- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Tue, 11 Aug 2020 14:52:04 -0700 (PDT)
Thanks to Orie Steele for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2020-08-11
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-08-11
Agenda:
https://lists.w3.org/Archives/Public/public-credentials/2020Aug/0029.html
Topics:
1. Announcements and Reminders
2. Progress on Action Items
3. NIST Comments:
https://github.com/w3c-ccg/community/issues/145
4. LOCI + Germ Scene Investigations
Organizer:
Heather Vescent and Wayne Chang and Kim Hamilton Duffy
Scribe:
Orie Steele
Present:
Heather Vescent, Wayne Chang, Orie Steele, Joe Andrieu, Rouven
Heck, Samantha Mathews Chase, Kim Hamilton Duffy, Dave Longley,
Erica Connell, Robbie Jones, Mike Prorock, Adrian Gropper, Juan
Caballero, Christopher Allen, Kaliya Young
Audio:
https://w3c-ccg.github.io/meetings/2020-08-11/audio.ogg
Joe Andrieu: Are we still on the ONSIP channel?
Rouven Heck: Is there a Jitsi option to dial in? :)
Joe Andrieu: SIP I should say
Orie Steele: JoeAndrieu i am, its working
Joe Andrieu: Ok. Thanks!
Dave Longley: Regrets+
Heather Vescent: Scribes:
https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit#heading=h.ngyk8y939osi
Orie Steele: Scribe+
Topic: Announcements and Reminders
Orie Steele is scribing.
Heather Vescent: Identiverse:
https://identiverse.com/detailed-agenda/
Heather Vescent: Identiverse... check it out!
Topic: Progress on Action Items
Heather Vescent: Action Items:
https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Heather Vescent: RSA signature suite updates.... #3
Heather Vescent: RSA Signature Suite #3:
https://github.com/w3c-ccg/community/issues/3
Kim Hamilton Duffy: We keep revisiting this... item...
discussion happened in did topic call
Kim Hamilton Duffy:
https://github.com/w3c-ccg/community/issues/3#issuecomment-634156221
... we proposed closing and tracking the concern in a separate
issue.
... manu updates?
Orie Steele: Had special topic call in JWS2020 which supports
RSA and others [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Suggest we close and follow up on any
related as separate issues
Topic: NIST Comments: https://github.com/w3c-ccg/community/issues/145
Heather Vescent: NIST Digital Identity Community Comments...
Wayne Chang: NIST creates guidelines that governments rely
on.... many folks rely on them....
Wayne Chang:
https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
... they recently requested comments of draft 800-63
... they are discussing enrollment, authentication,
federation...
Wayne Chang: https://w3c-ccg.github.io/nist-dig-comments/
... other community members are contributing to ^
... we have attempted to aggregate comments to supports DIDs
and VCs
... we are working to demonstrate applicability of our
standards.
... they are listing SAML, and OIDC Claims... and we are
interested in seeing VCs and DIDs also mentioned.
Wayne Chang:
https://github.com/w3c-ccg/nist-dig-comments/issues/2
... we are collecting feedback, please open issues / PRs.
... its important to engage here, if we want people to use
these standards.
Wayne Chang: Thanks for contributions... we were able to get
this out in 2 weeks... evidence we can move quickly
Juan Caballero: +1
Kim Hamilton Duffy: More kudos... like that this may be a good
pattern for speaking on behalf of the community
... good model for future request for feedback
Heather Vescent: Next up, sam chase, part of the community for a
few years... she is gonna introduce her work
Heather Vescent: Sam's presentation was sent to the list.
Topic: LOCI + Germ Scene Investigations
Samantha Mathews Chase: Inspired by this community, i enjoy
building things, dogfooding... after discovering OrgBook....
... we have been building a way for information sharing
regarding spaces
... we focused on evacuation maps and fire safety
... we are creating a way for orgs that are liable, for
capturing occupants, in safety training
... as we were rolling out our pilot, Covid hit, and we started
looking at how we could modify our work
... a fire and a virus are similar... they both need to be
stopped from spreading by people working together.
... we found that misinformation we spreading in a way that was
alarming, because of the way the CDC gave instruction.
... it lacked the "why"... in a way that adults like to learn.
... we focused on creating critical safety content for
adults...
... by the end of our course, adults have answered the
questions that become the safety protocol.
... we realized that the businesses lacked the tools to create
safety guidelines
... there were inconsistently applied safety warnings
... lots of "signing wavers" to enter shared space...
... we made a game, where any business can create their own
safety protocols, for example, symptom tracking or contact
tracing.
... any business can do this for free, it helps business define
a code of conduct, and avoids debates on masks
... we were eager to use the OrgBook, because we had previously
designed a credential for fire safety
... we are using the OrgBook as a search feature... so we can
issue credentials to the org book itself
... the way that buildings are designed is for fire zones...
they are signed off on by inspectors... they are held as public
information managed by the building owner...
... unfortunatly, they exist only as PDFs... the fire
department knows which zone a fire is in however.
... this is valuable information (zones in a building /
entrances and exits)
... we want to use the existing zones and inspection
information, and rather than rely on admins to manage this, we
want associate addresses with that location.
... wondering what stops us from attaching property to
organizations
... if we can attach property to organizations, we can start to
address human use cases.
... its helpful to be able to see who is responsibility for the
fire evacuation map
... credentials are maintained because people are present...
... would love to see how to use OrgBook to attach proof to
organization via the property they manage.
... questions?
Adrian Gropper: Thanks! what part of what you are doing in
private and what part is public and what is accessible only to
first responders...
Samantha Mathews Chase: Its all public info, but its all owner
managed... there is no central repository for this public info
... anyone who asks for this, must be given the information
Adrian Gropper: Are you describing an oracle vs a credential...
in other words, there is no reason for a holder, other than the
issuer itself.
Samantha Mathews Chase: Yes, the organization can hold all these
credentials.
Adrian Gropper: If the data is all public legally binding, and
there is no holder... the oracle could rely on VCs or not.
... the number of oracles in industries is limited...
... if its an oracle?
Samantha Mathews Chase: Not sure, looking for guidance
... we are trying to use the OrgBook in a way that might be
more widely used... figuring out what other public information
can be attached to businesses
... how can i advocate for attaching public information to
OrgBook entries
Adrian Gropper: There are some issues raised around resource
requests.... there are 3 components
... scope, purpose and credentials of the requestor
... for protected resources, the scope depends on what the
resource server is willing to honor
... in general resource servers should publish the scopes they
are willing to support.
... that sounds like what OrgBook is doing.
... the organization may choose to protect some information,
but before we can ask for that info, the OrgBook must publish
what it supports.
Heather Vescent: 2 Interesting parts.... info about the building
identity.... and gamification of safety learning
... games to get credentials... the second part.... seems very
generic
Samantha Mathews Chase: Yes, we use it to discover valid
businesses, that could be used elsewhere...
... the way it works is maintaining reported occupancy /
training ratio
Adrian Gropper: Dun & Bradstreet is a common oracle for business
uses.
... proof of learning... we are keen to see in a non org book
location, how we can turn these "proof of training" credentials
into passports of sort.
... or leverage them in other scenarios
... not sure how exactly to use the credentials we are
creating.
Juan Caballero: Where would the credentials live?
... i heard in the netherlands, they have an a centralized
building registry... wondering who owns the locker...
Samantha Mathews Chase: We are looking at how other institutions
could take over issuance
... firemarshalls are the issuers of the training game.
... in covid scenario, we are wondering who the issuer would
be?
... we talked with solid about lockers for employee /
contractor credentials
... safety training leads to stickers for hard hats....
... investigating Solid technology that could be used a wallet.
... questions about credential expiration
... i know solid is looking at finance and banking... im
interested in solving this for places that have contractors and
unions
... were trust issues are not going away... for example
confined spaces in ships
... we order temperature checking vests for staff, and the
union squashed it because they had no place to store personal
data.
... interested in scaling up safety related credentials that
facilitate cooperation between unions and organizations.
Juan Caballero: Insurance seems very related on the employer
side.
Samantha Mathews Chase: You don't want them to see the stuff,
you want them to know its being tracked.
... I see a lot of opportunity for this where lots of unions
exist
... how workers prove things about themselves, is a problem
that needs to be solved.
Heather Vescent: Thanks, very interesting project.
Juan Caballero: GLEIF, you mean?
Adrian Gropper: Asking the group: should public oracles be a use
case for VCs, and where / how would we do that?
... consider FHIR (healthcare rest api)
... the data model exists... but the problem is how to relate
FHIR to VC data model for public oracle use cases.
... when an institution has a resource server using FHIR, how
can VCs be integrated?
Christopher Allen: Suggestion where we might want to deploy
this... wyoming
... sec state has approved corporate registration and good
standing...
... most likely it will use VCs
Kaliya Young: HI I got on the IRC really late (but was listening)
can someone please share the link to what SamanthaMatthewsChase
presented.
Samantha Mathews Chase: Loci.ca/gsi
Heather Vescent: @Identitywoman Sam sent it to the CCG email list
Heather Vescent: +1 SamanthaMatthewsChase
... large mining /oil / resource companies... interested to see
how this safety work would relate to those industries
... they are building something like OrgBook
... they want to be a leader in digital identity
Samantha Mathews Chase: Really great information thanks
Christopher, would love an introduction
... nobody has connected this to the powerful minins/g commitee
Samantha Mathews Chase: Awesome, thanks.. to adgroppers point,
unsure of how those data sources would be connected...
... we are the issuer of our credential today, but the goal
would be to have 3rd parties become the issuer
... migth be easier to prove you control a property than other
things...
Adrian Gropper: We have made the assumption that when a board
issues a credential it needs to go into a wallet... seems like
small number of use cases... public oracles seems larger use case
... as VC folks, we should recognize the opportunity to meet
the 90% op
... for example, drivers license registry should not be in a
public oracle... though revocation information might
... your use cases seem like VCs that don't belong in wallets.
Samantha Mathews Chase: +1 Adrian, great thoughts
Kaliya Young: Yes I understand she sent them to the list. I went
to my inbox to search for them and can't find them. A subject
line or an e-mail address they are from would be helpful.
Heather Vescent: @Identitywoman @SamanthaMatthewsChase posted it
here: loci.ca/gsi
Christopher Allen: This raises issues, Wyoming funded land
registries to add data related to blockchain... in some counties
Samantha Mathews Chase: Forwarded it to you @kaliya
Kaliya Young: Thanks! appreciate it.
... i was able to see an example of a ranch, location, property
attributes... but they guy noted there were privacy concerns...
over public information.
... the fact that people feel privacy issues related to public
info.... indicated some kind of issue
... scary what public information can be used to do
Samantha Mathews Chase: This is why a focus on reporting safety
information feels like a way in
... concerns over terrorism related to public oracles
... maybe terrorists will use public oracles
Samantha Mathews Chase: It's interesting to me that people find
this information dangerous, we have google earth lol
Heather Vescent: Yes, open source intelligence is a concern...
people fear how public information might be used
... its not just privacy / security... its usability issue
Samantha Mathews Chase: @Orie, as in who can use it? or what do
you mena
Adrian Gropper: Credentials don't all need to go in wallets
SamanthaMatthewsChase not sure what you mean?
Samantha Mathews Chase: Thanks everyone!!!! I so appreciate all
your brains.
Juan Caballero: :D
By all :)
Heather Vescent: @Orie_ thank you for scribing!!
Received on Tuesday, 11 August 2020 21:52:19 UTC