[MINUTES] W3C Credentials CG Call - 2019-08-27 12pm ET from kimdhamilton@gmail.com on 2019-09-11 (public-credentials@w3.org from September 2019)

From: <kimdhamilton@gmail.com>
Date: Tue, 10 Sep 2019 20:29:09 -0700
To: Credentials CG <public-credentials@w3.org>
Message-Id: <1568172549549.0.67700@okimsRazor.local>

Thanks to Chris Webber and Amy Guy for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2019-08-27/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2019-08-27

Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2019Aug/0128.html
Topics:
1. Introductions and re-introductions
2. DID working group charter / outreach
3. Datashards
4. Solid
Organizer:
Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
Scribe:
Chris Webber and Amy Guy
Present:
Justin Richer, Joe Andrieu, Shivam Sethi, Kayode Ezike, Dave
Longley, Dan Burnett, Ted Thibodeau, Amy Guy, Chris Webber,
Heather Vescent, Markus Sabadello, Jeff Orgel, Kim Hamilton
Duffy, Sumita Jonak, Orie Steele, Yancy Ribbens, Christopher
Allen, Moses Ma, Ken Ebert, Dmitri Zagidulin, Ryan Grant,
Jonathan Holt, Kaliya Young, Adam Lake, Benjamin Young, David I.
Lehn, Ganesh Annan, Kulpreet Singh, Karen O'Donoghue, Manu
Sporny, Matt Stone
Audio:
https://w3c-ccg.github.io/meetings/2019-08-27/audio.ogg

Shivam Sethi: Present +
Shivam Sethi: Present +
Ted Thibodeau: Voip-ccg, who's here?
Ted Thibodeau: Voip-ccg, who is here?
Chris Webber: I could scribe in the non-datashards part ;)
Chris Webber is scribing.
Joe Andrieu: I can [scribe assist by Amy Guy]
Joe Andrieu: Cwebber will scribe, rhiaro will scribe when
cwebber isn't

Topic: Introductions and re-introductions

Emacsen: This is Serge, I work with Chris on a number of projects
including datashards
Joe Andrieu: Anyone else new?
Orie-Steele: This is Orie Steele from Transmute. We work on
etherium and DIDs, json-ld, like the jsonld-sigs library from the
DB folks
Joe Andrieu: Anyone else want to re-introduce?
Joe Andrieu: Cwebber2 should re-introduce
Chris Webber: I'm Chris Webber, I work on, sometimes contracting
for digital bazaar, and also a bunch of things independantly. I
working decentralised social networks like activitypub, and I've
got into json-ld and i'm interested in how credentials affect
that work. I've been part of the RWOT community for a couple of
years [scribe assist by Amy Guy]
Chris Webber is scribing.
Joe Andrieu: We have a regular call on thursdays to hand off
work to the DID working group... these are still going on
markus_sabadello ?
Markus Sabadello: Yes, we had some deep topics about DID
resolution
Markus Sabadello: Same information is in agenda
Joe Andrieu: https://zoom.us/j/7077077007
Joe Andrieu: That's thursdays, 90 minutes, 9am pacific (?), 8 AM
UTC
Markus Sabadello: Yes, and we decided on last call to shorten to
60 mins

Topic: DID working group charter / outreach

Joe Andrieu: Anyone want to speak to that process?
Joe Andrieu:
https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0000.html
Joe Andrieu: I guess I can..
Joe Andrieu: I don't know the specific deadline
Dan Burnett: The current call for responses runs through end of
this month for DID WG charter; if you are an AG rep, you should
respond to that questionaire. If you are not with a w3c member
company, we'd still love a response to that public call for
comments
Joe Andrieu:
https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0016.html
Dan Burnett: It's really helpful to have comments in support of
the work for members an non-members alike
Joe Andrieu: The link I dropped is the index for the (???)... if
you like DIDs, please join / support / get your AC to vote / or
voice public support on mailing list
Orie Steele: Can we get that link again?
Joe Andrieu:
https://www.meetup.com/Vienna-Digital-Identity-Meetup/events/262359964/
Joe Andrieu: http://rwot9.eventbrite.com/
Dave Longley: W3C public-new-work DID WG link:
https://lists.w3.org/Archives/Public/public-new-work/2019Aug/0000.html
Joe Andrieu: https://dustycloud.org/blog/activitypub-conf-2019/
Joe Andrieu:
https://weboftrust.us16.list-manage.com/track/click?u=5eb6ea6b8f41c0eca891f1d8b&id=2a34bb56c3&e=141bb4686a
Joe Andrieu: Next up, we have a couple meetings starting Sep
1st; have a digital identity metup. Happening Sunday as a
prelude to Rebooting in Vienna. Some of us are getting together
than taking train up to Prague. Then Tuesday starts RWoT with a
Monday night meetup before; we also have ActivityPub Conf and
there's one with our friends from holochain. Wish I could go to
both!
Joe Andrieu: Following that, TPAC will be in mid-september,
16th-20th. Following that, MyData in Helsinki
Joe Andrieu: https://mydata2019.org/
+Present ajones_db
Joe Andrieu: Ok, progress on action items? not sure where we're
at since last time, just one open... discuss registries
meta-process. What are we doing next on that? I dunno, kimhd or
ChristopherA maybe...
Kim Hamilton Duffy: Yeah I think the idea is to look for
volunteers
Kim Hamilton Duffy: Possibly a good starting task for someone
Kim Hamilton Duffy: Manu did a start for process for registries
which we called a meta-process. general one for how you'd create
a process for DID methods, key signature suites, credential
status reg, etc
Kim Hamilton Duffy: We do need to document that, so that would
be a good CCG work item to take on
Joe Andrieu: Thanks kimhd... a few registries already have a
process, so we're trying to document to get a meta-process
Joe Andrieu: https://github.com/w3c-ccg/community/issues/75
Joe Andrieu: So you can get involved on irc, send an email to
kimhd or myself, or jump on that issue
Joe Andrieu: Ok, those are the action items, so...
Joe Andrieu: Quick report on rubric work at IIW, a couple of
sessions took a stab based on what might make sense as set of
evaluable criteria for DID methods. huge debate for whether DID
methods need to be decentralized. Clearly many definitions for
what makes something decentralized. Goal of rubric is to allow a
mechanism to evaluate whether or not DID method meets needs
Joe Andrieu: Rubric is not to say whether a method is good or
bad, but to say lots of people say this is useful
Joe Andrieu: Not you must be this tall to ride, but to get a
sense of how tall you are
Joe Andrieu: Maybe you have to be at least this tall, maybe it's
a roller coaster. Goal is to not pass judgement but to get
metrics
Joe Andrieu: One of the things I want to share out... you have
to be a geek to tease out these methods is to separate registry
and network. ultimately links to did document in resolution
process. but BTCR registry and network is the same thing. for
etherium the registry is actually a smart contract and the
network is etherium
Joe Andrieu: Some of how it was framed didn't pull out that
distinction
Joe Andrieu: We want to make clear you can talk about governance
or operation of registry
Joe Andrieu: That's going to continue on, a group of us will be
at RWoT and hope to make paper there
Joe Andrieu: Need to make an update about plurality
Joe Andrieu: We want to say that the entire document is a single
rubric, the individual criteria are questions
Joe Andrieu: That's my update on the rubric work
Joe Andrieu: Burn I see you on the queue?
Dan Burnett: That's old but want to say about relationship with
DID working group
Joe Andrieu: Sure, rubric as in terms of what does this mean in
terms of VCs
Joe Andrieu: It's a non-normative deliverable for the WG
Joe Andrieu: We hope to see the rubric continue
Joe Andrieu: I know as WG gets chartered, things can change
Joe Andrieu: We'll be working unnder rebooting, where things are
CC BY, then we hope to move to the newly formed WG
Joe Andrieu: So we go through that in record time, now onto the
topics
Joe Andrieu: We'll start with datashards with cwebber2
Joe Andrieu:
https://github.com/WebOfTrustInfo/rwot9-prague/blob/rubrics/topics-and-advance-readings/datashards-rationale.md
Amy Guy is scribing.

Topic: Datashards

Joe Andrieu: https://dustycloud.org/misc/talks/datashards.pdf
Chris Webber: If you can open the presentation linked ^ we'll go
through that
... I am, in the interest of not having another way to do it,
I'm going to make a beep noise every time you turn the page
... Datashards bring secure distributed storage to the web
... secure means only intended recipiants can see the messages
so it's private
... which also makes it safer for node operators ot move things
along the network
... you could use yoru local data store to store your data, or
put it on your file system.. nodes can host content, but they
don't necessarily know what that content is
... primitives for the web - it's supposed to be foundational
in the way https is
... we introduce two new uri schemas
... immutable and mutable datashards capabilities
... URIs for those
... data can have the same name but live in many different
places
... if you upload to your secure data hub, and download it to
filesystem, and your friend puts it in their database, all of
those things have the same URI no matter where it lives
... why not ipfs?
... dat?
... because datashards encrypts everything
... this is critical for users because they deserve built in
privacy, should be the default everywhere
... node operators need to.. seeing content can be a big
problem. Sometimes it's better not to know.
... if you imagine postal workers ship around packages
... imagine if thos epackages were wrapped in clear wrap
... you look at one andthink should I really be delivering
that?
... then you get in a habit of doing that, people start doing
that... maybe the local government says you should be taking more
responsibility for those. Here are some rules for what is and
isnt' allowed... and we're goign to hold you liable for the
contents
... it's a group of volunteers, many people might stop shipping
things around
... it adds a lot of unnecessary friction to the network and
makes it harder to be a node operator
... so better if things are not wrapped in clear wrap
... so layering encryption after the fact is unsafe
... clear text data is toxic to nodes
... we want encrypted by default
... immutable data shards example, we have real
implementations, going to show immutable today
... this is content taken from me doing an upload of this
picture
... it shows uploaded chunks, each 32kb
... the first is the manifest, once you retreive and decrypt
this it will point you to the rest of the chunks
... the last thing it spits out is the uri
... that says here is the hash of the initial chunk, the key
you use to encrypt it
... you download it, put in that uri, grabs a chunk that has
that hash and it can get the rest, encrypts each one in turn and
assembles it
... the client is the one that has the union of the initial
hash and the key
... even though it's fetching each one of those chunks,t he
servers don't know what the chunks represent
... idsc is fine for cat photos, but we want to update content?
... these are mutable data shard capabilities, built on top of
a new public private key pair
... the elpitic curve, we dump it straight into the mdsc,
that's the name of the mdsc, the encoded public key, the same way
the fingerprint is your pgp key
... the name of this immutable file is the name of your public
key
... we generate a new key pair for each mdsc so they're not
reused
... you have levels of access. Verify only capability
... the registry keeps track of what updates happen, but they
don't know what the updates represent, they can't read them
... then there's read+verify, which allows you to request the
newest version, and also see what the contents are. Under the
hood they point to idsc revisions
... and there's write which lets you read and do new updates
... what if you can write? someone could accidentally update or
maliciously write out two version 2s
... we don't provide consistency out of the box, but you can
layer it on
... we don't, because if you do it in a decentralised way you
have to do something like a blockchain, and we want to support
garbage collectable content
... if you have ag ame and your'e killing goblins who are
represented by mdscs, you don't want to load a blockchain with
those
... But some other kinds of contents, where ordering of events
may be important, you could specify a blockchain or a centralised
oracle
... that's your choice. We could standardise some ways tod o
that but it's not out of the box right now
Joe Andrieu: +1 For goblins on chain
... Example uses..
... Any documents on the web, like resiliant social network.
This is my motivating example. I wrote an implementation
... A node can go down and people are no longer able to access
their own content
Orie Steele: Sounds very similar to
https://github.com/orbitdb/orbit-db with better crypto baked in.
Ted Thibodeau: It would be helpful to expand the IDSC / MDSC
acronyms(?) somewhere in this doc
... or they can't interact with the ocntnet their friends have.
This allows you to instead store it as an idsc or an mdsc uri and
that content survives
... if you use an mdsc for peoples' activitypub profiles you
can switch out over time what inbox they point to. If a node goes
down I can push otu an update and point it to another node
... What else? These are valid web uris so we can use it to
store VCs
... we can point to VCs that are stored in this mechanism
Joe Andrieu: IDSC -- Immutable Datashard Capabilities
... WE could make these a DID mechanism
Joe Andrieu: MDSC -- Mutable Datashard Capabilities
... if you store a DID Doc in an mdsc and keep doing updates,
that's a way to be able to do update. WE could make a DID
resolution mechanism that uses datashards. We could put it on a
blockchain, or not. Perfectly viable to build that on top
... if you're talking about key recover you'd hav eto use
Shamir Secret Sharing to recover the keys, but it is possible to
build DIDs on top
... I think this is a better foundation for Secure Data Hubs,
but it's not limited to secure data hubs
... Conclusions.. we need data shards because the live web is
too fragile. Too much data people care about is lost
... we shouldn't have another burning of the library of
alexandria that is geocities
... people should be able to keep their stuff around
... other content addressed systems don't necessarily support
privacy or are unsafe for node admins
... datashards is like tahoe fs but they didn't support global
use
... also provides a fundamental secure content addressed
primitive we can build on top of, like how http is a primitive we
can build on
... datashards.net is still early
... questions?
Shivam Sethi: The solution you are creating is more related to
credentails than secure data hubs or it's like something similar
to .. is it oriented to vcs and secure hubs or something else?
Chris Webber: Was the quesiton how is this different?
Shivam Sethi: We also have something like ipfs, how is the
datashards solution created by keeping secure data hubs and vcs
in mind or is it a generalised solution?
Chris Webber: If you're creating a generalised solution with
secure data hubs.. I'd like this to be a generalised solution
which is the foundation on which secure data hubs are built
... the discussion with digital bazaar is is it acceptable ot
build this type of thing underneath secure data hubs, but that
hasn't moved forward yet
... the reason I've been working on this is I want something
that is general, outside of a specific web store or specifically
something we stick on a usb key, or specifically any of thos
ethings. It would be great if we can get convergance on something
we all agree on that is the base structure fo rthings that can
live offline or online
Markus Sabadello: I think it oculd be used for a lot of things.
What' sthe lreationship between this and hashlink?
Chris Webber: We've had some conversations.. right now you'll
see I'm using a more oldschool approach which is urn: name of has
mechanism. Would be completely possible ot use hashlink instead.
I have discussed that.. we are not doing that currently, partly
because the serialisation mechanmis, they're using cbor and I
don't have access to a cbor implementation. Maybe that's
something we can resolve. I'd love to converge on a unified
content addressed hash
Mechanism. Would be possible to get convergence, we just need to
talk about it
Dave Longley: I want to caution, I have a big concern around the
fact tha tpeople often dont' think about encryption having a
shelf life. it does. If you have been using this system and you
were using def(?) for example 15 years ago, everyone would be
reading all of the content if it was all shared across a bunch of
public nodes
... I'm concerned about not putting protections around those
sorts of situations, or using technology where ther'es a network
of nodes supposedly unable to read the data, it's true today but
ten years from now that data can be seen
Dmitri Zagidulin: +1 Re that concern (that encryption has a
half-life)
Orie Steele: All networks become public when their crypto expires
;)
... doesn't mean you can't use a system like that, just that
there are caveats around it, same reason you don't put encrypted
data on a blockchain
... not necessarily an issue if we use other kinds of layering
Chris Webber: We have talked about this quite a bit. I had to
cut it out of the talk.. yes encryption has a shelf life. I saidi
there are many store mechanisms. it's agnostic to store mechanism
... you could store it on a service you trust, or a completely
global trust, or usb keys
... it's up to you what your threat level is. Butw e need to
mamke clear to people that encryption has a shelf life. That
said, evne if we're doing mostly public content I think it's
better to use something like this than ipfs, which is for the
safety of node admins. The people routing thing osn the network.
... I think ipfs is amazing, but I wolud not host an ipfs node
because I don't want to help ship content around the network
andthen see what it is, because it makes me more nervous about
liability
... the same reason it's more dangerous to be a tor exit node
than an intermediate node
... I agree with those concerns
Joe Andrieu: Have you thought about where this goes in terms of
standards?
Chris Webber: That's part of the reason we submitted it as
rebooting paper
... this is something w'eve beene xperimenting with over the
last year, but we would like to standardise it. Is the CCG a good
path to incubate that? that's a conversation for us to have with
this community
Dave Longley: Quick response: good response -- just need to keep
in mind the same concerns apply just at a different time scale
(safe now, but not safe for "postal workers" in maybe 10-15
years... need to start dropping content... just a limitation of
the system people should be aware of)
Ryan Grant: The system relies on crystal servers to registries
to find the data once given an urn. How are those kept censorship
resistant, how censorship resistant are they?
Chris Webber: What we could say here is if you .. it's about a
censorship resistant as how many different avenues you have to
find out about updates
... if an attacker is able to.. you have v2 of a document, and
this other person really wants to get v3 to you. If there are 5
avenues to getting your updates and all five of them either don't
see the update or are blocked, then you on't get that update
... but it could be if someone adds number 6 you can get that
update
... it's pretty similar to the kind of challenges people have
in other mechanisms, you might want to say if a few of these
stores end up being very easily censored by an intermediary you
add some other ones that are harder
Jonathan Holt: To address ipfs concerns, what you've described
so far is basically ipfs. If you were to run your own node you
only pin the things you want to pin, you're not willy nilly
replicating data on the network. This is what filecoin is about,
its encrypted data you send
... you have some interesting points but I think there are some
misunderstandings with what ipfs is
Chris Webber: We should hash this out, I'd be interested in
chatting
Chris Webber is scribing.
Joe Andrieu:
https://github.com/WebOfTrustInfo/rwot9-prague/blob/115834a19cf33ee138dd54a4c3b773fa83453bd9/topics-and-advance-readings/solid-vc.md

Topic: Solid

Kayode Ezike: Kayode Ezike
Joe Andrieu: Next topic is by Kayode Ezike
Kayode Ezike: I'm interested in taking on any role in the VC
ecosystem
Kayode Ezike: In the state of Solid
Kayode Ezike: https://solid.inrupt.co
Kayode Ezike: I'd like to get into more about what this is,
here's the link for what recently we started migrating into
Intrupt last year (?)
Kim Hamilton Duffy: Great presentation cwebber2. At rebooting I
hope some of us can discuss further alignment of this, secure
data hubs, and id hubs. Also interested in discussing the
multihash / cbor issues you had
Kayode Ezike: Going to give a demo
Kayode Ezike: https://github.com/kezike/solid-vc
Kayode Ezike: Putting a link in case now or later following
along from where you'd download the platform from
Joe Andrieu: Just fyi there are some audio problems
Kayode Ezike: So that's the link I just listed, first thing you
do is npm install, installs the deps
Kayode Ezike: Including json-ld sigs library, install
credentials
Kaliya Young: Can you talk just a tad slower and enuciate
Kayode Ezike: Linked data module, allows you to set up your
remote pod
Kayode Ezike: Allows you to add your own accounts, allow for
ability to store data in pod, in profile document if indexing
account, there's the ability to see information, store public key
document, store credentials management folder
Kayode Ezike: I'm actually realizing that the demo is a visual
demo, so it occurs to me that a lot of it you might not be able
to see
Kayode Ezike: You can do npm install, you should be able to add
web id and password
Kayode Ezike: From there you should be able to set up "what
folder should my key live in"
Kayode Ezike: That would actually be stored as a personal
document, here's where my public key is
Kayode Ezike: Allows you to verify data later on
Kayode Ezike: Allow you to verify where the revocation folder is
that keeps track of a list of credentials with issuer (?)
Kayode Ezike: Have a verification folder for that credential
Kayode Ezike: If revoked later on, it'll say revoked
Kayode Ezike: On the platform, you go to the platform, you can
review a request for a credential, you select credential type,
there's finance/etc
Kayode Ezike: Once you select that, you include title / issuer /
id of issuer
Kayode Ezike: Optional description of credential
Kayode Ezike: From there you click "request credential"
Kayode Ezike: From there you are able to decide (???)
Kayode Ezike: Still optional, make available
Kayode Ezike: Determine if credential still is valid
Kayode Ezike: Include your image and etc
Kayode Ezike: Keep information that ascertains (?)
Kayode Ezike: If determines it's sufficient, share credentials
with issuer
Kayode Ezike: Can share rdf issues with subject, subject can now
get ... inbox
Kayode Ezike: Stored in user's valid pod
Kayode Ezike: Allows user to store it right away on their
machine
Kayode Ezike: Allow to verify if it does have a license
Kayode Ezike: Can see before that whether you share via share
interface
Kayode Ezike: The cop can see that there's a credential there
waiting for them
Kayode Ezike: Can enter in URI of the credential
Kayode Ezike: Whether or it's valid, if it's correct
Kayode Ezike: They can proceed to pick up a (???)
Kayode Ezike: Stored with issuer, see if it has an active
status, is it valid
Kayode Ezike: That's more or less what the platform is able to
do
Kayode Ezike: After downloading it, give it to verifier, verify
it's valid
Kayode Ezike: Can provide a link to a video
Kim Hamilton Duffy: Thanks for the presentation, one thing I
wanted to mention is that many of us are new to solid, many of us
want to hear about the basics; what's a pod what's a profile, how
to verify both credentials, etc
Kim Hamilton Duffy: Some of those basics are things people would
like to hear as well
Kayode Ezike: Basically, solid... a pod, it's structured kind of
like a filesystem, different set of olders, there's an inbox and
a public folder, other kinds of folders
Kayode Ezike: Other kinds of capabilities
Kayode Ezike: And other kinds of files
Kayode Ezike: Read/write/update/etc
Ted Thibodeau: POD is sometimes called "Personal Online Data" ...
it's a personal dataspace, roughly porting Linux filesystem (and
then some) to the web
Kayode Ezike: During the setup, programming, when you use the
platform, it authenticates you to the solid pod, updates your pod
document, points to a public key
Kayode Ezike: Whenever someone verifies the credential, they
look at... search for the public key...
Joe Andrieu: Any other questions? we have one more minute
Joe Andrieu: Thank you very much kezike and cwebber2, I may not
have mentioned earlier that we have no call next week since many
of us will be at RWoT
Moses Ma: Bye gang, see y'all in prague!
Google doc has a different phone number and code than the email
notification

Received on Wednesday, 11 September 2019 03:29:35 UTC