W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

[MINUTES] W3C Credentials CG Call - 2020-06-02 12pm ET

From: W3C CCG Chairs <w3c.ccg@gmail.com>
Date: Sun, 07 Jun 2020 14:48:48 -0700 (PDT)
Message-ID: <5edd60c0.1c69fb81.f5a87.fd9d@mx.google.com>
Thanks to Markus Sabadello for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2020-06-02/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2020-06-02

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2020Jun/0001.html
Topics:
  1. Introductions and reintroductions
  2. Announcements & Reminders
  3. Progress on Action Items
  4. Chair Election
  5. SVIP Interoperability Plug Fest
Organizer:
  Kim Hamilton Duffy and Joe Andrieu and Christopher Allen
Scribe:
  Markus Sabadello
Present:
  Joe Andrieu, Ryan Grant, Wayne Vaughn, Erica Connell, Anil John, 
  Geun Hyung, Markus Sabadello, Chris Winczewski, Kim Hamilton 
  Duffy, Amy Guy, Adrian Gropper, Manu Sporny, Andrew Johnston, 
  Kaliya Young, Dmitri Zagidulin, Dave Longley, Dan Burnett, Will 
  Abramson, Ganesh Annan, Jonathan Holt, Juan Caballero, 
  Christopher Allen, Heather Vescent, Brent Zundel, Don Waugh, 
  David Mason, Jorge del Prado, Orie Steele
Audio:
  https://w3c-ccg.github.io/meetings/2020-06-02/audio.ogg

Kim Hamilton Duffy: https://www.w3.org/community/credentials/join
Kim Hamilton Duffy: https://www.w3.org/accounts/request
Kim Hamilton Duffy: 
  https://www.w3.org/community/about/agreements/cla/
Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/
Kim Hamilton Duffy: 
  https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing
Wayne Vaughn: Mark these words, 2020 will be the year of the 
  desktop linux
Markus Sabadello: Scribe+
Markus Sabadello is scribing.
Juan Caballero: And feeling guilty about never scribing but have 
  very unreliable audio

Topic: Introductions and reintroductions

Kim Hamilton Duffy: Jorge del Prado, DIACC
Kim Hamilton Duffy: Don Waugh of DIACC
Kim Hamilton Duffy: Andrew Johnston DIACC Two Keys
Kim Hamilton Duffy: David Mason Gov of Canada

Topic: Announcements & Reminders

Kim Hamilton Duffy: https://w3c-ccg.github.io/announcements/
Martin Kuo from Peoples Group, Member of DIACC (from Canada)
Kim Hamilton Duffy: http://www.cvent.com/d/fhqnf3/4W
Juan Caballero: Wait wut!?
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/vc-ed/blob/gh-pages/README.md
Juan Caballero: https://imgflip.com/i/43pyvk
Kim Hamilton Duffy: 
  https://www.eventbrite.com/e/dif-face-to-face-virtual-tickets-106632396368

Topic: Progress on Action Items

Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Kim Hamilton Duffy: 
  https://github.com/w3c-ccg/community/issues/105
Manu Sporny: +1 To close W3C DVCG
Juan Caballero: 
  https://66.media.tumblr.com/34f8917b16ab22a3c5ff16e050e96a7e/tumblr_pfqdmuyljy1rolr3a_400.jpg
Wayne Vaughn: Pick a screen sharing solution issue: 
  https://github.com/w3c-ccg/community/issues/126
I'm sorry my connection dropped right after I volunteered as 
  scribe.. :( I can continue now.
Scribe+

Topic: Chair Election

Brent Zundel: Is it a vote per ccg member, or per member 
  organization?
Christopher Allen:  We have asked Orie , identitywoman and Dan to 
  help tally the results, which will be announced at the next 
  meeting.
Kaliya Young: Yes
Orie Steele: I'd prefer not to
Joe Andrieu:  Do we have confirmation from all three that they 
  will help?
Christopher Allen:  Orie are you on board?
Chris Winczewski: I volunteer to count.
Joe Andrieu:  We also have to figure out what email alias we are 
  using, then we'll send it out by announcement
Brent Zundel:  Is it a vote per CCG member, or per member 
  organization?
Kim Hamilton Duffy:  I thought per member, joe, christopher, is 
  that right?
Christopher Allen:  My understanding it's per member (do you show 
  up in the members list?)
Manu Sporny: Wait, per CCG member (individual) or per CCG member 
  company (individuals and per company)
Joe Andrieu: 
  https://www.w3.org/community/credentials/participants
Kim Hamilton Duffy:  On the W3C CCG site, there's a list of 
  people who have officially signed up
Ganesh Annan: 
  https://www.w3.org/community/credentials/participants
Joe Andrieu:  You have to have been a member at the time of the 
  announcement
Heather Vescent:  Just wanted to get clarity on the date that 
  people had to join by. You guys haven't stated that date.
Heather Vescent:  There are also people who follow this.. Do 
  people have to join when the election was announced.
Joe Andrieu: May 12 was the date of the announcement
Heather Vescent:  There might be people who want to participate 
  who were less interested in participating prior to knowing that 
  an election would be possible.
Kim Hamilton Duffy:  Were we clear at the time that there would 
  be a cut off date?
Heather Vescent:  I never heard any explicit date until today.. 
  We want the right people to vote, but there was not awareness 
  that there was going an opportunity to have a vote.
Heather Vescent:  We didn't know what election protocol to 
  follow, we don't want to cut off people's ability to participate
Heather Vescent:  I do think there's a question in my mind since 
  I didn't hear a particular cut off date until now.
Manu Sporny:  Agree with heathervescent , I was not aware there 
  was going to be a cut off date.
Manu Sporny:  We should point to a place with a public record of 
  a cut off date.
Manu Sporny: 
  https://www.w3.org/community/credentials/participants
Manu Sporny:  I wanted to clarify, who can vote? Is this an 
  individual based vote, or a company based vote?
Manu Sporny:  E.g. Digital Bazaar has multiple people come to the 
  meeting. I feel uncomfortable having an individual based vote, 
  given the size of some companies.
Manu Sporny:  It shoud be one member - one vote. As an individual 
  you get one vote. As a large company you also get one vote. This 
  makes it a community group.
Kim Hamilton Duffy:  Manu I get your point, but if you look at 
  actual people who are registered, there are not too many people 
  per company
Joe Andrieu:  Regarding the posted record, this link was the 
  follow-up to the announcement made on May 12th
Joe Andrieu:  So if you were not a member on May 12th, you don't 
  get to vote
Manu Sporny: "Nominations and voting are open to all current CCG 
  members as of the election announcement on Tuesday, May 12."
Dave Longley: Voting announcement: 
  https://lists.w3.org/Archives/Public/public-credentials/2020May/0104.html
Manu Sporny: That is clear
Manu Sporny: Crystal clear - great.
Dan Burnett: Yep, clear
Joe Andrieu:  The question is, who is a "member of the CCG" (as 
  opposed to "member of W3C")
Heather Vescent: OK, that is clear. Thank you.
Dan Burnett:  I think it's clear, based on what Joe just said.
Christopher Allen: +Q
Kim Hamilton Duffy:  Do we still have a question individuals vs. 
  member companies?
Dan Burnett:  Manu is right, I have personally witnessed "room 
  packing". There is potentially a risk, but announcement of a date 
  was a good thing, this makes people show up.
Manu Sporny: +1 To what burn is saying right now.
Dan Burnett:  That's when you have to wonder about people and 
  their motivations. As a group we can look at it, and if it looks 
  like crazy overwhelming votes by one company, we can do something 
  about it. Normally, we only have 2-3 per company, and in this 
  case usually they all contribute.
Christopher Allen:  I wanted to be clear that the chairs get a 
  list of all changes as people join and leave. There have only 
  been 5 or 6 changes since May 12th, i.e. a small group of people 
  who are not eligible.
Christopher Allen:  We will send this list to the talliers.
Christopher Allen:  If you are listed as a member you can vote. 
  It's an individual vote, not a corporate vote.
Christopher Allen:  We can change the charter if necessary, but I 
  don't see a need for that right now.

Topic: SVIP Interoperability Plug Fest

Kim Hamilton Duffy:  This was sponsored by DHS, we have Anil_John 
  on this call as well as participating companies
Anil John:  I'm happy for participants to report, then I can add 
  some comments from the government side.
Manu Sporny:  To give background on DHS Silicon Vallery 
  Innovation Program (SVIP), this is a program in the US that 
  creates contracts between companies working on technologies that 
  are helpful to DHS
Anil John: I also sent a overview deck on SVIP and the work that 
  we have been doing in this space to the CCG list as an FYI
Anil John: Just sent
Manu Sporny:  This particular set of companies are building and 
  deploying DID and VC technologies, the vast majority are active 
  participants in this CCG.
Manu Sporny:  One of the things the program is trying to do is 
  ensure that there are good open standards in place for the 
  technologies we are creating.
Manu Sporny:  The desire is to prevent vendor lock-in, to 
  demonstrate that there is real interoperability (not just 
  companies pretending it)
Manu Sporny:  This is open to companies outside the U.S.
Manu Sporny:  Typically such programs are limited to only E.U, or 
  only U.S., etc.
Manu Sporny:  This is novel since it accepts anyone in the world 
  working on DIDs, VCs.
Manu Sporny:  One thing that we had to do was demonstrate 
  interoperability between the systems we are deploying
Manu Sporny:  There were a number of use cases, such as Permanent 
  Residence Cards, and supply chain use cases around steel and 
  timber imports
Manu Sporny:  These are real use cases, real governments 
  involved, real technologies built out to achieve these use cases
Manu Sporny:  The common underpinning thing was we are all using 
  DIDs, VCs, all conceived by this community group.
Manu Sporny:  At the very end of it, we had to demonstrate 
  interop, we had to show e.g. one company issuing a VC, another 
  company picking it up with their wallet, and presenting the VC to 
  a verifier built by yet another company.
Manu Sporny:  This meant interop between different DID methods, 
  resolvers, CHAPI, encrypted data vaults, etc.
Manu Sporny:  Anyone else from the cohort want to add anything?
Joe Andrieu: 
  https://lists.w3.org/Archives/Public/public-credentials/2020Jun/0011.html
Joe Andrieu: (Anil's email)
Anil John:  I sent an email describing the program
Anil John:  This had interoperability using seven different 
  platforms, using the baseline of the standards that have been 
  incubated and championed
Anil John:  This is not software monoculture, this is real 
  multi-party interop
Anil John:  Anybody who makes an argument that this is impossible 
  and we can't do it.. We demonstrated that it's possible. Doesn't 
  mean that there isn't more work that needs to be done.
Orie Steele:  I wanted to say thank you to Anil_John and the 
  other SVIP companies. This work has been really really helpful in 
  demonstrating technical interoperability.
Orie Steele:  This is not done, the test case repositories will 
  continue to be maintained
Orie Steele:  Even if you are not part of the SVIP cohort 
  companies, this is open to all of CCG, and anyone if welcome to 
  contribute
Jonathan Holt:  I'm concerned about a hard constraint on JSON-LD. 
  We have other formats such as CBOR
Jonathan Holt:  Is there are plan for other interopability to 
  expand the proof testing?
Anil John:  From our perspective, our focus continue to be on 
  JSON-LD.
Anil John:  We have companies in this cohort that in addition to 
  supporting JSON-LD, they also support other mechanisms
Anil John:  They want to support across the broader ecosystem. We 
  require JSON-LD but don't stop others from supporting other 
  technologies
Orie Steele: Jonathan_holt I'm trying to support JWTs... but 
  unfortunately the VC Data Model was overly inspecific regarding 
  their interactions with controllers / DIDs... I think we will see 
  some interoperability tests for them eventually.
Markus Sabadello:  What we've done in this program isn't limited 
  to the program itself. One of the requirements was that what we 
  did had to be contributed to CCG and opened up to wider 
  discussion. [scribe assist by Manu Sporny]
Markus Sabadello:  The work will continue there - that's been 
  really valuable, not only was the program for implementing the 
  government use cases, but it's strengthened the community as a 
  whole. That's the most important/interesting part for me. [scribe 
  assist by Manu Sporny]
Kim Hamilton Duffy: Anil, I'm going to turn over to you at 10 
  minutes before the hour. That will give you a few minutes to talk 
  plus a few more for Q&A. Sound ok?
Orie Steele: Regarding CBOR and JSON DID Documents... there are 
  currently 0 did documents that are expressed as only JSON or 
  CBOR, AFAIK... so one major reason not to focus on them... is 
  that they are even more experimental than JSON-LD DID Document 
  represenations.
Anil John:  The intent of us being public about this, sharing 
  lessions learned, making test suite public available... We want 
  to feed back into the community what worked and what didn't work, 
  to improve the standardization process.
Manu Sporny:  I wanted to explain what we thought would be easy 
  but ended up being very challenging.
Manu Sporny:  As Anil_John pointed out, when you have a real use 
  case, and you have to implement the use case AND do interop, you 
  find things you didn't anticipate
Manu Sporny:  E.g. the VC specifications have a test suite, it 
  was implemented, everybody passed. But when we started issuing 
  and consuming VCs, some things didn't line up
Manu Sporny:  In the VC work, we were not working on APIs, so we 
  only started working on that during SVIP.
Manu Sporny:  We thought those APIs would be simple, but they 
  turned out to be very difficult. Systems that need to interop 
  must have such APIs.
Orie Steele:   The IPID DID method is built on dagCBOR and I am 
  supporting 3 other implementers. [scribe assist by Jonathan Holt]
Manu Sporny:  It took us multiple months for the organizations to 
  collaborate on this, we had multiple calls about the design of 
  those APIs.. Even after we locked down the spec, we needed to 
  tweak things in order to get interop working
Manu Sporny:  We (Digital Bazaar) thought this would eat up 
  10%-15% of our time, but it was more like 40%-50% of our time.
Orie Steele: Jonathan_holt can you link the repos for dagCBOR 
  here?
Manu Sporny:  The good news is that at the end of the day, this 
  helped us hammer through issues.. Because of that, we were 
  ultimately able to demonstrate interop between different 
  companies
Manu Sporny:  We were able to push things beyond just the lowest 
  layer (the W3C VC test suite), and have higher-level tests for 
  real interop
Orie Steele:   https://github.com/ipfs-shipyard/js-did-ipid 
  [scribe assist by Jonathan Holt]
Kim Hamilton Duffy:  It would be interesting to understand a bit 
  more the kinds of challenges you ran into, maybe a few examples.. 
  This could inform future standardization efforts
Kim Hamilton Duffy:  What can we learn from this going forward
Anil John:  Just a couple of quick points.. The work is by no 
  means done. We demonstrated a foundation level of interop
Anil John:  Because of Covid19 we were not able to do actual 
  testing, only demos
Anil John:  In the future we expect to increase actual testing
Anil John:  Two areas I am worried about from our organization:
Anil John:  We are the only global authoritative issues of a U.S. 
  Permanent Residence Card. One of the question that had a lot of 
  discussion is, will you accept a DID that is coming to you, or 
  are you expected to issue a DID for the subject?
Anil John:  We are concerned that all DID issuance infrastructure 
  is not the same, wallets are not the same, security 
  characteristics are widely unknown.
Anil John:  We expect to whitelist a set of DIDs and wallets we 
  will accept. The criteria we will use for that is completely 
  undefined.
Anil John:  In the absence of a broader ecosystem, we plan to 
  brute force this. In Phase 3, red teams will investigate the 
  solutions
Kaliya Young: 
  https://twitter.com/dinodaizovi/status/1267697835480399874 "Tech 
  friends: I think now is a good time to submit PRs to systems you 
  work on that replace terminology like whitelist/blacklist with 
  alternatives like allowlist/denylist. Besides not having any 
  racial overtones, they are clearer to non-native English speakers 
  too."
Anil John:  That brute force mechanism is what I am using in the 
  absence of something more rigorous in the community
Anil John:  The second piece of it is:
Anil John:  We need to pay a whole lot more attention on the user 
  experience of wallets. In my own head, we have the ability to do 
  challenges and prizes. Would this be useful to make the 
  technology available to more people?
Anil John:  I'm giving a lot of thought to this to move forward
Kaliya Young: Allow listing is a better term :)
Ryan Grant:  My question is, what is the timeframe for 
  determining whitelisting criteria for wallets, and where will DHS 
  store the whitelist?
Kaliya Young: Lets deprogram problematic language
Anil John:  I don't know the criteria yet. The companies are now 
  moving into Phase 2, and there will be red teams in Phase 3.
Anil John:  We're going to have to develop a set of criteria, 
  then verify it at least for the companies that are under contract 
  with us.
Jonathan Holt:  I wrote a post about wallet portability
Anil John:  That blog post is my personal opinion, not the 
  opinion of the government
Anil John:  In the interop event, we demonstrated multiple wallet 
  providers being able to interop with multiple issuers and 
  multiple verifiers.
Kim Hamilton Duffy:  Thanks for joining
Received on Sunday, 7 June 2020 21:49:04 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 7 June 2020 21:49:05 UTC