[MINUTES] W3C Credentials CG Call - 2019-03-12 12pm ET

Thanks to Dmitri Zagidulin for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-03-12/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-03-12

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2019Mar/0016.html
Topics:
  1. Introductions and Reintroductions
  2. Annoucements and reminders
  3. Action Items
  4. RWOT8 Report Out
Organizer:
  Joe Andrieu and Christopher Allen and Kim Hamilton Duffy
Scribe:
  Dmitri Zagidulin
Present:
  Christopher Allen, Moses Ma, Jonathan Holt, Vaughan Emery, Dmitri 
  Zagidulin, Dan Burnett, Will Abramson, Jeff Orgel, Bohdan 
  Andriyiv, Ken Ebert, Dave Longley, Kim Hamilton Duffy, Lionel 
  Wolberger, Lucas Parker, Markus Sabadello, Drummond Reed, Manu 
  Sporny, Ganesh Annan, Joe Andrieu, Brent Shambaugh, Heather 
  Vescent, Samantha Mathews Chase
Audio:
  https://w3c-ccg.github.io/meetings/2019-03-12/audio.ogg

Christopher Allen: @Manu The dialin gateway isn't working.
Moses Ma: I am in via dial in
Dial-in worked for me
Vaughan Emery: Present +
Christopher Allen: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Mar/0016.html
Dmitri Zagidulin is scribing.

Topic: Introductions and Reintroductions

Jonathan Holt:  I'm jonathan holt, work closely with jonnycrunch
Kim Hamilton Duffy:  [Editorial] previous statement is first 
  recorded instance of double-occupancy paradox
Christopher Allen:  Dan, you're next on the re-intro list
Dan Burnett:  Ok, so, I am one of the co-chairs of the Verifiable 
  Claims WG, which is working on the Verifiable /Credentials/ data 
  model spec
Lionel Wolberger: Need a scribe?
  … I love the idea of working on identity-related problems 
  without identity, using credentials
  … I had my own consulting co, and last year joined Consensys 
  full time

Topic: Annoucements and reminders

  … next coming up, IIW, Apr 30-May 2nd in Mountain View CA
Christopher Allen: https://www.internetidentityworkshop.com
  … any other announcements for f2f or anything else?
Kim Hamilton Duffy:  I'm not on irc yet. but I want to mention 
  the Know Conference in Las Vegas

Topic: Action Items

Joe Andrieu: https://vegas.knowconf.com/
Christopher Allen: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
  … been a couple of weeks since we met last, so this may be out 
  of date
  … we use our github community repo to manage issues and plan 
  for our events
  … so that's the list of action items for review
  … updating ABNF for DIDs. some of that discussion took place at 
  Rebooting, but obv. did not involve the whole community, so any 
  suggestions from there will definitely be discusses on here or on 
  some other public forum
  … or we'll schedule a dedicated meeting on it again
  … Linked Data Key Format Registry administrivia - Kim?
Kim Hamilton Duffy:  I think I ended up tagging manu on that?
Christopher Allen:  Manu had commented 28 days ago that we /had/ 
  a registry, but we need to extend it to mention the key format
Manu Sporny:  Now is probably not the right time to have this 
  discussion, but I'll take on that task. No eta to when I'll get 
  around
Dmitri Zagidulin:  I'm happy to take that item as well
Christopher Allen:  Ok, I'm adding dmitri and manu to that item
Joe Andrieu:  Regarding ABNF - there were some questions and 
  comments brought up by mhermann about it,
  … so I want to invite Drummond to comment
Drummond Reed:  <Struggle with the mute button is real>
  … I've shared several PMs with mhermann, I think there was a 
  misunderstanding with regards to what we were trying to do there
  … which was to have a discussion and brainstorm, and then bring 
  it to the CCG
  … nobody is trying to hide it or run around the CCG
  … anyways, to complete an actual proposal / draft spec, we'll 
  need several more calls dedicated to the topic
  … so that's my report. we made a little bit of progress, but 
  much discussion needs to still happen on calls
Mhermann: I think there was some poor communication; drummond and 
  I have discussed it
  … I'd like to advocate a process that starts with DID URL use 
  cases, and use that to drive the ABNF grammar discussion
  … whereas we're trying to do it the other way around
  … I suggested a couple of initial DID URL use cases
Christopher Allen:  I want to encourage you guys to take this to 
  dedicated meetings.
  … the chairs were a little concerned about dedicating more 
  meetings of the main group to it
  … we certainly would love to hear you report back, about the 
  various challenges and solutions
Jonathan Holt:  Just to distinguish between ABNF rules for the 
  "naked did" vs the DID URL spec
  … keeping the distinction separate might be helpful.
  … plus there's the struggle with each DID method having its own 
  specialized ABNF
Ken Ebert:  One of the usecases was my own, which was the need 
  for immutable data references
  … so it is definitely usecase driven
Manu Sporny:  Just to underscore the usecase driven thing that 
  ken and michael mentioned,
Manu Sporny: Collected use cases for DID ABNF from RWoT8: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/did-spec-refinement.md#feature-refinement
  … we did collect a number of usecases for the DID abnf from 
  Rebooting 8
Joe Andrieu: +1 To use cases. Please get them to me either by PR 
  or email for the use case document
Drummond Reed: I would be happy to help organize some dedicated 
  DID spec meetings—I think we will need a few to close on the 
  Community Final Draft of the DID spec. We've held them before on 
  Thursdays. I'll send an email to the CCG list proposing a time.
  … so if you go that link, there's a number of cases, and Ken 
  and Drummond chased down a number of other people who had use 
  cases with regards to service urls, etc
  … so, we're definitely taking the use case driven approach even 
  now
Manu Sporny: https://github.com/w3c-ccg/did-resolution/issues/32
Mhermann: I'd like to ask people to look at issue 32 on the DID 
  resolution spec
Christopher Allen:  I'd like to encourage again to take this 
  discussion to dedicated calls, and report back
  … finally, we had the Security Model and Threats discussion, 
  with Ryan and .. ?
  … Ryan, are you here today? no, traveling. we'll skip this for 
  now
  … so that's it for the Review Next section this week
  … we'll pick a different set next week
Christopher Allen:  Next agenda item: New Work Item process
  … because of Rebooting, and the new year, we have a variety fo 
  potential new work items
  … that we'll need to approve and process over the next year
  … this is a rough draft, we're still working on final details 
  to propose to everybody
  … re manu's proposal on the verifiable credentials registry 
  stuff
  … manu (possibly matt?) made a proposal to the mailing list 
  with regards to a registry repo
Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2019Mar/0010.html
Christopher Allen:  We've created a template in the repo for 
  templates for new Work Items for the CCG
Manu Sporny: Proposal for registries from Dan Burnett ^^^
  … so, if you want to create a new item, please use the template
  … <some description of the template>
  … it's automatically tagged as a work item (that template), 
  which allows us to schedule a call automatically for it
  … we'll have a discussion, then we send a notification to the 
  list, and if there's no objection, it becomes an official Work 
  Item
  … this is involved, but necessary
  … helps us keep track of who is responsible, whether there is 
  critical mass, etc
Jonathan Holt:  How does the idea of these registries scale?
  … for example, semantic interop for Credentials for a Bachelors 
  Degree
  … how are the expansions going to be handled - just by the 
  registry? the community, or what
Christopher Allen:  I absolutely believe there's a role for 
  Schemas, as a work item for the CG
  … I'm not sure if that's exactly a registry
  … but it's a good question
Joe Andrieu:  Somewhere, we have a registry that can link to 
  external work
  … I share your concerns about scalability
  … Also: we have far too many Work Items than we've been able to 
  facilitate
  … all these projects need leads, and we'll start holding the 
  leads accountable (including myself)
  … to make sure they're moving forward (or taking them off the 
  list)
  … our near-term focus is - chartering the DID Working Group
  … I'm concerned about our workload. We need people to step up 
  and help us with these
Dan Burnett:  So, this is a bit of a surprise; I sent an email 
  requesting the registry work. Do I also need to fill out this 
  Work Item form?
Christopher Allen:  Yes. it should be straightforward though, in 
  your case
Dan Burnett:  Ok, the other thing I wanted to say — you mentioned 
  the focus on the DID WG. I want to point out that the VC WG was 
  also spun out of this CG.
  … and that's also a crucial component. And this CG needs that 
  work completed /before/ the DID work
Manu Sporny: +1 - VC Registry is critical.
Drummond Reed: +1
  … so I want to make sure we finish the existing WG work first
Justin_R: what does it mean to have a data item or a schema to 
  /not/ be in the registry?
  … does that mean the Universal Resolver will refuse to 
  acknowledge it? Will there be name collisions?
  … what does the registry actually get us? (in terms of 
  formality, interop, community agreement)
  … how much can I ignore it, as an implementer?
Manu Sporny:  Just to answer that directly, Justin
  … cause there are variations on that question that keep coming 
  up, about the registries
  … right now, they're meant to be human-readable only. A place 
  that implementors can go to, to find out all the work that's 
  happening in the area
  … to go, "Oh, so this has been expanded in XYZ ways, etc"
  … there are no penalties for not being in the registry. it's a 
  voluntary thing
  … there should not be any kind of fights over what goes into 
  the registry. it's meant to be a low bar
  … to speak to jonathan's question - with respect to the 
  credentials registry
  … if it's a market vertical specific thing, we expect that 
  discussion to happen in the specific vertical group
Dan Burnett: Registry has same use as MIME type registry - avoid 
  namespace collisions and encourage documentation of claimed 
  registry values
  … we expect that work to happen elsewhere. and if those 
  communities want to put their stuff into the registry, we can do 
  that
  … anyways, these registries are lightweight, human readable, 
  ignoreable.
Joe Andrieu:  To build on that a little bit
  … manu didn't mention namespacing, but they are there to deal 
  with name collision issue
  … who is taking lead for helping us find consensus on registry 
  issues?
  … for example, there are currently arguments about the HTTPS 
  did method proposal
Dan Burnett: Thanks Joe
  … who is going to help resolve that? (hopefully it doesn't end 
  up in the CG)
  … also, what's the scope? it's one Work Item for all of them, 
  or 5 different items?
Christopher Allen:  +1 To the above comments
  … at some point, we may want to add a field to the registries, 
  the Conformance Level
  … anybody can do a DID method, just like with Verifiable 
  Credentials, but when it comes to lists of conforming 
  implementations, there should be a higher bar to entry
  … so, right now, there is no conformance test for DID methods, 
  everyone is preliminary. as the spec advances, we may add higher 
  criteria, more restrictive
  … but that's down the line, it'll evolve
Manu Sporny:  Noting that the VC Registry (whatever we'll end up 
  calling it) is critical for the WG's spec to make progress
Dan Burnett: Grrrr
  … we need to do it asap. Dan, would you mind taking the lead? 
  Dan: grrrr
  … or somebody else needs to volunteer
Dan Burnett:  My plan was to send an email to the VCWG list, to 
  ask for a volunteer
Heather Vescent: Chris' line is really choppy

Topic: RWOT8 Report Out

Christopher Allen: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/README.md
Christopher Allen:  Next agenda item, Discussion about Rebooting 
  the Web of Trust
  … there are 25 items that came out of that event. We're not 
  saying that any of these need to advance in any way to this group
  … I know there was some suggestion that - these items should 
  move on to the CG, so I wanted to give people a chance to report 
  out
Dan Burnett: Christopher, your line alternates between fine and 
  choppy on about a one minute cycle
  … so, I'd like that (preferably short) discussion to happen
Manu Sporny:  There are two things that happened around Rebooting
Manu Sporny: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/w3c-identity-workshop-report.md
  … one of them is - the W3C Strong Authn and Identity Workshop 
  report was published right before rebooting
  … highly recommend it, it's useful. the most important item was
Manu Sporny: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/w3c-identity-workshop-report.md#52-decentralized-identifiers-and-verifiable-credentials
  … the one around DIDs and VCs
  … as all of you know, there's advanced notice for a charter, in 
  process, for a DID WG
  … a number of us got together at rebooting, and worked on a 
  large list of items on the DID spec
  … with /huge/ thanks to Amy Guy (rhiaro) who processed and 
  closed 23 issues on the DID spec
Manu Sporny: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/did-spec-refinement.md
  … for those that want a summary of what we worked on, there is 
  a report-out (link above)
Drummond Reed: MASSIVE KUDOS to Amy!
Drummond Reed: She was a superstar
  … it explains what's going on at W3C, the items coming up, etc
  … most of the issues were editorial / improvements to 
  readability
  … but we brought up some new discussion features
  … so, go read the link.
Christopher Allen:  Manu, are there any particular plans for 
  follow-up side-group discussions on this?
  … how do people continue participating?
Manu Sporny:  Next steps are - Drummond and Ken are working on a 
  paper (I'll let them speak to that)
  … Amy and I are going to continue issue triage, we didn't have 
  enough time at rebooting, so we'll keep going on the editorial 
  stuff
  … I don't think there are any separate calls scheduled? until 
  we see a need
Drummond Reed:  I agree with manu, I don't think we need a call 
  on any of the editorial stuff
  … I've been talking to Markus about the regular DID Resolution 
  calls
  … maybe we can have back-to-back calls with that, talking about 
  ABNF and related topics
  … and hopefully we can have it all join into the Final 
  Community Group Report
Drummond Reed: "Final Community Group Report" <== that's our goal
Christopher Allen:  Anybody else, with regards to rebooting?
  … I'm going to briefly add one of my own
  … not necessarily a proposal, but a larger question
  … this community has the responsibility for a number of 
  cryptographic specs (assigning Suites for VCs etc)
  … as we advance in this, we'll need to attract more 
  cryptographers, to help have more eyes on these
  … for example, the decentralized key recovery work
  … so there's an opportunity for the CCG to take on soc. key 
  recovery (Shamir Secret sharing etc)
  … and maybe it can go to the IETF, help prove the larger crypto 
  community that we're very serious about this work
Drummond Reed: +1 I really like Christopher's plan
  … I don't know if this is a viable direction for the CCG, but 
  wanted to bring up the topic
Jonathan Holt:  To get back to terminology, the type definition 
  in the schemas
Joe Andrieu: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/satyrn.md
For example, the Cha-Cha (& someothers) — those specs are 
  evolving, how do we keep them up to date? how do we specify which 
  version of the algorithm we're referencing, etc
Will Abramson: * And me
Joe Andrieu:  This is one of the projects I've worked on at 
  Rebooting. we made this thing called Satyrn (based on the Jupytyr 
  notebook)
Joe Andrieu: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/tree/master/draft-documents
  … hopefully it'll be useful as an educational tool, to help 
  people work with Javascript and some of these VC technologies
Joe Andrieu: https://github.com/WebOfTrustInfo/satyrn
Ganesh Annan: https://github.com/WebOfTrustInfo/satyrn/tree/start 
  ...current branch
  … anyway, it's a mix of Markdown and JS (which you can actually 
  do in .md, but this is interactive)
  … so people can try out the code, it prints results on the 
  console box below
  … hopefully the CCG will find this useful
Christopher Allen:  Any other report-outs?
Manu Sporny:  One thing around interop testing
  … there were a number of orgs that were interested in the 
  Credentials Handler API & interop testing. (For doing DID Auth 
  and Credential Handling in the browser)
  … for wallet interop and DID interop, over the next year
  … we're currently trying to work with those orgs, bring them 
  into the CCG, figure out what a viable roundtrip testing would 
  look like
  … as a heads-up, large orgs are starting to use the Credential 
  Handler API (though they're not part of this community yet)
  … so maybe this year, we can focus more on interop testing 
  (between different DID methods, VCs issued by different stacks, 
  etc)
Jonathan Holt:  To echo the epiphany I mentioned on the VCWG call
  … the IPLD method — you can serialize JSON-LD on top of IPLD, 
  but there's no backwards compatibility
  … the whole issue I've been raising about objects and links, 
  and the IPLD "/" usage
  … I've a number of issues open with the IPFS community
  … about the cbor serialization, and an explicit IPLD mime type
  … it'll take a while to go through the IETF. but in the DID 
  spec, we need to ground ourselves in a serialization format
  … but in the end, our type is actually CBOR (byte array, 
  deterministic json, binary)
Drummond Reed:  Two things. Christopher, when you asked earlier 
  about our papers at Rebooting, I didn't talk about the paper we 
  started there, called Understanding DIDs in Greater Depth
  … we wanted something in between the Primer (high level) and 
  the spec (too low-level). so that's the paper we started. it's 
  very early stage
  … I want to make sure folks knew that we want this to be a 
  community doc
  … the other thing: I've been txting with Markus, there's 
  currently a call on DID Resolution every other week on Thurs, on 
  1-2pm Pacific time,
  … what we're proposing is a 2 hour block instead
Christopher Allen: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/README.md
  … one hour for DID spec related features (ABNF stuff), and the 
  second hour for DID Resolution topics
Christopher Allen:  There were quite a few other docs at 
  rebooting
  … in particular I want to point out some of the "softer" ones 
  (I wish there was a better word for that),
  … but I wanted to highlight them to this community
  … for example, the Digital Citizen one
  … and how SSI can survive Capitalism
  … various failure modes and opportunities
  … there was one by Elizabeth and ?, about the legal side of 
  Verifiable Credentials
  … looking forward to that one
  … there was the Crypto Jurisdiction one. Sam did some 
  interesting work on how to drive adoption of SSI
  … through particular scenarios, like Safety and Security, a 
  great usecase
  … for why that's a good place to leverage / bootstrap the VC 
  ecosystem
  … On the technical side, there was some work on how to use 
  OpenID Connect for DID Auth and VC Presentation
  … as the VC WG finishes and has their final doc approved, it'll 
  become more and more the responsibility of the CCG to advance 
  forward things like protocols that use VCs
  … so, at some point, a new VC Protocol WG will be chartered
  … but until then, that stuff will be shepherded in this 
  community
  … there are a lot of paper (25). None of these have the weight 
  of standards, that's not the point,
  … the point is incubation
  … and it's up to the authors whether to pass it to the W3C 
  groups
Manu Sporny:  To underscore one of the items
  … we had a group that was working on Legal Things (tm)
  … folks with an actual law background
Christopher Allen: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/sociolegal-frameworks.txt
  … both constructing their view of what we're doing (which was 
  super helpful). But even more exciting - Katrina and Elizabeth 
  and their team
Manu Sporny: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/did-spec-refinement.md#new-features-and-requirements
  … was there to field questions. We had 2 new features we had 
  been talking about for a while in the DID spec, and we were 
  finally able to consult with them on them
  … for example, what keys you use to issue VCs, and what keys 
  you use to enter into legal agreements (think DocuSign and 
  EverSign)
  … and we were able to run over to their group and ask, to put 
  it on their radar
  … that we'd really like that we would love some legal opinion 
  on these features
  … so, that's definitely one of the times we absolutely needed 
  legal direction, and there were lawyers right there, we could ask 
  to start thinking about this in the next couple of months
  … so, that was really nice to see, this group definitely needs 
  more than just technologists
Christopher Allen: 
  https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/draft-documents/Joram_Illustrated.md
  … The other thing that was great to see - Katie Gilligan (sp?) 
  was doing illustrations of one of the papers
  … and it was fantastic to see artists get involved, having 
  somebody create artwork based on the papers
  … so, happy to see more non-tech involvement
Jonathan Holt: Katie's photo: 
  https://twitter.com/TranSendX/status/1105127381646348294
Christopher Allen:  Ok, it's 9:57 and the q is empty, so, let's 
  call it
Moses Ma: Thanks all!
Moses Ma: Bye
Jonathan Holt: Oops
Joe Andrieu:  That link there is Carlotta, the graphic 
  facilitator
Christopher Allen:  If you have more Work Items for the group 
  you'd like us to consider, open issues
  … thanks everyone

Received on Saturday, 16 March 2019 03:15:20 UTC