[MINUTES] W3C Credentials CG Call - 2020-12-15 12pm ET

Thanks to Manu Sporny and Amy Guy for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2020-12-15 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-12-15

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0080.html
Topics:
  1. Introductions / Reintroductions
  2. Announcements and Reminders
  3. Me2B Alliance
Organizer:
  Kim Hamilton Duffy and Wayne Chang and Heather Vescent
Scribe:
  Manu Sporny and Amy Guy
Present:
  Charles E. Lehner, Wayne Chang, Heather Vescent, Manu Sporny, Kim 
  Hamilton Duffy, Ted Thibodeau, James Chartrand, Ryan Grant, Amy 
  Guy, Adrian Gropper, Dmitri Zagidulin, Erica Connell, Lisa 
  LeVasseur
Audio:
  https://w3c-ccg.github.io/meetings/2020-12-15/audio.ogg

Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
  https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
<rgrant> preset+
Manu Sporny is scribing.

Topic: Introductions / Reintroductions

Kim Hamilton Duffy:  Anyone new to the call that would like to 
  introduce themselves?
No takers.
Kim Hamilton Duffy:  Reintroductions, then.
Kim Hamilton Duffy:  Dmitri, do you mind reintroducing yourself?
Dmitri Zagidulin:  Hi everyone, Dmitri software Engineer w/ 
  Digital Bazaar -- active in VC/DID/Confidential storage -- 
  contributing to related Javascript libraries.

Topic: Announcements and Reminders

Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/
Kim Hamilton Duffy:  This is the last meeting of the year
Kim Hamilton Duffy:  Every Tuesday we have this weekly call... we 
  have VC EDU task force -- meeting every Monday 8am PT --
Kim Hamilton Duffy:  DID Resolution also on Monday weekly 1pm PT
Kim Hamilton Duffy:  Confidential Storage, with DIF, Thursday 
  1-2pm PT
Wayne Chang:  First is call for objections to infrastructure Task 
  force -- work items dependent on group existing, npm package 
  management, reduce burden on chairs, object/support on Github 
  issue below.
Wayne Chang:  Starting in January 5th -- first meeting of new 
  year -- have a conflict -- decision is to see if there is 
  interest in separate meeting time -- availability in general, few 
  suggested slots, move it a day, etc.
Wayne Chang:  Feedback, respond to thread.
<heathervescent> I can go over the chair job description if 
  interested
Kim Hamilton Duffy:  We do have an upcoming Chair election... if 
  you are interested, reach out to current chairs -- Heather has 
  been working on Chair job description which gives you some idea 
  on how the sausage making happens.
Kim Hamilton Duffy:  Items that Heather and Wayne may want to go 
  through... next.
Kim Hamilton Duffy:  VC PRs under maintenance Charter... talked 
  about this last week.
Kim Hamilton Duffy:  It's not clear where this issue needs to 
  live now.
Amy Guy is scribing.
Manu Sporny:  It still needs to live in the ccg, there's no 
  better place for it
  ... we need to have a call
  ... I don't feel like we're making good progress on the issue, 
  there are too many unknown details
  ... after tholidays we should convene a meeting between the 
  leadership and communities and nail the process down so w3c staff 
  is happy
Manu Sporny:  We need to have a meeting between Chairs, Editors 
  of all of these communities to make progress. [scribe assist by 
  Manu Sporny]
Heather Vescent:  Update - productive call w/ wayne last week - 
  discussing issues -- main concern w/ scope - did a high level 
  audit of all systems... based on audit -- current activities and 
  desired for potential future things (VC PR maintenance stuff), 
  next step is to wayne to identify items in audit to be in scope 
  of infrastructure task force. [scribe assist by Manu Sporny]
Heather Vescent:  Wayne and I are going to talk later this week 
  about getting specific about scope of infrastructure TF and what 
  that will cover to address concerns I raised. Part of 
  conversation includes where this goes... 170 -- infrastructure or 
  elsewhere. [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  What about #3 -- outstanding objection for 
  proposal? [scribe assist by Manu Sporny]
Heather Vescent:  W3C infrastructure has a strong objection 
  model, which I think is a masculine bias in W3C infra, won't 
  fight that in this group... will discuss in diversity and 
  inclusion group at W3C... moving to positive work environment 
  group... [scribe assist by Manu Sporny]
Heather Vescent:  I will address the note on #3 - I'll update 
  that. We need to make sure that anything in this issue is 
  accounted for. [scribe assist by Manu Sporny]
Note that the inclusion and diversity group is not closing, the 
  pwe is combining with it because there is a lot of joint 
  membership, and both groups will be chartered into one
Heather Vescent:  I'm not 100% behind on infrastructure task 
  force still, working w/ Wayne to address all my concerns. [scribe 
  assist by Manu Sporny]
Heather Vescent:  I am not full speed ahead on Infrastructure 
  Task Force, I'm full speed ahead on addressing the concerns. 
  [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  This one is in proposed status for a while 
  -- after you do that, we have one week for objections -- if you 
  can do that as soon as possible, then we could move forward with 
  it. [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  Npm repository ... is it a  part of 
  Infrastrcuture Task Force? [scribe assist by Manu Sporny]
Wayne Chang:  If Infrastructure Task Force is created, it will 
  deal w/ npm governance. [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  We need to clarify whether or not this is in 
  scope. Calling out expectations might be something we need to 
  do... task force might take that on. [scribe assist by Manu 
  Sporny]
Wayne Chang:  Test suites, reference data, those are initial low 
  risk, low stakes that we'd like to see there, instead of stuff 
  that's in a production build chain. [scribe assist by Manu 
  Sporny]
Kim Hamilton Duffy:  Happy for this, moving things forward. 
  [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  Moving on to the highlight. [scribe assist 
  by Manu Sporny]

Topic: Me2B Alliance

Kim Hamilton Duffy:  Over to Lisa... [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Thank you for listening in today -- want to 
  focus on Me2B alliance and the work that this group is doing. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  Key thing we've learned, we don't have right 
  vocabulary to talk about relationships in digital world... 
  sharing about proposed language and terminology that we've come 
  up with. [scribe assist by Manu Sporny]
Lisa LeVasseur:  One of the things I wanted to do is information 
  share with this group... slide 2 - note to self, mission of group 
  is important [scribe assist by Manu Sporny]
Lisa LeVasseur:  Agenda slide - Who are we, what do we do -- 
  lifecycle, credentials, deals. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Wrap up with Me2B and credentials and a couple 
  of questions -- things that you might be able to clarify for me. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  Our Ethos slide - respectful technologies are 
  better for both Me-s and B-s. We are more Me focused because of 
  the current power dynamics in industry. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Our Mission slide - Current working version of 
  mission. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Background in mobile telecom standards - 
  sometimes markets are created through standards... what if we 
  created a different kind of standard that's not technical, but 
  has ethical/behavioral considerations... create standard, create 
  certification, drive demand, create market choices... that is 
  idealized. [scribe assist by Manu Sporny]
Lisa LeVasseur:  It's not easy [scribe assist by Manu Sporny]
Lisa LeVasseur:  That is the founding vision -- we used to 
  describe ourselves as good housekeeping... that's not what we're 
  about.. . more like independent crash testing institute... 
  instead of testing cars, we're looking for potential harms and 
  risks. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Digital Harms dictionary - continuing to build 
  it out... modify over time... focus on harms. [scribe assist by 
  Manu Sporny]
<manu> Independent crash testing institute slide
<manu> Ethical north star slide
Lisa LeVasseur:  We spent a good time contemplating what our 
  ethical north star -- come up with universal ethic, perhaps a 
  fools errand... but do we want to mirror behaviros of healthy 
  human relationships? [scribe assist by Manu Sporny]
Lisa LeVasseur:  We've taken aspects of healthy human 
  relationships and adapted them... [scribe assist by Manu Sporny]
<manu> Me2B Rules of Engagement slide
Lisa LeVasseur:  These are tests in our testing rubric... not 
  going to read through them, but do want to call out a couple of 
  things... haven't said data or privacy yet, deliberate... those 
  words are too narrow. [scribe assist by Manu Sporny]
Lisa LeVasseur:  What you'll see here are respective 
  boundaries... privacy is one such boundary -- respectful defaults 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  Precursor to relationship state... [scribe 
  assist by Manu Sporny]
Lisa LeVasseur:  Really crucial for technology -- this rule, is 
  in absence of stated preferences, default to certain behavior. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  This comes out of social norms... when we meet 
  someone for first time, we withhold things. [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  Apply these rules to products/services -- 
  products/services are not obeying rule of respectful defaults. 
  [scribe assist by Manu Sporny]
<manu> Me-Manifesto slide
Lisa LeVasseur:  There is the Me-Manifesto... still wordsmithing 
  it -- pretty good... We assert our rights, I'm in charge, We play 
  nice. [scribe assist by Manu Sporny]
Lisa LeVasseur:  We're doing early certification -- took a long 
  time to build out testing rubric -- table stakes testing 
  criteria... doing early certification with friendlies since 
  mid-year. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Has been hugely illuminating... proper 
  commercial launch next year. [scribe assist by Manu Sporny]
Lisa LeVasseur:  3 Key principles... assert rights, in charge, 
  play nice. [scribe assist by Manu Sporny]
Adrian Gropper: Here are two links (in my tweet) relevant to 
  governance of controller-processor interoperability 
  https://twitter.com/agropper/status/1338832808463233025
<manu> It's Really "We" slide
Lisa LeVasseur:  Ethos is not individualistic, recognizes 
  interdependence, healthy societies need respectful 
  relationships... don't expect we'll do sustainability testing on 
  tech, but others will... important to consider for well being. 
  [scribe assist by Manu Sporny]
<manu> Me2B Relationship in digital world slide
Lisa LeVasseur:  Deliberate relationships - multiple 
  touchpoints... interaction w/ business (legal)... and then 
  connected products and services. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Connected products and services, brand 
  ambassadors -- connected, available, smart -- humanesque part to 
  connected products and services... building up valance of 
  love/hate/whatever -- coloring our idea about brand and business 
  itself... squirrel-y today [scribe assist by Manu Sporny]
Kim Hamilton Duffy: Rhiaro found this me2b url: 
  https://me2ba.org/ (the other one wasn't loading)
<manu> Me2B Relationship Layers slide
Lisa LeVasseur:  Unbox iPhone... create Legal relationship w/ 
  Apple. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Then experiential Relationship w/ iPhone... 
  (this is all experimental language, still working through it) 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  At this point, there is a valance... feeling 
  about the product. [scribe assist by Manu Sporny]
Lisa LeVasseur:  But what's also happening... Hidden 
  Affiliates... 3rd party integrations... these entities are 
  unknown [scribe assist by Manu Sporny]
Lisa LeVasseur:  Let's say she downloads Chrome browser... then 
  legal relationship created w/ Google. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Starts to use browser... experiential 
  relationship w/ Chrome browser... phone is Me2T - technology 
  enabler [scribe assist by Manu Sporny]
Adrian Gropper: Here's the new Apple Privacy App Store privacy 
  labeling: 
  https://developer.apple.com/app-store/app-privacy-details/
Lisa LeVasseur:  Interacting w/ brand ambassador - Google... 
  hidden affiliates grow... even more now - Googles and Apples 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  Using browser, navigate to Instagram. [scribe 
  assist by Manu Sporny]
Lisa LeVasseur:  Creates legal relationship with... who? Who's 
  the business... [scribe assist by Manu Sporny]
<manu> Instagram login site slide
Lisa LeVasseur:  Who's the business? It's not Instagram... it's 
  Facebook... lines are blurry on these relationships, it's 
  confusing... acknowledge that it's a bit of a contrived example. 
  Once again, subjected to hidden affiliates stack... native device 
  monitoring, chrome browser monitoring, keeps stacking up... 
  relationships... test clarify scope of testing, we needed some 
  language to describe landscape of this. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Saying Me2B covers ALL of layered relationships 
  and touchpoints, because all touchpoints need to be respectful. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  Moving on into relationship lifecycle... Me2B 
  Relationship lifecycle model... [scribe assist by Manu Sporny]
Adrian Gropper: Apple adopted the first 3 of my (PPR) label 
  suggestion to them in 2018. https://ssrn.com/abstract=3439701 
  They did not adopt the last two :-)
Lisa LeVasseur:  Taken from human relationship model, adapting it 
  for use for Me2B [scribe assist by Manu Sporny]
<manu> Me2B Relationship Lifecycle Model slide
Lisa LeVasseur:  Skipping over physical world, focusing more on 
  digital world -- all can understand processes and understandings 
  of these stages... how we get into state of being very committed 
  ... use service on regular basis. [scribe assist by Manu Sporny]
Lisa LeVasseur:  No relationship is ever clean, no model is every 
  perfect... we realize that... apply social norms to digital 
  commitments. [scribe assist by Manu Sporny]
Lisa LeVasseur:  What this really looks like is an EKG, not a 
  mountain... tool for understanding how we can get more specific 
  in our testing/scoping... test behavior of technology... within 
  digital Me2B Commitments, what are those? [scribe assist by Manu 
  Sporny]
<manu> Spectrum of Me2B Commitments
Lisa LeVasseur:  There are a spectrum of specific transactions 
  and agreements that we make in the digital world... this can be 
  understood as states... not perfectly states [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  When we do our testing, for example... 
  expectations of individuals... very first open of app/website, 
  we're measuring that behavior to see what's going on... nothing 
  sneaky going on - no commitment commitment. [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  This is the starting point [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  Then cookie consent... location consent... that 
  might appear in different way [scribe assist by Manu Sporny]
Lisa LeVasseur:  Promotional communication commitment... loyalty 
  program commitment... [scribe assist by Manu Sporny]
Lisa LeVasseur:  One-off Transaction... do one thing, then go on 
  our way. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Me2B "Marriage" -- a lot of people don't like 
  this phrase, working phrase, effective as a metaphor... we'll see 
  if it stands up. [scribe assist by Manu Sporny]
Lisa LeVasseur:  We are testing data minimization in these 
  things... individual has agency to enroll/unenroll of all these 
  commitments, no strings attached in commitments. Digital Me2B 
  marriage, when individual establishes an account. [scribe assist 
  by Manu Sporny]
Lisa LeVasseur:  "I like it, so I create an account" [scribe 
  assist by Manu Sporny]
Lisa LeVasseur:  That is the marriage... account creation. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  The hallmark of this is signaling to the 
  business that you want to be remembered, recognized, responded to 
  (from functional identity) [scribe assist by Manu Sporny]
Lisa LeVasseur:  At end of it, I delete my account... divorce -- 
  I am forgotten... account deletion. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Idealized mapping of two main states of being in 
  a marriage and not being in a marriage. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  When I'm logged in, I'm in the marriage... when 
  I'm not logged in, there is no Me2B marriage... have reasonable 
  expectation to be anonymous... from human perspective... how your 
  life is when you window shop in real world. [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  If you walk into store for first time and 
  someone called you by name, that would be creepy... would violate 
  the expectation of anonymity. [scribe assist by Manu Sporny]
Lisa LeVasseur:  When you are not logged in, there is an 
  expectation of anonymity. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Other commitments that we make... mapped on arc, 
  sign up for promotional communication... the accepting cookies, 
  describing a browser or website... we are testing websites and 
  apps... when you're navigating through websites, this accepting 
  cookies comes early, that is a commitment. [scribe assist by Manu 
  Sporny]
<manu> "But it's complicated" slide.
Lisa LeVasseur:  There is this consented pseudonymous state... 
  you are temporarily remembered, recognized, responded to... but 
  you're not "identified" [scribe assist by Manu Sporny]
Lisa LeVasseur:  You actually /are/ identified, want to talk more 
  about that... at end... but there is a huge data channel here... 
  didn't know this existed until recently... langauage of the data 
  layer, this noxious data flow that's happening under radar of 
  individual. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Our idealized version of this doesn't point out 
  that today this happens overtly... the invisible layer. [scribe 
  assist by Manu Sporny]
<manu> Me2B Deal slide
Lisa LeVasseur:  For every one of these commitments, site wants 
  to use location, these are the cookies, will you let us... for 
  each of those commitments, there is a deal... what am I going to 
  give, what am I going to get? [scribe assist by Manu Sporny]
Lisa LeVasseur:  There is inherent fair value given for fair 
  value taken... looking for flagrant information collection... to 
  determine if it's a fair exchange... there is a personal quid pro 
  quo calculus. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Am I comfortable exchanging this information, is 
  it a fair exchange? [scribe assist by Manu Sporny]
<manu> Credentials and Me2B
Lisa LeVasseur:  Going back to mission of credentials... 
  synergies -- has to do w/ idea of "I'm in charge". [scribe assist 
  by Manu Sporny]
Mostly the answer is no it isn't a fair exchange but I have no 
  other options here D:
Lisa LeVasseur:  There is a design fiction ... I'm in charge -- 
  relationship lifecycle model slide. [scribe assist by Manu 
  Sporny]
Lisa LeVasseur:  Also, we care about bringing your own privacy 
  terms, permissions... working on IEEE personal privacy terms. 
  [scribe assist by Manu Sporny]
Lisa LeVasseur:  This is where most synergy lives. [scribe assist 
  by Manu Sporny]
<manu> Questions slide
Lisa LeVasseur:  Interested in credentials in Me2B marriage... 
  Credentials vs. Identifiers -- first and 3rd parties, throughout 
  relationship... pseudonymous cookie consent state. [scribe assist 
  by Manu Sporny]
Lisa LeVasseur:  Internal identifiers are used on ongoing data 
  collection/correlation/collection... service needs to be able to 
  construct those personal responses... 3rd party, universal 
  cross-platform IDs, real problem, testing is exposing these 
  things... fundamentals to adtech and martech. [scribe assist by 
  Manu Sporny]
Lisa LeVasseur:  Wonder how much you've thought about this stuff 
  -- not up to date on these discussions... wanted to leave w/ this 
  question about this stuff... how does it fit into user controlled 
  credentials. That's what I had. [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  Great, thank you -- questions? [scribe 
  assist by Manu Sporny]
Adrian Gropper:  Spend half of my time in standards and other 
  half in advocacy/governance -- in context of this group -- 
  separation of concerns, have power to specify in term of interop, 
  teaches us that controllers should be separate from processors, 
  and regulators should be separate from certifiers. [scribe assist 
  by Manu Sporny]
Adrian Gropper:  One of the ways to think about this -- 
  controller in GDPR sense of delegate [scribe assist by Manu 
  Sporny]
Adrian Gropper:  Service provider only gets authorizations... 
  that's something that regulators/certifiers can build on. [scribe 
  assist by Manu Sporny]
Manu Sporny:  Thanks Lisa, this is all really fantastic stuff, 
  very much aligned with the kind of tings that this group is 
  concerned with and thinking deeply about
  ... this is mostly an urge for you to engage more with the 
  community
  ... you ask some really great questions and we can't answer 
  them in this time
  ... but we are grappling with those questions
  ... a lot of the slide deck is very aligned with current 
  thinking in the group
  ... but there's no-one that is really focussed on it
  ... we tend to focus too much on the tech side and not enough 
  on the certification, testing, understanding what these 
  relationships are and creating languages to express it in the 
  market
  ... the question you're asking about identity and identifiers 
  vs credentials, there are a lot of different angles on that
  ... what we have tried to do as adrian mentioned is separate 
  these things to the biggest degree possible so we can understand 
  each one
  ... at greater depth and then compose them together in 
  appropriate ways
  ... ripping the thing apart into its atomic components and 
  building new molecules that are fit for purpose
  ... the language that you are using and have generated can 
  really help this community
  ... I wouldn't want to see you present and then go off 
  somewhere else. A plea to figure out some way to get the work you 
  presented more directly integrated with the work we ar edoing, it 
  can do a lot of good in this group
Lisa LeVasseur:  Great, thank you, will engage -- we are open for 
  business, membership is open... in a soft launch, platform has 
  some bugs, but are working through those... if you'd like to 
  join, please join and follow along certification WG. [scribe 
  assist by Manu Sporny]
Lisa LeVasseur:  Know some people that are in call... would love 
  to figure out ways to keep this connection fresh and alive. 
  [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  Thank you, agreed - there are increasing 
  opportunities as well -- DHS wallet design challenge, more 
  product focused... user interaction flow, testing and 
  certification, both process and specifics would be interested in 
  exploring in context of wallets. [scribe assist by Manu Sporny]
Kim Hamilton Duffy:  Thank you again Lisa for the great 
  discussion and topics that it brings up, looking forward to 
  continuing to collaborate. [scribe assist by Manu Sporny]
Lisa LeVasseur:  Thank you looking forward to collaborating 
  further. [scribe assist by Manu Sporny]

Received on Tuesday, 15 December 2020 20:30:08 UTC