- From: Brent Shambaugh <brent.shambaugh@gmail.com>
- Date: Sun, 24 Feb 2019 20:21:25 -0600
- To: Kim Hamilton Duffy <kim@learningmachine.com>
- Cc: Brent Zundel <brent.zundel@evernym.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CACvcBVoEpyn_qc3OVg9FSiuwJxifUS_EBF06nVHExt8AbK-cnA@mail.gmail.com>
Yes, yes. It was likely Brent Zundel. -Brent Shambaugh GitHub: https://github.com/bshambaugh Website: http://bshambaugh.org/ LinkedIN: https://www.linkedin.com/in/brent-shambaugh-9b91259 Skype: brent.shambaugh Twitter: https://twitter.com/Brent_Shambaugh WebID: http://bshambaugh.org/foaf.rdf#me On Mon, Feb 18, 2019 at 12:16 PM Kim Hamilton Duffy <kim@learningmachine.com> wrote: > Oh dear...I didn’t notice the alias collision. I’ll update the mapping > file, as you are the likelier Brent > On Mon, Feb 18, 2019 at 10:12 AM Brent Zundel <brent.zundel@evernym.com> > wrote: > >> Gotta say, I like my new moniker. >> >> On Sun, Feb 17, 2019, 18:48 <kim@learningmachine.com> wrote: >> >>> Thanks to Brent Shambaugh for scribing this week! The minutes >>> for this week's Credentials CG telecon are now available: >>> >>> https://w3c-ccg.github.io/meetings/2019-02-12/ >>> >>> Full text of the discussion follows for W3C archival purposes. >>> Audio from the meeting is available as well (link provided below). >>> >>> ---------------------------------------------------------------- >>> Credentials CG Telecon Minutes for 2019-02-12 >>> >>> Agenda: >>> >>> https://lists.w3.org/Archives/Public/public-credentials/2019Feb/0017.html >>> Topics: >>> 1. Introductions >>> 2. announcements >>> 3. Action Items >>> 4. Use Cases >>> Organizer: >>> Joe Andrieu and Kim Hamilton Duffy and Christopher Allen >>> Scribe: >>> Brent Shambaugh >>> Present: >>> Jeff Orgel, Vaughan Emery, Heather Vescent, Bohdan Andriyiv, Kim >>> Hamilton Duffy, Amy Guy, Brent Zundel, Mike Lodder, Joe Andrieu, >>> Markus Sabadello, Adrian Gropper, Brent Shambaugh, Ted Thibodeau, >>> Will Abramson, Ken Ebert, Benjamin Young, Jonathan Holt, >>> Christopher Allen, Andrew Hughes, Ganesh Annan, Dmitri Zagidulin, >>> Yancy Ribbens, Dave Longley, Manu Sporny, Moses Ma >>> Audio: >>> https://w3c-ccg.github.io/meetings/2019-02-12/audio.ogg >>> >>> Kim Hamilton Duffy: Sorry, having problems connecting on sip, >>> trying voice >>> Kim Hamilton Duffy: Well darn, can't dial in either; busy signal >>> :) >>> Kim Hamilton Duffy: I'll keep trying sip >>> Joe Andrieu: I'm having dialin issues too >>> Brent Shambaugh is scribing. >>> Joe Andrieu: Third time the charm >>> Ted Thibodeau: 1000 Blessings on Kim for formatting the agenda in >>> plaintext (so it's readable/usable via the archives link) >>> Kim Hamilton Duffy: Pipe up if you can't connect >>> I connected by phone >>> Kim Hamilton Duffy: Is anyone on IRC having problems connecting? >>> Mike Lodder: No problems using SIP >>> Jeff Orgel: Phone no prob - long ago rarely >>> Jonathan Holt: I'm on the phone just fine today using skype, but >>> in the past i have had issues >>> I'll scribe >>> Brent Shambaugh is scribing. >>> Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/ >>> >>> Topic: Introductions >>> >>> Will Abramson: I'm new, first time properly on the call >>> ... managed to get in this time >>> ... researching at Edinburgh, privacy preserving crypto >>> ... hope to be at RWoT >>> Kim Hamilton Duffy: For re-introductions, Dave Longley >>> Dave Longley: I'm the CTO of Digital Bazaar, we focus on >>> blockchain tech, DIDs, etc >>> >>> Topic: announcements >>> >>> Kim Hamilton Duffy: http://rwot8.eventbrite.com >>> Kim Hamilton Duffy: RWoT in Barcelona >>> Kim Hamilton Duffy: >>> >>> https://github.com/w3c/verifiable-claims/tree/master/f2f/2019-03-Barcelona >>> ... register soon, early bird discount is over, but you can >>> still get a topic paper discount >>> Andrew Hughes: Please register soon if you haven't yet, and >>> please submit papers >>> Joe Andrieu: Want to mention we are past the paper deadline, so >>> get it in. Also, the last day is the 22nd to register before >>> on-site pricing kicks in >>> Kim Hamilton Duffy: https://www.internetidentityworkshop.com >>> Kim Hamilton Duffy: IIW is in May >>> >>> Topic: Action Items >>> >>> Kim Hamilton Duffy: >>> >>> https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 >>> Christopher Allen: The #RebootingWebOfTrust topic papers are >>> listed at https://github.com/WebOfTrustInfo/rwot8-barcelona >>> Joe Andrieu: https://github.com/w3c-ccg/did-spec/pull/168 >>> Kim Hamilton Duffy: Updating ABNF for DIDs, that was originally >>> the topic for today, but we are talking about something else. >>> Joe Andrieu: Dmitry just submitted a PR that everyone should >>> look at >>> Dmitri Zagidulin: Please take a look, we will be adding some >>> more, but we wanted to clarify the confusion between the DID and >>> the DID reference >>> Kim Hamilton Duffy: Action item for all: review that PR >>> Manu Sporny: We have a crypto suite registry that the community >>> manages, I will type something up now >>> Jonathan Holt: ?Link to LD crypto suite >>> Kim Hamilton Duffy: >>> https://github.com/w3c-ccg/community/issues/44 >>> Kim Hamilton Duffy: Address request for clarity and privacy >>> claims for DIDs >>> ... the problem here is that the people who were to be assigned >>> were not taggable, but are now >>> ... the issue is that we claim that DIDs reduce >>> correlatability, but haven't done a lot to talk about that >>> Kim Hamilton Duffy: >>> https://github.com/w3c-ccg/community/issues/43 >>> ... Ryan and Lionel are not here, so no updates on the next one >>> either >>> ... we'll get to that next week >>> Kim Hamilton Duffy: >>> https://github.com/w3c-ccg/community/issues/18 >>> ... next JWK cryptosuite implementation, action item for uPort. >>> ... we wanted someone from uPort to show how to express a JWT >>> with the JWK cryptosuite. >>> Kim Hamilton Duffy: I'm going to try to switch to audio >>> Kim Hamilton Duffy: I mean voice >>> Christopher Allen: I'm not seeing examples of JWTs in DID method >>> specs, could we take this to the next level ? >>> ... what are we missing to take this to the next level? >>> Manu Sporny: The way uPort has approached this is as a wrapper >>> around the information than as a proof format. >>> ... we added RSA2018 signatures in the hopes this would be what >>> they use, but instead they wrap the VC ir DID doc and shove the >>> whole thing in a JWT, rather than using a proof format. >>> ... looks like there's a path forward to using ld proofs with >>> zkps, bitcoin, proof of work >>> ... it is up to the users of JWTs to determine how they will >>> use it in their specs >>> Kim Hamilton Duffy: I am back, let me know if connection is >>> better this time >>> ... action items need some owners >>> ... does anyone have proposals for who can drive the work? >>> Manu Sporny: Oliver has done a great job of engaging. Not >>> volunteering him, but he would be great. >>> >>> Topic: Use Cases >>> >>> Joe Andrieu: https://w3c-ccg.github.io/did-use-cases/ >>> Jonathan Holt: Sound like a loose mic cable >>> Joe Andrieu: https://github.com/w3c-ccg/did-use-cases >>> Kim Hamilton Duffy: Turning over to Joe to run the rest of the >>> meeting. None of my connections are working >>> Joe Andrieu: On to use cases. Thanks to Manu and Amy for their >>> work in cleaning this up >>> ... want to introduce the document then spend time going >>> through the 15 features. >>> ... there are 5 use cases, 4 of which I like. Really want to >>> keep the total to 5. Want readers to get a sense of what we're >>> talking about. >>> ... one of the things we have bumped into in VCWG: are all of >>> our requirements addressed in the use cases >>> ... prepping DID Explainer has contributed here. Start with >>> feature benefit grid, describe the features, and then a coverage >>> grid. >>> ... some of them, I was generous on where they were mentioned. >>> ... Every use case doesn't need all features >>> Joe Andrieu: What does “sustainability” mean? [scribe assist by >>> Andrew Hughes] >>> ... notion on each of these benefits for anti-censorship: can't >>> be shut down, i.e. for whistleblower, teenager >>> ... anti-exploitation: prevent surveillance capitalism >>> Joe Andrieu: OK - I’ll think about possible alternative lablels >>> [scribe assist by Andrew Hughes] >>> ... sustainability: no vendor lock in >>> Joe Andrieu: Yes - thanks - because ‘sustainability’ evokes >>> renewable/cost efficiency etc - which is part [scribe assist by >>> Andrew Hughes] >>> Joe Andrieu: All of this language is new, so we'd like editing >>> ... Going to the queue >>> Justin_R: I'm not familiar with the W3C use case documents, but >>> from an outsider perspective, this reads like a set of solutions >>> without stated problems. Adding requirements may help. >>> Joe Andrieu: Good feeback >>> Manu Sporny: Want to do some level setting. why are we focusing >>> on this? the DID charter proposal went to advisory review. w >>> Heather Vescent: +1 Justin. This does not tell the bigger story, >>> it gets into the technical weeds, >>> ... we gave them a heads up, but the use case doc was an old, >>> unedited google doc. >>> ... they want a ReSpec doc of use cases with some more polish. >>> To be clear, it's more that the document doesn't tell me what >>> problems it's addressing so I don't know if I care about the >>> solutions. >>> ... not sure if leading with the requirements will be the best. >>> Perhaps following the VC use cases approach could work. >>> Heather Vescent: Also, I feel like all the work on the other use >>> case document was pointless. I don't see any of that work >>> reflected in this document. Which was my main concern when we >>> spent all that time way back then doing those. Why did we bother >>> doing all those if they don't funnel into here? >>> ... DIDs are challenging to talk about. Feedback is that use >>> cases haven't been helpful in leading to understanding. >>> Ted Thibodeau: Challenge (problem), solution (DID), application >>> of solution (use case scenario) >>> Heather Vescent: I was promised that back then, those use cases >>> would not be for naught, but it seems that this has happened. >>> Mike Lodder: Talking about cencorship and use cases, we could >>> talk about how in some countries it is not legal to access >>> certain types of data, e.g. GDPR. It may make sense for the DID >>> to split based on what it has access to. Cencorship may not >>> always be a negative. >>> Joe Andrieu: Interesting idea, probably at a different layer >>> than DIDs >>> Mike Lodder: Data access control, services could use cencorship >>> Christopher Allen: Two comments: one of the benefits of this >>> area is there are cryptographic problems such as selective >>> disclosure etc. that haven't been realized yet. >>> ... to the larger question, I want to go even further in >>> reducing use cases. The long-term educational claims use case >>> where you could have claims where keys and parties may change >>> over time, but the signatures don't change, even after 30 years. >>> ... another one: the travel one, crossing borders (we talked >>> about this at TPAC) different parties have different authority >>> over different parts of travel. >>> ... all these different identifier block this in different >>> ways. DIDs help unblock this. >>> ... less is more. The use cases are interesting, but we should >>> lead with what is driving adoption now. >>> Joe Andrieu: One challenge with these use cases is that they >>> bleed into VC use cases. >>> Dave Longley: Sounds like "using a Verifiable Credential" is a >>> use case itself >>> ... enabled by a DID, but more focused on VCs. >>> ... we need to point out what DIDs uniquely make possible >>> Jonathan Holt: My issue isn't with use cases, but with the >>> charter. >>> ... Is DID specific to W3C community, action items, or credo? >>> ... so much of the DID happens in the realm of data >>> democritization and self-sovreignty. Concerned that the W3C will >>> end up being a members only club. >>> Manu Sporny: You raise a good point, we need to address that as >>> the WG takes form. >>> Dave Longley: Protect >>> Joe Andrieu: +1 To positive language >>> ... back to use cases, the language should be more positive, >>> e.g. censorhip-resistant over anti-cencorship. >>> ... want to underscore what Chris said. When we talk about DID >>> use cases we go high level, these are verifiable credentials. >>> ... the W3C AC is very well versed in focused charters. Hard >>> for them to link how this new identifier enables the high level >>> use cases. >>> ... need some glue in there now, otherwise it won't go well >>> with AC. >>> ... need to focus on use cases that only DID specific >>> ... have an identifier with cryptographic control, service >>> discovery, and auditability of key rotations. >>> ... this will help the AC focus on that DIDs enable that other >>> things don't >>> Bohdan Andriyiv: Want to draw attention to longevity of DIDs. >>> What differentiates DIDs from other identifiers is lifelong >>> characteristic of DIDs. >>> ... high stakes cooperation. Democracy, decentralized >>> government. Should have a use case for high-stakes long term >>> cooperation. >>> Joe Andrieu: One thing that would greatly improve that use case >>> is if the description outlines what actions the individuals would >>> take. >>> Kim Hamilton Duffy: I'm having a hard time reconciling the >>> feedback when I look at the EDU use case. On the one hand, I'm >>> hearing the use cases are too technical; on the other I'm hearing >>> they doesn't spell out the details enough. It would be helpful to >>> discuss specifics of 1 use case >>> ... the individual interactions that drive the scenario would >>> be useful >>> Adrian Gropper: I think the very important reason to do the use >>> cases, is the business case for self-sovereign identity. >>> ... the adoption model should answer the question: what should >>> the issuer, holder and verifier have to do about DIDs. >>> Kim Hamilton Duffy: Here's a different angle: of the use cases, >>> which one is closest to a "good" one by AC standards. What is it >>> lacking to make it better? >>> ... if we focus the use cases on service discover etc. we will >>> miss the business case. >>> Manu Sporny: https://w3c.github.io/vc-use-cases/ >>> Joe Andrieu: One of the things we have in the VC use cases >>> document. We have the mechanistic use cases about what the >>> individual entity can do, not the high level narrative. >>> Manu Sporny: We called them User Roles, User Needs, and User >>> Tasks... I think it was very useful. >>> ... I think the pattern we have in the other document is >>> useful: problem domain and solution domain >>> Joe Andrieu: We have these 15 features, tried to break them down >>> into what they provide as key benefits >>> ... sensitive to need to phrase them more positively, but is >>> anything missing? >>> Christopher Allen: Keep on coming back to future proofing. Use >>> of identifiers in the past hasn't addressed this problem. >>> ... this isn't acceptable today. We're enabling new methods of >>> support for longevity and future proofing. >>> Adrian Gropper: +1 To logevity as reason for SSI >>> ... this is an essential core value proposition >>> Honest back-channel question, doesn't this just move the >>> assumptions on longevity to the resolution side? >>> Which is the real problem with all legacy identifier systems too, >>> when you get down to it >>> Kim Hamilton Duffy: I like the problem domain / solution domain >>> idea; I think it would help address my question above >>> (reconciling the too-technical feedback with the >>> not-precise-enough feedback) >>> Joe Andrieu: We have rotation, crypto future proof, >>> organizational end-of-life longevity. These are all attempts to >>> capture the future proofing. >>> @Manu right but that means that it assumes the network will >>> continue to run and the government structure won't fall, right? >>> Manu Sporny: Yes, correct... >>> Christopher Allen: But they're not specifically called out as >>> future proofing. >>> Manu Sporny: @Justin_R, but some of these networks have a more >>> decentralized way of operating... and that's not the /only/ >>> benefit. >>> Jonathan Holt: I'm curious about the link to the "scantily clad >>> woman", how was that a use-case as I don't see it >>> Joe Andrieu: So we should separate economic from ??? >>> sustainability >>> @Manu ok, as long as I'm understanding the assumptions behind the >>> claims here >>> Joe Andrieu: Not sure where the link to the scantily clad woman >>> is >>> >>> https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit#heading=h.70an1a4kg74q >>> Manu Sporny: I deleted it. tried to stop the bleeding. >>> Oh ffs really, an image?? >>> (I missed that one) >>> Joe Andrieu: Want to embrace: that's why we open it up, even if >>> we get crazy stuff. Hopefully we're feeling better about the doc. >>> Joe Andrieu: https://github.com/w3c-ccg/did-wg-charter/issues/9 >>> ... Issue with the charter itself. Request to put at least one >>> use case in the charter itself. >>> Manu Sporny: Let's chat offline. >>> Manu Sporny: @Justin_R, you get more things w/ DIDs... not just >>> the possibility of a more decentralized identifier network or >>> governance structures... other things are key rotation tied to a >>> long lived auditable identifier. >>> Moses Ma: Bye everyone >>> Joe Andrieu: Thanks all, we will be quickly iterating. >>> Manu Sporny: @Justin_R, so people tend to say "what does the >>> *one* thing DIDs do?" -- and it's not just one thing, it's a >>> combination of things... that because it does that combination of >>> things, certain things are enabled. >>> Manu Sporny: @Justin_R, like, you can have key rotation w/ no >>> auditability... and while that's helpful (you can rotate keys), >>> you don't know when people did the rotation, so you can't go back >>> in time and check signatures from 15 years ago (as a hand-wavy >>> example) >>> >>> >>> >>> >>> -- > Kim Hamilton Duffy > CTO & Principal Architect Learning Machine > Co-chair W3C Credentials Community Group > > kim@learningmachine.com >
Received on Monday, 25 February 2019 02:22:11 UTC