W3C home > Mailing lists > Public > public-credentials@w3.org > March 2021

[MINUTES] W3C Credentials CG Call - 2021-03-10 12pm ET

From: W3C CCG Chairs <w3c.ccg@gmail.com>
Date: Wed, 10 Mar 2021 11:58:48 -0800 (PST)
Message-ID: <604924f8.1c69fb81.a4741.1ecd@mx.google.com>
Thanks to Manu Sporny and Dmitri Zagidulin and Amy Guy for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2021-03-10-solidextra 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-03-10

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2021Mar/0027
Topics:
  1. CCG Intro
  2. CCG History
  3. Decentralized Identifiers
  4. Universal Wallet and Encrypted Data Vaults
  5. Collaborating with Solid/CCG
Organizer:
  Heather Vescent and Wayne Chang and Kim Hamilton Duffy
Scribe:
  Manu Sporny and Dmitri Zagidulin and Amy Guy
Present:
  Mike Prorock, Sarven Capadisli, Adrian Gropper, Orie Steele, Amy 
  Guy, Aaron Coburn, Dave Longley, Dmitri Zagidulin, Ivan Herman, 
  elf Pavlik, Charles E. Lehner, Manu Sporny, Justin Bingham, Ralph 
  Swick, Heather Vescent, Matthieu Bosquet, Liam Broza, George 
  Lund, Kjetil Kjernsmo, Henry Story, Brent Zundel, Matthias 
  Evering
Audio:
  https://w3c-ccg.github.io/meetings/2021-03-10/audio.ogg

Heather Vescent: 
  https://docs.google.com/presentation/d/1uz-StfZ85DscM4IxA_ATQsEKrYo3Xe2H/edit#slide=id.p1
Manu Sporny is scribing.
Heather Vescent:  A little history of why we're having this 
  meeting. Michael posted link to Solid community news
Heather Vescent:  Thought that this could be a good opportunity 
  to hear about each others groups
Heather Vescent:  Where we could collaborate, where it might make 
  sense to collaborate -- share what we're doing.
Heather Vescent:  Ice breaker -- both groups are working on 
  technologies to work on storage, data privacy, similar goals -- 
  curious of each other, but haven't deeply collaborated yet. There 
  is appetite from CCG on where we could collaborate.

Topic: CCG Intro

Heather Vescent:  The goal of this meeting is to give an overview 
  from CCG of lay of the land, later this afternoon, we want to 
  hear from Solid wrt. working together.
Heather Vescent:  Agenda for today -- quick intro to CCG, then 
  brief CCG history from Manu, Brent is going to go over DID Core, 
  mprorock Prorock and Orie will talk about Universal Wallet and 
  Encrypted Data Vaults, and Dmitri will cover collaboration - 
  provide ideas/insights on how we can move together.
Heather Vescent:  We can go to top of the hour, if there is 
  enough interest, we might go 15 minutes over.
Heather Vescent:  Slide 4 - how CCG works... CCG is open to 
  everyone.
Slide deck is here: 
  https://docs.google.com/presentation/d/1uz-StfZ85DscM4IxA_ATQsEKrYo3Xe2H/edit
Heather Vescent:  CCG is a big tent that gathers work from 
  variety of groups... we spin things off into their own official 
  W3C WGs, we also have task forces... Kim runs Education TF, DID 
  Resolution run by Markus, Secure Data Storage join task force w/ 
  DIF and CCG
Heather Vescent:  We have a new Infrastructure TF - manages a lot 
  of the operational technology infrastructure of the group, Wayne 
  is in charge of that.
Heather Vescent:  One of the things Wayne and I work on as 
  cochairs - we want to work on cross-pollination -- DIF, IEEE, DHS 
  SVIP, IETF -- potential technology partnerships/collaborations -- 
  one of the reasons we're having the call. Solid really fits into 
  the collaboration aspect.
Heather Vescent:  We have 422 members, open to all -- slide 7
Heather Vescent:  We did a survey last year -- slide 8 -- lots of 
  things happen in CCG early on... when they're being developed, 
  conceptulized -- leadership is current open (one chair 
  position)... other two chairs are Heather and Wayne. I came into 
  role to try to prevent unintended consequences of technology. 
  Wayne focuses on technical operations and wallets.
Heather Vescent:  We have work items -- ongoing  registries, task 
  forces... and then reports -- commentary notes specifications -- 
  slide 11
Heather Vescent:  We have a work item process, propose, adopt, 
  ongoing draft, publication, then close (if applicable)

Topic: CCG History

<dmitriz> scribe+
Manu Sporny:  Quick background on CCG history [scribe assist by 
  Dmitri Zagidulin]
<dmitriz> ... it was founded around 2014. Initially, an offshoot 
  of the Web Payments Group
Dmitri Zagidulin is scribing.
  ... to do credentials, authentication, etc.
  ... which evolved into Verifiable Credentials. then DIDs
  ... we started with low stake and high stake credentials
  ... as the community grew, scope broadened, we started working 
  on things like VCs for Supply Chain,
  ... VCs for non-person entities (orgs, devices)
  ... started looking at different type of proofing mechanisms 
  (blockchain-based cryptographic proofs. proof of work, proof of 
  stake, etc)
  ... that brings us to today
  ... today, we're looking at things like - Verifiable 
  Credentials version 2.
  ... the CCG has been successful in setting up this incubating 
  pipeline
  ... things incubate in here, then go on to W3C working groups, 
  to IETF, etc, to get standardized officially
  ... so we did JSON-LD, VCs, DIDs
  ... so next up -- what updates do we need to make to VCs?
  ... and then where do we store these things? that's the 
  Confidential Storage spec & taskforce, and that's where SOlid 
  comes in
  ... we're focused on privacy; privacy-preserving and 
  privacy-first
  ... we try to be careful about tech and its consequences
  ... wallet protocols, data portability, things like that
  ... there's a lot of things we could collaborate on, with the 
  Solid community
  ... we looked at our roadmap, current and upcoming, and this is 
  the list (slide 13)
  ... these are all the things that might overlap with Solid
  ... as you can see, there are a LOT of work items here
<bblfish> perhaps if the screen share goes full screen?
  ... there' json-ld that you're using. also VCs, DIDs, wallets, 
  secure storage, linked data signatures,
A lot of stuff
Manu Sporny: 
  https://docs.google.com/presentation/d/1uz-StfZ85DscM4IxA_ATQsEKrYo3Xe2H/edit
  ... apologies for the small text - there's a lot of items to 
  fit :)
  ... anyways, the details are less important, but the main idea 
  is - we'd definitely like to collaborate
  ... so this is just a starting list.
<mprorock> if you click on heather's name in the attendee list it 
  sill go fullscreen
  ... that's it for those slides. back over to Heather
Heather Vescent:  Over to Brent -- speak to DID Core? [scribe 
  assist by Manu Sporny]

Topic: Decentralized Identifiers

Brent Zundel:  Decentralized Identifiers -- assuming most of you 
  know what they are -- basics are, it's a URI, allows individual 
  to prove cryptographic control of it [scribe assist by Manu 
  Sporny]
Henry Story: Manu did a full hour coverage of the last difficult 
  to read slide in the video linked to here 
  https://twitter.com/bblfish/status/1368897757365288965
Brent Zundel:  Born out of need to have some way to identify 
  holder of credential where identifier can't be taken away -- 
  slide 16 [scribe assist by Manu Sporny]
Brent Zundel:  Highlighted need -- but not driving force -- lots 
  of use cases for DIDs -- basics are, identifier user controlled, 
  resolvable, cryptographically verifiable, and decentralized 
  [scribe assist by Manu Sporny]
Brent Zundel:  Doesn't /require/ a centralized authority, can be 
  used with one, but you may be missing the point if you do it that 
  way. [scribe assist by Manu Sporny]
Brent Zundel:  DIDs are not human friendly, but they are better 
  than URL and Email in many cases -- user controlled, resolvable, 
  crypto-verifiable, decentralized, and have a trust model 
  flexibility. [scribe assist by Manu Sporny]
Brent Zundel:  DID spec does not define an identity system... 
  DISD are designed to be part of identity systems. DID is a stable 
  identifier, bound to a set of public keys [scribe assist by Manu 
  Sporny]
Brent Zundel:  DID Methods enable different trust models -- 
  did:peer - peer-topeer communication of key changes, did:ion keys 
  are backed by crypto-blockchains, did:sov non-profit governance 
  of distributed ledger, did:web relies on DNS. [scribe assist by 
  Manu Sporny]
Brent Zundel:  Did:key is the simplest did method, ideal in many 
  use cases -- generative from the did:key:PUBLIC_KEY identifier. 
  [scribe assist by Manu Sporny]
Brent Zundel:  DID Resolution -- process of going from a DID to a 
  DID Document -- it's a separate spec from DID Core spec. 
  Resolution is outside scope of DID WG. [scribe assist by Manu 
  Sporny]
Brent Zundel:  We have defined interface -- process itself is 
  outside scope of charter. [scribe assist by Manu Sporny]
Brent Zundel:  DID Documents contain public keys, service 
  endpoints, authentication options, and other metadata useful in 
  discovery and verification. [scribe assist by Manu Sporny]
Brent Zundel:  DID Methods are unique in what they provide. 
  [scribe assist by Manu Sporny]
Brent Zundel:  One use of DIDs today -- DIDComm -- DIDs for 
  secure communication. Version 1.0 has been in production since 
  2018... v2 is under development at DIF. DIDComm can be used w/ 
  any DID Method over any transport, you can use it peer-to-peer -- 
  creates encrypted, authenticated messages asynchronous between 
  many parties. Relies on JOSE stack for a lot of its tech. [scribe 
  assist by Manu Sporny]
Brent Zundel:  It ends up working similar to onion routing... 
  slide 23 -- alice sends message to bob... encrypted message 
  wrapped in envelope, sent to mediator, mediator opens envelope -- 
  take contents and send to bob (can't read contents)... bob gets 
  envelope, opens it, sees message, sends it on to bob. [scribe 
  assist by Manu Sporny]
Brent Zundel:  Bob's mobile says "I got a note from alice" and 
  can read it. [scribe assist by Manu Sporny]
Brent Zundel:  End to end encrypted communication [scribe assist 
  by Manu Sporny]
Brent Zundel:  There are challenges in authentication systems... 
  distribution of public keys -- plagued auth systems for a 
  while... DIDs resolve into DID Documents that contain up to date 
  public keys, keys can be rotated even though identifier doesn't 
  change (this is key innovation), keys tied into getting into 
  different services can be tied to same identifier... if I want to 
  stop using single identifier, have option to do so. [scribe 
  assist by Manu Sporny]
Brent Zundel:  Status of spec -- incubated in CCG, produced 
  thorough document that we took as our starting point for DID WG 
  -- september 2019 -- we are expecting to go into Candidate 
  Recommendation next week... we voted to transition yesterday, 
  thrilled to be at this point... we want implementations, 
  feedback, want it to be a global standard -- data model, 
  resolution interface, look forward to resolutionprocess being 
  define in future. [scribe assist by Manu Sporny]

Topic: Universal Wallet and Encrypted Data Vaults

Orie Steele: 
  https://github.com/w3c-ccg/universal-wallet-interop-spec
<heathervescent> Presenters - we are good on time. Thank you!
Orie Steele:  I'm Orie Steele, one of the developers that works 
  on DIDs and VCs and Digital Wallets -- supporting technologies 
  for all of these areas of interest - two specs that we can talk 
  to -- Universal Wallet spec... JSON-LD vocab for things that are 
  stored in a wallet. [scribe assist by Manu Sporny]
Mike Prorock: 
  https://w3c-ccg.github.io/universal-wallet-interop-spec/storybook/?path=/story/plugins-did-key--did-key
Orie Steele:  Purpose is to provide data models and abstract 
  interfaces for activities of digital wallets -- Digital Wallets 
  cover a large spcae today... cryptocurrency transactions, digital 
  asset manaagement, identity credentials, supply chain 
  credentials, authorization capabilities, keys for managing 
  digital identity... that specification is being worked on in CCG 
  [scribe assist by Manu Sporny]
Orie Steele:  There is sample code implementing spec, React UI to 
  think about this from a visual standpoint [scribe assist by Manu 
  Sporny]
Mike Prorock:  One aspect that most interest me, privacy and do 
  it in a secure manner. Second how do we make sure that developers 
  coming into this space to set the stage for them to do this stuff 
  correctly -- both from UI standpoint, UI callback into 
  standardized sets of libraries -- also from interaction from 
  backend perspective. OpenSSL provided gateway to put out HTTPS or 
  exchange keys or do that stuff effectively. [scribe assist by 
  Manu Sporny]
Mike Prorock:  How do we leverage this stuff to build systems. 
  Lots of potential for things to improve -- data ultimately has to 
  be stored and ultimately exchanged... this is interesting thing 
  w/ Solid -- you're after similar goals there. Closely related to 
  EDVs -- selective disclosure, etc. [scribe assist by Manu Sporny]
Orie Steele:  Thanks mprorock, yes, there are plugins for 
  different DID Methods, EDVs, one part of COnfidential Storage 
  Stew [scribe assist by Manu Sporny]
Orie Steele: 
  https://github.com/decentralized-identity/confidential-storage
Orie Steele:  Moving on to Confidential Storage specification 
  [scribe assist by Manu Sporny]
Orie Steele:  SOme folks in Solid community may be aware of this 
  work, join work item for CCG and DIF -- two primary sources of 
  input -- EDV spec and Identity Hub specification/docs. What we're 
  trying to do here is create a set of specs for confidential 
  storage associated w/ DIDs. [scribe assist by Manu Sporny]
Orie Steele:  We have DIDs that have public key material, public 
  keys are good for signatures, but you can also use them for key 
  agreement and encryption -- use key agreement functionality to 
  provide confidential storage service -- client-side encryption 
  content, storage providers can't see your data, can't sell it. 
  [scribe assist by Manu Sporny]
Orie Steele:  EDV APIs are very simple... basically encrypted 
  blob storage... not a high frequency database w/ relational 
  thing... just an encrypted blob store with simple indexes. 
  Primary use case for EDVs are wallet backup, key 
  management/recovery -- I think of EDVs as a standards-based 
  password manager database... you don't want service provider to 
  run away with all of your data... not really built for things 
  much beyond that. EDVs might one day be massively [scribe assist 
  by Manu Sporny]
<manu> more scalable -- but just password management wallet 
  recovery/backup is useful enough alone to be compelling.
Orie Steele:  Identity Hubs is second aspect of this... Identity 
  Hubs are powerful enough to build Decentralized Twitter from -- 
  Identity Hubs are more complex, vision is much bigger. [scribe 
  assist by Manu Sporny]
(Identity hubs are basically exactly like Solid pods :) )
With an emphasis of replication.
Mike Prorock: +1 Dmitriz
Orie Steele:  If you're familiar with Firebase or GunJS - vision 
  for Hub -- IPFS, GunJS, OrbitDB, Semantic Replication of content 
  -- a lot of really cool database technologies that are made to 
  handle use cases that are significantly more complicated rather 
  than static file storage. [scribe assist by Manu Sporny]
Heather Vescent:  Thanks Orie -- want to add anything, mprorock? 
  [scribe assist by Manu Sporny]
Mike Prorock:  Yes, Hubs are a deep topic -- hit on EDVs primary 
  use case -- area we're exploring, secure exchange of proprietary 
  information -- my day job is machine learning, sets of training 
  data, model outputs from highly proprietary data, have to be 
  exchanged securely if you can't do on premise, this is the area 
  that most interest me for EDVs -- facilitate those use cases and 
  user privacy and protection over their own data. [scribe assist 
  by Manu Sporny]
Heather Vescent:  Collaboration -- slide 28 -- all information on 
  how we could engage -- CCG is big tent, links on collaborating 
  are on the slide -- you can get onto mailing list, Github where 
  we do work is here. [scribe assist by Manu Sporny]
Heather Vescent:  If you're intersted in any of the ideas, join 
  CCG meeting... Wed at 10am PT, 1pm ET [scribe assist by Manu 
  Sporny]
Heather Vescent:  Brent and Dan Burnett run DID WG -- meets 
  Tuesdays 8am PT, 11am ET [scribe assist by Manu Sporny]
Heather Vescent:  We also have VC Maintenance WG -- if you have 
  any questions -- Brent, Wayne are cochairs there. [scribe assist 
  by Manu Sporny]

Topic: Collaborating with Solid/CCG

Heather Vescent:  Over to Dmitri for ideas on 
  tips/ideas/suggestions [scribe assist by Manu Sporny]
Dmitri Zagidulin:  Best first step is to join each others calls 
  -- weekly CCG meeting is a great way to get invovlement. I try to 
  bring Solid voice to CCG community... there is almost 100% 
  overlaps between Solid and CCG work. I want to highlight two of 
  them: DIDs and Confidential Storage. [scribe assist by Manu 
  Sporny]
https://github.com/solid/specification/issues/217
Dmitri Zagidulin:  That link is a solid spec issue about 
  integrating DIDs... involves a picture, easier to talk about -- 
  there is a good fit between Solid WebID and CCG DIDs... either 
  directly as did:web, or maybe as did:key -- DIDs are spiritual 
  successor to WebID -- learned from WebID lessons... they 
  essentially drop in -- Solid could adopt DIDs. [scribe assist by 
  Manu Sporny]
Dmitri Zagidulin:  That would enable more technology interop for 
  Solid -- Solid Pods supporting DIDs would be a fairly easy lift. 
  [scribe assist by Manu Sporny]
Dmitri Zagidulin:  The other thing would be Confidential Storage 
  group -- it's all about storage, of direct interest to Solid 
  community -- confidential storage -- EDVs narrow scope -- direct 
  drop in backend for Solid LDP containers... once Solid has key 
  material that enable encryption/authorization, EDVs are an easy 
  drop in. [scribe assist by Manu Sporny]
Dmitri Zagidulin:  Hubs are more or less Solid Pods -- Hubs have 
  a bit more emphasis on replication, Solid  Pods have a bit more 
  focus on Linekd Data / RDF -- both are high level personal data 
  servers that provide querying, authn, inboxes, notifications -- 
  everything that you need to build decentralized apps -- area 
  where Solid is 2-5 ahead of the conversation while the CCG has 
  been focusing on lower-level encryption/signing/identifiers, 
  Solid has been racing ahead [scribe assist by Manu Sporny]
<manu> and saying, "Once we have that in place, what will we 
  need"
Justin Bingham: +1 - Totally agree on those focus points
<justinwb> for collaboration
Dmitri Zagidulin:  What is a decentralized app manifest? What 
  sort of higher level data structures will apps need? But 
  conversely, Solid doesn't have Linked Data Security, Encryption, 
  VCs, etc... The two communities are very complimentary, 
  interopable -- there is a lot of material of interest to the 
  Solid community, start with DID integration, would love to see 
  more Solid folks on Confidential Storage call. [scribe assist by 
  Manu Sporny]
Heather Vescent:  Great -- thanks for the overview -- this is not 
  everything we're doing in CCG -- we wanted to hone presentation 
  to things you might be interested in -- ice breaker to get both 
  groups on same page wrt. entry points for collaboration. [scribe 
  assist by Manu Sporny]
Sarven Capadisli:  Thank you, that was great, lots of material 
  and homework for Solid CG to follow up on -- question, touched on 
  this, views/experimentation around key management in browser -- I 
  know we have CHAPI -- adoption, interest, experimental 
  applications demonstrating CHAPI before browser makers. [scribe 
  assist by Manu Sporny]
Sarven Capadisli:  Solid ecosystem would like to take advantage 
  of all work around credentials -- Solid working on browser 
  [scribe assist by Manu Sporny]
Orie Steele:  There are 3 places where we see key management 
  intersecting... EDVs and Wallets -- representation for keys that 
  are extractable and non-extractable -- remote KMS, Azure Key 
  Vault -- Universal Wallet EDVs mechanism for storing extractable 
  keys -- WebKMS spec, vendor agnostic interface for working with 
  remote key management servers... [scribe assist by Manu Sporny]
Orie Steele:  Some of the, universal wallet spec, has some 
  support for non-extractable keys stored in browser. [scribe 
  assist by Manu Sporny]
Amy Guy is scribing.
Manu Sporny:  Is the question what works in chapi today and 
  what's the plan in the future? CHapi was created many years ago. 
  An offshoot of the original webid work in 2011. During that time 
  we .. digital bazaar was involved in original webid work, we did 
  the first purely polyfil implementation of webid. The thing we 
  were concerned about was browsers taking clientside certs out of 
  the browser, we wanted a polyfil to enable weibd to survive. That 
  polyfil
Became chapi over 6 years
  ... now chapi is used to do more things, it moves data from one 
  website to another using purely polyfill tech, no dependency on 
  browser ever implementing it - but we would like them to on the 
  community's terms
  ... people may not be aware that when browser vendors get 
  involved things don't always go in the direction you want, 
  sometimes agendas are not aligned
  ... the design for chapi is such that if we converge that's 
  great but if we don't that's fine too
  ... there are anumber of implementations that use chapi to move 
  credentials back and forth
  ... this interop work has been demonstrated through the DHS 
  SVIP, an interop test suite we're constantly showing it
  ... it's already or going to be a CCG work item
  ... it is definitely being used today
  ... examples on the chapi polyfill site of how to build a 
  system that can send and request credentials
Henry Story:  No, the polyfill is not Origin based, in the sense 
  you're asking [scribe assist by Dmitri Zagidulin]
<heathervescent> thanks for scribing Amy!
  ... happy to point you to tutorials
  ... dmitri has a demo already working for solid
  ... where are we going? ideally we want it implemented in the 
  browser, and it is built in such a way to align with the 
  credential manager - totally different interface
  ... credential manager is already in the browser, and we built 
  chapi in a way to layer on top of that if the browser vendors are 
  interested
  ... for it to become of interest to them, we have ot show tens 
  of millions of people using the api
  ... that's usually when it becomes convincing. That's why the 
  polyfill exists
  ... that's why wer'e having multiple vendors moving things 
  around
  ... we're refining it so when broser vendors come around to 
  implement its well formed
<csarven> manu thanks! clear. will follow up
Dmitri Zagidulin:  Chapi and chapi based wallets are a good fit 
  for solid because they're essentially a superset of webid tls 
  clientside cert functionality
  ... with better UI and more choicecs of providers
  ... there have been several proof of concept pilot deployments 
  already
  ... 4 or 5 implementations in the wild that i know of. And done 
  a solid integration with did web I'd be happy to demo
Amy Guy is scribing.
Dmitri Zagidulin:  You've should've told me that before! =) 
  [scribe assist by Sarven Capadisli]
Sarven Capadisli:  I've been saying it for months! :) [scribe 
  assist by Dmitri Zagidulin]
Justin Bingham:  Agree on the collaboration point around interop 
  that dmitri raised
  ... dbuc and I were talking about interop things
  ... where is the best place to action the collaboration?
  ... the weekly session or a separate session about the interop 
  or the identity hub work?
  ... we're doing a ton of work there, if that work is happening 
  in parallel and we agree we can probably do good stuff together 
  rapidly, I don't want to miss that opportunity
<bblfish> What I wonder is how one gets it to work? Is it that 
  aach web site used the CHAPI playful when they want to have their 
  clients use credentials, and that polyfil then calls into one's 
  the in built browser API?
Orie Steele: Join the Secure Data Store WG: 
  https://github.com/decentralized-identity/confidential-storage
Dmitri Zagidulin:  Confidential storage calls
  ... the CCG itself is very interop focussed
  ... and there are a lot of presentations within and outside the 
  community there
<justinwb> perfect - ty orie
Heather Vescent:  The CCG has the main meeting, the big tent
  ... from time to time we have updates from the task forces
Dmitri Zagidulin:  Re your implementation! I'd love to see it. 
  [scribe assist by Sarven Capadisli]
  ... the task forces spun out of the big tent because of 
  interest in drilling down
  ... so they spun off
Sarven Capadisli:  Sure thing! [scribe assist by Dmitri 
  Zagidulin]
  ... we ended up having qute a few of these, all important and 
  focus on different things
  ... on mondays the VCs for education group meets
  ... markus has restarted some of the did resolution stuff which 
  was very critical
  ... dmitriz and tobias and kaliya chair the confidential 
  storage
  ... all of those are included in the overall CCG, as well as 
  other things
<mprorock> have to bail, thanks all
elf Pavlik:  We have well documented use cases with 
  authorization. What is the best way to get feedback on those use 
  cases.. from people or task forces that work with authorizatin?
  ... how to use VCs and capabilities to address authz related 
  use cases?
Dmitri Zagidulin:  It would make a lot of sense for us in solid 
  to present to the confidential group on these authz use cases
Orie Steele: EDVs are built on https://w3c-ccg.github.io/zcap-ld/ 
  today
  ... a narrow subset of those authz have been discussed by 
  encrypted data vault interested community, but there's a larger 
  conversation to be had about authz use cases for hubs
<orie> looks like they could be compatible with the Solid spec / 
  approach
Heather Vescent:  I'd also love to see it in the regular CCG call
<dmitriz> totally, +1 to presenting to CCG!
  ... if the solid community has questions or wants to run ideas 
  o r uses cases, we can put that on the agenda
  ... have a CCG call dedicated to that
Manu Sporny: +1 To presenting to CCG -- Solid Authorization  use 
  cases
Adrian Gropper:  I am particuarly interested in authz
  ... I second the thought that you should join us in 
  confidential storage calls as a starting point
  ... that is the focus of my attention
  ... I also try to interact with the IETF GNAP work
  ... and today at 5 o'clock is a meeting where justin richter is 
  presenting the GNAP work to the interop work group
  ... that's a DIF thing
  ... I will also be acting as a respondant
  ... if you want a really up to date perspective on what's going 
  on between SSI groups and IETF groups on authz that's a good 
  starting point, or email me
Adrian Gropper:  Can you please share link here [scribe assist by 
  elf Pavlik]
<elf-pavlik> ty
  ... I'll get the links
Manu Sporny:  We've got dmitri sitting between both communities 
  for a while
  ... it would be good to understand where solid's priorities are 
  these days
  ... what is the most pressing thing on your midn and where are 
  you trying to make progress?
Adrian Gropper: <P>DIF Interop WG Call&nbsp;<br></p><ul><li><b><a 
  href="https://github.com/decentralized-identity/interoperability/blob/master/agenda.md">Agenda</a>&nbsp;-&nbsp;</b>agenda, 
  minutes, recordings and useful links</li><li><b><a 
  href="https://dif.groups.io/g/interop-wg">mailing 
  list</a></b></li><li><b><a 
  href="https://identity.foundation/interop/">website</a></b></li></ul><p></p>This 
  meeting has an alternating timing to involve all 
  timezones.&nbsp;<b[CUT]
  ... to see if there's any alignment there
<heathervescent> Thanks Adrian
  ... understanding solid's priorties, roadmap, would be really 
  good
  ... I know there's a roadmpa timeline sent to the ccg
  ... maybe we can work on aligning what people would be most 
  motivated to work on over the next 6 mnths and go from there
Heather Vescent:  They might be talking about that this afternoon
Heather Vescent:  Thanks everyone!
<manu> Thanks to the Chairs of both groups for coordinating!
  ... How can we help you engage and collaborate with our work 
  items?
Sarven Capadisli: Manu https://solidproject.org/TR/ for Technical 
  Reports etc. May want to have a look over 
  https://solidos.solidcommunity.net/public/Roadmap/Tasks/
Sarven Capadisli:  There are so many areas that we can meet at.. 
  from our end we need to understand the scope or coverage that 
  some of the credentails specs and implementations you have, and 
  on the solid end, and where they overlap
  ... that will help us better see to what extent we should take 
  some specs in solid and where to stop and know where credentials 
  are coming in
  ... we dn't want to come up with yet another approach to 
  addressng similiar needs
  ... I don't have a specific answer on how that would work, but 
  being more familiar with the material helps from both ends. I 
  know dmitri is. We're slowly making our way into the credentials 
  work
Heather Vescent:  Would it make sense for a few folks from ccg to 
  come and do a tour of some of the specs?
  ... during a call or a separate call where .. sometimes its 
  intimediating to open up a document or a spec in progress and 
  really understand the context
Heather Vescent:  +1 To more / focused calls [scribe assist by 
  Sarven Capadisli]
  ... would it make sense for someone to give a tour and walk 
  through that stuff and present some of those things?
Henry Story:  That's going to be very useful
  ... the main thing is going to be to - we'll explain next - the 
  use case we have
  ... so I can see for example credentials being very useful and 
  tying these into access control systems
  ... it's a question of which parts of .. how doe these work, 
  where can one try these things out and play with them?
  ... that's the only way you can really get a good idea of how 
  it's working
  ... from that one can start thinking about how it would best 
  fit
  ... the recent book on SSI I found really helpful, and manu's 
  talk recently
  ... just a question of if I want to try to implement that where 
  do I go?
  ... what's missing and how does it fit our use case
  ... would be useful to have sessiosn where one can work through 
  these questions
Heather Vescent:  Would you expect that in your call or would you 
  come to a ccg call, or smething separate?
Henry Story:  I've started sending mails to the ccg but I should 
  come to the calls
Heather Vescent:  We'd love to have you
  ... any last questions?
  ... thanks to everyone today. See you back here at the same 
  link in 2 hours at 10 am pacific
<bblfish> thanks
<bblfish> was the link to the talk this afternoon posted here?
Manu Sporny: Bblfish, 
  https://lists.w3.org/Archives/Public/public-credentials/2021Mar/0027.html
Received on Wednesday, 10 March 2021 19:59:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 10 March 2021 19:59:08 UTC