[MINUTES] W3C Credentials CG Call - 2021-05-25 12pm ET

Thanks to Joe Andrieu for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2021-05-25 

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2021-05-25

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2021May/0138.html
Topics:
  1. Introductions & Reintroductions
  2. Progress on action items
  3. VC-HTTP-API
Organizer:
  Wayne Chang and Heather Vescent
Scribe:
  Joe Andrieu
Present:
  Mike Prorock, Heather Vescent, Kim Hamilton Duffy, Mahmoud 
  Alkhraishi, Markus Sabadello, Manu Sporny, David Chadwick, Ted 
  Thibodeau, Juan Caballero, Erica Connell, Adrian Gropper, Charles 
  E. Lehner, Phil Long, Joe Andrieu, Ryan Grant, Kaliya Young, 
  Taylor Kendall, Orie Steele, Anil John
Audio:
  https://w3c-ccg.github.io/meetings/2021-05-25/audio.ogg

<mahmoud_alkhraishi> present~
<mprorock> loud and clear
<juan_caballero> /me is sorry, he was stuck in some kind of lobby 
  and confused !
Heather Vescent: Join the CCG: 
  https://www.w3.org/community/credentials/join
Heather Vescent: Meeting minutes: 
  https://w3c-ccg.github.io/meetings/
Joe Andrieu is scribing.

Topic: Introductions & Reintroductions

Unknown: I'm [] from UL labs. Underwriter's Laboratories
Juan Caballero: https://www.linkedin.com/in/sanneketelaar/
Juan Caballero: :D
<sanne_ketelaar> Sanne Ketelaar
David Chadwick:  Self introduction
Heather Vescent: Announcements: 
  https://w3c-ccg.github.io/announcements/
David Chadwick:  We'd like to use the VC-HTTP-API, but it seems 
  like the current version has lost features from a couple weeks 
  ago.
Kaliya Young:  Coming out of IIW, we are going to host two 
  special topic summits, probably in July, one on UX for SSI the 
  other on the business of SSI
Manu Sporny:  Just a heads up. The Linked Data Signatures Working 
  Group charter debate continues on the semantic web mailing list.
Phil Long: T3 Innovation Network's Network of Network's project 
  has it's kickoff today 
  https://www.uschamberfoundation.org/event/t3-innovation-network-networks-launch 
  and registration at 
  https://events.uschamberfoundation.org/T3NetworkLaunch.  It's 
  today at 1:00 pm to 3:30 pm EDT.
  ... a new set of challenges have come forward.
  ... a lively discussion is happening
  ... We are also still collecting DID implementations for the 
  final push to standardize the DID Spec.
  ... We are going to be wrapping up this first call for 
  implementations shortly. Probably decide when to do that, later 
  today.
Heather Vescent:  Can you give details on when the semantic web 
  group meets?
Juan Caballero: 
  https://github.com/decentralized-identity/waci-presentation-exchange/
<mprorock> @manu - that is an interest group right?
Manu Sporny: Linked Data Signatures WG Charter discussion -- 
  https://lists.w3.org/Archives/Public/semantic-web/2021May/thread.html
Juan Caballero:  There is a rapid prototyping work item happening 
  at DID. Hopefully complementary to the VC-HTTP-API work.
  ... came out of IIW
Manu Sporny: Start of massive thread here: 
  https://lists.w3.org/Archives/Public/semantic-web/2021May/0001.html
  ... the WACI Presentation Exchange
Heather Vescent:  Tell us more
Juan_Cabalero: that group is trying to describe ways to get 
  credentials from one stack to another using existing tech. not so 
  much developing new protocols, but rather how we can already do 
  many of these things.
  ... This is analysing how existing implementations are 
  different.
  ... You might want to follow the conversation.
Juan Caballero: :D
Adrian Gropper:  Quick announcement. As many of you know, I'm the 
  author of the health care use case in the DID spec work.
<juan_caballero> /me tries every time, and fails every time, to 
  make announcements in under 60 seconds
  ... now refreshing the implementation based on the work that 
  has gone on in the last four years
  ... if anyone is interested in contributing, please contact me
Mike Prorock:  Manu, did semant web roll up into xyz group?
Manu Sporny:  Good question. Might be the data activity, but that 
  might be rebranded.
Heather Vescent: Progress on Action Items: 
  https://github.com/w3c-ccg/community/labels/action%3A%20review%20next

Topic: Progress on action items

Heather Vescent: #180: 
  Https://github.com/w3c-ccg/community/issues/180
Heather Vescent:  Two action items to bring up
  ... has to do with maintenance mode for inactive groups.
  ... can we close this?
Wayne_chang: yes. should be reciving an automated email for the 
  group
Heather Vescent: #181: 
  Https://github.com/w3c-ccg/community/issues/181
Heather Vescent:  Does that mean we can close 181 too?
Wayne_chang: yes.
Heather Vescent: #175: 
  Https://github.com/w3c-ccg/community/issues/175
Heather Vescent:  Next, #175
  ...This issue came up when we were updating the ccg work item 
  process
Mike Prorock: Semantic Web has been subsumed into the rdf-dev 
  community group here: https://www.w3.org/community/rdf-dev/
  ... a few of the questions in that process address how the 
  proposers are going to involve folks from different skillsets 
  like design or anthropology and more diverse perspective.
  ... We, the chairs, realize that might be a heavy lift for the 
  work proposers to find those folks on their own
  ... so maybe we could source that list as a group to help 
  people find a more diverse group of people
  ... this work item is about bootstrapping that through the 
  community
  ... to find folks interested in working on work items in a more 
  diverse role
  ... might be the right time to start working on this
  ... Is this a good idea? Are folks interested in helping?
Manu Sporny:  +1 To the activity
  ... we are doing a lot of stuff across a lot of fronts right 
  now
  ... a number of editors, authors, etc. are overwhelmed. we need 
  the help.
  ... One of the challenges is that current editors are so under 
  water that teaching or training folks how to do things feels like 
  an impossible task
  ... The need is there.
  ... But there's a gap. Maybe its fear; people unsure about how 
  to help.
  ... While those who do know how to help are stretched thing
S/thing/thin/
  ... This is where we are. We want help, but don't know how to 
  cross the bridge to getting more people contributing.
  ... CCG 101 is helping, but it seems like we need more
Heather Vescent:  Agreed.
  ... CCG101 is a pipeline strategy
  ... my hope is that it will help drive folks to helping with 
  specs, but of course there will be a delay
Wayne_chang: definitely a shortage of resources
  ... talked with W3C staff about resourcing
  ... this is a way we might be able to scale out; paying folks, 
  perhaps interns, etc.
Heather Vescent:  Thanks, Wayne.
  ... Re: Manu's comment about teaching the basics and level of 
  comfort to participate
  ... One of the goals of CCG101 is to have a training session or 
  brain dump with Manu or the spec editors
  ... Once we get that initial brain dump, we can productize that 
  knowledge and information, teaching folks from there.
  ... So, yes, we need knowledge transfer; then we can send that 
  out from there.
  ... If there are suggestions for CCG101, please let us know. We 
  want to do more of this and want your input.
Juan Caballero: +1 To youtube/video archives as a rapid way to 
  sharpen axes!

Topic: VC-HTTP-API

Manu Sporny:  Today, co-presenting with me is Juan and Orie and 
  Adrian
  ... not sure if Orie is here...
<mprorock> I don'tsee orie on, but happy to jump in on his stuff
<juan_caballero> and mahmoud is here too!
  ... Markus or Mike Prorock, if you could give a background, 
  that would help.
  ... Thanks, Mike!
<mahmoud_alkhraishi> yup happy to pitch if needed
Manu Sporny: VC HTTP API slide deck for today: 
  https://docs.google.com/presentation/d/17ZMoj6juBnX-DieLc5zvJPOKEk7jIhiU1zRpVkL4zKA/edit#slide=id.p
  ... Feel free to jump in at any point.
Scribe note: I won't be replicating slid content in notes
<mprorock> screen share up
Manu Sporny:  As many of you know, there was a bit of a dust up 
  recently.
  ... This has been a work item since last January
  ... but we haven't done a good job engaging the public.
  ... That came to a head and we decided to have more regular, 
  public meetings so folks can get up to speed.
  ... I'm going to go through the problem statement.
  ... Mike will go over the origin story
  ... Juan will give a current status.
  ... Adrian will close with next steps
  ... "Mission statement": Provide an HTTP API to issue, 
  exchange, and verify data used in the Verifiable Credentials 
  Ecosystem.
  ... Focus is on HTTP
  ... Many of us are familiar with the "VC" ecosystem with 
  Issuers, Holders, and Verifiers
  ... [showing the diagram from the VC data model spec]
  ... This is the mental model we've been operating under for 5+ 
  years
  ... What we are trying to do with the VC-HTTP-API is to zoom in 
  on each of the boxes in the diagram and describe how they might 
  interact
  ... First box: The Issuer
  ... This is after five weeks. (only) This is experimental. 
  Loose language. Not set in stone.
<orie> more like years.... of work.. and 5 weeks of actually 
  having recorded calls.
Orie Steele: :)
  ... Just thinking about the VC-HTTP-API for the issuer.
<heathervescent> Juan - I'm gonna wait till we have a break to 
  take questions.
  ... The issuer is going to be operating some sort of web 
  service gateway that will expose some part of the API
  ... That system talks to an application-specific service inside 
  the firewall, which executes business logic.
  ... For example, this is where the application makes decisions 
  about when & why to issue VCs (and the content thereof)
  ... The application service relies on a database.
<anil_john> @mprorock Would you mind if I set up the VC HTTP API 
  origin story for you?
  ... It also relies on a verifier service and issuer service
<mprorock> @anil that would be much appreciated
  ... That's the issuer.
  ... If we look at the verifier, this is the right side of the 
  diagram
  ... (Some of these we already know we need to update the 
  diagram)
<anil_john> +q to set up the VC HTTP API Origin Story
<heathervescent> copy Anil
  ... The verifier  website using the VC-HTTP-API with its own 
  application service (with its own business logic) and it uses a 
  verifier service.
  ... Still teasing out the language, but this is an early draft
  ... If a digital wallet is being used, we expect that wallet to 
  expose APIs for requesting proofs, etc.
  ... we know we need to talk about encrypted storage and how one 
  is authorized to use these endpoints
  ... Those are the pictures of where we're at now
  ... Hand it over to Anil
Anil John:  A little bit of background. I'm the technical 
  director of the Silicon Valley Innovation Program.
  ... When we put the call out for digital credential work, 
  including digital permanent residence card
  ... we made a conscious decision where we had been locked into 
  vendors
  ... so the solicitation itself called out "any API facing the 
  website must be open, royalty-free"
  ... When we had our first kickoff meeting, the first 
  conversation was that we fully realize that each of these eight 
  companies could implement an open API.
  ... but what we want to do is to go out under the umbrella of 
  CCG and work out with the broader community what a standard API 
  could be for anyone using VCs and DIDs, regardless of the 
  underlying tech (DLT, etc.)
  ... If you can do this under the CCG, we can get feedback from 
  the global community.
  ... Rather than telling what API vendors must use, we committed 
  to using the open standard developed through collaboration
  ... You are now seeing the interim result that has come out of 
  that
Mike Prorock: 
  https://app.swaggerhub.com/apis/danubetech/credential-issuer/0.0.1
Mike Prorock:  First, I want to give Markus credit for his 
  initial issuer and verifier API, which has evolved into this work 
  item.
  ... The real goal was to make sure there was a good way to 
  handle this interchange over normal REST API rather than relying 
  on polyfills or browser features.
  ... A lot of us are dealing with VCs in a system-to-system 
  paradigm.
  ... That's where the test harness came from.
  ... Which led to a standard endpoint that people can use to 
  test an implementation
  ... This meant that, e.g., Digital Bazaar was able to take the 
  existing test infrastructure with at new vocabulary and see how 
  the existing ecosystem already supports the use case
  ... So how do these system-system interchanges happen? This is 
  what brought us into this VC-HTTP-API
  ... This is something real, that people are using.
Manu Sporny:  Five weeks ago we started off with a list of 
  challenges, over to Juan
Juan Caballero:  There have been discussion about how to 
  structure the spec itself
  ... and a lot of workshopping use cases
  ... the trickiest thing to contribute is that people don't 
  naturally think in terms of generic APIs
  ... people think in specific use cases
  ... generalizing from that is hard.
.. The question that everyone brings when they first encounter 
  the work is "Is this an internal API or does it cross trust 
  boundaries"
  ... The point of the API is to imaging that each role is 
  outsourced. The "worst" case.
  ... That's the hardest conceptual ah-hah for many
  ... Joe and Eric Schuh and I have been meeting once/week to 
  iterate on use cases, in-between meetings to bring issues and 
  questions back to the regular call
  ... Those diagrams Manu shared is something that is also 
  iterating in parallel.
  ... Use cases are 1/3 of the process, Data flows are another 
  third.
  ... So these flows could happen entirely on the same machine 
  (without assumptions)
Manu Sporny:  The other success is we do have a starting format
  ... what we don't have are lead editors
  ... we need to find that.
  ... next up, Adrian
Adrian Gropper:  The next steps and challenges all have to do 
  with human rights on a self-sovereign subject
  ... Everything about many of these diagrams are seen from the 
  perspective of the issuers and verifiers
  ... To summarize: if the goal is to enable a self-sovereign 
  subject, give them a capability that they can delegate as desired
Heather Vescent: +1 Adrian
  ... We have to bring the subject in the picture because they 
  really are the point of all this SSI work
  ... We need use cases that center on the subject
  ... What protocols are essential in these diagrams
  ... the Data models are understood (mostly) but the protocols 
  are new
<mprorock> I would counter that SSI is required for usefulness of 
  the vc-http-api - e.g. it can be used outside of a self-soveriegn 
  perspective
  ... One more challenges: revocation and audit have really not 
  been discussed in the overall scheme
Manu Sporny:  Thanks, Adrian.
  ... That's where we are today.
  ... Calls happen every Thursday afternoon (Eastern)
  ... Invites go out every week. Have a doodle poll finding a 
  regular time.
Adrian Gropper: 
  https://github.com/w3c-ccg/vc-http-api/issues/186#issuecomment-841873572
  ... 3pm Eastern on Thursday

Received on Wednesday, 26 May 2021 01:44:53 UTC