[MINUTES] W3C Credentials CG Call - 2021-04-27 12pm ET from W3C CCG Chairs on 2021-04-27 (public-credentials@w3.org from April 2021)

From: W3C CCG Chairs <w3c.ccg@gmail.com>
Date: Tue, 27 Apr 2021 11:20:17 -0700 (PDT)
Message-ID: <608855e1.1c69fb81.997dc.11f5@mx.google.com>

Thanks to Manu Sporny for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2021-04-27

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-04-27

Agenda:
undefined
Topics:
1. Introductions / Reintroductions
2. Announcements and Reminders
3. Action Items
4. Traceability API
Organizer:
Kim Hamilton Duffy and Wayne Chang and Heather Vescent
Scribe:
Manu Sporny
Present:
Justin Richer, Heather Vescent, Manu Sporny, Mahmoud Alkhraishi,
Chris Winczewski, Charles E. Lehner, Mike Prorock, Ted Thibodeau,
Taylor Kendall, Wayne Chang, Adrian Gropper, Matthieu Collé, Kim
Hamilton Duffy, Orie Steele, Ryan Grant, Juan Caballero, Dmitri
Zagidulin, Kayode Ezike
Audio:
https://w3c-ccg.github.io/meetings/2021-04-27/audio.ogg

Manu Sporny is scribing.
Wayne Chang: Welcome to the CCG weekly meeting. This is April
27th - talking about IIW recap and Traceability API today.
Wayne goes over standard IPR agreement language -- get W3C
account - sign contributor license agreement -- all calls
recorded and transcribed -- use the queue to speak.

Topic: Introductions / Reintroductions

Justin Richer: Hi Justin Richer, independent consultant out of
Boston area -- working with Secure Key - haven't been able to
make it to CCG calls lately, but wanted to drop in and hear about
IIW.
Justin Richer: I do a lot of work in IETF, OpenID Foundation,
Kantara, W3C, on a bunch of different efforts, have my hands in
lots of different things.
Wayne Chang: Any reintroductions?
Wayne Chang: None, so moving on.

Topic: Announcements and Reminders

Heather Vescent: Today is the first CCG 101 session, Mike
Prorock is doing intro to supply chain and VCs
Heather Vescent: This is the first of a set of 101 sessions.
VC HTTP API inviation for this Thursday --
https://lists.w3.org/Archives/Public/public-credentials/2021Apr/0166.html
3Pm ET
Heather Vescent: Mike Prorock does a CCG 101 Tuesday, April 17,
2pm PDT / 5pm EDT / 22:00 BST / 23:00 CEST / 6am+1 KST / 9am+1
NZST
Manu Sporny: We'll be discussing VC HTTP API -- please join if
you're interested -- information on the mailing list.

Topic: Action Items

https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22
Wayne Chang: VC Maintenance Meeting -- we did make a PR with the
process on how to make changes to the VC specification
Wayne Chang: Please review the PR -- will send it out to the
mailing list.
https://github.com/w3c/vc-data-model/pull/774
Wayne Chang: Just sent a PR on how to update the specs for the
maintenance version -- maintenance mode -- not focused on adding
new features at this time.
Wayne Chang: Would like new features to be housed in repo --
contributions, extensions, will happen later this year.
Wayne Chang: General process I can review quickly here...
Wayne Chang: Only focused on merging Errata PRs for now... then
editors/chairs mark issues -- substantive, non-substantive,
editorial, etc. New features will need rechartering of WG... W3C
CCG will be notified, then PRs merged in 14 days.
Wayne Chang: VCWG will meet from time to time and merge PRs in
branches to make formal recommendation for publishing new
versions of the specifications.
Wayne Chang: If you're interested in making changes to VC spec,
that's how you do it.
Orie Steele: IIW also led to a new unification between aries and
didcomm and vc http api / DIF presesentation exchange :)
<by_caballero> ^ good first steps!
<orie> which I'm really excited to see level us up in terms of
wallet exchanges and interoperability
Heather Vescent: (Scribe assist) manu: thank's Wayne, hopefully
the process is straightforward with the right safeguards, but
still enable people to innovate on the base. Item of note: a lot
of peopel are spread between a lot of groups right now: DID Spec
is in CR and getting finalized, LDS work starting, the VC HTTP
API work, in general there is a lot of work going on. It is going
to take a while for us to re-prioritize the right work is
happening in the right place. People shouldn't expect the VC spec
to move quickly. We should have a process that allows people to
make request and get reviews. People should understanding
everyone is really overworked and don't expect things to go
quickly with any of this work.
Orie Steele: Nobody expects the CCG to mvoe quickly :)
Orie Steele: I'd like to summarize some of the conversations w/
presentations wrt. IIW --
Wayne Chang: Going to cover that at the end

Topic: Traceability API

Wayne Chang: What is the traceability API, who's involved, etc?
Orie Steele: For those not familiar with this work, CCG work
item that's been active in community -- focused on JSON interop
for Verifiable Credentials -- number of components to make that
work at scale... additional tooling around JSON-LD and JSON
Schema, to pull thsoe two things together... if you canre more
about JSON Schema, you can lean more on it... if you want
JSON-LD, you can focus on that
Mike Prorock: Note: this will be getting discussed at a high
level in the 101 call later on today
<mprorock> the vocab and VC creation and Data Model aspects
Orie Steele: We've add a bunch of JSON-LD tooling, work item
that has a use case requirements section -- use cases for
describing VCs for supply chain traceability -- data model for
supply chain, use GS1 vocab, INCHI/CHEBI for chemicals, broad set
of vocab for traceability -- fairly useless just by itself.
Orie Steele: You need a set of APIs that need it's API --
Traceability vocabulary -- valid JSON Schema, valid JSON-LD, spec
is built properly -- many of companies working on Traceability...
working on VC HTTP API endpoints... supply chain traceability
credentials.
Orie Steele: One of the challenges w/ that particular work items
-- lack of use cases, lack of requirements, no support for Holder
APIs -- representative of things wallets do -- present VCs,
receive VCs... as of today, internal API -- tests in isolation
that are powerful, but it can't actually show you any form of
interop in end-to-end. It has no authorization, you can't expose
it on public Internet.
Orie Steele: So, Traceability API is a level up for the VC HTTP
API to make it something you can expose on public Internet, add
APIs for direct wallet interactions over HTTP -- wallet
interactions and wallet interaction protocols are a rough seas
area -- everything from VP request spec, presentation request...
to Presentation Request spec, which does data model for defining
how stuff works over DID Comm... to Bloom spec about flows for
HTTP and QR Code.
Orie Steele: The Traceability API will take approach to iterate,
and drive toward consistent set of interfaces, enterprise grade
authn, presentation exchange... purpose of work item is to think
about traceability -- data model around vocab, businesses want to
use today -- what are best tools to solve that problem, looking
for more mature solutions... like DIDComm (IIW work) --
tremendous community alignment around businesses exchanging
presentations around web
Wallets, native apps, backend services.
Orie Steele: All of those use cases need to be
supported/addressed to prove out interoperability -- not just web
wallets, not just back end services, move presentations around
trust boundaries, we need that today -- that's what Traceability
API is meant to solve.
Manu Sporny: +1 To those needs in the ecosystem. The issue is
that not all those things are about traceability. There are needs
outside of traceability for that. +1 for getting together to move
forward quickly, we need to make sure we need to align all these
people. Some companies and people are frusterated by the rate of
progress. [scribe assist by Heather Vescent]
Manu Sporny: It sounds like it's an implementation guide for
traceability, it covers data models and how do you authenticate
system, and wondering if that may be a better way to convey the
language. It's fine to put experimental API in there, but calling
it an API is misleading because it's an ecosystem thing. It's not
just focused on APIs. [scribe assist by Heather Vescent]
<orie> I agree its more than just an API
<orie> its a useable ecosystem
<wayne_chang> "Traceability System Overlay"
Manu Sporny: So wondering your thoughts Orie and other supply
chain folks. For example, I can imagine having implementation
guides for traceabilibity, citizen cards, education and enable
each sector to move at their speed. Allow those that can move
faster to move faster and feed those learnings back into the
ecosystem. [scribe assist by Heather Vescent]
Manu Sporny: Without feeding that back into the foundational
specification, we will diverge which will create more work in the
future. [scribe assist by Heather Vescent]
Manu Sporny: What's the feedback loop for this work? [scribe
assist by Heather Vescent]
Orie Steele: Yeah, I think in a word -- the word ecosystem feels
good, Implementation Guide feels too narrow -- Traceability
Ecosystem I'd be fine with.
Ted Thibodeau: +1 To msporny's comments
Orie Steele: The non-negotiable is some ability to put a certain
set of pieces together in a certain set of interop tests at a
certain level of security. We need to be able to describe
Authorization, capabilities, use cases together in an ecosystem.
That unification is a continuous process, people are creating new
serialization formats, CBOR-LD -- support it right out of the
gate, probably not... does word API preclude you from doing that
level of work... I don't know the answer to that quewstion,
naming is hard.
Orie Steele: The Traceability issue right now is authorization,
API -- solved by API -- but if you want to make it more broad,
Traceability Ecosystem -- spanning multiple things -- that's true
-- I'd be willing to expand scope to work on those items, as long
as we don't lose sight of being able to do the thing we need to
do.
<tallted> "Traceability API" and what's been posted on github
discussions suggests a much lower-level focus, than what's now
being orally described by Orie
Adrian Gropper: This is the first I've heard of the Traceability
API and it really raises a huge issue for me.
https://github.com/w3c-ccg/community/issues/191
<wayne_chang> ^ Traceability API proposal
Adrian Gropper: This was not discussed at IIW, which is
authorization -- what I saw at IIW, particularly because Justin
wasn't there, and no one seemed to care that much, is runaway
train around messaging as the API layer on top of DIDs and VCs as
opposed to authorization as the next most important thing on top
of DIDs and VCs.
Justin Richer: +1 To Adrian's comments on messaging vs other
layers
<orie> ... yeah... there is no authorization anywhere in the
econsystem today... trace api is the first to add 1 mandatory to
implement solution to authorization.
<orie> I think Adrian would love it.
Adrian Gropper: I ran a session called "Agency By Design
(Privacy is not enough)" -- as long as we continue to look at
DIDComm and other messaging security as non-authorization layer
on top of data models, this is doomed to go in circles for years.
Ted Thibodeau: What has just been vocally described has a much
higher level focus than an API -- it's not just about naming; why
is Provo not looked at here? Provenance Ontology, designed and
built over years to cover most of what I understand to exist in
Traceability API/Vocabulary/??? whatever name of the same thing
that's being put out there.
<orie> ontologies are for the vocab... no the api
<rgrant> can someone post a link to the Provenance Ontology?
https://www.w3.org/TR/prov-o/
<wayne_chang> ^ PROV-O
<orie> some people need interoperability now!
<justin_r> +1, specs are for interop and stability, not for
expedience
Orie Steele: :)
Dmitri Zagidulin: +1 To what Orie said -- prov-o is just the data
model (which this group already has), has nothing to do with the
API
Ted Thibodeau: I'm also particularly concerned about the "Need
it now" attitude -- you don't need a spec/standard that the world
needs... if you need it now, you just need to do your thing, if
people join, that's great -- if you're doing something
useful/valuable, people will benefit.
https://www.w3.org/TR/prov-o/ ?
<orie> I object to the passive aggressive tone of "take a
breath".
<mprorock> @brent +1 yes, that is the reference
Orie Steele: I'm not telling anyone to do anything... I am
offering folks a boat that moves faster. you are welcome to sit
on the shore :)
Ted Thibodeau: If you're not ready to do it on your own, take a
breath, this is not something that goes at racetrack speeds...
developing these specs takes years, sometimes it takes decades,
RFCs continue to progress... take a breath... you're telling us
to race ahead, just OK the thing you want... you're not asking us
to take our time, consider what is being put out. Accept what's
being put out, I'm not going to... so, take a breath, think about
what you're trying to do.
Ted Thibodeau: If you want to just create software, open source
is great, break it, release early and often... will stop ranting
now.
Wayne Chang: Thank you, appreciate the passion, we'll take the
kindest interpretation of them.
Dmitri Zagidulin: Hey authorization is hard :)
Orie Steele: There are many communities that work on this
ecosystem, Adrian pointed out -- authz is a big blank, nobody
things about authz -- people want to focus on data models,
protocols, there is DIF, W3C, Hyperledger, everyone is working on
their own version of this... everyone is going as fast as they
can, holding their breath, etc.
Juan Caballero:
https://github.com/decentralized-identity/decentralized-identity.github.io/blob/master/assets/crosscommunity-architecture-survey-oct-2020.pdf
<by_caballero> Authorization is HARD
Orie Steele: Everyone has their own way of doing these things...
none of them are interoperable, none of them consider
authorization, work on things on authorization, if you're
passionate about that -- HTTP API, works at scale, you need to
have an opprotunity to design and work on that. offering folks an
ability to collaborate and work together, sometimes collaboration
means duplication of work.
Juan Caballero: The interop group put it in the "transversal"
category partly because you can ignore it when designing a stack,
but it has consequences at every level when you want to change it
:D
Orie Steele: OpenID -- tremendous amount of work going on right
now... I work on DIF, work on CCG, I'm committed to interop
across large number of folks that don't want to work together, we
need to have a place to work together, don't think everything
needs to be under same work item... universal wallet, VP Request,
all scrambling around same set of features/issues -- we already
have fracture in community, that's healthy, certain amount of
interplay that's expected.
Orie Steele: Folks are going to show up, speak their mind, will
be at VC HTTP API -- also want to make sure concerns are being
heard, have a place to move forward at approrpiate space... VC
HTTP API and Traceability API is different... see them as
different things, things change as people join...
Orie Steele: It's a mistake to think as everything as one work
item and fit everyone into one world view, multiple world views
can be supported in the community, Traceability API --
Traceability Ecosystem -- Traceability Guide for Enterprise
Interop -- Traceability Authz -- different from what VC HTTP API
is today
Orie Steele: We need to be supportive of differences in
community and enable people to work on thigns they want to work
on.
Mike Prorock: Want to roll it back to Manu's comment -- while
this started with Supply Chain and Enterprise interop -- not
burdened by IP -- we need to exchange, hold, present... the
ecosystem aspects are well called out. I like the notion of
calling it an Implementation Guide or something along those
lines.
Mike Prorock: Some of the original motivation there, VC HTTP API
did not have certain key methods or ability to get in methods
that let us handle some of the issues we're dealing w/ on supply
chain side of things.
Mike Prorock: If extensions are ok in Implementation Guides, and
then if that moves bakc upstream, then cool -- but Implementation
Guide on it's own doesn't scream definition of new APIs/endpoints
on that -- Manu, don't know if you have thoughts on that.
<tallted> "in the course of implementation and writing
implementation guide, we found need for this extension, that
clarification, this radical change" is all good
<mprorock> I am glad to hear I am not the only person with
chickens in the background
Juan Caballero: I was going to add something similar -- I don't
know if Implementation Guide is the right thing -- don't mind if
that's what it's called. Many to one relationship to vocabs to VC
HTTP API -- could conceivably have extensions that might original
from vocabulary efforts, ecosystem efforts, traceability
ecosystem item of some kind, extends API spec in a branch, as
long as extension doesn't require breaking changes, as long as
groups are in dialog, multiple implementation guides by
vocab/ecossytem/etc.
<orie> agree with Juan... folks who come from a vertical need a
softer landing spot.
Juan Caballero: VC HTTP API, would assume Vaccination / Good
Health Pass / would have it's own input... and API spec more
slowly itnegrates things that move faster. I like Manu's initial
question, how do we make sure it's a sustainable feedback loop --
good redundancy, front-running, whatever flow works well for
people I think is good.
<by_caballero> "landing spot"
<orie> I can live with implementation guide, as long as we can
define API Endpoints and Authorization.
<by_caballero> "traceability onramp"
<kim> when does something need to be a CCG work item? What do the
participants get out of it, and what does the CCG get out of it?
There has been a touch of "move fast act questions later"
attitude in discussions around this work item, which runs counter
to the ability of others to contribute
<orie> "traceability new world order"
<kim> I think that IPR protection is what the participants get
out of it, but that also puts a burden on the community to make
sense of it
<wayne_chang> Traceability Ecosystem Schematics
Manu Sporny: What I'm hearing is good. I heard Orie say, maybe
calling it an API, we could call it something else, maybe not
implementation guide, but we can re-name it. Orie: we are trying
to give a realistic view of how to do this, when things are
missing, we want to plug that gap quickly. We don't want to make
this a 3-6 month effort, we want to document it quickly and work
together to flow backwards into a foundational API or otherwise
spec. The goal is to effectively be the tip of the spear, and
blaze paths and do all those thigns and document it. So they can
be rolled back into these APIs. This is a healthy thing to do.
trying to balance these things [scribe assist by Heather Vescent]
<wayne_chang> but less clumsy
Manu Sporny: Heard and agree with Ted, not agree to things
blindly. Manu, I am not hearing they want that rubber stamp, they
want to document and move these things back in. [scribe assist by
Heather Vescent]
<bengo> eg publishing a Note vs a CR
<orie> Traceability API might become DIDComm + PE
<orie> it might look radically different than VC HTTP API
<orie> or not....
Manu Sporny: The name of the work item made people go down the
path. Now that we have talked about it. It's clear the
traceability folks want to innovation, talk about presentation,
holder API, etc, which then hopefully get rolled back int eh
general spec if they are broadly applicable. So, it may just be,
we are working through the process. [scribe assist by Heather
Vescent]
<wayne_chang> Traceability Recipe Book
Manu Sporny: I think API is the wrong name and sending the wrong
message. Ecosystem, implementation guide are better names. So we
should figure that out. [scribe assist by Heather Vescent]
<cel> Traceability Profile?
<wayne_chang> ooh, profile
<agropper> How many ways can we talk about APIs without using the
word "authorization??
<orie> authorization... not authentication.
Manu Sporny: Whatever they need to do to move that forward.
[scribe assist by Heather Vescent]
Orie Steele: +1 Adrian
Mike Prorock: +1 Authorization more than authentication - still
an elephant in the room, but it is starting to comeout into the
open
Heather Vescent: ... Suggestion: rename it to reflect what was
said on the call today. To enable the traceability folks to
innovate at the edges with the caveat there is a feedback loop to
bring it back to the broader spec where applicable.
Ryan Grant: Technical question -- is OWL2 and provenance mapped
into JSON-LD COntexts, do we have it available for VCs? If we
wanted to encode Provenance ontology, but not mapped into JSON-LD
Contexts, how would we do it?
<dmitriz> the PROV-O provenance ontolgoy has to do with
provenance of ideas/creative works. Not in the sense that the
Traceability cohort is using it
<mprorock> *prov-o
Orie Steele: The question of how to map existing ontologies and
schema systems together to supply chain traceability is entire
purpose of Traceability vocab -- already have some examples of
this sort of thing -- introduction uses fancy integration for
JSON Schema dn JSON-LD, if you're interested in that, that work
item is wlel suited to taking in ecosystem ideas that have
adoption.
<tallted> PROV-O covers brick-and-mortar as well. Speaking as
one of those involved in that WG.
<orie> We have touched Provenance
<orie> regarding the VC topic of Evidence
<orie> Spherity in particular
<orie> has contributed to this
<orie> significantly
Mike Prorock: I find PROVO very interesting, in Trace vocab
itself, we haven't touched on actual provenance, not on trace
side... it's very much focused on metadata about objects that are
moving through traceability system... for very good reason --
there are well defined vocabs out there that we like to reference
in, multiple parties in traceability side, GS1 is another example
Orie Steele: See https://w3c.github.io/vc-data-model/#evidence
Mike Prorock: There are multiple definitions of change of
control, provenance, not trying to bypass -- not trying to tackle
that head-on yet.
<orie> "don't ask us no not use DIDs and VCs"
<orie> not "don't ask questions"
Kim Hamilton Duffy: There is still something, an aspect of this
work item that we're missing, this has stretched the boundaries
of CCG work items -- the way I think about it is in some ways --
in original issue -- there was a touch of "don't ask questions,
don't give us feedback on use case". I, above anyone, get the
idea of move fast ask question slater attitude around it, might
be interesting, may be interesting to the group -- hard to give
feedback in that capacity.
Heather Vescent: +1 Kim
Kim Hamilton Duffy: This is interesting for Chairs to weigh in,
why can't participants want to do open source anywhere? They do
they IPR protection, it does put burden on community/Chairs -- I
am an outgoing chair, I do want to call out that this work item
is more explicitly stressing limited Chairing resources that we
have. That was not made explicity, I do think we can come up with
some solutions here, have feedback loop, let's continue to think
about this topic.
<orie> There is a new DIF work item, which essentially covers the
same space... APIs for Presentation Exchange... I'm trying to
keep things aligned.
<heathervescent> Wayne, we can kick the IIW conversation to next
week if you like
<wayne_chang> Sure, that sounds good heather, thanks
<orie> IMO the IIW conversation is the same conversation... its
about how to do interoperability
<orie> in the open.
<orie> we made significant progress on this topic.
<orie> at IIW
Adrian Gropper: I put myself on the queue because, one thing
that happened at IIW, relates to this discussion -- session w/
Dave Huseby and Sam Smith on variations on authentic data --
those sessions resuletd in post-IIW exchange between three of us
-- five different things that are all the same thing
udnerneath... how do you have an endorsed document. How do you
have a notarized document (log access).. How do you have witness
signature (no log). How do you have registry. How do you have
revocation?
<wayne_chang> @Orie there were some sessions at IIW not
explicitly focused on technical interoperability that could be
good to discuss too
Adrian Gropper: It was the most interesting part of IIW for me -
to have this pulled out... interesting
<by_caballero> I would add that authorization and AUDIT were key
themes at IIW this time around-- and I was here for it!
Adrian Gropper: Can you list the five things again, in text
here? [scribe assist by Ryan Grant]
<kim> Manu - that's not why it's frustrating
<kim> We are super comfortable with path blazing, I assure you
<orie> CCG has process for having regular calls... and repos...
same as DIF, and OIDF.
Kim Hamilton Duffy: I'm curious to hear more [scribe assist by
Heather Vescent]
<orie> the work isn't going anywhere else
<orie> but the work will happen elsewhere for sure.
Orie Steele: :)
<orie> we can't avoid that.
Adrian Gropper: Oh, nevermind, Manu got them all: endorsement,
notarizing, witness, registry, revocation. [scribe assist by Ryan
Grant]
<orie> the W3C isn't the only place where these topics are
addressed.
<tallted> (DRM = Digital Rights Management)
Manu Sporny: To try and propose a concrete path forward. Blazing
a path forward might be a bit frustrating for some, but this is
the next part of the evolution. Industries need to work together
to adopt this work. I'd hate to see this work go somewhere else
due to frustration. I'd like to see its home here, where things
are well defined. Rough Analogy: W3C had a choice to allow DRM
[scribe assist by Peter Mackinnon]
<kim> "there was a choice" <-- can you give more context for that
Manu?
Manu Sporny: There was a choice made at W3C that its better to
have the work here rather than lose the work to somewhere else.
There are issues, but its a healthy work item to have here
[scribe assist by Peter Mackinnon]
Heather Vescent: I guess I'll weigh in in a Chair perspective,
which I agree with to a degree and see a way through. We as a
community are levelling up, this was by design, we had a vision
of what we wanted this community to be - we worked hard -- ths is
a growing pain.
Heather Vescent: One of the things I've been able to contribute
is Heilmeier questions, we want to make the stuff we're working
on here more accessible... we're in the deep end, pushing edge of
innovation, people that are coming in... it's overwhelming,
discombobulating, work doing w/ CCG 101 work items, build a
bridge from bleeding edge of innovation to other folks that are
coming in.
<by_caballero> landing spot was a really good point Orie made-- i
would love it if VC-HTTP-API's repo even pointed to more specific
implementation guides and/or beginner's guides (including the
CCG101 material, etc)
<by_caballero> s/ even/just/
Heather Vescent: This is a pipeline strategy -- to have more
people come into community whether or not they're technical,
non-technical, poets, humanities, or developers -- the thing that
really concerns/challenges me about Traceability thing is -- it's
a good problem to have, Anil John and DHS has funded a lot of
this work -- that has been built within a private
group/community, so if you're not a fudned company, that's an
even deeper end. We need to build a bridge from that back to
general CCG.
<orie> I object to what heather is saying... we have always done
our traceability work in the open in github.
<orie> we use the tools the working group provides
Orie Steele: :)
<justin_r> a huge +1 to Heather's point just now.
Heather Vescent: We are building that bridge, people new to
community, not in that project has made it understandable and
accessible. Orie, not saying you're not working in the open...
there is a difference between working ing ithub vs. the work
being easily accessible.
Orie Steele: Strong agree heather :) need better W3C CCG process
enforcement.
<kim> She's correct -- whatever is in github is just a flattening
of hours and hours of conversations that no one else is privy to.
Also, private slack groups for those members
Heather Vescent: There needs to be a transition... work done at
DHS transition to open community. Like, "we are transferring that
to the community".
<orie> ^ yep, need public meetings with minutes to solve that
Adrian Gropper: +1 Heather
Orie Steele: "Process enforcement" == "slow down and take a
breath" [scribe assist by Justin Richer]
Justin Richer: Not if its easy to use JITSI :) [scribe assist by
Orie Steele]
Wayne Chang: We're nearing the end of the hour, we'll continue
IIW discussion next week... a few timely reminders... Thursday at
3pm VC HTTP API work.
<mahmoud_alkhraishi> is there a traceability api ( or w.e we're
calling it) call today?
Wayne Chang: On that topic, you had comments on DIF on VC HTTP
API -- Orie, update there?
Orie Steele: That is both incorrect and dismissive... [scribe
assist by Justin Richer]
<kim> I tried to join that slack group to get more context and
was rejected
Orie Steele: More related to IIW conversations that Adrian
alluded to... is that what you're asking for?
<heathervescent> Oh yeah, is there a traceability call today?
<brent_shambauh> for inspiration, I like this link for ipfs
concepts. https://proto.school/ .
Orie Steele: Yes, resulting work happening at DIF -- work
happening elsewhere, IETF, DIF, Hyperledger -- and that's ok --
part of work happening at IIW is major coming together of folks
wrt. BBS+ and VCs and alignment on using DID Comm to exchange
those credentials.
Orie Steele: Presentation exchange over HTTP for DID Comm -- for
presentation exchange, same kinda work that is happening here --
built on different set of standards/technology -- well
documented, available for folks to use, things I'm most excited
about -- Aries and DIDComm, focused on message-level security --
built on top of JOSE, coming together with people for HTTP APIs -
tiny gap, people working together, DIF work item targeted at
that... DIDComm and Presentation Exchange, DIF -- related to work
in CCG or OpenID Foundation -- we'll see that evolve over time.
Orie Steele: If that's of interest, please reach out to get
insight into what's happening there.
Wayne Chang: Would you mind sending an invtie to the mailing
list, Orie?
Wayne Chang: Thanks, see you next week!
<by_caballero> remember the CCG101 meeting today too
<by_caballero> in 3 hours
Heather Vescent: @Manu: all good in the jitsi?

Received on Tuesday, 27 April 2021 18:20:34 UTC