- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Tue, 15 Dec 2020 12:29:52 -0800 (PST)
Thanks to Manu Sporny and Amy Guy for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2020-12-15 Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2020-12-15 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2020Dec/0080.html Topics: 1. Introductions / Reintroductions 2. Announcements and Reminders 3. Me2B Alliance Organizer: Kim Hamilton Duffy and Wayne Chang and Heather Vescent Scribe: Manu Sporny and Amy Guy Present: Charles E. Lehner, Wayne Chang, Heather Vescent, Manu Sporny, Kim Hamilton Duffy, Ted Thibodeau, James Chartrand, Ryan Grant, Amy Guy, Adrian Gropper, Dmitri Zagidulin, Erica Connell, Lisa LeVasseur Audio: https://w3c-ccg.github.io/meetings/2020-12-15/audio.ogg Kim Hamilton Duffy: https://www.w3.org/community/credentials/join Kim Hamilton Duffy: https://www.w3.org/accounts/request Kim Hamilton Duffy: https://www.w3.org/community/about/agreements/cla/ Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/ <rgrant> preset+ Manu Sporny is scribing. Topic: Introductions / Reintroductions Kim Hamilton Duffy: Anyone new to the call that would like to introduce themselves? No takers. Kim Hamilton Duffy: Reintroductions, then. Kim Hamilton Duffy: Dmitri, do you mind reintroducing yourself? Dmitri Zagidulin: Hi everyone, Dmitri software Engineer w/ Digital Bazaar -- active in VC/DID/Confidential storage -- contributing to related Javascript libraries. Topic: Announcements and Reminders Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/ Kim Hamilton Duffy: This is the last meeting of the year Kim Hamilton Duffy: Every Tuesday we have this weekly call... we have VC EDU task force -- meeting every Monday 8am PT -- Kim Hamilton Duffy: DID Resolution also on Monday weekly 1pm PT Kim Hamilton Duffy: Confidential Storage, with DIF, Thursday 1-2pm PT Wayne Chang: First is call for objections to infrastructure Task force -- work items dependent on group existing, npm package management, reduce burden on chairs, object/support on Github issue below. Wayne Chang: Starting in January 5th -- first meeting of new year -- have a conflict -- decision is to see if there is interest in separate meeting time -- availability in general, few suggested slots, move it a day, etc. Wayne Chang: Feedback, respond to thread. <heathervescent> I can go over the chair job description if interested Kim Hamilton Duffy: We do have an upcoming Chair election... if you are interested, reach out to current chairs -- Heather has been working on Chair job description which gives you some idea on how the sausage making happens. Kim Hamilton Duffy: Items that Heather and Wayne may want to go through... next. Kim Hamilton Duffy: VC PRs under maintenance Charter... talked about this last week. Kim Hamilton Duffy: It's not clear where this issue needs to live now. Amy Guy is scribing. Manu Sporny: It still needs to live in the ccg, there's no better place for it ... we need to have a call ... I don't feel like we're making good progress on the issue, there are too many unknown details ... after tholidays we should convene a meeting between the leadership and communities and nail the process down so w3c staff is happy Manu Sporny: We need to have a meeting between Chairs, Editors of all of these communities to make progress. [scribe assist by Manu Sporny] Heather Vescent: Update - productive call w/ wayne last week - discussing issues -- main concern w/ scope - did a high level audit of all systems... based on audit -- current activities and desired for potential future things (VC PR maintenance stuff), next step is to wayne to identify items in audit to be in scope of infrastructure task force. [scribe assist by Manu Sporny] Heather Vescent: Wayne and I are going to talk later this week about getting specific about scope of infrastructure TF and what that will cover to address concerns I raised. Part of conversation includes where this goes... 170 -- infrastructure or elsewhere. [scribe assist by Manu Sporny] Kim Hamilton Duffy: What about #3 -- outstanding objection for proposal? [scribe assist by Manu Sporny] Heather Vescent: W3C infrastructure has a strong objection model, which I think is a masculine bias in W3C infra, won't fight that in this group... will discuss in diversity and inclusion group at W3C... moving to positive work environment group... [scribe assist by Manu Sporny] Heather Vescent: I will address the note on #3 - I'll update that. We need to make sure that anything in this issue is accounted for. [scribe assist by Manu Sporny] Note that the inclusion and diversity group is not closing, the pwe is combining with it because there is a lot of joint membership, and both groups will be chartered into one Heather Vescent: I'm not 100% behind on infrastructure task force still, working w/ Wayne to address all my concerns. [scribe assist by Manu Sporny] Heather Vescent: I am not full speed ahead on Infrastructure Task Force, I'm full speed ahead on addressing the concerns. [scribe assist by Manu Sporny] Kim Hamilton Duffy: This one is in proposed status for a while -- after you do that, we have one week for objections -- if you can do that as soon as possible, then we could move forward with it. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Npm repository ... is it a part of Infrastrcuture Task Force? [scribe assist by Manu Sporny] Wayne Chang: If Infrastructure Task Force is created, it will deal w/ npm governance. [scribe assist by Manu Sporny] Kim Hamilton Duffy: We need to clarify whether or not this is in scope. Calling out expectations might be something we need to do... task force might take that on. [scribe assist by Manu Sporny] Wayne Chang: Test suites, reference data, those are initial low risk, low stakes that we'd like to see there, instead of stuff that's in a production build chain. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Happy for this, moving things forward. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Moving on to the highlight. [scribe assist by Manu Sporny] Topic: Me2B Alliance Kim Hamilton Duffy: Over to Lisa... [scribe assist by Manu Sporny] Lisa LeVasseur: Thank you for listening in today -- want to focus on Me2B alliance and the work that this group is doing. [scribe assist by Manu Sporny] Lisa LeVasseur: Key thing we've learned, we don't have right vocabulary to talk about relationships in digital world... sharing about proposed language and terminology that we've come up with. [scribe assist by Manu Sporny] Lisa LeVasseur: One of the things I wanted to do is information share with this group... slide 2 - note to self, mission of group is important [scribe assist by Manu Sporny] Lisa LeVasseur: Agenda slide - Who are we, what do we do -- lifecycle, credentials, deals. [scribe assist by Manu Sporny] Lisa LeVasseur: Wrap up with Me2B and credentials and a couple of questions -- things that you might be able to clarify for me. [scribe assist by Manu Sporny] Lisa LeVasseur: Our Ethos slide - respectful technologies are better for both Me-s and B-s. We are more Me focused because of the current power dynamics in industry. [scribe assist by Manu Sporny] Lisa LeVasseur: Our Mission slide - Current working version of mission. [scribe assist by Manu Sporny] Lisa LeVasseur: Background in mobile telecom standards - sometimes markets are created through standards... what if we created a different kind of standard that's not technical, but has ethical/behavioral considerations... create standard, create certification, drive demand, create market choices... that is idealized. [scribe assist by Manu Sporny] Lisa LeVasseur: It's not easy [scribe assist by Manu Sporny] Lisa LeVasseur: That is the founding vision -- we used to describe ourselves as good housekeeping... that's not what we're about.. . more like independent crash testing institute... instead of testing cars, we're looking for potential harms and risks. [scribe assist by Manu Sporny] Lisa LeVasseur: Digital Harms dictionary - continuing to build it out... modify over time... focus on harms. [scribe assist by Manu Sporny] <manu> Independent crash testing institute slide <manu> Ethical north star slide Lisa LeVasseur: We spent a good time contemplating what our ethical north star -- come up with universal ethic, perhaps a fools errand... but do we want to mirror behaviros of healthy human relationships? [scribe assist by Manu Sporny] Lisa LeVasseur: We've taken aspects of healthy human relationships and adapted them... [scribe assist by Manu Sporny] <manu> Me2B Rules of Engagement slide Lisa LeVasseur: These are tests in our testing rubric... not going to read through them, but do want to call out a couple of things... haven't said data or privacy yet, deliberate... those words are too narrow. [scribe assist by Manu Sporny] Lisa LeVasseur: What you'll see here are respective boundaries... privacy is one such boundary -- respectful defaults [scribe assist by Manu Sporny] Lisa LeVasseur: Precursor to relationship state... [scribe assist by Manu Sporny] Lisa LeVasseur: Really crucial for technology -- this rule, is in absence of stated preferences, default to certain behavior. [scribe assist by Manu Sporny] Lisa LeVasseur: This comes out of social norms... when we meet someone for first time, we withhold things. [scribe assist by Manu Sporny] Lisa LeVasseur: Apply these rules to products/services -- products/services are not obeying rule of respectful defaults. [scribe assist by Manu Sporny] <manu> Me-Manifesto slide Lisa LeVasseur: There is the Me-Manifesto... still wordsmithing it -- pretty good... We assert our rights, I'm in charge, We play nice. [scribe assist by Manu Sporny] Lisa LeVasseur: We're doing early certification -- took a long time to build out testing rubric -- table stakes testing criteria... doing early certification with friendlies since mid-year. [scribe assist by Manu Sporny] Lisa LeVasseur: Has been hugely illuminating... proper commercial launch next year. [scribe assist by Manu Sporny] Lisa LeVasseur: 3 Key principles... assert rights, in charge, play nice. [scribe assist by Manu Sporny] Adrian Gropper: Here are two links (in my tweet) relevant to governance of controller-processor interoperability https://twitter.com/agropper/status/1338832808463233025 <manu> It's Really "We" slide Lisa LeVasseur: Ethos is not individualistic, recognizes interdependence, healthy societies need respectful relationships... don't expect we'll do sustainability testing on tech, but others will... important to consider for well being. [scribe assist by Manu Sporny] <manu> Me2B Relationship in digital world slide Lisa LeVasseur: Deliberate relationships - multiple touchpoints... interaction w/ business (legal)... and then connected products and services. [scribe assist by Manu Sporny] Lisa LeVasseur: Connected products and services, brand ambassadors -- connected, available, smart -- humanesque part to connected products and services... building up valance of love/hate/whatever -- coloring our idea about brand and business itself... squirrel-y today [scribe assist by Manu Sporny] Kim Hamilton Duffy: Rhiaro found this me2b url: https://me2ba.org/ (the other one wasn't loading) <manu> Me2B Relationship Layers slide Lisa LeVasseur: Unbox iPhone... create Legal relationship w/ Apple. [scribe assist by Manu Sporny] Lisa LeVasseur: Then experiential Relationship w/ iPhone... (this is all experimental language, still working through it) [scribe assist by Manu Sporny] Lisa LeVasseur: At this point, there is a valance... feeling about the product. [scribe assist by Manu Sporny] Lisa LeVasseur: But what's also happening... Hidden Affiliates... 3rd party integrations... these entities are unknown [scribe assist by Manu Sporny] Lisa LeVasseur: Let's say she downloads Chrome browser... then legal relationship created w/ Google. [scribe assist by Manu Sporny] Lisa LeVasseur: Starts to use browser... experiential relationship w/ Chrome browser... phone is Me2T - technology enabler [scribe assist by Manu Sporny] Adrian Gropper: Here's the new Apple Privacy App Store privacy labeling: https://developer.apple.com/app-store/app-privacy-details/ Lisa LeVasseur: Interacting w/ brand ambassador - Google... hidden affiliates grow... even more now - Googles and Apples [scribe assist by Manu Sporny] Lisa LeVasseur: Using browser, navigate to Instagram. [scribe assist by Manu Sporny] Lisa LeVasseur: Creates legal relationship with... who? Who's the business... [scribe assist by Manu Sporny] <manu> Instagram login site slide Lisa LeVasseur: Who's the business? It's not Instagram... it's Facebook... lines are blurry on these relationships, it's confusing... acknowledge that it's a bit of a contrived example. Once again, subjected to hidden affiliates stack... native device monitoring, chrome browser monitoring, keeps stacking up... relationships... test clarify scope of testing, we needed some language to describe landscape of this. [scribe assist by Manu Sporny] Lisa LeVasseur: Saying Me2B covers ALL of layered relationships and touchpoints, because all touchpoints need to be respectful. [scribe assist by Manu Sporny] Lisa LeVasseur: Moving on into relationship lifecycle... Me2B Relationship lifecycle model... [scribe assist by Manu Sporny] Adrian Gropper: Apple adopted the first 3 of my (PPR) label suggestion to them in 2018. https://ssrn.com/abstract=3439701 They did not adopt the last two :-) Lisa LeVasseur: Taken from human relationship model, adapting it for use for Me2B [scribe assist by Manu Sporny] <manu> Me2B Relationship Lifecycle Model slide Lisa LeVasseur: Skipping over physical world, focusing more on digital world -- all can understand processes and understandings of these stages... how we get into state of being very committed ... use service on regular basis. [scribe assist by Manu Sporny] Lisa LeVasseur: No relationship is ever clean, no model is every perfect... we realize that... apply social norms to digital commitments. [scribe assist by Manu Sporny] Lisa LeVasseur: What this really looks like is an EKG, not a mountain... tool for understanding how we can get more specific in our testing/scoping... test behavior of technology... within digital Me2B Commitments, what are those? [scribe assist by Manu Sporny] <manu> Spectrum of Me2B Commitments Lisa LeVasseur: There are a spectrum of specific transactions and agreements that we make in the digital world... this can be understood as states... not perfectly states [scribe assist by Manu Sporny] Lisa LeVasseur: When we do our testing, for example... expectations of individuals... very first open of app/website, we're measuring that behavior to see what's going on... nothing sneaky going on - no commitment commitment. [scribe assist by Manu Sporny] Lisa LeVasseur: This is the starting point [scribe assist by Manu Sporny] Lisa LeVasseur: Then cookie consent... location consent... that might appear in different way [scribe assist by Manu Sporny] Lisa LeVasseur: Promotional communication commitment... loyalty program commitment... [scribe assist by Manu Sporny] Lisa LeVasseur: One-off Transaction... do one thing, then go on our way. [scribe assist by Manu Sporny] Lisa LeVasseur: Me2B "Marriage" -- a lot of people don't like this phrase, working phrase, effective as a metaphor... we'll see if it stands up. [scribe assist by Manu Sporny] Lisa LeVasseur: We are testing data minimization in these things... individual has agency to enroll/unenroll of all these commitments, no strings attached in commitments. Digital Me2B marriage, when individual establishes an account. [scribe assist by Manu Sporny] Lisa LeVasseur: "I like it, so I create an account" [scribe assist by Manu Sporny] Lisa LeVasseur: That is the marriage... account creation. [scribe assist by Manu Sporny] Lisa LeVasseur: The hallmark of this is signaling to the business that you want to be remembered, recognized, responded to (from functional identity) [scribe assist by Manu Sporny] Lisa LeVasseur: At end of it, I delete my account... divorce -- I am forgotten... account deletion. [scribe assist by Manu Sporny] Lisa LeVasseur: Idealized mapping of two main states of being in a marriage and not being in a marriage. [scribe assist by Manu Sporny] Lisa LeVasseur: When I'm logged in, I'm in the marriage... when I'm not logged in, there is no Me2B marriage... have reasonable expectation to be anonymous... from human perspective... how your life is when you window shop in real world. [scribe assist by Manu Sporny] Lisa LeVasseur: If you walk into store for first time and someone called you by name, that would be creepy... would violate the expectation of anonymity. [scribe assist by Manu Sporny] Lisa LeVasseur: When you are not logged in, there is an expectation of anonymity. [scribe assist by Manu Sporny] Lisa LeVasseur: Other commitments that we make... mapped on arc, sign up for promotional communication... the accepting cookies, describing a browser or website... we are testing websites and apps... when you're navigating through websites, this accepting cookies comes early, that is a commitment. [scribe assist by Manu Sporny] <manu> "But it's complicated" slide. Lisa LeVasseur: There is this consented pseudonymous state... you are temporarily remembered, recognized, responded to... but you're not "identified" [scribe assist by Manu Sporny] Lisa LeVasseur: You actually /are/ identified, want to talk more about that... at end... but there is a huge data channel here... didn't know this existed until recently... langauage of the data layer, this noxious data flow that's happening under radar of individual. [scribe assist by Manu Sporny] Lisa LeVasseur: Our idealized version of this doesn't point out that today this happens overtly... the invisible layer. [scribe assist by Manu Sporny] <manu> Me2B Deal slide Lisa LeVasseur: For every one of these commitments, site wants to use location, these are the cookies, will you let us... for each of those commitments, there is a deal... what am I going to give, what am I going to get? [scribe assist by Manu Sporny] Lisa LeVasseur: There is inherent fair value given for fair value taken... looking for flagrant information collection... to determine if it's a fair exchange... there is a personal quid pro quo calculus. [scribe assist by Manu Sporny] Lisa LeVasseur: Am I comfortable exchanging this information, is it a fair exchange? [scribe assist by Manu Sporny] <manu> Credentials and Me2B Lisa LeVasseur: Going back to mission of credentials... synergies -- has to do w/ idea of "I'm in charge". [scribe assist by Manu Sporny] Mostly the answer is no it isn't a fair exchange but I have no other options here D: Lisa LeVasseur: There is a design fiction ... I'm in charge -- relationship lifecycle model slide. [scribe assist by Manu Sporny] Lisa LeVasseur: Also, we care about bringing your own privacy terms, permissions... working on IEEE personal privacy terms. [scribe assist by Manu Sporny] Lisa LeVasseur: This is where most synergy lives. [scribe assist by Manu Sporny] <manu> Questions slide Lisa LeVasseur: Interested in credentials in Me2B marriage... Credentials vs. Identifiers -- first and 3rd parties, throughout relationship... pseudonymous cookie consent state. [scribe assist by Manu Sporny] Lisa LeVasseur: Internal identifiers are used on ongoing data collection/correlation/collection... service needs to be able to construct those personal responses... 3rd party, universal cross-platform IDs, real problem, testing is exposing these things... fundamentals to adtech and martech. [scribe assist by Manu Sporny] Lisa LeVasseur: Wonder how much you've thought about this stuff -- not up to date on these discussions... wanted to leave w/ this question about this stuff... how does it fit into user controlled credentials. That's what I had. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Great, thank you -- questions? [scribe assist by Manu Sporny] Adrian Gropper: Spend half of my time in standards and other half in advocacy/governance -- in context of this group -- separation of concerns, have power to specify in term of interop, teaches us that controllers should be separate from processors, and regulators should be separate from certifiers. [scribe assist by Manu Sporny] Adrian Gropper: One of the ways to think about this -- controller in GDPR sense of delegate [scribe assist by Manu Sporny] Adrian Gropper: Service provider only gets authorizations... that's something that regulators/certifiers can build on. [scribe assist by Manu Sporny] Manu Sporny: Thanks Lisa, this is all really fantastic stuff, very much aligned with the kind of tings that this group is concerned with and thinking deeply about ... this is mostly an urge for you to engage more with the community ... you ask some really great questions and we can't answer them in this time ... but we are grappling with those questions ... a lot of the slide deck is very aligned with current thinking in the group ... but there's no-one that is really focussed on it ... we tend to focus too much on the tech side and not enough on the certification, testing, understanding what these relationships are and creating languages to express it in the market ... the question you're asking about identity and identifiers vs credentials, there are a lot of different angles on that ... what we have tried to do as adrian mentioned is separate these things to the biggest degree possible so we can understand each one ... at greater depth and then compose them together in appropriate ways ... ripping the thing apart into its atomic components and building new molecules that are fit for purpose ... the language that you are using and have generated can really help this community ... I wouldn't want to see you present and then go off somewhere else. A plea to figure out some way to get the work you presented more directly integrated with the work we ar edoing, it can do a lot of good in this group Lisa LeVasseur: Great, thank you, will engage -- we are open for business, membership is open... in a soft launch, platform has some bugs, but are working through those... if you'd like to join, please join and follow along certification WG. [scribe assist by Manu Sporny] Lisa LeVasseur: Know some people that are in call... would love to figure out ways to keep this connection fresh and alive. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Thank you, agreed - there are increasing opportunities as well -- DHS wallet design challenge, more product focused... user interaction flow, testing and certification, both process and specifics would be interested in exploring in context of wallets. [scribe assist by Manu Sporny] Kim Hamilton Duffy: Thank you again Lisa for the great discussion and topics that it brings up, looking forward to continuing to collaborate. [scribe assist by Manu Sporny] Lisa LeVasseur: Thank you looking forward to collaborating further. [scribe assist by Manu Sporny]
Received on Tuesday, 15 December 2020 20:30:08 UTC