- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Fri, 07 Aug 2020 14:54:54 -0700 (PDT)
Thanks to Joe Andrieu for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2020-08-04
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-08-04
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2020Aug/0014.html
Topics:
1. Introductions and Reintroductions
2. Announcements & Reminders
3. Progress on Action Items
4. Deep Fakes, Digital Identity & Democracy (aka Hacking US
elections using Maskirovka)
5. CBOR-LD
Organizer:
Kim Hamilton Duffy and Wayne Chang and Heather Vescent
Scribe:
Joe Andrieu
Present:
Oliver Terbu, Wayne Chang, Justin Richer, Heather Vescent, Dan
Burnett, Dmitri Zagidulin, Amy Guy, Adrian Gropper, Orie Steele,
Dave Longley, Manu Sporny, Erica Connell, Kerri Lemoie, Ryan
Grant, Ed Eykholt, Christopher Allen, Taylor Kendall, Joe
Andrieu, Anil John, Kim Hamilton Duffy, Adam Lemmon, Jonathan
Holt, Kaliya Young, Juan Caballero, Chris Winczewski, Nate Otto,
Moses Ma
Audio:
https://w3c-ccg.github.io/meetings/2020-08-04/audio.ogg
Justin Richer: Indeed it is [scribe assist by Wayne Chang]
Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy:
https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy:
https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
Joe Andrieu is scribing.
Topic: Introductions and Reintroductions
Kim Hamilton Duffy: Ed_Eykholt irespond global (?)
Ed Eykholt: I'm with XXX service provider. We have a birth
attestation project that will be generating identifiers & QR
codes for credentials
Ed Eykholt: Yes, I'm with iRespond Global, a biometric service
provider
I'll be happy to re-introduce - John Callahan Veridium CTO
Christopher Allen: Good morning. Last time I talked with you, I
was a co-chair. Moving from an administrative talker to a doer.
... With Blockchain Commons
... Trying to create a basis under Wyoming law "what is
identity" that is able to express SSI principles
... Also trustless, self-sovereign identity solutions
Kaliya Young: Wondering are you actually working with actual
lawyers in the community? like Elizabeth R.
... BTCR was our baseline, but that hasn't kept up with BTC
innovations, so we are puzzling through how to leverage that
... along with peer-to-peer and newer bitcoin techniques
(meaning lightning and its kind)
... Putting head down to coding and working with coders.
Blockchain Commons
John_Callahan: I got by Jack, CTO of XXX. We have a new CEO, who
has recommited us to self-sovereign identity
Veridium
Topic: Announcements & Reminders
Dan Burnett: +1 Jack yay for commitment to SSI
Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/
S/CTO of XXX/CTO of Veridium/
Kim Hamilton Duffy: http://www.cvent.com/d/fhqnf3/4W
Kaliya Young: IIW is only 11 weeks away :)
Kim Hamilton Duffy: Identiverse is happening
... weekly calls such as the one we're on now
... plus two others
... Credentials for Education every other Monday
Kim Hamilton Duffy:
https://github.com/w3c-ccg/vc-ed/blob/gh-pages/README.md
Orie Steele: Can't wait for IIW, highly recommend
... I run that group; email for an invite and you'll get the
updates
Kim Hamilton Duffy: Meeting page:
https://docs.google.com/document/d/1qYBaXQMUoB86Alquu7WBtWOxsS8SMhp1fioYKEGCabE/
... also DID Resolution, weekly on Monday 1PM PDT / 4 PM EDT
... lastly, the secure data storage callson Thursday
Kim Hamilton Duffy: https://forms.gle/HGGiFtgASUqWRqTLA
Kaliya Young: http://www.internetidentityworkshop.com -
registration has opened up for early bird registration October
20-22.
... jointly run with DIF 1 pm PDT / 4 pm EDT
... Adjustment to agenda. Manu will be doing a "nontechnical"
introduction to CBOR. Then we'll be doing a jitsi meeting.
... Prior to that, we'll do a presentation on election
integrity after action items and work items
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
... every week, chairs review the action items and try to see
how we can help, remove blockers, etc.
Topic: Progress on Action Items
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/97
... two issues today
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/88
... Issue 97 is about hosting schemas
... For both 97 and 88 the conversation kind of snaked around a
little bit
... the main lurking issue seems to be uncertainty for
developers as they get exposed to JSON-LD
... Questions about how to construct contexts and where to host
them
... Orie proposed a way forward: to ensure that editors of any
CCG specs with JSON-LD are listed as contacts so when people have
JSON-LD issues, there is a list to ask for help
... Without a focused working group, it's not clear how best to
make progress, but listing contacts seems like a good start
Manu Sporny: +1 To the approach Orie is mentioning.
Orie Steele: We don't have lots of time, so let's do something
simple
Kim Hamilton Duffy: The idea of designating some editors... this
is something the chairs can take on to figure out where such
information should go
... the only issue is whether or not there are strong
objections. If you are an editor and don't want to be contacted,
let us know. However, the better option is better documentations
Jonahtan_holt: I would welcome external experts to review. There
are schemas in from w3id.org inventing new things, or naming
things that don't exist
Kim Hamilton Duffy: That's a good idea. Can you provide some
links?
... Since these aren't formal work items (they are issues). We
can just close these out with these resolutions.
... updating issue 97 now
... feel free to add comments
Kim Hamilton Duffy: Security vocab needs >1 codeowner
... There were a few work items that got grandfathered in, but
they are missing code owners
Manu Sporny: +1 To Orie (Transmute) or Tobias (Mattr) being the
other code owners for all security-related things that don't have
two owners already.
... and only have one owner, which is not current process.
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/146
... so we'd like to get that fixed to current process
... Orie had proposed himself and Tobias
Manu Sporny: +1 To that proposal (Orie & Tobias)
Kim Hamilton Duffy: Ok, this should be closable once we get that
noted
... next up, Heather to present
Heather Vescent: Deep Fakes, Digital Identity & Democracy (aka
Hacking US elections using Maskirovka)
https://drive.google.com/file/d/1V5iMLHESjyfB7aWeoX7LeO5JKmOR7aY8/view?usp=sharing
Topic: Deep Fakes, Digital Identity & Democracy (aka Hacking US elections using Maskirovka)
Heather Vescent: Please let me know if you can't access that
presentation (it's a PDF)
... It might seem a bit random to present this information, but
there are reasons I think it is important
... What you should be doing is just sit back and take it all
in
... Many thanks to Anil John.
... He asked my team to look into securing election data
... Separatly an area of interest (for decades) has been
misinformation
Heather Vescent: Maskirovka
... Maskarovka
... goes into some more detail
... My experience with crafting narratives comes from my art
and culture jamming in the late 90s
... I organized a bunch of culture jamming that challenged
peoples views of what reality is
... not necessarily lie, but challenge thinking
... on of the "pranks" that we would do would be protesting
... the group would split into two subgroups: one for and one
against, to show the absurdity of the topic at hand
Kim Hamilton Duffy:
https://drive.google.com/file/d/1V5iMLHESjyfB7aWeoX7LeO5JKmOR7aY8/view?usp=sharing
... That's my background and interest
... I've started to learn about the military use
... There is a currently a country really good at it and we are
under attack. And that is Russia. That is Maskarovka
... This is not just a technical problem, it's a social problem
... That is why I think this presentation will be interesting
... Illinois Voter Data Hack (details in slide deck)
... This was Russian hackers.
... They didn't just hack Illinois. They targeted all 50
states.
... As a result, $14 million was spent improving the system
... but the fixes didn't make the news, rather the hack is seen
as evidence our elections are out of control
... Identity in Elections (details in slide deck)
Juan Caballero: http://bit.ly/vdsreport
Juan Caballero: ^Direct link
... Based on polling place, you get different ballots. So we
need to track personal information to support that
... Front End and Back End requirements for data use
... your name, personal information, can be bought and
campaigns can use those for reaching voters (through voter files)
... Attack Surfaces (details in slide deck)
... Technical + Social attacks
... Technical attacks (chart in slide deck)
... You are probably already thinking about how technology can
address technology attack surfaces
... the point of the report was not to use DIDs to solve these
problems, but rather "these are the problems. this is the
context"
... Technical attacks can lead to social attacks (chart in the
slide deck)
... Familiarity with voting systems is important
... With dozens of different ballots, this can become a problem
... This is one reason vote-by-mail can be so useful: it gives
people time to become familiar with the mechanism before
finalizing voting decisions
... Social fears about election resulted in increasing
technical security, but this doesn't directly shift public
perception of election validity
... There is a lot of sabotage going on
... Earlier this year, I wrote a book on espionage
... During WWII both US and Britain had the SOC and OSS, both
of which were created to sabotage the Nazis in Europe
... I had imagined that didn't happen any more. But in fact, I
was able to learn to recognize contemporary sabotage all around
... "Sorry, it's going to take 2 hours to vote because we only
have one voting machine"
... These are the ways our election system is vulnerable
... the primary attack here is social, not technical
... Maskirovka: to camouflage the truth (details in slide deck)
... While I'm talking about this in terms of Russia, both China
and the US do this as well
... in 2020 we have unlocked "entrepreneur mode"
... there is no directions from the Kremlin, but rather lots of
activities that may or may not have govt. involvement
Kim Hamilton Duffy: I'd be interested in having Heather come back
to do the rest on a future call
... more like startups looking for VC funding
Orie Steele: Report On The Investigation Into Russian
Interference In The 2016 Presidential Election - Volume I
(redacted): https://www.justice.gov/storage/report.pdf
... Information operations in 8 steps (Bruce Schneier)
Manu Sporny: I'd also be interested in how we can apply some of
these learnings to how we design the technical specs...
Manu Sporny: That is, is there anything we can do to combat 1-8
... This is not a short term agenda
... This is about changing beliefs and shifting power
... Skip forward to "what can we do"
... We need to have technical and social solutions that work
together
... We need technical solutions on the platforms.
... Technical and Social suggestions in slide deck
... One thing I don't see talked about a lot is the need for
increased emotional resilience.
... If triggered, chill
... Democracies *are* at a disadvantage. Authoritarian regimes
don't have to follow data privacy rules.
... Realize you are a target. Yourself. Your company.
... that's it
Juan Caballero: An SSI-adjacent org working on the DeepFake
detection problem is the DeepTrustAlliance:
https://www.deeptrustalliance.org/approach
Kim Hamilton Duffy: Handing over to Manu
Manu Sporny: That was super fascinating. thanks.
Topic: CBOR-LD
Juan Caballero: They've attended the last two IIWs, FWIW
... CBOR-LD
Manu Sporny:
https://docs.google.com/presentation/d/199svsHQXt2j1GqcvEXHgpENZIk1AZ53tEcUWuEYSsp4/edit
... This is going to be a fairly simple, non-technical
interview
Manu Sporny:
https://lists.w3.org/Archives/Public/public-credentials/2020Aug/att-0018/CBOR-LD_Overview.pdf
... There is a PDF as well as the google presentation
... This is a new data format that is meant to apply to VCs and
DIDs.
... CBOR = Concise Binary Object Representation
... the problem: documents are too big!
... For example, just presented a VC with your mobile phone,
using something like a QR code
... If we take a typical credential, ~1200 bytes. That's hard
to scan as a QR code
... In contrast, a 400 byte QR code is MUCH MUCH simpler and
easier to read
... If we can get our data sizes down to ~400 bytes a bunch of
offline use cases become possible
... The goal: figure out how to compress
... Slide 6 shows the compression magic of various approaches
... We were able to go from 1200 to 325 bytes. That gets us
below that magic 400 number
... So, if we want interactions off the network (arguably more
secure because of that), we have options
... we can get them to about 1/5 of the original size with
CBOR-LD
... This also matters *at scale*
... The storage of credentials for millions or billions of
people, every byte matters
... How does this work?
... This is dictionary compression.
... The dictionary lets you turn long strings into compact
representations
... You can build a compression dictionary from repetitions
within the document
... Turns out the @context for VCs works great as a compression
dictionary
... That's basically what CBOR-LD does: it uses the context to
create a compression dictionary and compress the documents
... This is typically far better than best-of-class binary
compression
... We also get additional benefits like btye-level semantic
processing, semantic processing over fixed data structures,
hardware optimizations, etc.
.. With that we'll stop, and pick this up in after hours
Kim Hamilton Duffy: Thank you, Manu
Jonathon_holt: Where is this work being incubated?
Manu Sporny: Digital bazaar right now. probably the JSON-LD
community group
Kim Hamilton Duffy: After hours!
Manu Sporny: New conference system
... you'll get a URL. We are going to disconnect everything
from this bridge
... please do NOT reconnect to the bridge we are on now
... We'll send URL. Disconnect. Then everyone connect at the
new URL
Kaliya Young: Good luck - I have another call :)
... This may be a disaster
Orie Steele: Smae
... We'll use IRC to track success while we try this out
... Everyone go ahead and disconnect.
Received on Friday, 7 August 2020 21:55:09 UTC