[MINUTES] W3C Credentials CG Call - 2020-08-04 12pm ET

Thanks to Joe Andrieu for scribing this week! The minutes
for this week's Credentials CG telecon are now available:


Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

Credentials CG Telecon Minutes for 2020-08-04

  1. Introductions and Reintroductions
  2. Announcements & Reminders
  3. Progress on Action Items
  4. Deep Fakes, Digital Identity & Democracy (aka Hacking US 
    elections using Maskirovka)
  5. CBOR-LD
  Kim Hamilton Duffy and Wayne Chang and Heather Vescent
  Joe Andrieu
  Oliver Terbu, Wayne Chang, Justin Richer, Heather Vescent, Dan 
  Burnett, Dmitri Zagidulin, Amy Guy, Adrian Gropper, Orie Steele, 
  Dave Longley, Manu Sporny, Erica Connell, Kerri Lemoie, Ryan 
  Grant, Ed Eykholt, Christopher Allen, Taylor Kendall, Joe 
  Andrieu, Anil John, Kim Hamilton Duffy, Adam Lemmon, Jonathan 
  Holt, Kaliya Young, Juan Caballero, Chris Winczewski, Nate Otto, 
  Moses Ma

Justin Richer:  Indeed it is [scribe assist by Wayne Chang]
Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
Kim Hamilton Duffy: 
Joe Andrieu is scribing.

Topic: Introductions and Reintroductions

Kim Hamilton Duffy: Ed_Eykholt irespond global (?)
Ed Eykholt:  I'm with XXX service provider. We have a birth 
  attestation project that will be generating identifiers & QR 
  codes for credentials
Ed Eykholt: Yes, I'm with iRespond Global, a biometric service 
I'll be happy to re-introduce - John Callahan Veridium CTO
Christopher Allen:  Good morning. Last time I talked with you, I 
  was a co-chair. Moving from an administrative talker to a doer.
  ... With Blockchain Commons
  ... Trying to create a basis under Wyoming law "what is 
  identity" that is able to express SSI principles
  ... Also trustless, self-sovereign identity solutions
Kaliya Young: Wondering are you actually working with actual 
  lawyers in the community? like Elizabeth R.
  ... BTCR was our baseline, but that hasn't kept up with BTC 
  innovations, so we are puzzling through how to leverage that
  ... along with peer-to-peer and newer bitcoin techniques 
  (meaning lightning and its kind)
  ... Putting head down to coding and working with coders. 
  Blockchain Commons
John_Callahan: I got by Jack, CTO of XXX. We have a new CEO, who 
  has recommited us to self-sovereign identity

Topic: Announcements & Reminders

Dan Burnett: +1 Jack yay for commitment to SSI
Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/
S/CTO of XXX/CTO of Veridium/
Kim Hamilton Duffy: http://www.cvent.com/d/fhqnf3/4W
Kaliya Young: IIW is only 11 weeks away :)
Kim Hamilton Duffy:  Identiverse is happening
  ... weekly calls such as the one we're on now
  ... plus two others
  ... Credentials for Education every other Monday
Kim Hamilton Duffy: 
Orie Steele: Can't wait for IIW, highly recommend
  ... I run that group; email for an invite and you'll get the 
Kim Hamilton Duffy: Meeting page: 
  ... also DID Resolution, weekly on Monday 1PM PDT / 4 PM EDT
  ... lastly, the secure data storage callson Thursday
Kim Hamilton Duffy: https://forms.gle/HGGiFtgASUqWRqTLA
Kaliya Young: http://www.internetidentityworkshop.com - 
  registration has opened up for early bird registration October 
  ... jointly run with DIF 1 pm PDT / 4 pm EDT
  ... Adjustment to agenda. Manu will be doing a "nontechnical" 
  introduction to CBOR. Then we'll be doing a jitsi meeting.
  ... Prior to that, we'll do a presentation on election 
  integrity after action items and work items
Kim Hamilton Duffy: 
  ... every week, chairs review the action items and try to see 
  how we can help, remove blockers, etc.

Topic: Progress on Action Items

Kim Hamilton Duffy: 
  ... two issues today
Kim Hamilton Duffy: 
  ... Issue 97 is about hosting schemas
  ... For both 97 and 88 the conversation kind of snaked around a 
  little bit
  ... the main lurking issue seems to be uncertainty for 
  developers as they get exposed to JSON-LD
  ... Questions about how to construct contexts and where to host 
  ... Orie proposed a way forward: to ensure that editors of any 
  CCG specs with JSON-LD are listed as contacts so when people have 
  JSON-LD issues, there is a list to ask for help
  ... Without a focused working group, it's not clear how best to 
  make progress, but listing contacts seems like a good start
Manu Sporny: +1 To the approach Orie is mentioning.
Orie Steele:  We don't have lots of time, so let's do something 
Kim Hamilton Duffy:  The idea of designating some editors... this 
  is something the chairs can take on to figure out where such 
  information should go
  ... the only issue is whether or not there are strong 
  objections. If you are an editor and don't want to be contacted, 
  let us know. However, the better option is better documentations
Jonahtan_holt: I would welcome external experts to review. There 
  are schemas in from w3id.org inventing new things, or naming 
  things that don't exist
Kim Hamilton Duffy:  That's a good idea. Can you provide some 
  ... Since these aren't formal work items (they are issues). We 
  can just close these out with these resolutions.
  ... updating issue 97 now
  ... feel free to add comments
Kim Hamilton Duffy: Security vocab needs >1 codeowner
  ... There were a few work items that got grandfathered in, but 
  they are missing code owners
Manu Sporny: +1 To Orie (Transmute) or Tobias (Mattr) being the 
  other code owners for all security-related things that don't have 
  two owners already.
  ... and only have one owner, which is not current process.
Kim Hamilton Duffy: 
  ... so we'd like to get that fixed to current process
  ... Orie had proposed himself and Tobias
Manu Sporny:  +1 To that proposal (Orie & Tobias)
Kim Hamilton Duffy:  Ok, this should be closable once we get that 
  ... next up, Heather to present
Heather Vescent: Deep Fakes, Digital Identity & Democracy (aka 
  Hacking US elections using Maskirovka) 

Topic: Deep Fakes, Digital Identity & Democracy (aka Hacking US elections using Maskirovka)

Heather Vescent:  Please let me know if you can't access that 
  presentation (it's a PDF)
  ... It might seem a bit random to present this information, but 
  there are reasons I think it is important
  ... What you should be doing is just sit back and take it all 
  ... Many thanks to Anil John.
  ... He asked my team to look into securing election data
  ... Separatly an area of interest (for decades) has been 
Heather Vescent: Maskirovka
  ... Maskarovka
  ... goes into some more detail
  ... My experience with crafting narratives comes from my art 
  and culture jamming in the late 90s
  ... I organized a bunch of culture jamming that challenged 
  peoples views of what reality is
  ... not necessarily lie, but challenge thinking
  ... on of the "pranks" that we would do would be protesting
  ... the group would split into two subgroups: one for and one 
  against, to show the absurdity of the topic at hand
Kim Hamilton Duffy: 
  ... That's my background and interest
  ... I've started to learn about the military use
  ... There is a currently a country really good at it and we are 
  under attack. And that is Russia. That is Maskarovka
  ... This is not just a technical problem, it's a social problem
  ... That is why I think this presentation will be interesting
  ... Illinois Voter Data Hack (details in slide deck)
  ... This was Russian hackers.
  ... They didn't just hack Illinois. They targeted all 50 
  ... As a result, $14 million was spent improving the system
  ... but the fixes didn't make the news, rather the hack is seen 
  as evidence our elections are out of control
  ... Identity in Elections (details in slide deck)
Juan Caballero: http://bit.ly/vdsreport
Juan Caballero: ^Direct link
  ... Based on polling place, you get different ballots. So we 
  need to track personal information to support that
  ... Front End and Back End requirements for data use
  ... your name, personal information, can be bought and 
  campaigns can use those for reaching voters (through voter files)
  ... Attack Surfaces (details in slide deck)
  ... Technical + Social attacks
  ... Technical attacks (chart in slide deck)
  ... You are probably already thinking about how technology can 
  address technology attack surfaces
  ... the point of the report was not to use DIDs to solve these 
  problems, but rather "these are the problems. this is the 
  ... Technical attacks can lead to social attacks (chart in the 
  slide deck)
  ... Familiarity with voting systems is important
  ... With dozens of different ballots, this can become a problem
  ... This is one reason vote-by-mail can be so useful: it gives 
  people time to become familiar with the mechanism before 
  finalizing voting decisions
  ... Social fears about election resulted in increasing 
  technical security, but this doesn't directly shift public 
  perception of election validity
  ... There is a lot of sabotage going on
  ... Earlier this year, I wrote a book on espionage
  ... During WWII both US and Britain had the SOC and OSS, both 
  of which were created to sabotage the Nazis in Europe
  ... I had imagined that didn't happen any more. But in fact, I 
  was able to learn to recognize contemporary sabotage all around
  ... "Sorry, it's going to take 2 hours to vote because we only 
  have one voting machine"
  ... These are the ways our election system is vulnerable
  ... the primary attack here is social, not technical
  ... Maskirovka: to camouflage the truth (details in slide deck)
  ... While I'm talking about this in terms of Russia, both China 
  and the US do this as well
  ... in 2020 we have unlocked "entrepreneur mode"
  ... there is no directions from the Kremlin, but rather lots of 
  activities that may or may not have govt. involvement
Kim Hamilton Duffy: I'd be interested in having Heather come back 
  to do the rest on a future call
  ... more like startups looking for VC funding
Orie Steele: Report On The Investigation Into Russian 
  Interference In The 2016 Presidential Election - Volume I 
  (redacted): https://www.justice.gov/storage/report.pdf
  ... Information operations in 8 steps (Bruce Schneier)
Manu Sporny: I'd also be interested in how we can apply some of 
  these learnings to how we design the technical specs...
Manu Sporny: That is, is there anything we can do to combat 1-8
  ... This is not a short term agenda
  ... This is about changing beliefs and shifting power
  ... Skip forward to "what can we do"
  ... We need to have technical and social solutions that work 
  ... We need technical solutions on the platforms.
  ... Technical and Social suggestions in slide deck
  ... One thing I don't see talked about a lot is the need for 
  increased emotional resilience.
  ... If triggered, chill
  ... Democracies *are* at a disadvantage. Authoritarian regimes 
  don't have to follow data privacy rules.
  ... Realize you are a target. Yourself. Your company.
  ... that's it
Juan Caballero: An SSI-adjacent org working on the DeepFake 
  detection problem is the DeepTrustAlliance: 
Kim Hamilton Duffy:  Handing over to Manu
Manu Sporny:  That was super fascinating. thanks.

Topic: CBOR-LD

Juan Caballero: They've attended the last two IIWs, FWIW
  ... CBOR-LD
Manu Sporny: 
  ... This is going to be a fairly simple, non-technical 
Manu Sporny: 
  ... There is a PDF as well as the google presentation
  ... This is a new data format that is meant to apply to VCs and 
  ... CBOR = Concise Binary Object Representation
  ... the problem: documents are too big!
  ... For example, just presented a VC with your mobile phone, 
  using something like a QR code
  ... If we take a typical credential, ~1200 bytes. That's hard 
  to scan as a QR code
  ... In contrast, a 400 byte QR code is MUCH MUCH simpler and 
  easier to read
  ... If we can get our data sizes down to ~400 bytes a bunch of 
  offline use cases become possible
  ... The goal: figure out how to compress
  ... Slide 6 shows the compression magic of various approaches
  ... We were able to go from 1200 to 325 bytes. That gets us 
  below that magic 400 number
  ... So, if we want interactions off the network (arguably more 
  secure because of that), we have options
  ... we can get them to about 1/5 of the original size with 
  ... This also matters *at scale*
  ... The storage of credentials for millions or billions of 
  people, every byte matters
  ... How does this work?
  ... This is dictionary compression.
  ... The dictionary lets you turn long strings into compact 
  ... You can build a compression dictionary from repetitions 
  within the document
  ... Turns out the @context for VCs works great as a compression 
  ... That's basically what CBOR-LD does: it uses the context to 
  create a compression dictionary and compress the documents
  ... This is typically far better than best-of-class binary 
  ... We also get additional benefits like btye-level semantic 
  processing, semantic processing over fixed data structures, 
  hardware optimizations, etc.
.. With that we'll stop, and pick this up in after hours
Kim Hamilton Duffy:  Thank you, Manu
Jonathon_holt: Where is this work being incubated?
Manu Sporny:  Digital bazaar right now. probably the JSON-LD 
  community group
Kim Hamilton Duffy:  After hours!
Manu Sporny:  New conference system
  ... you'll get a URL. We are going to disconnect everything 
  from this bridge
  ... please do NOT reconnect to the bridge we are on now
  ... We'll send URL. Disconnect. Then everyone connect at the 
  new URL
Kaliya Young: Good luck - I have another call :)
  ... This may be a disaster
Orie Steele: Smae
  ... We'll use IRC to track success while we try this out
  ... Everyone go ahead and disconnect.

Received on Friday, 7 August 2020 21:55:09 UTC