[MINUTES] W3C Credentials CG Call - 2021-06-01 12pm ET

Thanks to Manu Sporny and mahmoud alkhraishi for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2021-06-01 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-06-01

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2021May/0167.html
Topics:
  1. Introductions
  2. DID Meme
  3. VC Rooster
  4. DID Doge
Organizer:
  Wayne Chang and Heather Vescent
Scribe:
  Manu Sporny and mahmoud alkhraishi
Present:
  Heather Vescent, Kim Hamilton Duffy, Mike Prorock, Orie Steele, 
  TallTed //_Ted_Thibodeau_(he/him)_(OpenLink_Softwa, Wayne Chang, 
  Manu Sporny, Mahmoud Alkhraishi, Balázs Némethi, Ted Thibodeau, 
  Brian Sletten, Adrian Gropper, David I. Lehn, Phil Long, Brent 
  Zundel, Mike Schwartz, Troy Ronda, Juan Caballero, Adrian 
  Hope-Bailie, Jeff Stephens, Ted O'Connor
Audio:
  https://w3c-ccg.github.io/meetings/2021-06-01/audio.ogg

Manu Sporny is scribing.
Heather Vescent:  Welcome to the call today -- going to step away 
  from more serious aspects of work here... focus a bit on the fun 
  things folks have put together.
Heather Vescent:  Some creative / neat ways of applying work 
  we're doing to Internet culture, memes, roosters, and 
  cryptocurrencies.
Heather Vescent:  How are they applying DIDs/VCs out of the box.
Heather Vescent: Join the CCG: 
  https://www.w3.org/community/credentials/join
Heather reads through the IP Note -- substantive contributions 
  must be made by CCG Members.
<mprorock> manu, the auto present thing is awesome
Heather Vescent:  You need to have a W3C CCG account, need to 
  agree to IP agreement.
Heather Vescent: Minutes: 
Heather Vescent: Minutes: https://w3c-ccg.github.io/meetings/
Heather Vescent:  You no longer need to present+ -- there have 
  been some updates to the CCG Bot that auto-presents people.
Heather Vescent:  Use q+ if you want to queue and speak.
Heather Vescent:  Meeting is held by voice not IRC, non-voice 
  comments subject to deletion.
mahmoud alkhraishi is scribing.
<mahmoud_alkhraishi> heather: intros -> Do we have any new folks?

Topic: Introductions

Heather Vescent:  Any Reintros? [scribe assist by Mahmoud 
  Alkhraishi]
Heather Vescent:  Moving on then: Announcements and Reminders, 
  Would like to call on Manu to talk about CCG bot [scribe assist 
  by Mahmoud Alkhraishi]
Manu Sporny: Email on updates to CCG bot: 
  https://lists.w3.org/Archives/Public/public-credentials/2021May/0169.html
Manu Sporny:  Happy to Let me find a link to the email. I sent a 
  quick update to the mailing list on updates to the CCG Bot.  
  [scribe assist by Mahmoud Alkhraishi]
Heather Vescent:  Just had a couple of clarifying points: first 
  of all Thanks so much for your work.  [scribe assist by Mahmoud 
  Alkhraishi]
Manu Sporny:  If thats ok we can also add it to the beginning of 
  the call but files wont populate till end of the call. [scribe 
  assist by Mahmoud Alkhraishi]
Heather Vescent:  Only people who see it are people in IRC, so fi 
  you aren't logged into IRC you wont see those links. [scribe 
  assist by Mahmoud Alkhraishi]
Manu Sporny:  Most people don't need to see these links but the 
  IRC people need to have them so this will help [scribe assist by 
  Mahmoud Alkhraishi]
Heather Vescent:  What i'll do is capture this info as tribal 
  knowledge and put it somewhere on CCG [scribe assist by Mahmoud 
  Alkhraishi]
Manu Sporny:  Would it help to add links to start of meeting? 
  [scribe assist by Mahmoud Alkhraishi]
Heather Vescent:  I think its fine the way it is and theres 
  enough people on the call. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: Other question on people.json how do you 
  find people to add to that find? how does it work rn because we 
  usually find the linkedin manually. Do we need to add those how 
  does this work right now?
<wayne_chang> what a great community
<wayne_chang> thx mike
<heathervescent> amazing mike!
Mike Schwartz:  Just a quick note i spent a few years building 
  autotranscriptions, reach out to me and i can help wire that up. 
  I did that as part of integrations of WEBEX etc, so pretty 
  familiar with quirks of auto scribing. [scribe assist by Mahmoud 
  Alkhraishi]
Manu Sporny:  Fantastic will definitely need some help with that. 
  [scribe assist by Mahmoud Alkhraishi]
Mike Schwartz:  Most patents are locked by one company and would 
  definitely be happy to help out with that. [scribe assist by 
  Mahmoud Alkhraishi]
Manu Sporny:  Again no ETA this is just volunteer time stuff. 
  [scribe assist by Mahmoud Alkhraishi]
Manu Sporny:  To answer heather's question, you can keep doing 
  what you're doing with people.json. The reason it exists so that 
  in the minutes you can click on the person and find that persons 
  home page, thats the whole reason it exists. So if you're not in 
  it it'll just take you to CCG homepage. Later on if we see 
  someone show up a lot on a call we can manually clean that up. 
  [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: Or for w.e reason they change names in 
  jitsi/irc and we can alias them. My expectation is people will 
  forget about it. Not  sure how popular people.json is. So we 
  don't need to update it every week. Meant to reduce amount of 
  work for people finalizing minutes not increase it.
<juan_caballero_(dif/spruce)> /me is excited for my first 
  automatic present+ !
Heather Vescent:  We'll definitely need to update minutes 
  instructions so people understand it. Ill do a slight update and 
  we can just update that file once a quarter or something similar 
  [scribe assist by Mahmoud Alkhraishi]
Heather Vescent:  Any other questions? [scribe assist by Mahmoud 
  Alkhraishi]
Heather Vescent:   I'll be hosting a minutes 101 at 10:30 
  pacific, will record and send out link on mailing list soon. 
  [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: I create it using github's browser 
  interface. and if you don't have to update the people file it 
  takes about 10 minutes to do it.
Mahmoud Alkhraishi: ...: The goal is to have a recording where 
  people can watch to work on the minutes. Thanks to Manu and Kim 
  for their contributions on this. We want it to be turnkey because 
  we have 5 taskforces/meetings a week and we want to make it easy 
  to record and use
Heather Vescent: Work items: 
  https://w3c-ccg.github.io/announcements/
Heather Vescent:  Last week we talked about a couple of them. i 
  didn't want to really talk about any of them, most of the stuff 
  is already covered. We are pretty busy, so if anyone is working 
  on the work items and you have concerns and need help from chairs 
  you can always add issue here. [scribe assist by Mahmoud 
  Alkhraishi]
Heather Vescent:  But things are getting accomplished. Right now 
  the CCG is running on 2/3 chairs. Kim has officially completed 
  her chair time, so its a bit tight to run the CCG with just two 
  people. We would love a third chair. In the past the chair 
  timeframe was just 3 years, we've discussed and we may be able to 
  accomodate 1 or 2 years. We automated many chair works. [scribe 
  assist by Mahmoud Alkhraishi]
Manu Sporny:  Totally forgot on the announcements part: 
  VC-http-api work item call moved to Tuesday 4PM eastern 1 PM 
  Pacific, starting today. [scribe assist by Mahmoud Alkhraishi]
Orie Steele:  I think you'r the only one who cant fill that time, 
  is that temporary or permanent? [scribe assist by Mahmoud 
  Alkhraishi]
Orie Steele:  I think its probably fine, ill find out if its a 
  problem and follow up. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: CCG calendar: 
  https://calendar.google.com/calendar/u/0/r/week?tab=mc&pli=1
Heather Vescent:  Thanks manu will update google calendar. LMK if 
  any changes [scribe assist by Mahmoud Alkhraishi]
Heather Vescent:  Unfortunately you need to be a chair to make 
  any changes to meeting notes so shoot me and wayne and email. 
  [scribe assist by Mahmoud Alkhraishi]
<manu> Thank you for adding it to CCG calendar, Heather!
Heather Vescent:  I think that is all, on to the main event! 
  [scribe assist by Mahmoud Alkhraishi]
Heather Vescent:  This topic came up on CCG 101 and then when 
  everyone that showed up just chatted about interesting things and 
  orie and mike showed some fun applications of DIDs and VCs, so 
  we're sharing some of those fun stuff! so we're hearing from 
  Orie/Mike/Wayne. and you each can have 10 mins so we can have 
  some discussion afterwords [scribe assist by Mahmoud Alkhraishi]

Topic: DID Meme

Orie Steele: 
  https://didme.me/did:meme:1zgswzdje885tzr8408m37sjmaa0sthw265ty6hmwzmau48kd809zzrgra4w5w
Orie Steele: https://github.com/OR13/didme.me
<mprorock> are we the baddies?
Manu Sporny: https://knowyourmeme.com/memes/are-we-the-baddies
Orie Steele:  DID:Meme! Will start with example and link to 
  Source Code so you can fork it and make your own version of it. 
  Briefly its a  did:method that turns different memes into dids. 
  it does that by using a covert channel. which is a channel you 
  use to store info that you don't use normally to store info. 
  Usually used by the baddies, but sometimes its use d for fun too. 
  [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: It uses steganography and images
<heathervescent> steganography
Mahmoud Alkhraishi: ..: If you look it up you'll find a great way 
  of hiding information on images, when you do that you'll see that 
  did:meme is hijaking DID:key. DID:key represents public key 
  materials and it has some properties that are annoying like 
  unique PK per DID:key and thats a strong correlation identifier. 
  DID:meme uses Image to identify did. DID:meme you can have 
  hundreds of different memes that map to the same did. this useful 
  when you want to reduce correlation but use a stable identifier. 
  IPFS stores image and embeds PK identifier into image. on the 
  other side it dereferences the image back into the PK. It has all 
  thes e cool features from did:key and supports a bunch of 
  different key times like BLS+ so you can embed in a meme 
  selective disclosure, so now you can embed ZKP
Mike Prorock: +1 Actual practical applications for this stuff
Adrian Hope-Bailie:  Thats hilarious! I think i would love to 
  talk to whoever is interested because theres a relationship 
  between what you're describing and what we're aligned the 
  biometric health card where there is a QR that can be a VC or 
  pointer to DID that also has a Photo whose hash can be reliable 
  included in the credential [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: Sounds like did:meme could be a factor , 
  could be useful in this context as well.
<orie> This is the stego library I used
Orie Steele: https://github.com/desudesutalk/f5stegojs
Manu Sporny:  +1 Big fan of did:meme! Couple of questions: 
  [scribe assist by Mahmoud Alkhraishi]
<wayne_chang> omg can someone make a lib called stegosaurus?
<wayne_chang> what a great name for that
<heathervescent> yesss!!
<mprorock> lol, seriously
Adrian Gropper: Biometric Health cards also use a hash of the 
  image 
  https://github.com/HIEofOne/Trustee-Community/blob/master/Biometric-Health-Card.pdf
Orie Steele:  Its a hash of the image. with a normal IPFS 
  identifier thats a multihash of a binary thats always prefixed 
  depending on the encoding. In this case what we did was use the 
  encoding of the content of the multihash. theres a set of 
  conversions you can do that get you to the binary and inside that 
  binary file you'll find the embedded idd:key [scribe assist by 
  Mahmoud Alkhraishi]
<tallted> s/1. the/... 1. the/
Manu Sporny:  So you inject the Key into the image before it goes 
  onto IPFS. [scribe assist by Mahmoud Alkhraishi]
<mprorock> well....
<agropper> The Biometric Health card is also self verifying 
  without using IPFS
Orie Steele:  Yes. if you inject into a binary it will affect the 
  binary so it'll detectable, so you can notice. [scribe assist by 
  Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: Which can make you ask why these changes 
  occurs.
Mike Schwartz:  This is why using memes is great. Memes imply 
  editing the image which by nature you're expecting bitflips with 
  the original image which obfuscates embeding of crypto. [scribe 
  assist by Mahmoud Alkhraishi]
Wayne Chang:  Wanted to add that memes are competitive! The most  
  viral memes are the strongest competitors, so i think how that 
  may affect the propagation of the did method as the memes are 
  spread. [scribe assist by Mahmoud Alkhraishi]
Orie Steele: Stego ftw! :)
Heather Vescent:  Thanks Orie! I think you talked about IIW on 
  steganography and i researched quite a bit of it. Some of the 
  tech is over my head but im definitely interested in what you do 
  with this and about practical applications [scribe assist by 
  Mahmoud Alkhraishi]
Orie Steele: Currently its primary use is to troll SDOs :)

Topic: VC Rooster

Heather Vescent:  Onto the next one: Mike is presenting embedded 
  VCs into an image to prove that the sound coming from the 
  Conference call background is what he says he is. [scribe assist 
  by Mahmoud Alkhraishi]
Mike Schwartz:  For context i live on a small farm, and we do 
  quite a bit of poultry, as a result we get periodic rooster 
  crowing and so i was on a call with a customer and it came up 
  that its possible Mesur.io was using background noise and imagery 
  artificially to promote our deep roots in our agriculture. 
  [scribe assist by Mahmoud Alkhraishi]
<orie> I see a barred rock rooster
<wayne_chang> next stop, blockchain!! where can you buy $ROOST
Mahmoud Alkhraishi: ...: So i issued a VC for that. again this is 
  simply using stego and instead of embedding did we're embedding  
  a VC. This is Jack whos creates great backgroudn noise. Issued an 
  AGProduct VC, my wife who own s the farm, is in the VC. The 
  natural next step is how do i exchange that with folks, which 
  gets to adrain's point about QR codes. QR codes shows with stego 
  embedded VCs inside the image itself
<orie> yo dawg, I heard you like NFTs, so i put a meme in an NFT 
  in a VC on a blockchain.
<orie> watermarking is a another form of image embedding used for 
  provenance tracing.
Mahmoud Alkhraishi: ...: As opposed to the QR referencing the VC, 
  its actually embedded in the PNG itself. this lets your machine 
  be able to look at the digital data associated with it. We took 
  that a step further and embedded VC int the image of Jack itself. 
  This is done using Python theres a number of them out there. 
  stuff we play with now  can let us use sensors to embed 
  signatures into that data even if its in a low connectivity 
  environment.
Mahmoud Alkhraishi: ...:This lets us verify sensor stream 
  properly and lets us have fun with roosters.
<mprorock> bingo!
Ted O'Connor:  I just want to make sure people understand and its 
  very easy to get sloppy about. The thing you're verified that 
  only the issuer has issued this thing, so you're saying that the 
  chickens are the source, not that they actually ARE in the 
  background. [scribe assist by Mahmoud Alkhraishi]
Mike Schwartz:  Normally with images i strip metadata etc but i 
  left them in the image. this is where we talk about the veracity 
  of whats stored in the VC and even then you're making some leap 
  of faith even if thats as small as saying this hardware is 
  trustworthy. but theres always a leap when theres a digital twin. 
  [scribe assist by Mahmoud Alkhraishi]
Adrian Hope-Bailie:  I put a link in the chat to an issue that i 
  raised that is actually quite important use cases for dids and 
  possibly VCs which i naimed ambient authentication where the QR 
  is scanned as part of the facial recognition or other kinds of 
  ambient non-consented authentication. the service endpoint of 
  that did is in fact the subject statement of how the 
  identification is to be used or not used. [scribe assist by 
  Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: To use a did as a way of forcing 
  watermarking the process of authentication when it would 
  otherwise be done without consent. anyone interested can read the 
  thread in the link on this major privacy issue.
Orie Steele: Another cool set of image softwares: 
  https://github.com/mxgmn/WaveFunctionCollapse and 
  https://members.loria.fr/Sylvain.Lefebvre/infotexsyn/
<orie> for hiding QR codes in textures
Mike Schwartz:  Absolutely an important issue. when you look at 
  streams of sensors or data broadly, theres many signatures 
  whether in VC or not its still super important. I think the 
  ability to capture that info from a verified device and we're 
  going to see more and more of that. [scribe assist by Mahmoud 
  Alkhraishi]
<mahmoud_alkhraishi> the importance of that ability will help 
  increase our trust
<wayne_chang> interesting result from cryptography is that the 
  ciphertext often should be indistinguishable from uniform random 
  sampling, which has a strong relation w/gaussian noise aka blur 
  effects
Mike Prorock: +1 Orie - wave function stuff is cool
<orie> its a good idea to encrypt before embedding
<orie> compress > encrypt > embed
Heather Vescent:  Liked ted's question about verifying some piece 
  of data from supply chain thing. Also done some research on IoT 
  Sensors and zero trust and you can triangulate sensor data about 
  your environment, for example you can show hte rooster noise with 
  the hawk or a nearby sensor on the yard to prove that you have 
  true free range chickens that you have the credential and you can 
  combine those info into a VC, to prove that it wasn't only free 
  range but also to prove that it that noise actually came from 
  that real rooster [scribe assist by Mahmoud Alkhraishi]
<orie> deep learning adds another layer... watermarking deep 
  fakes, etc...
Mike Schwartz:  Its a really cool space and as we deal with lots 
  of agriculture in my day job, you look at lots of sat imagery and 
  other data, you can get super granular and theres a few pain 
  points like knowing what to trust and when you link it together 
  you can see if its real or not real and why. [scribe assist by 
  Mahmoud Alkhraishi]
Orie Steele: Relevant: 
  https://www.wired.com/story/deepfake-maps-mess-sense-world/
Heather Vescent:  You may think its just for fun but its 
  fascinating when you get creative how you find solutions to 
  existing problems. [scribe assist by Mahmoud Alkhraishi]

Topic: DID Doge

Wayne Chang:  Love to share about did:doge! the method for the 
  dogecoin BC. I'll pull up the spec. The dogecoin BC is a fork of 
  the bitcoin BC where the seg witness debacle did not happen and 
  all the signing is in the main blocks. its very similar to 
  Bitcoin and you'll see that very big chunks of bitcoin source 
  code are there. [scribe assist by Mahmoud Alkhraishi]
<orie> `publicKey` is deprecated... use `verificationMethod` 
  instead
<mprorock> coming up on a hard stop for me in 3mins.  in advance 
  wanted to say thanks all!
Mahmoud Alkhraishi: ...: Interestingly enough is its #7 in 
  marketcap so security is pretty important. The ante has been 
  raised in terms of its security property with new itnerest and 
  holders. The goal of did:method depends on the individual. 
  did:key gives control over identifiers similar to 
  cryptocurrencies. Wedding the two you can achieve something like 
  that where you wed a blockchain and a did:method. It's useful for 
  two ways: you're getting a lot of dogecoin holders who may be 
  interested in more digital ownership. Secondly good to inform 
  what happens to did:btcr. Big difference between did:doge and 
  did:btcr, is did:doge allows you to post the public key hash as 
  the method specific identifier part so anyone can generate a pvt 
  key to use similar to did:key. This helps with scale and theres 
  potential for privacy improvements by supporting rotation similar 
  to did:btcr and support adding a service endpoint. so how do we 
  search for an address on chain? we introduced a genesis tx to 
  tell the world this is my did for this pk. in this aspect privacy 
  is worse than did:btcr because in did:btcr you can hide your tx 
  as a regular btc tx. For public use dids you retain the same 
  privacy as MIts pgpserver this creates what some philosophers 
  call Common Knowledge.
<heathervescent> Thanks Mike!
<mprorock> rofl!!!!!
<heathervescent> LOL
<orie> buy GME?
<mprorock> HOFL
Mahmoud Alkhraishi: ...: We picked an arbitrary string that lets 
  you know what this string resolves to. In BTC spirit it decodes.
<mprorock> *HODL
Mahmoud Alkhraishi: ...: We have rust implementation of major 
  parts including detecting genesis tx including matchup of script 
  optcodes. there could be interest due to increase of dogecoin. 
  This is primarily used to inform future did:btcr.
Heather Vescent:  Thanks wayne, this is so fun! [scribe assist by 
  Mahmoud Alkhraishi]
<mprorock> why is doge coin best coin?
<juan_caballero_(dif/spruce)> much value so moon wow
Wayne Chang:  With that grammar it s true [scribe assist by 
  Mahmoud Alkhraishi]
<mahmoud_alkhraishi> 1 doge = 1 doge
<mahmoud_alkhraishi> thats why
<mprorock> such awesome
Orie Steele:  Not sure if i interpreted this correctly theres 
  many did:methods that have an initial unregistered PK so theres 
  probably a use of  unregistered PKs by having did:meme key btcr 
  and doge may have the same initial start. [scribe assist by 
  Mahmoud Alkhraishi]
Wayne Chang:  We came up with did:pkh. pkh being public key hash, 
  with super generic or specific network. Most generic work is what 
  if we can define a stack based language to describe the pkh in 
  operation across different operations. looking forward to 
  proposing the work item. [scribe assist by Mahmoud Alkhraishi]
Mike Prorock: Thanks again all! i really wish 
  http://stegosaur.us/ was a thing
<orie> how much power does dogecoin waste?
<orie> ; p
Heather Vescent:  Thanks everyone for your creativity and work. 
  [scribe assist by Mahmoud Alkhraishi]
<juan_caballero_(dif/spruce)> thx mahmoud!

Received on Friday, 4 June 2021 18:30:12 UTC