- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Mon, 23 Mar 2020 20:20:48 -0700 (PDT)
Thanks to Stuart Freeman for scribing this week! The minutes for this week's CCG Verifiable Credentials for Education Task Force telecon are now available: https://w3c-ccg.github.io/meetings/2020-03-23/ Full text of the discussion follows for W3C archival purposes. Audio from the meeting is available as well (link provided below). ---------------------------------------------------------------- CCG Verifiable Credentials for Education Task Force Telecon Minutes for 2020-03-23 Agenda: https://lists.w3.org/Archives/Public/public-credentials/2020Mar/0064.html Topics: 1. Introductions and Re-introductions 2. Guest expert Orie Steele presents open source libraries and VC-EDU demos Organizer: Kim Hamilton Duffy and Christopher Allen and Joe Andrieu Scribe: Stuart Freeman Present: Leonard Rosenthal, Orie Steele, Kim Hamilton Duffy, James Chartrand, Adam Lemmon, Stuart Freeman, Nate Otto, Chris Winczewski, Scott Fehrman, Juan Caballero, Nick Hathaway, Laura Fowler, Joshua Marks Audio: https://w3c-ccg.github.io/meetings/2020-03-23/audio.ogg Kim Hamilton Duffy: https://www.w3.org/community/credentials/join Kim Hamilton Duffy: https://www.w3.org/accounts/request Help Kim Hamilton Duffy: https://www.w3.org/community/about/agreements/cla/ Kim Hamilton Duffy: https://w3c-ccg.github.io/meetings/ Stuart Freeman is scribing. Topic: Introductions and Re-introductions Kim Hamilton Duffy: S_Gallant is Scott Gallant introducing himself Scott Fehrman: 20+ Years ed tech, heathcare interop ... webshield, also does privacy consulting Kim Hamilton Duffy: Nick Hathaway introducing himself Nick Hathaway: Elcocker, 25+ years ed tech experience, working on wallets Kim Hamilton Duffy: Lauraj is at UWashington Laura Fowler: Business analyst at U washington, higher ed vc use cases Kim Hamilton Duffy: Joshua Marks PCG Joshua Marks: Ims global comprehensive learner spec Topic: Guest expert Orie Steele presents open source libraries and VC-EDU demos Joshua Marks: Is there we screen share for this call? Kim Hamilton Duffy: There are a few libraries that orie called attention to, signature suite, and vc demo Joshua Marks: Is there a screen share for this call? ... repo of vc examples, we might consider adding our stuff to Orie Steele: https://gist.github.com/OR13/0b8be9d8c43c2acd2d7cf09f6887a8a0 Orie Steele: Transmute, works on decentralized identifiers ... demo regarding working with dhs ... open source interop with credentials Kim Hamilton Duffy: Reminder, links are here: https://gist.github.com/OR13/0b8be9d8c43c2acd2d7cf09f6887a8a0 Kim Hamilton Duffy: Note: if you're using Brave browser, you may have to "lower your shields" for these sites Kim Hamilton Duffy: Verifier repo: https://github.com/w3c-ccg/vc-verifier-http-api Kim Hamilton Duffy: Issuer repo: https://github.com/w3c-ccg/vc-issuer-http-api Kim Hamilton Duffy: Ach kimhd Kim Hamilton Duffy: Credential handler api? Orie Steele: Api for interacting with creds on websites Kim Hamilton Duffy: Chapi: https://w3c-ccg.github.io/credential-handler-api/ I may not be the best scribe choice, voip keeps hanging up on me Orie/kim: other apis are being developed such as did-com and badge connect Nate Otto: I am getting phone calls, could add to queue to talk about Badge connect in 5min Leonard Rosenthal: Looking at chapi, appears to be tied to browser implementations Kim Hamilton Duffy: Stuartf I'll see if we can get another volunteer Orie Steele: This is addressing long standing issues in the browser space, very browser oriented Leonard Rosenthal: Server-to-server in the future> Kim Hamilton Duffy: Stuartf -- one other thought, you can dial in by phone. I can scribe for you while that's happening Kim Hamilton Duffy: Let me know Orie Steele: Chapi requests could be put over other media, but hasn't been done yet Nate Otto: Re server-to-server transmission [scribe assist by Kim Hamilton Duffy] Kim Hamilton Duffy: ...Spec that operates over OBs called BadgeConnect, part of OB 2.1 Kim Hamilton Duffy: ...Will be publicly available soon Kim Hamilton Duffy: ...Oauth2 + auth grants to enable users to provide permissions to transfer creds from service to service Kim Hamilton Duffy: ...Badgeconnect is s2s Kim Hamilton Duffy: ...Id provider can also be resource for credentials Kim Hamilton Duffy: ...Need to know domain name of badgeconnect host Kim Hamilton Duffy: ...Once it has permission it can send creds Kim Hamilton Duffy: ...Api is fairly extensible Error: (IRC nickname 'andy_' not recognized)[2020-03-23T15:39:15.678Z] <andy_> Badge Connect API (aka OB 2.1) is public (still Candidate Final) at https://www.imsglobal.org/activity/digital-badges Kim Hamilton Duffy: ...Content can be flexible Kim Hamilton Duffy: ...Interested in broader conversation about compatibility, and IMS is interested in VC alignment Kim Hamilton Duffy: ...If compatible, we should talk about how this would work I'm back Still a slow typist\ But yes Orie Steele: Spec about badge connect is interesting, would like to check out reference impl and examples ... could be dropped into the demo we just saw on issuer side ... possibly a direct integration Nate Otto: Badge Connect (Open Badges 2.1) is now in "Candidate Final (Public)" status available here: https://www.imsglobal.org/spec/ob/v2p1/ more links here https://www.imsglobal.org/activity/digital-badges ... vc signature suites being worked on by transmute ... same key to issue multiple types of credential with json web token ... or linked data ... gpg signature suite does the same but using gpg keys Leonard Rosenthal: Any consideration or plan for ??? standard ... etsi standard ... EU standards must comply Nate Otto: Discussion about selecting suites and how we can avoid confusing users about what can communicate with what ... what do we need in terms of agreements to assure that compatibility happens Leonard Rosenthal: ETSI_ESI - https://portal.etsi.org/TB-SiteMap/esi/esi-activities Leonard Rosenthal: JAdES - https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=52897 Orie Steele: There's a risk that diff companies go off and do similar looking things that don't interop ... agree to a key representation ... number of reasons for everyone to use jwk ... works with JOSE, many things already work with this Kim Hamilton Duffy: Thanks Leonard! ... agree on signature representation ... reccommend jose ... as a community identify software that is aleready widespread and adapt it instead of building whole new stacks Leonard Rosenthal: Badge connect considereing signed software statement signed with jwk in jose ... key question "what should we do to select did methods and sig suites to ensure compatibility" Kim Hamilton Duffy: Already it was unclear what the best choice Orie Steele: For example: https://w3c-ccg.github.io/ld-cryptosuite-registry/ ... ccg is acting as a gatekeeper where it shouldn't, we're not crypto experts ... vc data model spec complicated if using jots Orie Steele: See the (harmful) optionality here: https://www.w3.org/TR/vc-data-model/#jwt-encoding ... we're green field so can save effort by choosing existing standards Orie Steele: (Harmful is my opinion) ... what is the context of vc examples? Orie Steele: Starting point is spec, look for examples ... make things that look like the example ... problem when the example is very hypothetical ... try to prepare examples with real sigs that really verify ... pick did method that you can actually implement, did:web is good for this ... anything that uses a browser can use it, no need for lots of blockchain signatures ... a few things you have to do, define the context and host it Orie Steele: https://github.com/w3c-ccg/vc-examples/tree/master/docs/cmtr/examples/v0.1 ... markdown file in link defines the format Orie Steele: https://w3c-ccg.github.io/vc-examples/ ... links have to be resolvable for the example to make sense Orie Steele: https://w3c-ccg.github.io/vc-examples/cmtr/examples/v0.1/cmtr-verifiable-credential-v0.1.json Orie Steele: https://w3c-ccg.github.io/vc-examples/cmtr/examples/v0.1/cmtr-v0.1 ... context definition for this defines cmtr property ... can contain anything because this spec is in flux, as we become more confident in the structure become more specific Orie Steele: https://www.w3.org/TR/vc-data-model/#contexts Leonard Rosenthal: Disagree, it's not required that the documents be available and resolvable Orie Steele: @Context is REQUIRED :) Leonard Rosenthal: Must be present but need not be resolvable ... curious about harmful nature of jwt optionality Orie Steele: Jwt has reserved terms that come from jose, want to have short names and make sure no one overrides them ... when extended for vc having things always map resulted in having the data end up in various optional places ... makes implementation complex ... trying to verify means figuring out which options the issuer chose Leonard Rosenthal: Ah - I see what you mean. I misread that part of the spec. I read it as requirement to use the JOSE/JWT naming and *not* the VC ones Orie Steele: "For backward compatibility with JWT processors, the following JWT-registered claim names MUST be used instead of, or in addition to, their respective standard verifiable credential counterparts:" Leonard Rosenthal: Yeah, missed that "or" - we should get that fixed :) Kim Hamilton Duffy: If uris are missing and terms are defined, there may be security problems, or problems invalidating Orie Steele: Yes :) ... longer discussion will follow up Anybody here?
Received on Tuesday, 24 March 2020 03:21:03 UTC