- From: W3C CCG Chairs <w3c.ccg@gmail.com>
- Date: Thu, 29 Jul 2021 12:36:49 -0700 (PDT)
Thanks to Juan Caballero and wayne_chang for scribing this week! The minutes
for this week's Credentials CG telecon are now available:
https://w3c-ccg.github.io/meetings/2021-07-13
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-07-13
Agenda:
undefined
Topics:
1. Introductions and Re-Introductions
2. Announcements
3. Progress and Action Items
4. Main Event - André Kudra (eSatus) presenting on IDUnion and
Bundeskanzleramt Pilot
Organizer:
Wayne Chang and Heather Vescent and Mike Prorock
Scribe:
Juan Caballero and wayne_chang
Present:
Mahmoud Alkhraishi, Mike Prorock, Wayne Chang, Juan Caballero,
Markus Sabadello, Kaliya Young, TallTed // Ted Thibodeau (he/him)
(OpenLinkSw.com), Dmitri Z, Heather Vescent, Brian Sletten, Margo
Johnson, Adrian Gropper, David Chadwick, Ted Thibodeau, Brent
Zundel, Charles E. Lehner, Andre Kudra, David I. Lehn, Ryan
Grant, Geun-Hyung, Orie Steele, Phil L (P1), Kerri Lemoie, Jeff
Orgel, Erica Connell
Audio:
https://w3c-ccg.github.io/meetings/2021-07-13/audio.ogg
Juan Caballero is scribing.
Topic: Introductions and Re-Introductions
André Kudra: I'm from eSatus, I'm here as a guest to present the
IDUnion project and the Bundezkanzleramt pilot project
Wyc: gratitude
Kaliya Young: My most recent big engagement has been co-chairing
the interop WG at Good Health Pass; I also want to mention my
recent CCG email about mDL RFP for comments
... i see a competition or antagonism between mDL and VC spec,
so we should make sure the RFP is full of references to our work
which miight be sidestepped
Topic: Announcements
Kaliya Young: Date (is still) 12-14 Oct for IIW proper
... and two mini-events on UX (22July) and business of SSI
(4Aug)
https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0087.html
https://internetidentityworkshop.com/
Kaliya Young: http://www.internetidentityworkshop.com
Wyc: IIW recommended for people new to the space, good
collaborative environment
Topic: Progress and Action Items
Wyc: new CCG co-chair, Mike Prorock-- no immediate action items
Topic: Main Event - André Kudra (eSatus) presenting on IDUnion and Bundeskanzleramt Pilot
André: I will present IDUnion first; slides presenting
... : of the 4 BMWi consortia, IDUnion is the one who is SSI to
its core
... large consortium (slide of logos of all members)
... slide of all non-funded participants
... slide for third tier of "associated partners" - expressed
interest and/or interacting on a research level rather than
piloting level
... we work with Indy technology as our basis, but forked and
with some specific EU use-cases and requirements
... in general it's a familiar architecture: wallets and
Verifiable Data Registry
... slide of DLT-testnetwork - part of why the consortium was
so succesful is that a testnet had already been stood up before
the official application deadline
... and some use-cases were already being prototyped on that
testnet with these companies participating (logos of many
companies)
... wallet tech - Lissi (Commerzbank Main incubator project,
now independent) and eSatus (SeLF fork)
... Business Partner Agent (cloud agent for LEI) from Bosch,
Daimler and Siemens; SPherity's Cloud Wallet also involved in
prototyping
<adrian_gropper> Are the end-user wallets open source?
... "European Cooperative" (specific legal category) which will
govern the ID framework (Societas Cooperativa Europea, SCE)
... complex governance being planned and iterated as part of
the project
... slide with 7 verticals, topics touched by that research
cluster, and the 5-10 companies involved in each
... Interoperability slide - four distinct topic areas and
logos of participating agencies
... implementation roadmap slide
... i would personally like to a faster roadmap, but
production-grade trials scheduled for 2022
... 15million € from the BMWi, but for the non-academic
participants, this is a matching grant which must be met 1:1 with
internal funds
<tallted> Can we have a link to this slidedeck?
<wayne_chang> q
<tallted> q
Adrian Gropper: I am curious about the self-sovereign
individual's representation here
<bumblefudge_> André: From an architectural perspective,
everything is architected around the SSI principles
<bumblefudge_> ... for example, one project involved is
elegibility for food support in Langen
<bumblefudge_> ... using SSI VCs to prove eligibility, issuing
eligibility voucher for discounted food as VCs
<bumblefudge_> ... in the education space, we have worked with
all the same use cases you've heard of already
<bumblefudge_> ... we are working with a couple universities to
create a student wallet for student, parents, and teacher
credential exchanges
<bumblefudge_> ... (field trip consents, etc)
<bumblefudge_> ... and coming from the classic IAM world, we have
also been experimenting with SSI for AuthN and building access
<bumblefudge_> ... everyone who is involved from a use-case
perspective has the SSI trust triangle in the back of their heads
<phil_l_(p1)> Are self-asserted achievements, skills, and
abilities within the scope of credential types? (l.e. self-issued
credentials)
<bumblefudge_> ... individual/end-user wallets and interactive
consent is crucial to all the use-cases
Adrian Gropper: I don't agree that this addresses the consumer
perspective but i think I've made my point
<bumblefudge_> 1?
<phil_l_(p1)> Q
https://github.com/decentralized-identity/interoperability/blob/master/agenda.md#agenda---2-jun---us-time---bmwi-schaufenster-idunion-and-new-interop-targets-whakan-yildiz
<bumblefudge_> s/50million / 15 million/
<bumblefudge_> sorry, there is no automatic AI transcription,
that/'s juan
<bumblefudge_> André: Sebastian Manhart, advisor for Digital
Identification (BKA) created these slides
<bumblefudge_> ... so I may not be able to answer all questions
<bumblefudge_> ... slide1: Leyden's principles
<bumblefudge_> ... slide2 - wide variety of government papers to
be digitized securely and privately
<bumblefudge_> ... aligned directly and primarily with the
EU-wide EU-ID specifications and directives
<bumblefudge_> ... which are comparable to W3C and want to be in
dialogue with the W3C work
<bumblefudge_> ... it's a strong public/private cooperation
project, and has been quite succesful thus far
<bumblefudge_> ... slide: 3 ways in which SSI supports an EU-wide
data infrastructure - eID rails, privacy standards, and
adoption-oriented interop
<bumblefudge_> ... slide: diagram of EU ID with eIDAS 1.0 and SSI
as pillars
<bumblefudge_> ... slide: Angela Merkel quote
<bumblefudge_> ... slide: C-levels from 19 of the biggest
enterprises in Germany called into Angela's office to get
cracking on an EU-interoperable identity infrastructure for
Germany
<bumblefudge_> ... the project jumped into action the next day
(that meeting was in December 2020)
<bumblefudge_> ... the Bundeskanzleramt got involved right away
and is in a steering role, relying on consultancies for
operational support
<bumblefudge_> ... they created a public/private cooperation
driven by the CHancellory but also organized into verticals, each
of which has at least one major German enterprise participating
<bumblefudge_> ... first pilot use case launched publicly in May:
Lindner, Motel One, and Steigenberger hotel groups doing log-in
<bumblefudge_> ... and check-in with a Basis-ID (eIDAS-compliant
Personalausweis / Personal-ID by Bundesdruckerei / Federal Mint)
<bumblefudge_> ... no more paper sign-ins at hotels -- business
travelers can now do check-in with company account and invoice
directly
<bumblefudge_> ... this is live since mid-May
<bumblefudge_> ... Dorothee Bär (Digitization Ministry) photo opp
<bumblefudge_> ... 2000 business travelers have already used it
for logging their travels, limited as they are by Covid
<bumblefudge_> ... this is integrated into many other projects,
such as the projects of vSDI, the SDIKa consortium, the
Bundesdruckerei Optimos 2 secure-element project
<bumblefudge_> ... for on-device TPM cryptography
<bumblefudge_> ... last slide: roadmap for rest of 2021 for
Chancellery project
<bumblefudge_> ... major items in the 2021 workplan:
eiDAS-compliance feedback/specifications, explicit alignment with
EU-wide eID specs as they are published,
<bumblefudge_> ... and pilots to test cross-border interop and
use-cases
https://github.com/decentralized-identity/interoperability/blob/master/agenda.md#agenda---2-jun---us-time---bmwi-schaufenster-idunion-and-new-interop-targets-whakan-yildiz
wayne_chang is scribing.
Bumblefudge_: i've posted a link to the IDUnion technical slide
deck.
Bumblefudge_: interop roadmap, did-spec, etc. in the roadmap.
this could generate more questions.
<bumblefudge_> wyc:
<bumblefudge_> wyc: what is the best way for people from the W3C
ecosystem to get involved with the IDUnion?
<bumblefudge_> André: My favorite path would be to set up some
kind of form in IDUnion for international guests and
interlocutors
<bumblefudge_> ... the IDUnion is still very much hammering out
its workplan and its venues and rhythms
<bumblefudge_> ... but I am personally lobbying for a prominent
stage for international dialogues and collabs
<bumblefudge_> ... having an engagement model for those dialogues
will be crucial and I will come back to present once we have
something like that
Adrian Gropper: In the US, we've had pushback against digital
identity
https://www.eff.org/deeplinks/2020/08/digital-identification-must-be-designed-privacy-and-equity-10
Adrian Gropper: It's also been a states' rights issue
<bumblefudge_> ... in that federal govt and states disagree on
scope of federal eID and interop
<bumblefudge_> ... cf RealID debates
<bumblefudge_> ... is there an analogy in Germany?
<bumblefudge_> André: Well of course there is debate
<bumblefudge_> ... and currently public discourse has a lot of
arguments against a very strong privacy stance
<bumblefudge_> ... as an impediment to Covid recovery and
remediation
<bumblefudge_> ... what you see here is the federal government's
proposal to avoid that kind of debate
<bumblefudge_> ... and preserve a decentralized, citizen-first
privacy model for eGov and private sector use-cases
<bumblefudge_> ... but we have to combat a dominant narrative in
public discourse that frames the problem as privacy/GDPR versus
the economy
<bumblefudge_> ... and there is also a strong pull of habit for
giving the government full control over government
(non-digitally)
<bumblefudge_> ... so there is a delicate matter of adoption
without playing into fears of a government-centric digital sphere
<bumblefudge_> ... if you look at the election platforms of the
upcoming Sept elections
<bumblefudge_> ... cybersecurity and privacy and digital identity
are suprisingly prominent across ALL the parties
<bumblefudge_> ... digital sovereignty could actually become a
major flashpoint in the election debate so far
<bumblefudge_> ... wyc: thanks so much
<bumblefudge_> ... André: Thanks for giving me so much time, and
I hope it was useful and I will come back when I have more news
and invitations to collaborations
Adrian Gropper: I would like to hear more about the mobile
driver's license issue
Mike Prorock: +1
<bumblefudge_> i linked to it above
Kaliya Young: There is an extensive preamble and 13 or 14
questions-- preparing a response could be a time-intensive
process
<andre_kudra> I will drop off and leave you to your meeting.
Thank you so much again!
<charles_e._lehner> Thanks Andre!
Kaliya Young: I did go to the public hearing they posted
<bumblefudge_> ... but the mDL people were there, Stanley from
the ACLU (who has also publicly called out the phone-home
capability built into the mDL standard)
Bumblefudge_: just gonna ask, mDL standard is ISO right? ask our
guest about this
Kaliya Young:
https://www.aclu.org/report/identity-crisis-what-digital-drivers-licenses-could-mean-privacy-equity-and-freedom
<bumblefudge_> Adri: The way Kaliya framed this earlier was as a
challenge to our work here
<bumblefudge_> ... and the standards we work on
<bumblefudge_> IdenitityWoman: The mDL standard spawned something
called MDoc
<bumblefudge_> ... developed entirely in ISO (only accessible via
national standards bodies and some very large enterprises)
<bumblefudge_> ... and a few companies involved in our space have
access but it isn't public, it's a very proprietary place to make
software
<bumblefudge_> ... my personal interpretation is that there is a
documentation/IAM incumbency
<bumblefudge_> ... that is trying to skew the standard in a way
that they will be the only vendors positioned to sell governments
issuance and wallet capabilities
<bumblefudge_> ... and it is not interoperable with VCs or
VC-based
Heather Vescent: Want to query the community if this could be a
topic for a community work item to formulate a collective
response
<bumblefudge_> ... this could go a couple different ways-- do we
A.) want to make a statement or response? and if so, B.) how?
<mprorock> I would note that we likely have 10 days to prepare a
response
<bumblefudge_> ... who would lead/manage the rpocess
<bumblefudge_> ... there was a NIST response process done fairly
quickly
<bumblefudge_> ... mprorock: The reason I called it 10 days and
not 17
<bumblefudge_> was that we would need to review (as chairs) any
draft and bounce off the group in a reasonable time for
objections
Mike Prorock: I am personally very committed to this so I want
to know whether to work on this individually or as a community
David Chadwick: I am involved in the mDL
<bumblefudge_> ... and I had to response to the draft ballot (an
earlier work item related to mDL) and I proposed changes that
would make it more interop with VCs
<bumblefudge_> ... and I presented it to the CCG at the time,
explaining that they had good protocols but a bad data model and
we had the inverse
<bumblefudge_> ... I wanted to get a work item going to prototype
some hybrid or interop test
<bumblefudge_> ... and the mDL v2 does actually have a reasonable
chance of interop with VCs
<identitywoman> The JSON-LD data model or just JSON?
<bumblefudge_> ... but it didn't make it into v1 because of a
lack of prototyping and testing and scoping of VC interop
<bumblefudge_> ... americans were in a hurry for v1 and rushed it
to release without the VC work
<bumblefudge_> ... and there have been questions about hte
"backchannel"(phone home mechanism) and that is likely to be cut
in v2 because
<mprorock> extemely helpful, thanks David
<bumblefudge_> ... of conversations within the group
Adrian Gropper: Question question: Is this a standards-org issue
where ISO wants to stay out of open-source and avoid W3C or is
that a red herring?
David Chadwick: Because it's a formal standards body, their
process is very nation-state/member-state-based (ANSI, BSI, DIN,
etc)
<bumblefudge_> ... and the publications are not free (although
some standards they release are royalty-free and public, like
X.509)
<bumblefudge_> ... they have got some good examples (and some
atrocious ones) in their history
<cel> s/loyalty/royalty/
<bumblefudge_> ... DavidC: Kaliya asked about JSON and JSONLD in
the VC that mDL will interop with
<bumblefudge_> ... and the answer is JSON but with an @Context -
uses JWT signing
<bumblefudge_> ... so the interop with mDL hinges on the JWT
support
<jeffo-stl> Nice add on Adrian, ya!
<bumblefudge_> wyc: please pay attn to the mailing list to get
involved
<bumblefudge_> Auf Wiedersehen, my loyalty-free friends!
Received on Thursday, 29 July 2021 19:37:12 UTC