?
>   ... what are we missing to take this to the next level?
> Manu Sporny:  The way uPort has approached this is as a wrapper
>   around the information than as a proof format.
>   ... we added RSA2018 signatures in the hopes this would be what
>   they use, but instead they wrap the VC ir DID doc and shove the
>   whole thing in a JWT, rather than using a proof format.
>   ... looks like there's a path forward to using ld proofs with
>   zkps, bitcoin, proof of work
>   ... it is up to the users of JWTs to determine how they will
>   use it in their specs
> Kim Hamilton Duffy:  I am back, let me know if connection is
>   better this time
>   ... action items need some owners
>   ... does anyone have proposals for who can drive the work?
> Manu Sporny:  Oliver has done a great job of engaging. Not
>   volunteering him, but he would be great.
>
> Topic: Use Cases
>
> Joe Andrieu: https://w3c-ccg.github.io/did-use-cases/
> Jonathan Holt: Sound like a loose mic cable
> Joe Andrieu: https://github.com/w3c-ccg/did-use-cases
> Kim Hamilton Duffy: Turning over to Joe to run the rest of the
>   meeting. None of my connections are working
> Joe Andrieu:  On to use cases. Thanks to Manu and Amy for their
>   work in cleaning this up
>   ... want to introduce the document then spend time going
>   through the 15 features.
>   ... there are 5 use cases, 4 of which I like. Really want to
>   keep the total to 5. Want readers to get a sense of what we're
>   talking about.
>   ... one of the things we have bumped into in VCWG: are all of
>   our requirements addressed in the use cases
>   ... prepping DID Explainer has contributed here. Start with
>   feature benefit grid, describe the features, and then a coverage
>   grid.
>   ... some of them, I was generous on where they were mentioned.
>   ... Every use case doesn't need all features
> Joe Andrieu:  What does “sustainability” mean? [scribe assist by
>   Andrew Hughes]
>   ... notion on each of these benefits for anti-censorship: can't
>   be shut down, i.e. for whistleblower, teenager
>   ... anti-exploitation:  prevent surveillance capitalism
> Joe Andrieu:  OK - I’ll think about possible alternative lablels
>   [scribe assist by Andrew Hughes]
>   ... sustainability: no vendor lock in
> Joe Andrieu:  Yes - thanks - because ‘sustainability’ evokes
>   renewable/cost efficiency etc - which is part [scribe assist by
>   Andrew Hughes]
> Joe Andrieu:  All of this language is new, so we'd like editing
>   ... Going to the queue
> Justin_R: I'm not familiar with the W3C use case documents, but
>   from an outsider perspective, this reads like a set of solutions
>   without stated problems. Adding requirements may help.
> Joe Andrieu:  Good feeback
> Manu Sporny:  Want to do some level setting. why are we focusing
>   on this? the DID charter proposal went to advisory review. w
> Heather Vescent: +1 Justin. This does not tell the bigger story,
>   it gets into the technical weeds,
>   ... we gave them a heads up, but the use case doc was an old,
>   unedited google doc.
>   ... they want a ReSpec doc of use cases with some more polish.
> To be clear, it's more that the document doesn't tell me what
>   problems it's addressing so I don't know if I care about the
>   solutions.
>   ... not sure if leading with the requirements will be the best.
>   Perhaps following the VC use cases approach could work.
> Heather Vescent: Also, I feel like all the work on the other use
>   case document was pointless. I don't see any of that work
>   reflected in this document. Which was my main concern when we
>   spent all that time way back then doing those. Why did we bother
>   doing all those if they don't funnel into here?
>   ... DIDs are challenging to talk about. Feedback is that use
>   cases haven't been helpful in leading to understanding.
> Ted Thibodeau: Challenge (problem), solution (DID), application
>   of solution (use case scenario)
> Heather Vescent: I was promised that back then, those use cases
>   would not be for naught, but it seems that this has happened.
> Mike Lodder:  Talking about cencorship and use cases, we could
>   talk about how in some countries it is not legal to access
>   certain types of data, e.g. GDPR. It may make sense for the DID
>   to split based on what it has access to. Cencorship may not
>   always be a negative.
> Joe Andrieu:  Interesting idea, probably at a different layer
>   than DIDs
> Mike Lodder:  Data access control, services could use cencorship
> Christopher Allen:  Two comments: one of the benefits of this
>   area is there are cryptographic problems such as selective
>   disclosure etc. that haven't been realized yet.
>   ... to the larger question, I want to go even further in
>   reducing use cases. The long-term educational claims use case
>   where you could have claims where keys and parties may change
>   over time, but the signatures don't change, even after 30 years.
>   ... another one: the travel one, crossing borders (we talked
>   about this at TPAC) different parties have different authority
>   over different parts of travel.
>   ... all these different identifier block this in different
>   ways. DIDs help unblock this.
>   ... less is more. The use cases are interesting, but we should
>   lead with what is driving adoption now.
> Joe Andrieu:  One challenge with these use cases is that they
>   bleed into VC use cases.
> Dave Longley: Sounds like "using a Verifiable Credential" is a
>   use case itself
>   ... enabled by a DID, but more focused on VCs.
>   ... we need to point out what DIDs uniquely make possible
> Jonathan Holt:  My issue isn't with use cases, but with the
>   charter.
>   ... Is DID specific to W3C community, action items, or credo?
>   ... so much of the DID happens in the realm of data
>   democritization and self-sovreignty. Concerned that the W3C will
>   end up being a members only club.
> Manu Sporny:  You raise a good point, we need to address that as
>   the WG takes form.
> Dave Longley: Protect
> Joe Andrieu: +1 To positive language
>   ... back to use cases, the language should be more positive,
>   e.g. censorhip-resistant over anti-cencorship.
>   ... want to underscore what Chris said. When we talk about DID
>   use cases we go high level, these are verifiable credentials.
>   ... the W3C AC is very well versed in focused charters. Hard
>   for them to link how this new identifier enables the high level
>   use cases.
>   ... need some glue in there now, otherwise it won't go well
>   with AC.
>   ... need to focus on use cases that only DID specific
>   ... have an identifier with cryptographic control, service
>   discovery, and auditability of key rotations.
>   ... this will help the AC focus on that DIDs enable that other
>   things don't
> Bohdan Andriyiv:  Want to draw attention to longevity of DIDs.
>   What differentiates DIDs from other identifiers is lifelong
>   characteristic of DIDs.
>   ... high stakes cooperation. Democracy, decentralized
>   government. Should have a use case for high-stakes long term
>   cooperation.
> Joe Andrieu:  One thing that would greatly improve that use case
>   is if the description outlines what actions the individuals would
>   take.
> Kim Hamilton Duffy: I'm having a hard time reconciling the
>   feedback when I look at the EDU use case. On the one hand, I'm
>   hearing the use cases are too technical; on the other I'm hearing
>   they doesn't spell out the details enough. It would be helpful to
>   discuss specifics of 1 use case
>   ... the individual interactions that drive the scenario would
>   be useful
> Adrian Gropper:  I think the very important reason to do the use
>   cases, is the business case for self-sovereign identity.
>   ... the adoption model should answer the question: what should
>   the issuer, holder and verifier have to do about DIDs.
> Kim Hamilton Duffy: Here's a different angle: of the use cases,
>   which one is closest to a "good" one by AC standards. What is it
>   lacking to make it better?
>   ... if we focus the use cases on service discover etc. we will
>   miss the business case.
> Manu Sporny: https://w3c.github.io/vc-use-cases/
> Joe Andrieu:  One of the things we have in the VC use cases
>   document. We have the mechanistic use cases about what the
>   individual entity can do, not the high level narrative.
> Manu Sporny: We called them User Roles, User Needs, and User
>   Tasks... I think it was very useful.
>   ... I think the pattern we have in the other document is
>   useful: problem domain and solution domain
> Joe Andrieu:  We have these 15 features, tried to break them down
>   into what they provide as key benefits
>   ... sensitive to need to phrase them more positively, but is
>   anything missing?
> Christopher Allen:  Keep on coming back to future proofing. Use
>   of identifiers in the past hasn't addressed this problem.
>   ... this isn't acceptable today. We're enabling new methods of
>   support for longevity and future proofing.
> Adrian Gropper: +1 To logevity as reason for SSI
>   ... this is an essential core value proposition
> Honest back-channel question, doesn't this just move the
>   assumptions on longevity to the resolution side?
> Which is the real problem with all legacy identifier systems too,
>   when you get down to it
> Kim Hamilton Duffy: I like the problem domain / solution domain
>   idea; I think it would help address my question above
>   (reconciling the too-technical feedback with the
>   not-precise-enough feedback)
> Joe Andrieu:  We have rotation, crypto future proof,
>   organizational end-of-life longevity. These are all attempts to
>   capture the future proofing.
> @Manu right but that means that it assumes the network will
>   continue to run and the government structure won't fall, right?
> Manu Sporny: Yes, correct...
> Christopher Allen:  But they're not specifically called out as
>   future proofing.
> Manu Sporny: @Justin_R, but some of these networks have a more
>   decentralized way of operating... and that's not the /only/
>   benefit.
> Jonathan Holt: I'm curious about the link to the "scantily clad
>   woman", how was that a use-case as I don't see it
> Joe Andrieu:  So we should separate economic from ???
>   sustainability
> @Manu ok, as long as I'm understanding the assumptions behind the
>   claims here
> Joe Andrieu:  Not sure where the link to the scantily clad woman
>   is
>
> https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.70an1a4kg74q
> Manu Sporny:  I deleted it. tried to stop the bleeding.
> Oh ffs really, an image??
> (I missed that one)
> Joe Andrieu:  Want to embrace: that's why we open it up, even if
>   we get crazy stuff. Hopefully we're feeling better about the doc.
> Joe Andrieu: https://github.com/w3c-ccg/did-wg-charter/issues/9
>   ... Issue with the charter itself. Request to put at least one
>   use case in the charter itself.
> Manu Sporny:  Let's chat offline.
> Manu Sporny: @Justin_R, you get more things w/ DIDs... not just
>   the possibility of a more decentralized identifier network or
>   governance structures... other things are key rotation tied to a
>   long lived auditable identifier.
> Moses Ma: Bye everyone
> Joe Andrieu:  Thanks all, we will be quickly iterating.
> Manu Sporny: @Justin_R, so people tend to say "what does the
>   *one* thing DIDs do?" -- and it's not just one thing, it's a
>   combination of things... that because it does that combination of
>   things, certain things are enabled.
> Manu Sporny: @Justin_R, like, you can have key rotation w/ no
>   auditability... and while that's helpful (you can rotate keys),
>   you don't know when people did the rotation, so you can't go back
>   in time and check signatures from 15 years ago (as a hand-wavy
>   example)
>
>
>
>
>
Received on Monday, 18 February 2019 18:12:51 UTC