W3C home > Mailing lists > Public > public-credentials@w3.org > August 2020

[MINUTES] W3C Credentials CG Call - 2020-07-28 12pm ET

From: W3C CCG Chairs <w3c.ccg@gmail.com>
Date: Tue, 04 Aug 2020 10:32:08 -0700 (PDT)
Message-ID: <5f299b98.1c69fb81.bca8d.3f9c@mx.google.com>
Thanks to  for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials CG Telecon Minutes for 2020-07-28

  1. Introductions
  2. Reintroductions
  3. announcements and reminders
  4. GLEIF
  Kim Hamilton Duffy and Wayne Chang and Heather Vescent
  Wayne Chang, Heather Vescent, Christoph Schneider, Markus 
  Sabadello, Orie Steele, Brent Zundel, Kaliya Young, Jonathan 
  Holt, Manu Sporny, Margo Johnson, Chris Winczewski, Juan 
  Caballero, Adrian Gropper, Moses Ma, Jeff Orgel, Carla Casilli, 
  Dan Burnett

Christoph Schneider: Hello?
Wayne Chang: Hi there
Christoph Schneider: Hi :-) I am a little bit lost - how does 
  this conference work?
Christoph Schneider:  We will get going momentarily [scribe 
  assist by Wayne Chang]
Christoph Schneider: OK
Wayne Chang: I think there is an ongoing IETF event, which may 
  make some people late
Orie Steele: I cna scribe
Wayne Chang: Scribe+ Orie
Orie Steele: Scribe+

Topic: Introductions

Wayne Chang:  Anyone new want to introduce themselves? [scribe 
  assist by Orie Steele]

Topic: Reintroductions

Wayne Chang:  Dlongley, brent? [scribe assist by Orie Steele]
Brent Zundel:  I am brent zundel, I am software architecture, 
  crypto / standards guy at everynym.... been in the community for 
  years now... chair of the did spec... [scribe assist by Orie 
Margo Johnson:  I work with transmute, head of product, work with 
  orie, karyl and guillaume... focused on global supply chain 
  [scribe assist by Orie Steele]

Topic: announcements and reminders

Wayne Chang: Product, work with orie, karyl and
Wayne Chang: https://w3c-ccg.github.io/announcements/
Wayne Chang:  Identiverse is still happening [scribe assist by 
  Orie Steele]
Wayne Chang: https://github.com/w3c-ccg/community/issues/145
Orie Steele: ... Recently we started work on a response to NIST 
  digital identity standards document... we are constructing a 
  response as a work item, thanks to nadar from mattr for raising 
Orie Steele: ... They are discussing US federal and global 
Wayne Chang: https://github.com/w3c-ccg/community/issues/94
Wayne Chang:  We are reviewing IPR process for ^ [scribe assist 
  by Orie Steele]
Orie Steele: ... Manu can you give an update?
Manu Sporny:  This item, is about the process we will use in this 
  group to update the VC Spec. [scribe assist by Orie Steele]
Kaliya Young: I was just going to say that this week there is a 
  conference on that folks might be interested in RightsCon.org
Orie Steele: ... The spec, became a global standard a while ago, 
  this group is responsible for maintence... fixing bugs, updating 
  prose, publishing pre-standards... we can signal to the world 
  what other things we want to do...
Kaliya Young:  Sorry about that, i wasn't eyeing the queue as 
  closely as i would've liked [scribe assist by Wayne Chang]
Manu Sporny: 
Orie Steele: ... Dan burnett and i put together a process for 
  this.... we have revised it.
Orie Steele: See link.
Orie Steele: ... The group needs to comment on the document.... 
  it feels complete, last call for objections
Wayne Chang: https://github.com/w3c-ccg/community/issues/134
Wayne Chang:  Thanks for the update, next another work item 
  update... [scribe assist by Orie Steele]
Markus Sabadello:  Did resolution one of the oldest work items, 
  originally we were developing a seperate spec for did resolution 
  to be paired with did core data model and syntax... [scribe 
  assist by Orie Steele]
Orie Steele: ... We wanted a spec that defined resolution... 
  resolution and dereferencing... scope has changed a bit since the 
  last DID WG F2F.... DID Core now covers parts of resolution.
Orie Steele: ... Did wg has added some parts of resolution to did 
  core... there is a section that defines inputs and outputs....
Orie Steele: ... We are also discussing representation of meta 
  data... the scope has shifted a bit...
Orie Steele: ... Did resolution spec work has slowed, but we have 
  updated to sync with developments in did wg
Orie Steele: ... For example how metadata is represented.
Orie Steele: ... Now we distinguish between resolution meta data, 
  and did document meta data...
Orie Steele: ... Matrix params have been removed, did params use 
  query strings...
Orie Steele: ... Did resolution spec will still be useful, but 
  some of it is now present in did core.
Orie Steele: ... Did resolution also covers resolver 
  architectures, hosted service vs local.... how is fragment 
  handled... can a resolver act a proxy for other resolvers.... how 
  is that reflected in meta data
Orie Steele: ... Trust in the resolver, architecture questsions, 
  how are did parameters being processed, etc.... did resolution 
  spec will continue to address these concerns
Orie Steele: ... Did core wg only covers the abstract interface.
Orie Steele: ... We have regular calls, switched to bi-weekly
Orie Steele: .... Link to the meeting page will be in IRC, happy 
  to answer questions
Markus Sabadello: 
Wayne Chang:  Thanks for updates, identity_woman announcements? 
  [scribe assist by Orie Steele]
Markus Sabadello: https://w3c-ccg.github.io/did-resolution/
Kaliya Young:  There is a conference this week, speaking about id 
  for development, and a conversation at rights con, virtual 
  conference... its free. [scribe assist by Orie Steele]
Wayne Chang:  Update on ccg diversity, heather> [scribe assist by 
  Orie Steele]
Juan Caballero: https://rightscon.course.tc/2020/events/agenda/ 
  for the late-joiners :D
Heather Vescent:  Since i ran on diversity platform, I am 
  providing an update... looking for participation moving forward. 
  [scribe assist by Orie Steele]
Orie Steele: ... Looking for successfuly characterstics, in the 
  form or role models...
Heather Vescent: https://w3c.github.io/PWETF/
Orie Steele: ... What the landscape, how does W3C Diversity & 
  Inclusion group relate...
Orie Steele: ... See link in chat... this is just happening this 
  month, getting shared with the rest of W3C.
Orie Steele: ... Another thing the group is doing, is a statement 
  for black lives matter
Orie Steele: ... I am looking to connect with diversity leaders 
  in companies, to gather info
Orie Steele: ... Looking for a co-lead, for leadership... i plan 
  to run this project as a benevolent dictator... roles will be 
  research, writing, design... goal is to develop a stragy for this 
Orie Steele: ... That we can implement with out resources.
Orie Steele: ... I am collecting stats, on presence and speaker 
Orie Steele: ... If you are interested, contact me... i will call 
  for volunteers again later
Manu Sporny: +1 To the work -- +1 to diversity initiative.
Wayne Chang:  Awesome work, we need to be inclusive to make 
  standards for everybody [scribe assist by Orie Steele]
Orie Steele: ... Next topic
Manu Sporny: Appreciate Heather taking that up

Topic: GLEIF

Wayne Chang: 
Wayne Chang:  Speakers are carla and chistof, GLEIF standards for 
  global legal identifier foundaton... eager to hear their use 
  case, [scribe assist by Orie Steele]
Carla Casilli:  Thanks for the opportunity, we are relatively 
  new. we manage the LEI, and we are looking at how this is related 
  to VC issuance and verifiacation. [scribe assist by Orie Steele]
Orie Steele: ... Will be providing some background, why LEI was 
  created, what it addresses, then cover the opportunity
Orie Steele: ... Christoff will cover the mechanics
Orie Steele: ... Then we will look at specific use cases.
Orie Steele: ... What is an LEI?
Orie Steele: ... Originated in the last financial crisis 2008... 
  global regulaters sought an indentifier for legal entities as we 
  saw finance firms failing
Orie Steele: ... The industry has some standards, but identifying 
  who was legally responsible... everyone had different systems... 
  made regulators job hard, for example when lehman went down...
Orie Steele: ... Also they missed the dependecy lehman had on 
  AIG... and the gauruntees / exposure for lehman.
Orie Steele: ... The industry was asked to engauge with 
  regulators, and LEI was born as an ISO standards
Carla Casilli:  You will see on slide 4, ISO17442 [scribe assist 
  by Orie Steele]
Carla Casilli:  The code is stood up by reference data, legal 
  form, address... as well as relationships [scribe assist by Orie 
Orie Steele: ... All capped in the global system, which GLEIF 
Orie Steele: Gleif.org
Orie Steele: ... Free access for all users
Carla Casilli:  An LEI is assigned once, it stays with it for 
  life [scribe assist by Orie Steele]
Orie Steele: ... Historical data persists... historical data is 
Orie Steele: ... Uniquely tied to financial services... but its 
  also used to identify firms, trusts, foundations, or individuals 
  activing in a business capacity
Orie Steele: ... We looked at how LEI can be useful in a digital 
  world for proving identity and digital transactions
Orie Steele: ... We looked at embeding the LEI to identify a 
  person at an org in a role, in standard X509
Orie Steele: ... Intially sovrin, evernym helped look at how LEI 
  could be leveraged in VCs
Orie Steele: ... We took the same use case, for regulatory filing 
  with a legal entity
Orie Steele: ... Like a financial report... tested with PoCs on 
  ethereum and hyperledger indy
Orie Steele: ... People act on behalf of an organization... 
  although these credentials are designed with schemas... we 
  designed these for public discoversability of employee 
Orie Steele: ... For example, who is the CEO of org...
Orie Steele: ... We are doing more standards work with ISO to 
  cover langauges and roles ...
Orie Steele: ... GLEF stephan wolf, CEO of GLEIF, for example
Orie Steele: ... We put this credential in a wallet, and anchor 
  it to a blockchain
Orie Steele: ... We have the credentials in organization wallets, 
  person can engage in regulatory filings.
Orie Steele: ... We could expand these assignments for VCs in day 
  to day business as well.
Orie Steele: ... Slide 11, digitial identity chain of trust... we 
  take an identifer from a trusted network like sovrin, we take 
  that number, evaluate an certify LEIs, and VCs containing LEIs
Orie Steele: ... Also interested in extending to 3rd parties
Orie Steele: ... The digitial LEI will then issue another ... 
Orie Steele: ... The org, person, the role... is the focus of the 
Orie Steele: ... We have an issuance chain, but also a 
  verification chain of trust all the way back to GLEIF
Orie Steele: Christoff: can everyon here me?
Orie Steele: ... Staring on slide 12... lets look at person 
  representing entity can benefit form VCs
Orie Steele: ... GLEF manages root of chain of trust, the LEI 
  issuers... next to that Digital LEI issuer, which fills out the 
  issuance to legal entities
Orie Steele: ... There are 2 roles, but they can be held by the 
  same organization
Orie Steele: ... 2 Roles can be combined but don't have to
Orie Steele: ... LEI user consumes LEIs and VC content
Orie Steele: ... Moving to slide 14
Orie Steele: ... Our PoC on sovrin... gleif receives s vc which 
  enables issuance, a digital lei issurer credential.
Orie Steele: ... Gives them certifiaction that they are part of 
  the system...
Orie Steele: ... The LEI issuer to an entity... paving the way 
  for a VC...
Orie Steele: ... Legal entity that has an LEI, cna request from 
  the digital lei issue a VC
Moses Ma: Carla and Christof, this is great work, do you have 
  contact information you can share? I'd like to ask a few specific 
  questions offline?
Orie Steele: ... Slide 18.... part fo this request is the digital 
  lei issuer requesting information for GLEIF system
Orie Steele: ... Verification and validation, 3rd party checks, 
  all important
Orie Steele: ... Moving on slide 19... Digital LEI issuer, can 
  issue to the legal entity... equiped with this, the legal entity 
  can now issue credentials to employees
Orie Steele: ... For internal or external use
Orie Steele: ... What are the benefits?
Orie Steele: ... If a person acting in a role of an entity, as a 
  credential which is linked to the entity, lots of powerful stuff 
  can be simplified.
Orie Steele: ... Purchasing related to businesses can be 
  supported by these VCs, onboarding, KYC....
Orie Steele: ... When you do business, you need to know and trust 
  your counter party
Orie Steele: ... Slie 21... specific public roles, like director 
  or officer of legal entity
Orie Steele: ... Usually these persons are already publically 
Orie Steele: .... A legal entity can report back the public 
  discoverable roles
Orie Steele: ... Digital lei issuer, can put this into global 
  public central registries
Orie Steele: ... Public information does not contain PII, or 
Orie Steele: ... You would see there is a CEO, not the name
Orie Steele: ... Data subjects must agree to disclosure
Orie Steele: ... Slide 24, global register
Orie Steele: ... Slide 25 covers use cases, business transactions 
  and regulatory reporting.
Orie Steele: ... In our PoC we covered real companies and 
Orie Steele: ... Slide 26: on the GLEIF website, the complete LEI 
  data pool, we can add reported publically discoverable roles
Orie Steele: ... For example, CEO and financial analyst
Orie Steele: ... Allows a user to request more into, which allows 
  for additional discolsure... whihc leads back to the chain of 
Orie Steele: ... We can heck the user, entity, issuer chain is 
Orie Steele: ... Slide 27 covers technical architecture, it was 
  easy... we created fully functional PoC.
Orie Steele: ... See issuance, request for verification, 
  leveraged exisitng building blocks, sovrin, hyperledger indy, we 
  leveraged VON network and BC GOV hyperledger indy based system 
  for state certificated
Orie Steele: ... We had help from everynm to put the bits 
Orie Steele: ... Small integration layer, and application layer.
Orie Steele: ... We don't focus much on mobile apps, we focused 
  on desktop applications for the corportate use case.
Carla Casilli:  Thanks christoff.... so for use cases.. [scribe 
  assist by Orie Steele]
Orie Steele: ... We summarized the ones we are seeingg, and 
  future PoCs
Orie Steele: ... 1. Focused on filers / reporter to regulators... 
  feedback from regulators was the use case could be expanded to 
  3rd party filers
Orie Steele: ... And auditors.. the flow would be extended.
Orie Steele: ... We see big potential into client onboarding and 
Orie Steele: ... Trusted proof of who can sign / commit an 
  organization, as a client for onboarding...
Orie Steele: ... Further on, bring additional trust to KYC
Orie Steele: ... We also see huge applications for import / 
  export customs process for supply chain
Orie Steele: ... Both international and domestic supply chain 
  transactions with embedded LEIs
Orie Steele: ... Especially useful for working with VCs, 
  connected to the financial services... very helpfulf or supply 
  chain related payments.
Orie Steele: ... Also appliation for trusted supplier /provider 
  and member networks.
Orie Steele: ... Also payment providers where regulators are part 
  of the ecosystem...
Orie Steele: ... Sanction screening, anti-laundering and 
  counter-terrorism managment... all possible places where LEI 
  might help
Orie Steele: ... Business licenses... linking with international 
Orie Steele: ... In order to share info and protect data... 
  especially in relation to things like GDPR
Orie Steele: ... Share relevant facts, support ZKPs...
Orie Steele: ... At the discresssion of the holder.
Orie Steele: ... Last oint...credential with LEI can be very 
Orie Steele: ... They can survive even changes to the reference 
  data that supports the LEI
Orie Steele: ...  Very helpful for organization identity
Orie Steele: ... Credential does not need to be revoked, because 
  of changes to reference data.
Carla Casilli:  Questions? [scribe assist by Orie Steele]
Wayne Chang:  Lets go the q [scribe assist by Orie Steele]
Manu Sporny:  Hey carla an christoff... great background... 
  curious about timeline. [scribe assist by Orie Steele]
Orie Steele: ... Seems like VCs are valuable to LEI... any 
  indiation of number of PoC / Pilots / Production systems?
Orie Steele: ... If its still years out, we would love to know 
  whats holding it up, challenges / features...
Carla Casilli:  We are in the middle of evaluating next steps for 
  GLEIF... [scribe assist by Orie Steele]
Orie Steele: ... What role we should play moving forward...
Orie Steele: ... Closest to production is.... use case number 5, 
  payment remittance system.
Orie Steele: ... Its an existing ecosystem thats out there... our 
  PoC just adding an LEI to an existing production system
Orie Steele: ... Of course we are waiting for confirmation from 
Orie Steele: ... Can't give you estimates... we keep finding more 
Orie Steele: ... We joined Trust over IP as a contributor 
  member... evaluating the LEI as an ecosystem governance framework
Orie Steele: ... LEI as a solution to organizational identity in 
  digital transactions.
Orie Steele: Christoff: tech is not the gating factor, its 
  interoperability, many options in practice...
Orie Steele: ...  We don't want to make choices, we don't want to 
  exclude... so we go with several, or go with one and making it a 
  leading one
Orie Steele: ... This is why governance is important.
Heather Vescent:  Fascinatting space... can you talk about 
  trusted supplier use case, curious about supply chain, 
  auditing... re patagonia, certified fair trade... vs pharma 
  supply chain [scribe assist by Orie Steele]
Carla Casilli:  We think it applies to both... [scribe assist by 
  Orie Steele]
Orie Steele: ... It applies to procurement processes generally
Orie Steele: ... Also useful in supplychain.
Juan Caballero: 
Orie Steele: ... We see both
Received on Tuesday, 4 August 2020 17:32:25 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:02 UTC