Re: [MINUTES] W3C Credentials CG Call - 2019-02-12 12pm ET from Kim Hamilton Duffy on 2019-02-18 (public-credentials@w3.org from February 2019)

From: Kim Hamilton Duffy <kim@learningmachine.com>
Date: Mon, 18 Feb 2019 10:15:11 -0800
To: Brent Zundel <brent.zundel@evernym.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAB=TY84pjEUcORpQHTiJJsg3LSvDEPTzEjHK_jHZWcAq7Fq3Ww@mail.gmail.com>
Oh dear...I didn’t notice the alias collision. I’ll update the mapping
file, as you are the likelier Brent
On Mon, Feb 18, 2019 at 10:12 AM Brent Zundel <brent.zundel@evernym.com>
wrote:

> Gotta say, I like my new moniker.
>
> On Sun, Feb 17, 2019, 18:48 <kim@learningmachine.com> wrote:
>
>> Thanks to Brent Shambaugh for scribing this week! The minutes
>> for this week's Credentials CG telecon are now available:
>>
>> https://w3c-ccg.github.io/meetings/2019-02-12/
>>
>> Full text of the discussion follows for W3C archival purposes.
>> Audio from the meeting is available as well (link provided below).
>>
>> ----------------------------------------------------------------
>> Credentials CG Telecon Minutes for 2019-02-12
>>
>> Agenda:
>>
>> https://lists.w3.org/Archives/Public/public-credentials/2019Feb/0017.html
>> Topics:
>>   1. Introductions
>>   2. announcements
>>   3. Action Items
>>   4. Use Cases
>> Organizer:
>>   Joe Andrieu and Kim Hamilton Duffy and Christopher Allen
>> Scribe:
>>   Brent Shambaugh
>> Present:
>>   Jeff Orgel, Vaughan Emery, Heather Vescent, Bohdan Andriyiv, Kim
>>   Hamilton Duffy, Amy Guy, Brent Zundel, Mike Lodder, Joe Andrieu,
>>   Markus Sabadello, Adrian Gropper, Brent Shambaugh, Ted Thibodeau,
>>   Will Abramson, Ken Ebert, Benjamin Young, Jonathan Holt,
>>   Christopher Allen, Andrew Hughes, Ganesh Annan, Dmitri Zagidulin,
>>   Yancy Ribbens, Dave Longley, Manu Sporny, Moses Ma
>> Audio:
>>   https://w3c-ccg.github.io/meetings/2019-02-12/audio.ogg
>>
>> Kim Hamilton Duffy: Sorry, having problems connecting on sip,
>>   trying voice
>> Kim Hamilton Duffy: Well darn, can't dial in either; busy signal
>>   :)
>> Kim Hamilton Duffy: I'll keep trying sip
>> Joe Andrieu: I'm having dialin issues too
>> Brent Shambaugh is scribing.
>> Joe Andrieu: Third time the charm
>> Ted Thibodeau: 1000 Blessings on Kim for formatting the agenda in
>>   plaintext (so it's readable/usable via the archives link)
>> Kim Hamilton Duffy: Pipe up if you can't connect
>> I connected by phone
>> Kim Hamilton Duffy: Is anyone on IRC having problems connecting?
>> Mike Lodder: No problems using SIP
>> Jeff Orgel: Phone no prob - long ago rarely
>> Jonathan Holt: I'm on the phone just fine today using skype, but
>>   in the past i have had issues
>> I'll scribe
>> Brent Shambaugh is scribing.
>> Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
>>
>> Topic: Introductions
>>
>> Will Abramson:  I'm new, first time properly on the call
>>   ... managed to get in this time
>>   ... researching at Edinburgh, privacy preserving crypto
>>   ... hope to be at RWoT
>> Kim Hamilton Duffy:  For re-introductions, Dave Longley
>> Dave Longley:  I'm the CTO of Digital Bazaar, we focus on
>>   blockchain tech, DIDs, etc
>>
>> Topic: announcements
>>
>> Kim Hamilton Duffy: http://rwot8.eventbrite.com
>> Kim Hamilton Duffy:  RWoT in Barcelona
>> Kim Hamilton Duffy:
>>
>> https://github.com/w3c/verifiable-claims/tree/master/f2f/2019-03-Barcelona
>>   ... register soon, early bird discount is over, but you can
>>   still get a topic paper discount
>> Andrew Hughes:  Please register soon if you haven't yet, and
>>   please submit papers
>> Joe Andrieu:  Want to mention we are past the paper deadline, so
>>   get it in. Also, the last day is the 22nd to register before
>>   on-site pricing kicks in
>> Kim Hamilton Duffy: https://www.internetidentityworkshop.com
>> Kim Hamilton Duffy:  IIW is in May
>>
>> Topic: Action Items
>>
>> Kim Hamilton Duffy:
>>
>> https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
>> Christopher Allen: The #RebootingWebOfTrust topic papers are
>>   listed at https://github.com/WebOfTrustInfo/rwot8-barcelona
>> Joe Andrieu: https://github.com/w3c-ccg/did-spec/pull/168
>> Kim Hamilton Duffy:  Updating ABNF for DIDs, that was originally
>>   the topic for today, but we are talking about  something else.
>> Joe Andrieu:  Dmitry just submitted a PR that everyone should
>>   look at
>> Dmitri Zagidulin:  Please take a look, we will be adding some
>>   more, but we wanted to clarify the confusion between the DID and
>>   the DID reference
>> Kim Hamilton Duffy:  Action item for all: review that PR
>> Manu Sporny:  We have a crypto suite registry that the community
>>   manages, I will type something up now
>> Jonathan Holt: ?Link to LD crypto suite
>> Kim Hamilton Duffy:
>>   https://github.com/w3c-ccg/community/issues/44
>> Kim Hamilton Duffy:  Address request for clarity and privacy
>>   claims for DIDs
>>   ... the problem here is that the people who were to be assigned
>>   were not taggable, but are now
>>   ... the issue is that we claim that DIDs reduce
>>   correlatability, but haven't done a lot to talk about that
>> Kim Hamilton Duffy:
>>   https://github.com/w3c-ccg/community/issues/43
>>   ... Ryan and Lionel are not here, so no updates on the next one
>>   either
>>   ... we'll get to that next week
>> Kim Hamilton Duffy:
>>   https://github.com/w3c-ccg/community/issues/18
>>   ... next JWK cryptosuite implementation, action item for uPort.
>>   ... we wanted someone from uPort to show how to express a JWT
>>   with the JWK cryptosuite.
>> Kim Hamilton Duffy: I'm going to try to switch to audio
>> Kim Hamilton Duffy: I mean voice
>> Christopher Allen:  I'm not seeing examples of JWTs in DID method
>>   specs, could we take this to the next level ?
>>   ... what are we missing to take this to the next level?
>> Manu Sporny:  The way uPort has approached this is as a wrapper
>>   around the information than as a proof format.
>>   ... we added RSA2018 signatures in the hopes this would be what
>>   they use, but instead they wrap the VC ir DID doc and shove the
>>   whole thing in a JWT, rather than using a proof format.
>>   ... looks like there's a path forward to using ld proofs with
>>   zkps, bitcoin, proof of work
>>   ... it is up to the users of JWTs to determine how they will
>>   use it in their specs
>> Kim Hamilton Duffy:  I am back, let me know if connection is
>>   better this time
>>   ... action items need some owners
>>   ... does anyone have proposals for who can drive the work?
>> Manu Sporny:  Oliver has done a great job of engaging. Not
>>   volunteering him, but he would be great.
>>
>> Topic: Use Cases
>>
>> Joe Andrieu: https://w3c-ccg.github.io/did-use-cases/
>> Jonathan Holt: Sound like a loose mic cable
>> Joe Andrieu: https://github.com/w3c-ccg/did-use-cases
>> Kim Hamilton Duffy: Turning over to Joe to run the rest of the
>>   meeting. None of my connections are working
>> Joe Andrieu:  On to use cases. Thanks to Manu and Amy for their
>>   work in cleaning this up
>>   ... want to introduce the document then spend time going
>>   through the 15 features.
>>   ... there are 5 use cases, 4 of which I like. Really want to
>>   keep the total to 5. Want readers to get a sense of what we're
>>   talking about.
>>   ... one of the things we have bumped into in VCWG: are all of
>>   our requirements addressed in the use cases
>>   ... prepping DID Explainer has contributed here. Start with
>>   feature benefit grid, describe the features, and then a coverage
>>   grid.
>>   ... some of them, I was generous on where they were mentioned.
>>   ... Every use case doesn't need all features
>> Joe Andrieu:  What does “sustainability” mean? [scribe assist by
>>   Andrew Hughes]
>>   ... notion on each of these benefits for anti-censorship: can't
>>   be shut down, i.e. for whistleblower, teenager
>>   ... anti-exploitation:  prevent surveillance capitalism
>> Joe Andrieu:  OK - I’ll think about possible alternative lablels
>>   [scribe assist by Andrew Hughes]
>>   ... sustainability: no vendor lock in
>> Joe Andrieu:  Yes - thanks - because ‘sustainability’ evokes
>>   renewable/cost efficiency etc - which is part [scribe assist by
>>   Andrew Hughes]
>> Joe Andrieu:  All of this language is new, so we'd like editing
>>   ... Going to the queue
>> Justin_R: I'm not familiar with the W3C use case documents, but
>>   from an outsider perspective, this reads like a set of solutions
>>   without stated problems. Adding requirements may help.
>> Joe Andrieu:  Good feeback
>> Manu Sporny:  Want to do some level setting. why are we focusing
>>   on this? the DID charter proposal went to advisory review. w
>> Heather Vescent: +1 Justin. This does not tell the bigger story,
>>   it gets into the technical weeds,
>>   ... we gave them a heads up, but the use case doc was an old,
>>   unedited google doc.
>>   ... they want a ReSpec doc of use cases with some more polish.
>> To be clear, it's more that the document doesn't tell me what
>>   problems it's addressing so I don't know if I care about the
>>   solutions.
>>   ... not sure if leading with the requirements will be the best.
>>   Perhaps following the VC use cases approach could work.
>> Heather Vescent: Also, I feel like all the work on the other use
>>   case document was pointless. I don't see any of that work
>>   reflected in this document. Which was my main concern when we
>>   spent all that time way back then doing those. Why did we bother
>>   doing all those if they don't funnel into here?
>>   ... DIDs are challenging to talk about. Feedback is that use
>>   cases haven't been helpful in leading to understanding.
>> Ted Thibodeau: Challenge (problem), solution (DID), application
>>   of solution (use case scenario)
>> Heather Vescent: I was promised that back then, those use cases
>>   would not be for naught, but it seems that this has happened.
>> Mike Lodder:  Talking about cencorship and use cases, we could
>>   talk about how in some countries it is not legal to access
>>   certain types of data, e.g. GDPR. It may make sense for the DID
>>   to split based on what it has access to. Cencorship may not
>>   always be a negative.
>> Joe Andrieu:  Interesting idea, probably at a different layer
>>   than DIDs
>> Mike Lodder:  Data access control, services could use cencorship
>> Christopher Allen:  Two comments: one of the benefits of this
>>   area is there are cryptographic problems such as selective
>>   disclosure etc. that haven't been realized yet.
>>   ... to the larger question, I want to go even further in
>>   reducing use cases. The long-term educational claims use case
>>   where you could have claims where keys and parties may change
>>   over time, but the signatures don't change, even after 30 years.
>>   ... another one: the travel one, crossing borders (we talked
>>   about this at TPAC) different parties have different authority
>>   over different parts of travel.
>>   ... all these different identifier block this in different
>>   ways. DIDs help unblock this.
>>   ... less is more. The use cases are interesting, but we should
>>   lead with what is driving adoption now.
>> Joe Andrieu:  One challenge with these use cases is that they
>>   bleed into VC use cases.
>> Dave Longley: Sounds like "using a Verifiable Credential" is a
>>   use case itself
>>   ... enabled by a DID, but more focused on VCs.
>>   ... we need to point out what DIDs uniquely make possible
>> Jonathan Holt:  My issue isn't with use cases, but with the
>>   charter.
>>   ... Is DID specific to W3C community, action items, or credo?
>>   ... so much of the DID happens in the realm of data
>>   democritization and self-sovreignty. Concerned that the W3C will
>>   end up being a members only club.
>> Manu Sporny:  You raise a good point, we need to address that as
>>   the WG takes form.
>> Dave Longley: Protect
>> Joe Andrieu: +1 To positive language
>>   ... back to use cases, the language should be more positive,
>>   e.g. censorhip-resistant over anti-cencorship.
>>   ... want to underscore what Chris said. When we talk about DID
>>   use cases we go high level, these are verifiable credentials.
>>   ... the W3C AC is very well versed in focused charters. Hard
>>   for them to link how this new identifier enables the high level
>>   use cases.
>>   ... need some glue in there now, otherwise it won't go well
>>   with AC.
>>   ... need to focus on use cases that only DID specific
>>   ... have an identifier with cryptographic control, service
>>   discovery, and auditability of key rotations.
>>   ... this will help the AC focus on that DIDs enable that other
>>   things don't
>> Bohdan Andriyiv:  Want to draw attention to longevity of DIDs.
>>   What differentiates DIDs from other identifiers is lifelong
>>   characteristic of DIDs.
>>   ... high stakes cooperation. Democracy, decentralized
>>   government. Should have a use case for high-stakes long term
>>   cooperation.
>> Joe Andrieu:  One thing that would greatly improve that use case
>>   is if the description outlines what actions the individuals would
>>   take.
>> Kim Hamilton Duffy: I'm having a hard time reconciling the
>>   feedback when I look at the EDU use case. On the one hand, I'm
>>   hearing the use cases are too technical; on the other I'm hearing
>>   they doesn't spell out the details enough. It would be helpful to
>>   discuss specifics of 1 use case
>>   ... the individual interactions that drive the scenario would
>>   be useful
>> Adrian Gropper:  I think the very important reason to do the use
>>   cases, is the business case for self-sovereign identity.
>>   ... the adoption model should answer the question: what should
>>   the issuer, holder and verifier have to do about DIDs.
>> Kim Hamilton Duffy: Here's a different angle: of the use cases,
>>   which one is closest to a "good" one by AC standards. What is it
>>   lacking to make it better?
>>   ... if we focus the use cases on service discover etc. we will
>>   miss the business case.
>> Manu Sporny: https://w3c.github.io/vc-use-cases/
>> Joe Andrieu:  One of the things we have in the VC use cases
>>   document. We have the mechanistic use cases about what the
>>   individual entity can do, not the high level narrative.
>> Manu Sporny: We called them User Roles, User Needs, and User
>>   Tasks... I think it was very useful.
>>   ... I think the pattern we have in the other document is
>>   useful: problem domain and solution domain
>> Joe Andrieu:  We have these 15 features, tried to break them down
>>   into what they provide as key benefits
>>   ... sensitive to need to phrase them more positively, but is
>>   anything missing?
>> Christopher Allen:  Keep on coming back to future proofing. Use
>>   of identifiers in the past hasn't addressed this problem.
>>   ... this isn't acceptable today. We're enabling new methods of
>>   support for longevity and future proofing.
>> Adrian Gropper: +1 To logevity as reason for SSI
>>   ... this is an essential core value proposition
>> Honest back-channel question, doesn't this just move the
>>   assumptions on longevity to the resolution side?
>> Which is the real problem with all legacy identifier systems too,
>>   when you get down to it
>> Kim Hamilton Duffy: I like the problem domain / solution domain
>>   idea; I think it would help address my question above
>>   (reconciling the too-technical feedback with the
>>   not-precise-enough feedback)
>> Joe Andrieu:  We have rotation, crypto future proof,
>>   organizational end-of-life longevity. These are all attempts to
>>   capture the future proofing.
>> @Manu right but that means that it assumes the network will
>>   continue to run and the government structure won't fall, right?
>> Manu Sporny: Yes, correct...
>> Christopher Allen:  But they're not specifically called out as
>>   future proofing.
>> Manu Sporny: @Justin_R, but some of these networks have a more
>>   decentralized way of operating... and that's not the /only/
>>   benefit.
>> Jonathan Holt: I'm curious about the link to the "scantily clad
>>   woman", how was that a use-case as I don't see it
>> Joe Andrieu:  So we should separate economic from ???
>>   sustainability
>> @Manu ok, as long as I'm understanding the assumptions behind the
>>   claims here
>> Joe Andrieu:  Not sure where the link to the scantily clad woman
>>   is
>>
>> https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.70an1a4kg74q
>> Manu Sporny:  I deleted it. tried to stop the bleeding.
>> Oh ffs really, an image??
>> (I missed that one)
>> Joe Andrieu:  Want to embrace: that's why we open it up, even if
>>   we get crazy stuff. Hopefully we're feeling better about the doc.
>> Joe Andrieu: https://github.com/w3c-ccg/did-wg-charter/issues/9
>>   ... Issue with the charter itself. Request to put at least one
>>   use case in the charter itself.
>> Manu Sporny:  Let's chat offline.
>> Manu Sporny: @Justin_R, you get more things w/ DIDs... not just
>>   the possibility of a more decentralized identifier network or
>>   governance structures... other things are key rotation tied to a
>>   long lived auditable identifier.
>> Moses Ma: Bye everyone
>> Joe Andrieu:  Thanks all, we will be quickly iterating.
>> Manu Sporny: @Justin_R, so people tend to say "what does the
>>   *one* thing DIDs do?" -- and it's not just one thing, it's a
>>   combination of things... that because it does that combination of
>>   things, certain things are enabled.
>> Manu Sporny: @Justin_R, like, you can have key rotation w/ no
>>   auditability... and while that's helpful (you can rotate keys),
>>   you don't know when people did the rotation, so you can't go back
>>   in time and check signatures from 15 years ago (as a hand-wavy
>>   example)
>>
>>
>>
>>
>> --
Kim Hamilton Duffy
CTO & Principal Architect Learning Machine
Co-chair W3C Credentials Community Group

kim@learningmachine.com
Received on Monday, 18 February 2019 18:15:46 UTC