W3C home > Mailing lists > Public > public-credentials@w3.org > July 2021

[MINUTES] W3C Credentials CG Call - 2021-07-13 12pm ET

From: W3C CCG Chairs <w3c.ccg@gmail.com>
Date: Thu, 29 Jul 2021 12:36:49 -0700 (PDT)
Message-ID: <61030351.1c69fb81.571f3.9bd4@mx.google.com>
Thanks to Juan Caballero and wayne_chang for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2021-07-13 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-07-13

Agenda:
  undefined
Topics:
  1. Introductions and Re-Introductions
  2. Announcements
  3. Progress and Action Items
  4. Main Event - André Kudra (eSatus) presenting on IDUnion and 
    Bundeskanzleramt Pilot
Organizer:
  Wayne Chang and Heather Vescent and Mike Prorock
Scribe:
  Juan Caballero and wayne_chang
Present:
  Mahmoud Alkhraishi, Mike Prorock, Wayne Chang, Juan Caballero, 
  Markus Sabadello, Kaliya Young, TallTed // Ted Thibodeau (he/him) 
  (OpenLinkSw.com), Dmitri Z, Heather Vescent, Brian Sletten, Margo 
  Johnson, Adrian Gropper, David Chadwick, Ted Thibodeau, Brent 
  Zundel, Charles E. Lehner, Andre Kudra, David I. Lehn, Ryan 
  Grant, Geun-Hyung, Orie Steele, Phil L (P1), Kerri Lemoie, Jeff 
  Orgel, Erica Connell
Audio:
  https://w3c-ccg.github.io/meetings/2021-07-13/audio.ogg

Juan Caballero is scribing.

Topic: Introductions and Re-Introductions

André Kudra: I'm from eSatus, I'm here as a guest to present the 
  IDUnion project and the Bundezkanzleramt pilot project
Wyc: gratitude
Kaliya Young:  My most recent big engagement has been co-chairing 
  the interop WG at Good Health Pass; I also want to mention my 
  recent CCG email about mDL RFP for comments
  ... i see a competition or antagonism between mDL and VC spec, 
  so we should make sure the RFP is full of references to our work 
  which miight be sidestepped

Topic: Announcements

Kaliya Young:  Date (is still) 12-14 Oct for IIW proper
  ... and two mini-events on UX (22July) and business of SSI 
  (4Aug)
https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0087.html
https://internetidentityworkshop.com/
Kaliya Young: http://www.internetidentityworkshop.com
Wyc: IIW recommended for people new to the space, good 
  collaborative environment

Topic: Progress and Action Items

Wyc: new CCG co-chair, Mike Prorock-- no immediate action items

Topic: Main Event - André Kudra (eSatus) presenting on IDUnion and Bundeskanzleramt Pilot

André: I will present IDUnion first; slides presenting
  ... : of the 4 BMWi consortia, IDUnion is the one who is SSI to 
  its core
  ... large consortium (slide of logos of all members)
  ... slide of all non-funded participants
  ... slide for third tier of "associated partners" - expressed 
  interest and/or interacting on a research level rather than 
  piloting level
  ... we work with Indy technology as our basis, but forked and 
  with some specific EU use-cases and requirements
  ... in general it's a familiar architecture: wallets and 
  Verifiable Data Registry
  ... slide of DLT-testnetwork - part of why the consortium was 
  so succesful is that a testnet had already been stood up before 
  the official application deadline
  ... and some use-cases were already being prototyped on that 
  testnet with these companies participating (logos of many 
  companies)
  ... wallet tech - Lissi (Commerzbank Main incubator project, 
  now independent) and eSatus (SeLF fork)
  ... Business Partner Agent (cloud agent for LEI) from Bosch, 
  Daimler and Siemens; SPherity's Cloud Wallet also involved in 
  prototyping
<adrian_gropper> Are the end-user wallets open source?
  ... "European Cooperative" (specific legal category) which will 
  govern the ID framework (Societas Cooperativa Europea, SCE)
  ... complex governance being planned and iterated as part of 
  the project
  ... slide with 7 verticals, topics touched by that research 
  cluster, and the 5-10 companies involved in each
  ... Interoperability slide - four distinct topic areas and 
  logos of participating agencies
  ... implementation roadmap slide
  ... i would personally like to a faster roadmap, but 
  production-grade trials scheduled for 2022
  ... 15million € from the BMWi, but for the non-academic 
  participants, this is a matching grant which must be met 1:1 with 
  internal funds
<tallted> Can we have a link to this slidedeck?
<wayne_chang> q
<tallted> q
Adrian Gropper:  I am curious about the self-sovereign 
  individual's representation here
<bumblefudge_> André: From an architectural perspective, 
  everything is architected around the SSI principles
<bumblefudge_> ... for example, one project involved is 
  elegibility for food support in Langen
<bumblefudge_> ... using SSI VCs to prove eligibility, issuing 
  eligibility voucher for discounted food as VCs
<bumblefudge_> ... in the education space, we have worked with 
  all the same use cases you've heard of already
<bumblefudge_> ... we are working with a couple universities to 
  create a student wallet for student, parents, and teacher 
  credential exchanges
<bumblefudge_> ... (field trip consents, etc)
<bumblefudge_> ... and coming from the classic IAM world, we have 
  also been experimenting with SSI for AuthN and building access
<bumblefudge_> ... everyone who is involved from a use-case 
  perspective has the SSI trust triangle in the back of their heads
<phil_l_(p1)> Are self-asserted achievements, skills, and 
  abilities within the scope of credential types? (l.e. self-issued 
  credentials)
<bumblefudge_> ... individual/end-user wallets and interactive 
  consent is crucial to all the use-cases
Adrian Gropper:  I don't agree that this addresses the consumer 
  perspective but i think I've made my point
<bumblefudge_> 1?
<phil_l_(p1)> Q
https://github.com/decentralized-identity/interoperability/blob/master/agenda.md#agenda---2-jun---us-time---bmwi-schaufenster-idunion-and-new-interop-targets-whakan-yildiz
<bumblefudge_> s/50million / 15 million/
<bumblefudge_> sorry, there is no automatic AI transcription, 
  that/'s juan
<bumblefudge_> André: Sebastian Manhart, advisor for Digital 
  Identification (BKA) created these slides
<bumblefudge_> ... so I may not be able to answer all questions
<bumblefudge_> ... slide1: Leyden's principles
<bumblefudge_> ... slide2 - wide variety of government papers to 
  be digitized securely and privately
<bumblefudge_> ... aligned directly and primarily with the 
  EU-wide EU-ID specifications and directives
<bumblefudge_> ... which are comparable to W3C and want to be in 
  dialogue with the W3C work
<bumblefudge_> ... it's a strong public/private cooperation 
  project, and has been quite succesful thus far
<bumblefudge_> ... slide: 3 ways in which SSI supports an EU-wide 
  data infrastructure - eID rails, privacy standards, and 
  adoption-oriented interop
<bumblefudge_> ... slide: diagram of EU ID with eIDAS 1.0 and SSI 
  as pillars
<bumblefudge_> ... slide: Angela Merkel quote
<bumblefudge_> ... slide: C-levels from 19 of the biggest 
  enterprises in Germany called into Angela's office to get 
  cracking on an EU-interoperable identity infrastructure for 
  Germany
<bumblefudge_> ... the project jumped into action the next day 
  (that meeting was in December 2020)
<bumblefudge_> ... the Bundeskanzleramt got involved right away 
  and is in a steering role, relying on consultancies for 
  operational support
<bumblefudge_> ... they created a public/private cooperation 
  driven by the CHancellory but also organized into verticals, each 
  of which has at least one major German enterprise participating
<bumblefudge_> ... first pilot use case launched publicly in May: 
  Lindner, Motel One, and Steigenberger hotel groups doing log-in
<bumblefudge_> ... and check-in with a Basis-ID (eIDAS-compliant 
  Personalausweis / Personal-ID by Bundesdruckerei / Federal Mint)
<bumblefudge_> ... no more paper sign-ins at hotels -- business 
  travelers can now do check-in with company account and invoice 
  directly
<bumblefudge_> ... this is live since mid-May
<bumblefudge_> ... Dorothee Bär (Digitization Ministry) photo opp
<bumblefudge_> ... 2000 business travelers have already used it 
  for logging their travels, limited as they are by Covid
<bumblefudge_> ... this is integrated into many other projects, 
  such as the projects of vSDI, the SDIKa consortium, the 
  Bundesdruckerei Optimos 2 secure-element project
<bumblefudge_> ... for on-device TPM cryptography
<bumblefudge_> ... last slide: roadmap for rest of 2021 for 
  Chancellery project
<bumblefudge_> ... major items in the 2021 workplan: 
  eiDAS-compliance feedback/specifications, explicit alignment with 
  EU-wide eID specs as they are published,
<bumblefudge_> ... and pilots to test cross-border interop and 
  use-cases
https://github.com/decentralized-identity/interoperability/blob/master/agenda.md#agenda---2-jun---us-time---bmwi-schaufenster-idunion-and-new-interop-targets-whakan-yildiz
wayne_chang is scribing.
Bumblefudge_: i've posted a link to the IDUnion technical slide 
  deck.
Bumblefudge_: interop roadmap, did-spec, etc. in the roadmap. 
  this could generate more questions.
<bumblefudge_> wyc:
<bumblefudge_> wyc: what is the best way for people from the W3C 
  ecosystem to get involved with the IDUnion?
<bumblefudge_> André: My favorite path would be to set up some 
  kind of form in IDUnion for international guests and 
  interlocutors
<bumblefudge_> ... the IDUnion is still very much hammering out 
  its workplan and its venues and rhythms
<bumblefudge_> ... but I am personally lobbying for a prominent 
  stage for international dialogues and collabs
<bumblefudge_> ... having an engagement model for those dialogues 
  will be crucial and I will come back to present once we have 
  something like that
Adrian Gropper:  In the US, we've had pushback against digital 
  identity
https://www.eff.org/deeplinks/2020/08/digital-identification-must-be-designed-privacy-and-equity-10
Adrian Gropper:  It's also been a states' rights issue
<bumblefudge_> ... in that federal govt and states disagree on 
  scope of federal eID and interop
<bumblefudge_> ... cf RealID debates
<bumblefudge_> ... is there an analogy in Germany?
<bumblefudge_> André: Well of course there is debate
<bumblefudge_> ... and currently public discourse has a lot of 
  arguments against a very strong privacy stance
<bumblefudge_> ... as an impediment to Covid recovery and 
  remediation
<bumblefudge_> ... what you see here is the federal government's 
  proposal to avoid that kind of debate
<bumblefudge_> ... and preserve a decentralized, citizen-first 
  privacy model for eGov and private sector use-cases
<bumblefudge_> ... but we have to combat a dominant narrative in 
  public discourse that frames the problem as privacy/GDPR versus 
  the economy
<bumblefudge_> ... and there is also a strong pull of habit for 
  giving the government full control over government 
  (non-digitally)
<bumblefudge_> ... so there is a delicate matter of adoption 
  without playing into fears of a government-centric digital sphere
<bumblefudge_> ... if you look at the election platforms of the 
  upcoming Sept elections
<bumblefudge_> ... cybersecurity and privacy and digital identity 
  are suprisingly prominent across ALL the parties
<bumblefudge_> ... digital sovereignty could actually become a 
  major flashpoint in the election debate so far
<bumblefudge_> ... wyc: thanks so much
<bumblefudge_> ... André: Thanks for giving me so much time, and 
  I hope it was useful and I will come back when I have more news 
  and invitations to collaborations
Adrian Gropper:  I would like to hear more about the mobile 
  driver's license issue
Mike Prorock: +1
<bumblefudge_> i linked to it above
Kaliya Young:  There is an extensive preamble and 13 or 14 
  questions-- preparing a response could be a time-intensive 
  process
<andre_kudra> I will drop off and leave you to your meeting. 
  Thank you so much again!
<charles_e._lehner> Thanks Andre!
Kaliya Young:  I did go to the public hearing they posted
<bumblefudge_> ... but the mDL people were there, Stanley from 
  the ACLU (who has also publicly called out the phone-home 
  capability built into the mDL standard)
Bumblefudge_: just gonna ask, mDL standard is ISO right? ask our 
  guest about this
Kaliya Young: 
  https://www.aclu.org/report/identity-crisis-what-digital-drivers-licenses-could-mean-privacy-equity-and-freedom
<bumblefudge_> Adri: The way Kaliya framed this earlier was as a 
  challenge to our work here
<bumblefudge_> ... and the standards we work on
<bumblefudge_> IdenitityWoman: The mDL standard spawned something 
  called MDoc
<bumblefudge_> ... developed entirely in ISO (only accessible via 
  national standards bodies and some very large enterprises)
<bumblefudge_> ... and a few companies involved in our space have 
  access but it isn't public, it's a very proprietary place to make 
  software
<bumblefudge_> ... my personal interpretation is that there is a 
  documentation/IAM incumbency
<bumblefudge_> ... that is trying to skew the standard in a way 
  that they will be the only vendors positioned to sell governments 
  issuance and wallet capabilities
<bumblefudge_> ... and it is not interoperable with VCs or 
  VC-based
Heather Vescent:  Want to query the community if this could be a 
  topic for a community work item to formulate a collective 
  response
<bumblefudge_> ... this could go a couple different ways-- do we 
  A.) want to make a statement or response? and if so, B.) how?
<mprorock> I would note that we likely have 10 days to prepare a 
  response
<bumblefudge_> ... who would lead/manage the rpocess
<bumblefudge_> ... there was a NIST response process done fairly 
  quickly
<bumblefudge_> ... mprorock: The reason I called it 10 days and 
  not 17
<bumblefudge_> was that we would need to review (as chairs) any 
  draft and bounce off the group in a reasonable time for 
  objections
Mike Prorock:  I am personally very committed to this so I want 
  to know whether to work on this individually or as a community
David Chadwick:  I am involved in the mDL
<bumblefudge_> ... and I had to response to the draft ballot (an 
  earlier work item related to mDL) and I proposed changes that 
  would make it more interop with VCs
<bumblefudge_> ... and I presented it to the CCG at the time, 
  explaining that they had good protocols but a bad data model and 
  we had the inverse
<bumblefudge_> ... I wanted to get a work item going to prototype 
  some hybrid or interop test
<bumblefudge_> ... and the mDL v2 does actually have a reasonable 
  chance of interop with VCs
<identitywoman> The JSON-LD data model or just JSON?
<bumblefudge_> ... but it didn't make it into v1 because of a 
  lack of prototyping and testing and scoping of VC interop
<bumblefudge_> ... americans were in a hurry for v1 and rushed it 
  to release without the VC work
<bumblefudge_> ... and there have been questions about hte 
  "backchannel"(phone home mechanism) and that is likely to be cut 
  in v2 because
<mprorock> extemely helpful, thanks David
<bumblefudge_> ... of conversations within the group
Adrian Gropper:  Question question: Is this a standards-org issue 
  where ISO wants to stay out of open-source and avoid W3C or is 
  that a red herring?
David Chadwick:  Because it's a formal standards body, their 
  process is very nation-state/member-state-based (ANSI, BSI, DIN, 
  etc)
<bumblefudge_> ... and the publications are not free (although 
  some standards they release are royalty-free and public, like 
  X.509)
<bumblefudge_> ... they have got some good examples (and some 
  atrocious ones) in their history
<cel> s/loyalty/royalty/
<bumblefudge_> ... DavidC: Kaliya asked about JSON and JSONLD in 
  the VC that mDL will interop with
<bumblefudge_> ... and the answer is JSON but with an @Context - 
  uses JWT signing
<bumblefudge_> ... so the interop with mDL hinges on the JWT 
  support
<jeffo-stl> Nice add on Adrian, ya!
<bumblefudge_> wyc: please pay attn to the mailing list to get 
  involved
<bumblefudge_> Auf Wiedersehen, my loyalty-free friends!
Received on Thursday, 29 July 2021 19:37:12 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:18 UTC