- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Sat, 29 Feb 2020 12:30:38 -0800 (PST)
Thanks to Kaliya Young for scribing this week! The minutes for this week's Credentials CG telecon are now available: https://w3c-ccg.github.io/meetings/2020-02-25/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- Credentials CG Telecon Minutes for 2020-02-25 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2020Feb/0073.html Topics: 1. Introductions / Reintroductions 2. Announcements and Reminders 3. Progress on Action Items 4. Lightning Service Authentication Tokens (LSATs) Organizer: Kim Hamilton Duffy and Joe Andrieu and Christopher Allen Scribe: Kaliya Young Present: Buck Perley, Orie Steele, Christopher Allen, Manu Sporny, Justin Richer, Sumita Jonak, Joe Andrieu, Dave Longley, Wayne Vaughn, Kim Hamilton Duffy, Dmitri Zagidulin, Markus Sabadello, Kaliya Young, Jonathan Holt, Ganesh Annan, Kayode Ezike, Juan Caballero, Amy Guy, Chris Winczewski, Benjamin Young, David I. Lehn, Eugen Rochko, Nate Otto, Matt Stone, Tzviya Siegman Audio: https://w3c-ccg.github.io/meetings/2020-02-25/audio.ogg Buck Perley: Yeah, linphone keeps dropping when I try and connect for some reason without any error :-/ Kim Hamilton Duffy: https://www.w3.org/community/credentials/join Kim Hamilton Duffy: https://www.w3.org/accounts/request Kim Hamilton Duffy: https://www.w3.org/community/about/agreements/cla/ Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/ Kim Hamilton Duffy: https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing Kaliya Young is scribing. Topic: Introductions / Reintroductions Kaliya Young: Blazp researcher at Institute of Informatics, UM FERI part of a European Union with a pilot as part of several university - where students share blockchain based credentials. Kaliya Young: Blazp: Interested in W3C Standards. Kaliya Young: @Wayne from terion Kaliya Young: CEO of terion developed libraries that is going to be presented today. Kaliya Young: Announcements and reminders: Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/ Topic: Announcements and Reminders Wayne Vaughn: Kaliya... I didn't do any development on Boltwall or LSATs.js. It was spearheaded by Buck Perley. Joe Andrieu: http://rwot10.eventbrite.com Kim Hamilton Duffy: https://www.knowidentity.com/2020-conference/ Kaliya Young: DID F2Face happened Kaliya Young: The RWoT in Beus Aries Kim Hamilton Duffy: IIW: https://www.eventbrite.com/e/internet-identity-workshop-iiwxxx-30-2020a-tickets-79016788341 Kaliya Young: Know Identity Kaliya Young: IIW in Mountain View Kim Hamilton Duffy: http://www.cvent.com/d/fhqnf3/4W Kaliya Young: 9-11 There is identifiers in denver CO Kaliya Young: June https://eductx.org/ - blockchain based student's certificates project (EDUcTX); https://ii.feri.um.si/en/person/blaz-podgorelec-2/ - about me (personal webpage) https://www.de4a.eu/ - H2020 project with research and pilot related to SSI and VC https://www.concordia-h2020.eu/ - H2020 project - participate in research related to IDM Kaliya Young: @ChristopherA new proposal for RWoT in TheHague week after berlin blockchain week. Kaliya Young: ID4africa first week of June, second week is RightsCon in CostaRica [scribe assist by Kim Hamilton Duffy] Topic: Progress on Action Items Kaliya Young: Progress on action itmes Kim Hamilton Duffy: https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 Kaliya Young: Kinhd: we want to move to one step publishing Kim Hamilton Duffy: If we do better work on the call to clean up notes as we go. [scribe assist by Kaliya Young] Kim Hamilton Duffy: https://github.com/w3c-ccg/meetings/blob/gh-pages/README.md#cleaning-up-the-minutes Kim Hamilton Duffy: New saving process will be better. [scribe assist by Kaliya Young] Kim Hamilton Duffy: We have gotten this process a lot more automated. [scribe assist by Kaliya Young] Christopher Allen: To share more context it has been taking the chairs. (mostly Kim) several hours to do this after each of the meetings - it is a big deal. [scribe assist by Kaliya Young] Christopher Allen: If you need something changed in the transcripts it needs to be done after the meeting - please notify the chairs. [scribe assist by Kaliya Young] Kim Hamilton Duffy: https://github.com/w3c-ccg/community/issues/87 Kaliya Young: Sip issues Christopher Allen: If you are using sip - please share with you what settings are working with you because [scribe assist by Kaliya Young] Amy Guy: Kimhd, ChristopherA: sorry about the delay, I have screenshots for onsip but I lost the text I wrote before I could push it, I just haven't had time to do it again yet Kim Hamilton Duffy: https://w3c-ccg.github.io/connecting.html Topic: Lightning Service Authentication Tokens (LSATs) Kim Hamilton Duffy: Blog: https://medium.com/tierion/lsats-pseudonymous-authentication-using-bitcoin-lightning-payments-459e209b4b36 Kim Hamilton Duffy: Presentation: https://docs.google.com/presentation/d/1YE5UJk05Q9I2k7hhlM6oSVARGIajPF5u50r1LNCe-x4/edit?usp=sharing Wayne Vaughn: Here are links to the technologies that presented to CCG today. We hope other developers will use them to build applications that use Lighting for payments and authentication. Boltwall - Bitcoin Lightning paywall and authentication using LSATs. Built with LND, Nodejs, and Typescript. https://github.com/Tierion/boltwall Boltbox - Easy to deploy and manage lightning infrastructure for software developers https://github.com/Tierion/boltbox LSAT-js A utility [CUT] Wayne Vaughn: LSAT-js A utility library for working with LSATs (Lightning Service Authentication Tokens) in javascript https://github.com/Tierion/lsat-js Buck Perley: It is built with various technologies. [scribe assist by Kaliya Young] Wayne Vaughn: Announcement Blog Post https://medium.com/tierion/lsats-pseudonymous-authentication-using-bitcoin-lightning-payments-459e209b4b36 Buck Perley: Has been working with Tierion for the past year working on authentication with lightning as well as blockstack [scribe assist by Kaliya Young] Buck Perley: This is around the 402 status code - one that is unused since originally proposed. [scribe assist by Kaliya Young] Buck Perley: Started with home spun version that leveraged macaroons a bit [scribe assist by Kaliya Young] Kaliya Young: Back: a new format was proposed Lightning service authentication tokens. Buck Perley: Slide 2 state of aUth today. [scribe assist by Kaliya Young] Kaliya Young: Feel free to scribe lightly during the presentation -- the slide link is part of the minutes, so people can access the content [scribe assist by Kim Hamilton Duffy] Kaliya Young: Ok. Kaliya Young: Slide 2 Kaliya Young: Slide 3 Kaliya Young: Slide 4 Buck Perley: The super power comes in chaining capabilities. [scribe assist by Kaliya Young] Buck Perley: Macaroon has its capabilities pre-built in. Decoupled application logic. Decouple policy - from proof (not sure If I got this right). [scribe assist by Kaliya Young] Kaliya Young: Slide 5 Buck Perley: Using macaroons and native payment system to the internet lets us do a lot of interesting things vs. draw backs [scribe assist by Kaliya Young] Buck Perley: You could read a bunch of articles payments with cryptocurrency via crypto currency without giving away who you are [scribe assist by Kaliya Young] Buck Perley: At Teiron we are using it so that machines can pay for things. M2M automated set up. Sybil resistance is built in . Protocol level distribution. share and attenuate the privileges. [scribe assist by Kaliya Young] Kaliya Young: Slide 6 Buck Perley: 402 Payment required - this has been here since the beginning but not leveraged until today. [scribe assist by Kaliya Young] Buck Perley: Payment headers LSAT - to reply with requirements [scribe assist by Kaliya Young] Buck Perley: Payment now authorized. [scribe assist by Kaliya Young] Buck Perley: On the other side is lighting. [scribe assist by Kaliya Young] Buck Perley: Bolt 11 is a group of proposals published and debated there. [scribe assist by Kaliya Young] Buck Perley: It is formatting around invoicing and payment requests. [scribe assist by Kaliya Young] Kaliya Young: That node has to send you an invoice which the nature of the payments. Buck Perley: Pre-image in the invoice and returned when payment is made. [scribe assist by Kaliya Young] Buck Perley: HTL hashed time locked contract. [scribe assist by Kaliya Young] Buck Perley: Layer2 protocols - contracts that are negotiated and re-negotiated. Pre-image payment hash exchange. [scribe assist by Kaliya Young] Buck Perley: When you get that pre-image proof of payment that is proof that you were paid. [scribe assist by Kaliya Young] Kaliya Young: Slide 7 Buck Perley: Diagram on how the protocol and exchange mechanism works. [scribe assist by Kaliya Young] Buck Perley: Macaroon is going to include payment information what is needed to get paid. and ycu can add other thing. [scribe assist by Kaliya Young] Buck Perley: The paying of the invoice can happen totally out of band between client and server. Not from same device. [scribe assist by Kaliya Young] Buck Perley: All that is required is that that invoice get paid. [scribe assist by Kaliya Young] Buck Perley: If you get the pre-image gets added into the [scribe assist by Kaliya Young] Buck Perley: You could pay for someone else and delegate. [scribe assist by Kaliya Young] Buck Perley: This has a day's worth of access and give it to someone else. [scribe assist by Kaliya Young] Buck Perley: Read out question. [scribe assist by Kaliya Young] Buck Perley: Answer - very similar what i use is comparable with google version. [scribe assist by Kaliya Young] Buck Perley: Compatability is a nice feature not inventing things new. [scribe assist by Kaliya Young] Buck Perley: Macaroon serialization format is the same as it has been for many years. [scribe assist by Kaliya Young] Buck Perley: LSAT implements common Macaroon format. [scribe assist by Kaliya Young] Buck Perley: Need commitment to invoice payment hash. [scribe assist by Kaliya Young] Buck Perley: There is an identifier used to build each macaroon and a format to include the payment hash in each macaroon. [scribe assist by Kaliya Young] Buck Perley: If you are adding the pre-image even if you don't have access to lighting node. You know invoice associated with LSAT has been paid. [scribe assist by Kaliya Young] Buck Perley: LSAT has a versioned identifier if you are storing them in a database. so you can update the serialization format [scribe assist by Kaliya Young] Buck Perley: It is getting finalized in next couple weeks. [scribe assist by Kaliya Young] Buck Perley: We can add all sorts of flexibility on top of LSATs [scribe assist by Kaliya Young] Buck Perley: Must match the keys [scribe assist by Kaliya Young] Kaliya Young: Slide 20 Buck Perley: For pay as you go - get back macaroon with invoice get pre-image back - send LSAT token back to get access to post. [scribe assist by Kaliya Young] Buck Perley: HODL invoices can replace AWS [scribe assist by Kaliya Young] Buck Perley: How to implement invoices in lighting. [scribe assist by Kaliya Young] Buck Perley: Its a one time use token. [scribe assist by Kaliya Young] Buck Perley: A fully paid payment can become not valid [scribe assist by Kaliya Young] Buck Perley: Push subscriptions..service has to send new invoice when you pay for access. [scribe assist by Kaliya Young] Buck Perley: Decentralized oAuth with 3rd party caveats. [scribe assist by Kaliya Young] Buck Perley: You can have a platform or service that they have been paid. [scribe assist by Kaliya Young] Buck Perley: Instead of Medium.com getting pay out every month - more immediate. [scribe assist by Kaliya Young] Kaliya Young: Slide 10 Buck Perley: Built in paywall solution BOLTWALL (single line) then you have a protection and will take care of the hand shake. [scribe assist by Kaliya Young] Wayne Vaughn: Boltbox - Easy to deploy and manage lightning infrastructure for software developers https://github.com/Tierion/boltbox Buck Perley: LSAT playground you can go to a link in the slide [scribe assist by Kaliya Young] Manu Sporny: All this stuff is great, buck, thank you for presenting! :) Buck Perley: Explore LSATs in the browser - pay for access to pokemon API [scribe assist by Kaliya Young] Manu Sporny: This stuff reminds me a lot of the stuff that the Coil folks are doing through the W3C Web Payments WG: https://www.w3.org/blog/2019/09/w3c-interview-coil-on-interledger-protocol-and-web-monetization/ Manu Sporny: We did attempt to define HTTP 402 a number of years ago (and failed): https://www.w3.org/TR/2016/WD-webpayments-http-api-20160915/#introduction Manu Sporny: Also, would like your thoughts on: https://w3c-ccg.github.io/zcap-ld/ Christopher Allen: Wanted to say this is 2nd in a series of requirements and examples of directed capabilities technologies. [scribe assist by Kaliya Young] Christopher Allen: Had a question mixed use of terms authentication and authorization (We are trying to more clearly separate these in this community ). [scribe assist by Kaliya Young] Christopher Allen: 402 Ask for authentication but reply with no I'm going to authorize. [scribe assist by Kaliya Young] Buck Perley: The community is around LSAT is really small - me and a couple engineers from lighting labs. [scribe assist by Kaliya Young] Buck Perley: Authentication you pay a very small amount - sybil resistance that proves who you are and use it as a login. [scribe assist by Kaliya Young] Buck Perley: In chain point and the way in bolt wall is bing used is on authorization - do I have permission to submit this hash. [scribe assist by Kaliya Young] Buck Perley: It is not being entirely separated could use both use-cases. [scribe assist by Kaliya Young] Jonathan Holt: Question on third party validation making macaroon depends on a client-server. how to have 3rd party delegation. [scribe assist by Kaliya Young] Buck Perley: What about using lightning using distributed KPI out of the box with lighting. Every lighting node can identify via routing tables they maintain. [scribe assist by Kaliya Young] Buck Perley: Public key associated with lighting node is like a real world ID because it is connected to payment channels. [scribe assist by Kaliya Young] Buck Perley: 2Nd caveat made by key and lighting node (Sorry this is hard to track). [scribe assist by Kaliya Young] Kaliya Young: Thank you buck for joining us for this presentation. Wayne Vaughn: <Applause for Buck> Thanks buck!
Received on Saturday, 29 February 2020 20:30:54 UTC