[MINUTES] W3C Call - 2020-02-25 12pm ET

Thanks to Kaliya Young for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2020-02-25/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-02-25

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2020Feb/0073.html
Topics:
  1. Introductions / Reintroductions
  2. Announcements and Reminders
  3. Progress on Action Items
  4. Lightning Service Authentication Tokens (LSATs)
Organizer:
  Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
Scribe:
  Kaliya Young
Present:
  Buck Perley, Orie Steele, Christopher Allen, Manu Sporny, Justin 
  Richer, Sumita Jonak, Joe Andrieu, Dave Longley, Wayne Vaughn, 
  Kim Hamilton Duffy, Dmitri Zagidulin, Markus Sabadello, Kaliya 
  Young, Jonathan Holt, Ganesh Annan, Kayode Ezike, Juan Caballero, 
  Amy Guy, Chris Winczewski, Benjamin Young, David I. Lehn, Eugen 
  Rochko, Nate Otto, Matt Stone, Tzviya Siegman
Audio:
  https://w3c-ccg.github.io/meetings/2020-02-25/audio.ogg

Buck Perley: Yeah, linphone keeps dropping when I try and connect 
  for some reason without any error :-/
Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
  https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
Kim Hamilton Duffy: 
  https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
Kaliya Young is scribing.

Topic: Introductions / Reintroductions

Kaliya Young: Blazp researcher at Institute of Informatics, UM 
  FERI part of a European Union with a pilot as part of several 
  university - where students share blockchain based credentials.
Kaliya Young: Blazp: Interested in W3C Standards.
Kaliya Young: @Wayne from terion
Kaliya Young: CEO of terion developed libraries that is going to 
  be presented today.
Kaliya Young: Announcements and reminders:
Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/

Topic: Announcements and Reminders

Wayne Vaughn: Kaliya... I didn't do any development on Boltwall 
  or LSATs.js. It was spearheaded by Buck Perley.
Joe Andrieu: http://rwot10.eventbrite.com
Kim Hamilton Duffy: https://www.knowidentity.com/2020-conference/
Kaliya Young: DID F2Face happened
Kaliya Young: The RWoT in Beus Aries
Kim Hamilton Duffy: IIW: 
  https://www.eventbrite.com/e/internet-identity-workshop-iiwxxx-30-2020a-tickets-79016788341
Kaliya Young: Know Identity
Kaliya Young: IIW in Mountain View
Kim Hamilton Duffy: http://www.cvent.com/d/fhqnf3/4W
Kaliya Young: 9-11 There is identifiers in denver CO
Kaliya Young: June
https://eductx.org/ - blockchain based student's certificates 
  project (EDUcTX); 
  https://ii.feri.um.si/en/person/blaz-podgorelec-2/ - about me 
  (personal webpage) https://www.de4a.eu/ - H2020 project with 
  research and pilot related to SSI and VC 
  https://www.concordia-h2020.eu/ - H2020 project - participate in 
  research related to IDM
Kaliya Young: @ChristopherA new proposal for RWoT in TheHague 
  week after berlin blockchain week.
Kaliya Young:  ID4africa first week of June, second week is 
  RightsCon in CostaRica [scribe assist by Kim Hamilton Duffy]

Topic: Progress on Action Items

Kaliya Young: Progress on action itmes
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Kaliya Young: Kinhd: we want to move to one step publishing
Kim Hamilton Duffy:  If we do better work on the call to clean up 
  notes as we go. [scribe assist by Kaliya Young]
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/meetings/blob/gh-pages/README.md#cleaning-up-the-minutes
Kim Hamilton Duffy:  New saving process will be better. [scribe 
  assist by Kaliya Young]
Kim Hamilton Duffy:  We have gotten this process a lot more 
  automated. [scribe assist by Kaliya Young]
Christopher Allen:  To share more context it has been taking the 
  chairs. (mostly Kim) several hours to do this after each of the 
  meetings - it is a big deal. [scribe assist by Kaliya Young]
Christopher Allen:  If you need something changed in the 
  transcripts it needs to be done after the meeting - please notify 
  the chairs. [scribe assist by Kaliya Young]
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues/87
Kaliya Young: Sip issues
Christopher Allen:  If you are using sip - please share with you 
  what settings are working with you because [scribe assist by 
  Kaliya Young]
Amy Guy: Kimhd, ChristopherA: sorry about the delay, I have 
  screenshots for onsip but I lost the text I wrote before I could 
  push it, I just haven't had time to do it again yet
Kim Hamilton Duffy: https://w3c-ccg.github.io/connecting.html

Topic: Lightning Service Authentication Tokens (LSATs)

Kim Hamilton Duffy: Blog: 
  https://medium.com/tierion/lsats-pseudonymous-authentication-using-bitcoin-lightning-payments-459e209b4b36
Kim Hamilton Duffy: Presentation: 
  https://docs.google.com/presentation/d/1YE5UJk05Q9I2k7hhlM6oSVARGIajPF5u50r1LNCe-x4/edit?usp=sharing
Wayne Vaughn: Here are links to the technologies that presented 
  to CCG today. We hope other developers will use them to build 
  applications that use Lighting for payments and authentication.   
  Boltwall - Bitcoin Lightning paywall and authentication using 
  LSATs. Built with LND, Nodejs, and Typescript. 
  https://github.com/Tierion/boltwall  Boltbox - Easy to deploy and 
  manage lightning infrastructure for software developers 
  https://github.com/Tierion/boltbox  LSAT-js A utility [CUT]
Wayne Vaughn: LSAT-js A utility library for working with LSATs 
  (Lightning Service Authentication Tokens) in javascript 
  https://github.com/Tierion/lsat-js
Buck Perley:  It is built with various technologies. [scribe 
  assist by Kaliya Young]
Wayne Vaughn: Announcement Blog Post 
  https://medium.com/tierion/lsats-pseudonymous-authentication-using-bitcoin-lightning-payments-459e209b4b36
Buck Perley:  Has been working with Tierion for the past year 
  working on authentication with lightning as well as blockstack 
  [scribe assist by Kaliya Young]
Buck Perley:  This is around the 402 status code - one that is 
  unused since originally proposed. [scribe assist by Kaliya Young]
Buck Perley:  Started with home spun version that leveraged 
  macaroons a bit [scribe assist by Kaliya Young]
Kaliya Young: Back: a new format was proposed Lightning service 
  authentication tokens.
Buck Perley:  Slide 2  state of aUth today. [scribe assist by 
  Kaliya Young]
Kaliya Young:  Feel free to scribe lightly during the 
  presentation -- the slide link is part of the minutes, so people 
  can access the content [scribe assist by Kim Hamilton Duffy]
Kaliya Young: Ok.
Kaliya Young: Slide 2
Kaliya Young: Slide 3
Kaliya Young: Slide 4
Buck Perley:  The super power comes in chaining capabilities. 
  [scribe assist by Kaliya Young]
Buck Perley:  Macaroon has its capabilities pre-built in. 
  Decoupled application logic. Decouple policy - from proof (not 
  sure If I got this right). [scribe assist by Kaliya Young]
Kaliya Young: Slide 5
Buck Perley:  Using macaroons and native payment system to the 
  internet lets us do a lot of interesting things vs. draw backs 
  [scribe assist by Kaliya Young]
Buck Perley:  You could read a bunch of articles payments with 
  cryptocurrency via crypto currency without giving away who you 
  are [scribe assist by Kaliya Young]
Buck Perley:  At Teiron we are using it so that machines can pay 
  for things. M2M automated set up. Sybil resistance is built in . 
  Protocol level distribution. share and attenuate the privileges. 
  [scribe assist by Kaliya Young]
Kaliya Young: Slide 6
Buck Perley:  402 Payment required - this has been here since the 
  beginning but not leveraged until today. [scribe assist by Kaliya 
  Young]
Buck Perley:  Payment headers LSAT  - to reply with requirements 
  [scribe assist by Kaliya Young]
Buck Perley:  Payment now authorized. [scribe assist by Kaliya 
  Young]
Buck Perley:  On the other side is lighting. [scribe assist by 
  Kaliya Young]
Buck Perley:  Bolt 11 is a group of proposals published and 
  debated there. [scribe assist by Kaliya Young]
Buck Perley:  It is formatting around invoicing and payment 
  requests. [scribe assist by Kaliya Young]
Kaliya Young: That node has to send you an invoice which the  
  nature of the payments.
Buck Perley:  Pre-image in the invoice and returned when payment 
  is made. [scribe assist by Kaliya Young]
Buck Perley:  HTL hashed time locked contract. [scribe assist by 
  Kaliya Young]
Buck Perley:  Layer2 protocols - contracts that are negotiated 
  and re-negotiated. Pre-image payment hash exchange. [scribe 
  assist by Kaliya Young]
Buck Perley:  When you get that pre-image proof of payment that 
  is proof that you were paid. [scribe assist by Kaliya Young]
Kaliya Young: Slide 7
Buck Perley:  Diagram on how the protocol and exchange mechanism 
  works. [scribe assist by Kaliya Young]
Buck Perley:  Macaroon is going to include payment information   
  what is needed to get paid. and ycu can add other thing. [scribe 
  assist by Kaliya Young]
Buck Perley:  The paying of the invoice can happen totally out of 
  band between client and server. Not from same device. [scribe 
  assist by Kaliya Young]
Buck Perley:  All that is required is that that invoice get paid. 
  [scribe assist by Kaliya Young]
Buck Perley:  If you get the pre-image gets added into the 
  [scribe assist by Kaliya Young]
Buck Perley:  You could pay for someone else and delegate. 
  [scribe assist by Kaliya Young]
Buck Perley:  This has a day's worth of access and give it to 
  someone else. [scribe assist by Kaliya Young]
Buck Perley:  Read out question. [scribe assist by Kaliya Young]
Buck Perley:  Answer - very similar what i use is comparable with 
  google version. [scribe assist by Kaliya Young]
Buck Perley:  Compatability  is a nice feature not inventing 
  things new. [scribe assist by Kaliya Young]
Buck Perley:  Macaroon serialization format is the same as it has 
  been for many years. [scribe assist by Kaliya Young]
Buck Perley:  LSAT implements common Macaroon format. [scribe 
  assist by Kaliya Young]
Buck Perley:  Need commitment to invoice payment hash. [scribe 
  assist by Kaliya Young]
Buck Perley:  There is an identifier used to build each macaroon 
  and a format to include the payment hash in each macaroon. 
  [scribe assist by Kaliya Young]
Buck Perley:  If you are adding the pre-image even if you don't 
  have access to lighting node. You know invoice associated with 
  LSAT has been paid. [scribe assist by Kaliya Young]
Buck Perley:  LSAT has a versioned identifier if you are storing 
  them in a database. so you can update the serialization format 
  [scribe assist by Kaliya Young]
Buck Perley:  It is getting finalized in next couple weeks. 
  [scribe assist by Kaliya Young]
Buck Perley:  We can add all sorts of flexibility on top of LSATs 
  [scribe assist by Kaliya Young]
Buck Perley:  Must match the keys [scribe assist by Kaliya Young]
Kaliya Young: Slide 20
Buck Perley:  For pay as you go - get back macaroon with invoice 
  get pre-image back - send LSAT token back to get access to post. 
  [scribe assist by Kaliya Young]
Buck Perley:  HODL invoices can replace AWS [scribe assist by 
  Kaliya Young]
Buck Perley:  How to implement invoices in lighting. [scribe 
  assist by Kaliya Young]
Buck Perley:  Its a one time use token. [scribe assist by Kaliya 
  Young]
Buck Perley:  A fully paid payment can become not valid [scribe 
  assist by Kaliya Young]
Buck Perley:  Push subscriptions..service has to send new invoice 
  when you pay for access. [scribe assist by Kaliya Young]
Buck Perley:  Decentralized oAuth with 3rd party caveats. [scribe 
  assist by Kaliya Young]
Buck Perley:  You can have a platform or service that they have 
  been paid. [scribe assist by Kaliya Young]
Buck Perley:  Instead of Medium.com getting pay out every month - 
  more immediate. [scribe assist by Kaliya Young]
Kaliya Young: Slide 10
Buck Perley:  Built in paywall solution BOLTWALL (single line) 
  then you have a protection and will take care of the hand shake. 
  [scribe assist by Kaliya Young]
Wayne Vaughn: Boltbox - Easy to deploy and manage lightning 
  infrastructure for software developers 
  https://github.com/Tierion/boltbox
Buck Perley:  LSAT playground you can go to a link in the slide 
  [scribe assist by Kaliya Young]
Manu Sporny: All this stuff is great, buck, thank you for 
  presenting! :)
Buck Perley:  Explore LSATs in the browser - pay for access to 
  pokemon API [scribe assist by Kaliya Young]
Manu Sporny: This stuff reminds me a lot of the stuff that the 
  Coil folks are doing through the W3C Web Payments WG: 
  https://www.w3.org/blog/2019/09/w3c-interview-coil-on-interledger-protocol-and-web-monetization/
Manu Sporny: We did attempt to define HTTP 402 a number of years 
  ago (and failed): 
  https://www.w3.org/TR/2016/WD-webpayments-http-api-20160915/#introduction
Manu Sporny: Also, would like your thoughts on: 
  https://w3c-ccg.github.io/zcap-ld/
Christopher Allen:  Wanted to say this is 2nd in a series of 
  requirements and examples of directed capabilities technologies. 
  [scribe assist by Kaliya Young]
Christopher Allen:  Had a question mixed use of terms 
  authentication and authorization (We are trying to more clearly 
  separate these in this community ). [scribe assist by Kaliya 
  Young]
Christopher Allen:  402 Ask for authentication but reply with no 
  I'm going to authorize. [scribe assist by Kaliya Young]
Buck Perley:  The community is around LSAT is really small - me 
  and a couple engineers from lighting labs. [scribe assist by 
  Kaliya Young]
Buck Perley:  Authentication you pay a very small amount - sybil 
  resistance that proves who you are and use it as a login. [scribe 
  assist by Kaliya Young]
Buck Perley:  In chain point and the way in bolt wall is bing 
  used is on authorization - do I have permission to submit this 
  hash. [scribe assist by Kaliya Young]
Buck Perley:  It is not being entirely separated could use both 
  use-cases. [scribe assist by Kaliya Young]
Jonathan Holt:  Question on third party validation making 
  macaroon depends on a client-server. how to have 3rd party 
  delegation. [scribe assist by Kaliya Young]
Buck Perley:  What about using lightning using distributed KPI 
  out of the box with lighting. Every lighting node can identify 
  via routing tables they maintain. [scribe assist by Kaliya Young]
Buck Perley:  Public key associated with lighting node is like a 
  real world ID because it is connected to payment channels. 
  [scribe assist by Kaliya Young]
Buck Perley:  2Nd caveat made by key and lighting node (Sorry 
  this is hard to track). [scribe assist by Kaliya Young]
Kaliya Young: Thank you buck for joining us for this 
  presentation.
Wayne Vaughn: <Applause for Buck>
Thanks buck!

Received on Saturday, 29 February 2020 20:30:54 UTC