[MINUTES] W3C Credentials CG Call - 2020-08-11 12pm ET

Thanks to Orie Steele for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2020-08-11 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-08-11

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2020Aug/0029.html
Topics:
  1. Announcements and Reminders
  2. Progress on Action Items
  3. NIST Comments: 
    https://github.com/w3c-ccg/community/issues/145
  4. LOCI + Germ Scene Investigations
Organizer:
  Heather Vescent and Wayne Chang and Kim Hamilton Duffy
Scribe:
  Orie Steele
Present:
  Heather Vescent, Wayne Chang, Orie Steele, Joe Andrieu, Rouven 
  Heck, Samantha Mathews Chase, Kim Hamilton Duffy, Dave Longley, 
  Erica Connell, Robbie Jones, Mike Prorock, Adrian Gropper, Juan 
  Caballero, Christopher Allen, Kaliya Young
Audio:
  https://w3c-ccg.github.io/meetings/2020-08-11/audio.ogg

Joe Andrieu: Are we still on the ONSIP channel?
Rouven Heck: Is there a Jitsi option to dial in? :)
Joe Andrieu: SIP I should say
Orie Steele: JoeAndrieu i am, its working
Joe Andrieu: Ok. Thanks!
Dave Longley: Regrets+
Heather Vescent: Scribes: 
  https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit#heading=h.ngyk8y939osi
Orie Steele: Scribe+

Topic: Announcements and Reminders

Orie Steele is scribing.
Heather Vescent: Identiverse: 
  https://identiverse.com/detailed-agenda/
Heather Vescent:  Identiverse... check it out!

Topic: Progress on Action Items

Heather Vescent: Action Items: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Heather Vescent:  RSA signature suite updates.... #3
Heather Vescent: RSA Signature Suite #3: 
  https://github.com/w3c-ccg/community/issues/3
Kim Hamilton Duffy:  We keep revisiting this... item... 
  discussion happened in did topic call
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues/3#issuecomment-634156221
  ... we proposed closing and tracking the concern in a separate 
  issue.
  ... manu updates?
Orie Steele:  Had special topic call in JWS2020 which supports 
  RSA and others [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Suggest we close and follow up on any 
  related as separate issues

Topic: NIST Comments: https://github.com/w3c-ccg/community/issues/145

Heather Vescent:  NIST Digital Identity Community Comments...
Wayne Chang:  NIST creates guidelines that governments rely 
  on.... many folks rely on them....
Wayne Chang: 
  https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
  ... they recently requested comments of draft 800-63
  ... they are discussing enrollment, authentication, 
  federation...
Wayne Chang: https://w3c-ccg.github.io/nist-dig-comments/
  ... other community members are contributing to ^
  ... we have attempted to aggregate comments to supports DIDs 
  and VCs
  ... we are working to demonstrate applicability of our 
  standards.
  ... they are listing SAML, and OIDC Claims... and we are 
  interested in seeing VCs and DIDs also mentioned.
Wayne Chang: 
  https://github.com/w3c-ccg/nist-dig-comments/issues/2
  ... we are collecting feedback, please open issues / PRs.
  ... its important to engage here, if we want people to use 
  these standards.
Wayne Chang:  Thanks for contributions... we were able to get 
  this out in 2 weeks... evidence we can move quickly
Juan Caballero: +1
Kim Hamilton Duffy:  More kudos... like that this may be a good 
  pattern for speaking on behalf of the community
  ... good model for future request for feedback
Heather Vescent:  Next up, sam chase, part of the community for a 
  few years... she is gonna introduce her work
Heather Vescent: Sam's presentation was sent to the list.

Topic: LOCI + Germ Scene Investigations

Samantha Mathews Chase:  Inspired by this community, i enjoy 
  building things, dogfooding... after discovering OrgBook....
  ... we have been building a way for information sharing 
  regarding spaces
  ... we focused on evacuation maps and fire safety
  ... we are creating a way for orgs that are liable, for 
  capturing occupants, in safety training
  ... as we were rolling out our pilot, Covid hit, and we started 
  looking at how we could modify our work
  ... a fire and a virus are similar... they both need to be 
  stopped from spreading by people working together.
  ... we found that misinformation we spreading in a way that was 
  alarming, because of the way the CDC gave instruction.
  ... it lacked the "why"... in a way that adults like to learn.
  ... we focused on creating critical safety content for 
  adults...
  ... by the end of our course, adults have answered the 
  questions that become the safety protocol.
  ... we realized that the businesses lacked the tools to create 
  safety guidelines
  ... there were inconsistently applied safety warnings
  ... lots of "signing wavers" to enter shared space...
  ... we made a game, where any business can create their own 
  safety protocols, for example, symptom tracking or contact 
  tracing.
  ... any business can do this for free, it helps business define 
  a code of conduct, and avoids debates on masks
  ... we were eager to use the OrgBook, because we had previously 
  designed a credential for fire safety
  ... we are using the OrgBook as a search feature... so we can 
  issue credentials to the org book itself
  ... the way that buildings are designed is for fire zones... 
  they are signed off on by inspectors... they are held as public 
  information managed by the building owner...
  ... unfortunatly, they exist only as PDFs... the fire 
  department knows which zone a fire is in however.
  ... this is valuable information (zones in a building / 
  entrances and exits)
  ... we want to use the existing zones and inspection 
  information, and rather than rely on admins to manage this, we 
  want associate addresses with that location.
  ... wondering what stops us from attaching property to 
  organizations
  ... if we can attach property to organizations, we can start to 
  address human use cases.
  ... its helpful to be able to see who is responsibility for the 
  fire evacuation map
  ... credentials are maintained because people are present...
  ... would love to see how to use OrgBook to attach proof to 
  organization via the property they manage.
  ... questions?
Adrian Gropper:  Thanks! what part of what you are doing in 
  private and what part is public and what is accessible only to 
  first responders...
Samantha Mathews Chase:  Its all public info, but its all owner 
  managed... there is no central repository for this public info
  ... anyone who asks for this, must be given the information
Adrian Gropper:  Are you describing an oracle vs a credential... 
  in other words, there is no reason for a holder, other than the 
  issuer itself.
Samantha Mathews Chase:  Yes, the organization can hold all these 
  credentials.
Adrian Gropper:  If the data is all public legally binding, and 
  there is no holder... the oracle could rely on VCs or not.
  ... the number of oracles in industries is limited...
  ... if its an oracle?
Samantha Mathews Chase:  Not sure, looking for guidance
  ...  we are trying to use the OrgBook in a way that might be 
  more widely used... figuring out what other public information 
  can be attached to businesses
  ... how can i advocate for attaching public information to 
  OrgBook entries
Adrian Gropper:  There are some issues raised around resource 
  requests.... there are 3 components
  ... scope, purpose and credentials of the requestor
  ... for protected resources, the scope depends on what the 
  resource server is willing to honor
  ... in general resource servers should publish the scopes they 
  are willing to support.
  ... that sounds like what OrgBook is doing.
  ... the organization may choose to protect some information, 
  but before we can ask for that info, the OrgBook must publish 
  what it supports.
Heather Vescent:  2 Interesting parts.... info about the building 
  identity.... and gamification of safety learning
  ... games to get credentials... the second part.... seems very 
  generic
Samantha Mathews Chase:  Yes, we use it to discover valid 
  businesses, that could be used elsewhere...
  ... the way it works is maintaining reported occupancy / 
  training ratio
Adrian Gropper: Dun & Bradstreet is a common oracle for business 
  uses.
  ... proof of learning... we are keen to see in a non org book 
  location, how we can turn these "proof of training" credentials 
  into passports of sort.
  ... or leverage them in other scenarios
  ... not sure how exactly to use the credentials we are 
  creating.
Juan Caballero:  Where would the credentials live?
  ... i heard in the netherlands, they have an a centralized 
  building registry... wondering who owns the locker...
Samantha Mathews Chase:  We are looking at how other institutions 
  could take over issuance
  ... firemarshalls are the issuers of the training game.
  ... in covid scenario, we are wondering who the issuer would 
  be?
  ... we talked with solid about lockers for employee / 
  contractor credentials
  ... safety training leads to stickers for hard hats....
  ... investigating Solid technology that could be used a wallet.
  ... questions about credential expiration
  ... i know solid is looking at finance and banking... im 
  interested in solving this for places that have contractors and 
  unions
  ... were trust issues are not going away... for example 
  confined spaces in ships
  ... we order temperature checking vests for staff, and the 
  union squashed it because they had no place to store personal 
  data.
  ... interested in scaling up safety related credentials that 
  facilitate cooperation between unions and organizations.
Juan Caballero:  Insurance seems very related on the employer 
  side.
Samantha Mathews Chase:  You don't want them to see the stuff, 
  you want them to know its being tracked.
  ... I see a lot of opportunity for this where lots of unions 
  exist
  ... how workers prove things about themselves, is a problem 
  that needs to be solved.
Heather Vescent:  Thanks, very interesting project.
Juan Caballero: GLEIF, you mean?
Adrian Gropper:  Asking the group: should public oracles be a use 
  case for VCs, and where / how would we do that?
  ... consider FHIR (healthcare rest api)
  ... the data model exists... but the problem is how to relate 
  FHIR to VC data model for public oracle use cases.
  ... when an institution has a resource server using FHIR, how 
  can VCs be integrated?
Christopher Allen:  Suggestion where we might want to deploy 
  this... wyoming
  ... sec state has approved corporate registration and good 
  standing...
  ... most likely it will use VCs
Kaliya Young: HI I got on the IRC really late (but was listening) 
  can someone please share the link to what SamanthaMatthewsChase 
  presented.
Samantha Mathews Chase: Loci.ca/gsi
Heather Vescent: @Identitywoman Sam sent it to the CCG email list
Heather Vescent: +1 SamanthaMatthewsChase
  ... large mining /oil / resource companies... interested to see 
  how this safety work would relate to those industries
  ... they are building something like OrgBook
  ... they want to be a leader in digital identity
Samantha Mathews Chase: Really great information thanks 
  Christopher, would love an introduction
  ... nobody has connected this to the powerful minins/g commitee
Samantha Mathews Chase:  Awesome, thanks.. to adgroppers point, 
  unsure of how those data sources would be connected...
  ... we are the issuer of our credential today, but the goal 
  would be to have 3rd parties become the issuer
  ... migth be easier to prove you control a property than other 
  things...
Adrian Gropper:  We have made the assumption that when a board 
  issues a credential it needs to go into a wallet... seems like 
  small number of use cases... public oracles seems larger use case
  ... as VC folks, we should recognize the opportunity to meet 
  the 90% op
  ... for example, drivers license registry should not be in a 
  public oracle... though revocation information might
  ... your use cases seem like VCs that don't belong in wallets.
Samantha Mathews Chase: +1 Adrian, great thoughts
Kaliya Young: Yes I understand she sent them to the list. I went 
  to my inbox to search for them and can't find them.  A subject 
  line or an e-mail address they are from would be helpful.
Heather Vescent: @Identitywoman @SamanthaMatthewsChase posted it 
  here: loci.ca/gsi
Christopher Allen:  This raises issues, Wyoming funded land 
  registries to add data related to blockchain... in some counties
Samantha Mathews Chase: Forwarded it to you @kaliya
Kaliya Young: Thanks! appreciate it.
  ... i was able to see an example of a ranch, location, property 
  attributes... but they guy noted there were privacy concerns... 
  over public information.
  ... the fact that people feel privacy issues related to public 
  info.... indicated some kind of issue
  ... scary what public information can be used to do
Samantha Mathews Chase: This is why a focus on reporting safety 
  information feels like a way in
  ... concerns over terrorism related to public oracles
  ... maybe terrorists will use public oracles
Samantha Mathews Chase: It's interesting to me that people find 
  this information dangerous, we have google earth lol
Heather Vescent:  Yes, open source intelligence is a concern... 
  people fear how public information might be used
  ... its not just privacy / security... its usability issue
Samantha Mathews Chase: @Orie, as in who can use it? or what do 
  you mena
Adrian Gropper:  Credentials don't all need to go in wallets
SamanthaMatthewsChase not sure what you mean?
Samantha Mathews Chase: Thanks everyone!!!! I so appreciate all 
  your brains.
Juan Caballero: :D
By all :)
Heather Vescent: @Orie_ thank you for scribing!!

Received on Tuesday, 11 August 2020 21:52:19 UTC