W3C home > Mailing lists > Public > public-credentials@w3.org > April 2022

[MINUTES] W3C CCG Credentials CG Call - 2022-03-15

From: CCG Minutes Bot <minutes@w3c-ccg.org>
Date: Mon, 04 Apr 2022 14:01:44 +0000
Message-ID: <E1nbNH3-0002Nu-CC@titan.w3.org>
Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2022-03-15/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2022-03-15/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2022-03-15

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2022&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Topics:
  1. Introductions and Reintroductions
  2. Announcements and Reminders
  3. CCG Work Items for promotion to VC WG
Organizer:
  Heather Vescent, Mike Prorock, Kimberly Linson
Scribe:
  Our Robot Overlords
Present:
  Kimberly Linson, Manu Sporny, Brian, Ryan Grant, Dmitri 
  Zagidulin, Shawn Butterfield, Chris Abernethy (mesur.io), Markus 
  Sabadello, Leo, Kerri Lemoie, Mike Prorock, Andy Miller, Orie 
  Steele, Charles E. Lehner, Kaliya Young, Adrian Gropper, Brent 
  Zundel, David I. Lehn, Kayode Ezike, Jeff Orgel, TallTed // Ted 
  Thibodeau (he/him) (OpenLinkSw.com), Mahmoud Alkhraishi, Juan 
  Caballero, Heather Vescent

Our Robot Overlords are scribing.
Kimberly Linson:  Recording is on.
Kimberly Linson:   I just.
<kerri_lemoie> high five back!
Kimberly Linson:  High five to the air so we're all good okay so 
  let's kind of walk through just our agenda review we're going to 
  talk about the will go through sort of our housekeeping items and 
  then we're going to do our main topic today which is that man is 
  going to frame the context for us around the new VC working group 
  Charter and some of the work items that we have that are going to 
  move or potentially move to.
Kimberly Linson:   To to that group.
Kimberly Linson:  Go ahead and run through our housekeeping 
  stuff.
Kimberly Linson:  So first off anyone is welcome to participate 
  in these calls however if you are wanting to make substantive 
  contributions we really would invite you to join the ccg you have 
  to do two things in order to to be a full contributor one is join 
  the ccg the link to do that to have an account its free to anyone 
  is in that link is in that.
Kimberly Linson:  Into that I sent.
Kimberly Linson:  That's step one step two is to sign the 
  community contributor license agreement and the link to that is 
  also in in the agenda so I would definitely if you have not 
  already done that please do then just a couple of things about 
  how to participate in the call first of all you're in jitsi which 
  means that you've done step one and if you have audio issues or 
  something doesn't seem to be quiet.
Kimberly Linson:  Right we do know that.
Kimberly Linson:  They're sort of.
Kimberly Linson:  Be sometimes be some issues in the system 
  couple workarounds or one too just refresh to is to try a 
  different browser and know that that's worked for me on a couple 
  of different occasions to just switch over to Safari the minutes 
  and audio are of everything that's said on this call are recorded 
  and archived and they are also that link to that archive is also 
  in the agenda and so you can go there to look at those.
Kimberly Linson:   We use iirc to.
Kimberly Linson:  Jurors during the call as well as to take 
  minutes we have this awesome CG bought that you can see that is 
  transcribing and recording everything so hopefully we won't need 
  a scribe but just to give your give you a few little tips on how 
  to to use the are see if you aren't familiar with it one is it if 
  you have something you want to say just add yourself to the queue 
  by typing q+ if you change your mind you can pick you -.
Kimberly Linson:   If you see something in the transcription that 
  the CG Bot got wrong.
Kimberly Linson:  Our that the CG bought got wrong then you can 
  do s: / whatever was incorrect Bob / what's correct Robert and so 
  you can fix anything and I've actually asked that as an entire 
  Community we do that and thanks man you for putting that in there 
  yes so so I'd asked us all to kind of keep an eye especially on 
  the things that you say and make sure that that.
Kimberly Linson:   It is represented correctly.
Kimberly Linson:  And let's see so now I think we're too we'll 
  skip the Scribe selection I don't think we need that because 
  hopefully the CG bot will do that for us and we get to do 
  introductions do we have anybody new to the community or who 
  would like to hasn't been here for a while who'd like to 
  reintroduce themselves.
Kimberly Linson:   We'd love to welcome you.

Topic: Introductions and Reintroductions

Kimberly Linson:  And is a former educator I know to give that a 
  very long pause but I don't see anybody and I recognize most of 
  the names here so I'll go ahead and move to announcements and 
  reminders.
Kimberly Linson:  Anybody have an announcement for us.

Topic: Announcements and Reminders

Manu Sporny: https://w3c.github.io/vc-wg-charter/
Manu Sporny:  Yeah just two things the first one is reminder this 
  is the weekly reminder that the verifiable credentials working 
  group Charter is under active development please read it provide 
  some input we're going to be talking about it today but things 
  really do seem to be wrapping up on it so please kind of read it 
  as it stands right now and you know.
Manu Sporny:  You're running out of time the chart looks is 
  starting to look pretty good right now so I don't think this 
  community would have any objections with it but just a reminder 
  that that's happening the other kind of news is that it looks 
  like the did formal objections or moving forward a bit with the 
  director can't say much more than that but looks like there's 
  some movement there so that's good and that's it.
Kimberly Linson:  Great thank you any other announcements 
  reminders.
Manu Sporny: https://w3c.github.io/vc-wg-charter/
Kimberly Linson:  All right I checked and it doesn't seem like we 
  have any action items that we need to talk about but if somebody 
  has somebody thing that they want to bring up there now would be 
  the time to do so.

Topic: CCG Work Items for promotion to VC WG

Kimberly Linson:  Okay great then let's get into to the main 
  topic for for today as I said at the beginning this was a good 
  topic for me to have as my first one because it really gave me 
  the opportunity to dive in and see what it is that we're doing 
  and I have to save it as a community group it is amazing the 
  amount of work and expertise that were contributing and I know 
  you all know that in parallel to our work the the.
Kimberly Linson:  Is also doing their work and so today's topic 
  is really to as man you said think about those items that we've 
  been working on and do they need to be promoted to to the formal 
  BC working group so I'm going to go ahead and turn it over to 
  Manu to walk us through the context and then we can have a good 
  discussion around that after he's finished.
Manu Sporny:  Okay thanks Kimberly Bryant I don't know if you 
  would also I'm sorry to put you on the spot print but I don't 
  know if you would like to say some things to kind of start at 
  Brent's Brent's one of the co-chairs of the verifiable 
  credentials working group or if you want me to just dive into 
  things.
Brent Zundel:  Manu I will certainly leave it to you to dive into 
  things and I'm happy to chime in if folks want me to talk.
Manu Sporny: https://w3c.github.io/vc-wg-charter/
Manu Sporny:  Okay awesome thanks Brent okay so Brent is our 
  fearless leader in the verifiable credentials working group and 
  has been a chair therefore since the since the dawn of time for a 
  long time and currently as I mentioned we've been working on this 
  verifiable credentials working group Charter I'm going to go 
  ahead and share going to tempt fate and share my screen.
Manu Sporny:  Sorry to do this to you on your first first time 
  Kimberly butt.
Kimberly Linson:  That's okay you said if you said if it was if 
  it got broken to just call on you so since you're in charge there 
  you go you can break it and then fix it.
Manu Sporny:  Exactly okay so here's the charter so the 
  verifiable credentials working group Charter and there's a 
  portion of the charter that talks about the group's deliverables 
  and typically this group The credentials community group has been 
  a feeder of incubated specifications to the verifiable credential 
  working group now this not the only path.
Manu Sporny:   Earth to the VC.
Manu Sporny:  G but it is a path and we have a number of 
  community work items that have found themselves in the verifiable 
  credentials working group Charter so there's a part of the 
  process here where this community hands are work items over to 
  the official working group and there is a process there's a 
  community group process for that you publish what I think is 
  called a final community group report.
Manu Sporny:  People in this community then if you worked on it 
  make concrete IP our commitments basically is asserting that yes 
  I worked on it no I don't know about any patents or if I do know 
  about patents I will bring them to light I will let everyone know 
  about it in in in in most cases contribute the patents for the 
  specific purposes of the specification so that process so if you.
Manu Sporny:   Dissipated in any of these items there's.
Manu Sporny:  Asian that you're going to make that patent 
  commitment on the specification so what items are in this group 
  that are moving over currently we have listed the data Integrity 
  specification Jason Webb signature 2020 Edwards curve signature 
  for David data Integrity the same thing for the nist.
Manu Sporny:   T curve.
Manu Sporny:  Thing for the Bitcoin also known as the Cobell its 
  curves theory mises that stuff as well and then we have 
  conditional normative specifications that basically say if these 
  things progress in some groups outside of the group we will take 
  the work up as well so there's the pgp crypto Suite which is 
  currently in or he's repo here we've got BBS plus which.
Manu Sporny:   Which you know work is happening.
Manu Sporny:  At ietf in diff on that and we've got the jwp stuff 
  where work is happening at diff in ITF on that so the the whole 
  discussion today is really around like this section of the of the 
  specification I'm sorry I forgot to mention the post Quantum 
  crypto stuff as well that mic Pro Rock and in that groups working 
  on so but but.
Manu Sporny:  Basically we're talking about this section.
<mprorock> * i feel slighted ;)
Manu Sporny:  Write all the all the stuff in here I sent out a 
  kind of every year we present this roadmap about what the group 
  is doing and this I tried to update it I'm sorry if I missed 
  something there's a lot of stuff to keep track of I tried to 
  include all the things this community has been working on since 
  like you know 2010 ish.
Manu Sporny:   14 Ish all the way to present.
Manu Sporny:  A and then try to predict out that like 20:27 based 
  on the stuff that we know this does not include work items that 
  for example diff is working on it doesn't include work items that 
  are happening at ietf unless they originated in the ccg so it's 
  missing some things with the Hope here is that it gives everyone 
  a pretty good idea of like the types of things we've worked on in 
  the past and what we're getting ready to move over so.
Manu Sporny:   Cific Lee if we if we scroll down here.
Manu Sporny:  The red line is today so this is this is where we 
  are today and if we scroll down here to the cryptography section 
  right here so the cryptography section this is where we are today 
  in each one of these items is an official work item in a official 
  w3c working group so as you can see we are getting ready to hold 
  like hand over a.
Manu Sporny:   A huge amount of.
Manu Sporny:  From this group to official working groups at w3c 
  so that is like a huge success story I think they're not all 
  going to the same working group this one here at the top actually 
  you know what let me let me pause for a second I've kind of fire 
  hose the group with information are there any questions at least 
  at a high level about what we're talking about today or just 
  general questions about the.
Manu Sporny:  Okay so that's either everyone understand well 
  let's see where's the queue right so either everyone understands 
  or we're all totally lost one of the do I'll keep going feel free 
  to put yourself on the Queue if there's any any questions so 
  they're really two working groups at w3c that ccg work is going.
Manu Sporny:   To the first world.
Manu Sporny:  In group is a very specialized working group to 
  standardize this spec up here rdf data set canonicalization this 
  spec has been incubated in this group and other groups for a 
  decade now literally this work has been going on for a decade and 
  it's finally moving over to an official working group with the 
  time span of two years to standardize it the good news here is 
  that this thing has been pretty settled for six years now.
Manu Sporny:   Now 7 years now but it.
Manu Sporny:  Goes to show you sometimes how long some of these 
  things can take to actually get it into an official working group 
  so rdf data set canonicalization is going into a working group 
  called rdf data set canonicalization hashing working group at w3c 
  that group will run in parallel with the re-chartered verifiable 
  credentials 2.0 working group The VC 20 working group will build 
  upon this work and and.
Manu Sporny:   Their work elsewhere.
Manu Sporny:  Um and it will be taking all of these 
  specifications in right so things like data Integrity multi base 
  multi hash and multi key this one's a little gray area right now 
  but other things like Jason Webb signature the Edwards curve 
  crypto sweet the nist crypto sweet the Cobell it's Bitcoin 
  ethereum crypto sweet.
Manu Sporny:  All you know fairly well formed and inspects that 
  can be pulled in the BBS Plus work needs more work at ietf but 
  we've been able to basically phrase the charter so I'm going to 
  switch back over to the Charter we've been able to phrase the 
  charter in the in this kind of conditional normative 
  specification term so basically this means that.
Manu Sporny:  Plan to publish official standards for these 
  Technologies if the base work for these Technologies are 
  completed before the working group ends so there's base 
  technology for BBS plus that has to happen at ITF and there's 
  base technology for J WP s that has to happen at ietf before the 
  verifiable credentials working group can take it over.
Manu Sporny:   Over so these things are.
Manu Sporny:  Like optional we may not get to them we really hope 
  we get to them but it's totally dependent on groups that are kind 
  of external to the VC WG to deliver on the things that they said 
  they were going to deliver on okay so going back to kind of this 
  diagram that's why BBS plus doesn't start for maybe another year 
  in the group there's some pre-work there that needs to be done.
Manu Sporny:  Let me stop there to see if there any questions.
Kimberly Linson:  Well I was trying to keep question mark But I 
  added myself to the queue so I will ask you so so the official 
  Charter like how long of a period of time does that VC working 
  group Charter span.
Manu Sporny:  Right great question so the charter span see oh wow 
  they don't have it it's two years basically right in once we know 
  the start date will will lock those time periods in there so at 
  the top it's typically two years and they really don't like w3c 
  members really don't like giving Charters more time than that 
  they don't like work that doesn't complete in something concrete 
  so we basically have.
Manu Sporny:   Two years.
Manu Sporny:  Extensions but and they're typically granted if 
  they're reasonable but if you have like failed to produce 
  something implementable at two years that you basically just acts 
  the group they shut you down which is why it's so important that 
  we go in with pre incubated work the other thing that's 
  interesting to look at here from timeline is section 2 6 where it 
  talks about like what happens a month after two months after five 
  months after 6 months.
Manu Sporny:   After most w3c Charters have.
Manu Sporny:  Are and and language like f PW d means first public 
  working draft CR means candidate recommendation like for 
  implementation implementer should start implementing at that 
  point and Rec means recommendation also known as kind of like an 
  official global standard so that's the time frame two years and 
  it's kind of broken down a bit in here and it's everyone that's 
  been in a w3c working group can attest to this is largely.
Manu Sporny:   A work of fiction.
Manu Sporny:  Things don't always go according to plan but you 
  know should give you a rough idea of what we intend to do.
Kimberly Linson:  Thanks Charles is on the queue.
Charles E. Lehner:  Hi can you hear me.
Charles E. Lehner:  Hi I was wondering about the IP our 
  commitment process you mentioned how it works coming from with 
  documents coming from ccg and I was wondering how it works if 
  it's the same for the other potential documents coming from other 
  organizations.
Manu Sporny:  That's a great question documents coming from other 
  organizations that have their own IP are mode or tend to be very 
  problematic in that it takes us a while to figure it out now if 
  that organization has a w3c mode like for example diff does 
  moving things overs typically much easier for the lawyers to 
  reason their way through it so Charles was your question mostly 
  about external documents coming in.
Charles E. Lehner:  Yeah about the conditional normative 
  specification documents but.
Manu Sporny:  Okay okay that's a great question because these are 
  there are two partners here this there's a two parts to the 
  answer here right so the BBS plus crypto Suite is a ccg work item 
  so at some point not now but maybe in a year maybe in six months 
  this group will have to create a final community group report on 
  the BBS plus specification and then hand it over to the be cwg.
Manu Sporny:   Ever the base.
Manu Sporny:  Primitives will be ITF work items so ietf doesn't 
  hand that stuff over to w3c ITF just basically says we've got it 
  we will standardize the base cryptographic Primitives and ITF in 
  you ccwg in your crypto sweet can refer to our specs so in the VC 
  w g what we would do if everything is in order at ITF the V CW G 
  would start pointing normatively.
Manu Sporny:   Lie to the BBS.
Manu Sporny:  ITF specifications did that help Charles.
Manu Sporny:  The other part of that question which is also 
  interesting that I don't think many of us have been through here 
  is this whole concept of a final community group report in so if 
  you'll notice on our community group webpage we have these final 
  reports in like the vc10 use cases was one of those things the 
  data model 10 was one of those things in the did Speck was one of 
  those things there was.
Manu Sporny:   A point in time where we did.
Manu Sporny:  Doing today where we said okay we need to hand over 
  a bunch of specs and the editors of those specs publish them as 
  final reports in got licensing commitments on those final reports 
  so if I go and I click on like the did licensing commitments it's 
  takes a while to load because it's got a load all 460 people in 
  the group but you'll see these commitments from the credentials 
  community group on this did spec so you'll see you.
Manu Sporny:   Like Dan burn.
Manu Sporny:  Commitment reuven made a commitment Michael Zoo 
  Pele I mean all these people that worked on the did spec made 
  commitments right so all this yes stuff our commitments basically 
  saying we are not withholding any kind of intellectual property 
  or anything on the spec but if you go down far enough like there 
  are a lot of people that that made commitments.
Manu Sporny:   A lot of people made commitments.
Manu Sporny:  You'll see that some people did not write and that 
  might be because they didn't contribute anything to it it might 
  be because they don't feel like what they did contribute you know 
  would make a difference some of these people might not have been 
  a part of the group at the time right so really what we're 
  looking for are commitments from people that actually contributed 
  material and specifically things that are substantive to the 
  specification so.
Manu Sporny:   The editor.
Manu Sporny:  A document will put it out there and publish it and 
  then we'll publish it as a final report and then we will ask the 
  community hey we need you to you know make a commitment if you 
  contributed anything make a commitment and the editors themselves 
  will know like these five people absolutely definitely me need to 
  make commitments or we need to know now that they're not going to 
  make a commitment because then that that creates an air of you 
  know.
Manu Sporny:   Auntie around IP are so if somebody.
Manu Sporny:  Substantive thing like a something fundamental and 
  they're refusing to make and I pee our commitments then that's an 
  immediate red flag that you know it's raised now that has never 
  happened either that as far as I know in this group ever but what 
  we are expecting here is that for this work.
Manu Sporny:   People we're.
Manu Sporny:  Publish F CG s is final community group 
  specifications for these items and people are going to make those 
  IP our commitments on these documents hopefully that made 
  hopefully that made sense.
Kimberly Linson:  Thank you does anybody have any questions for 
  me a new queue is currently empty.
Kimberly Linson:  All right man who are the things that we want 
  to dive into on specifics or.
Mike Prorock: +1 That or dive on VC-API implications
Manu Sporny:  We might want to ask each of the editors where they 
  think they are on prepping you know each document so we might 
  want to dive into each one individually that's one thing we could 
  do the other thing we could do is look at the rest of the road 
  map I don't know if folks would be interested in doing that and 
  asking questions about why things are staged in the way they are 
  or there's X is missing.
Manu Sporny:   You know why is that.
Manu Sporny:  Where does it fit in here.
Dmitri Zagidulin: +1 To roadmap
Manu Sporny:  Either either you know we could we could go either 
  way.
Kimberly Linson:  Mike just brought up a really good point that 
  maybe we should discuss is the VC API work and maybe we can 
  discuss that and then talk about the roadmap so that makes sense.
Manu Sporny:  Oh yeah plus one.
Kimberly Linson:  Mike do you want to jump in and give us kind of 
  an overview of the.
Mike Prorock:  Yeah well like yeah sure and I guess really the 
  thing that is a little bit concerning to me and I think we're 
  making good progress now especially with some of the PRS that are 
  in queue on VC API but there's kind of two things if that work 
  moves over into the working group I think we should have it at a 
  reasonable does not have to be perfect but a reasonable steady 
  state.
Mike Prorock:  Which would mean.
Mike Prorock:  In the VC API work item we would want to kind of 
  formalize and say Yep this is what we're considering in scope and 
  we're just going to kind of lock this in a certain point and then 
  re pick up work inside the working group but since that would be 
  moving to a non-normative item that is the other question I have 
  around kind of what are the implications of that.
Mike Prorock:   That could be detrimental.
Mike Prorock:  Normative item it may set up the path to a more 
  normative item once we show people working on it so there's a 
  variety of ways that could go strategically and politically and 
  so that's kind of an open for I'd like man whose thoughts on that 
  and then I think that might spur some interesting conversation 
  there so.
Kimberly Linson:  Great guy had manna.
Manu Sporny:  Yeah I think that yeah Mike's totally right the 
  this is like a very this is a super interesting what's the word 
  conundrum that that were in with the VC API so so we've got 
  multiple people implementing the VC API and I know the trace 
  folks are doing it I know digital bazaars committed to it you 
  know number of organizations committed to interrupt through the 
  VC API but.
Manu Sporny:   There have been some.
Manu Sporny:  See members that have pushed really hard to keep 
  protocol out of scope for the verifiable credentials working 
  group so you will know that there is.
Manu Sporny:  Out of scope right normative specification of apis 
  are protocols and we are expecting that if we try to put it in 
  scope it would be challenged heavily if not formal objections so 
  the what we've tried to do here is to basically say the group is 
  going to work on a developer guide the VC to working group is 
  going to work on a developer guide and there's going to be input 
  to that one of them is the VC API.
Manu Sporny:   II just be Capi.
Manu Sporny:  Other ones can app like we want to be able to talk 
  about protocols that are carrying verifiable credentials over 
  them but we're not allowed to say anything normatively about 
  those things so how are we you know how is this group going to 
  feed VC API into the VC to working group The verifiable 
  credential 20 working group.
Manu Sporny:   One option.
Manu Sporny:  When is we just handed over completely and it stops 
  being a ccg work item and then it's up to the verifiable 
  credentials working group to determine what what should happen to 
  the VC API upside there is like hey it's in the group that's 
  great but the only thing they can do is publish it as a note and 
  one of the implications of that that Kyle did hartog brought up 
  which I thought was a great point.
Manu Sporny:   Point is that because it's a note it.
Manu Sporny:  Kind of IPR protection whatsoever 0 IPR protection 
  so people can start injecting all kinds of horrible proprietary 
  patented stuff in there and there is no requirement to say 
  anything about that now we know I think all of us don't think 
  like that's going to happen but that is one of the concerns there 
  so option one is give it completely over to the verifiable 
  credential working group but all they can really do is work on it 
  as kind of like a note a developer guide that kind of thing.
Manu Sporny:  Option two is that we keep it as a ccg work item 
  and we continue to incubate it here it has IPR protection in this 
  group and will continue to have IPR protection in the group and 
  what we can do is hand over snapshots to the verifiable 
  credentials to working group we can basically tell them hey can 
  you snap shot this in they can publish it as a note and they can 
  snapshot you know couple times throughout the year the benefit 
  there is that it has IPR protection and we can continue to 
  incubate it as kind of.
Manu Sporny:   A high priority item.
Manu Sporny:  So it'll get like the air it needs to breathe here 
  and have protection while also signaling to the w3c membership 
  that we do plan on doing protocols at some point like maybe not 
  right now but maybe in the VC 30 working group the recharter we 
  plan to put protocols in scope so that's option two option three 
  is to just keep it in the ccg and keep working on it and it would 
  be good you know I don't know.
Manu Sporny:   If there are other options too.
Manu Sporny:  Other options of the things that we could do with 
  it or it would also be good to hear back like what do folks feel 
  we should do with that item.
Manu Sporny:  Let me ask a more pointed question traceability 
  folks what do you want to do with that item I mean you guys 
  depend on it right.
Mike Prorock:  Yeah I mean I am honestly fine with it going in as 
  a note on the w3c side one of the kind of bigger picture items 
  that we have to balance as kind of the multiple aspects of 
  traceability because a lot of digital traceability is also coming 
  up and there seems to be a critical mass actually on the ietf 
  side right with some working groups there and that's where.
Mike Prorock:   We have to still find out.
Mike Prorock:  Willing to be friendly to use of VCS and Ed's 
  right in especially linked data usage and that's a bit of an 
  unknown right now and that's kind of a high risk I don't know or 
  eicu on the queue as well.
Orie Steele:  Yeah I agree with the what Mike said you know I 
  think when we consider technologies that are related to 
  verifiable credentials dids and the sort of basic cryptographic 
  envelope formats like Jose Jose come to mind and I would want to 
  make sure that I think you know just speaking frankly the 
  verifiable credentials a.
Orie Steele:  P I work for her.
Orie Steele:  That's not the only thing that's important support 
  for traditional Jose and cozy a is also really important 
  especially for kids and and so I think.
Orie Steele:  My experience with the w3c you know especially 
  after the did working group I'm not sure that the w3c is really 
  the best place to do anything related to protocols I think I 
  agree in large part with some of the positions that other w3c 
  members have held that the w3c is not really great at developing 
  protocols and in particular support for Jose and cozy which are.
Orie Steele:  Of users are actively contributing to and 
  maintaining them at ietf I think there is a future where the VC 
  apis that exist today might be better served becoming more of a 
  dids plus Jose and cozy at ITF but that is the kind of thing that 
  you know it's about going to where the contributors are and 
  asking them how they want to see these Technologies working 
  together.
Orie Steele:   And recognizing that.
<mprorock> it is really nebulous and makes me highly nervous
<mprorock> I don't think CCG helps it long term either
Orie Steele:  Not everyone wants to use the same tools to build 
  their favorite sandcastles so I think the verifiable credentials 
  API as a non normative item at the w3c obviously doesn't really 
  do anything to secure its future anywhere like it could just 
  become a non-normative item and then never be defined further 
  could become a normatively defined API at W3 for support for the 
  defined verifiable potential formats.
Orie Steele:   I think that's a best-case scenario but.
Orie Steele:  My experience over the last few years is that even 
  when you plan for something like that you may not actually be in 
  control of achieving it especially given the you know kinds of 
  contributions we see the w3c standards so if it feels nebulous 
  and scary the yeah that's kind of how I feel about it.
Kimberly Linson:  Go ahead manu.
Manu Sporny:  Yeah so I mean this is this is this is new to me 
  and that does seem like a very big change in scope and Direction 
  Ori.
<orie> there is OIDF as well, working on protcols related to this
Manu Sporny:  And so where it's so I haven't seen work like this 
  done at ITF ever there's low-level protocol bits and bytes stuff 
  that does happen at ITF but not application you know layer 
  protocols like sip is an example HTTP an example but those are 
  you know much more lower lower level than the VC API we're in the 
  w3c has.
Manu Sporny:   Unlike application.
Manu Sporny:  Linked data platform you know they did you know 
  protocol work there we're at ietf are both of you thinking the 
  work would fit in like it would be a complete rewrite of the 
  specification I think that's what I mean that's what I'm hearing 
  is like hey let's not use verifiable credentials let's use 
  something else and let's not do a w3c spec Let's do an ITF spec 
  so it sounds to me like this is a totally different 
  specification.
Manu Sporny:   And you guys talk.
Manu Sporny:  What where where did IETF with the work happen.
Orie Steele:  So I'm not saying any work what happened ietf I'm 
  saying that ITF works on things that I care about deeply and if 
  you look at you know the work on an app that's happening and ietf 
  you can see that you know clearly ITF has ability to gather folks 
  who are passionate about these issues and work on standards there 
  I'm mostly saying that from a software supply chain or hardware 
  supply chain use cases dids and VCS are.
Orie Steele:   Obviously an important part of that but I think 
  also.
Orie Steele:  Port for existing cryptosystems like pgp Jose and 
  cozy is an important part of that and bgp Jose and Jose have been 
  defined at ITF so I'm mostly just saying that work will happen 
  where people are and you know obviously the VC API is currently 
  being incubated here in the w3c ccg and the plan is to work on it 
  as a non normative note in the w3c verifiable credentials working 
  group assuming the charter is approved.
Orie Steele:   It's all I can say about that as I.
Orie Steele:  I'm just noting that like there are also other 
  things that are happening out in the ecosystem like now and the 
  open ID connect verifiable presentation Flows at open ID 
  foundation and you know I'm interested in contributing to these 
  items as well so maybe really what I'm saying is that work 
  happens outside of the ccg and w3c as well.
Kimberly Linson:  Thanks Orie,  Mike did you want to add some 
  something to that.
Mike Prorock:  Yeah I mean I can add some color and then some 
  concern I mean the I think a I think fundamentally having the VC 
  API live as a were even traceability for that matter live as a 
  long-term ccg non-normative items not going to be helpful to 
  adoption right and that's that's concerning to me so we have to 
  start thinking even if it's a way down the line where's this 
  going to work in a graduate to in quotes right.
Mike Prorock: 
  https://datatracker.ietf.org/doc/html/draft-birkholz-scitt-architecture-00.html
Mike Prorock:  The I think you know Trends I am seeing in ietf 
  are for sure more work going on on exactly this kind of thing and 
  a case in point there's I'm going to link an individual draft 
  that's dealing more with supply chain from a software supply 
  chain like s bomb and things like that this this work is going 
  on.
Mike Prorock:   Whether we like.
<bumblefudge> Fraunhofer SIT 🤩
Mike Prorock:  And so it's kind of forcing some decisions like 
  can we you know try to engage in a positive way and help move 
  those work items forward while also making sure our needs are met 
  from a like I have no desire to move away from verifiable 
  credentials like none whatsoever so you know it's stuff we just 
  kind of have to be aware of that is happening and unfortunately 
  because the players involved that stuff.
Mike Prorock:   I'll get critical mass.
Mike Prorock:  Like there's not only you know major players 
  involved in this kind of stuff and at that actual like protocol 
  API level type definition in architecture level definition but it 
  dition Ali there is regulatory momentum to go ahead and push some 
  of that stuff through I mean we're seeing increasing amounts of 
  executive orders on like how do you respond to zero trust 
  architecture things like that so these are you know items at 
  least from the US perspective.
Mike Prorock:   Spective as well as also you know increased.
Mike Prorock:  On the EU perspective that we're going to see some 
  of this stuff either you know get moved out of our hands because 
  we're not getting stuff ready quick enough or you know in a 
  presentable State quick enough or sometimes is as as I've seen 
  happen a couple of times lately take the work too far before 
  getting the conversation going with other players right and then 
  then it does become one of those like worst-case scenarios where 
  you're sitting down and rewriting stuff or readapting.
Mike Prorock:   Whatever you just.
Mike Prorock:  Forced into using and we want to avoid that as 
  well so so it's a complex it's a complex issue and it does make 
  me nervous and I think it should ultimately anyone who is working 
  heavily on things like VC API or off shoots of it and profiles 
  should be thinking about this stuff you know broadly and from a 
  big picture with you know who are the players in the ecosystem 
  taking this stuff seriously.
Mike Prorock:   You know who made.
Mike Prorock:  Out-compete whether we want them to or not.
Manu Sporny:  Yeah I guess it's so I what I'm hearing is that 
  there are other groups out there that are working on technologies 
  that either directly compete with verifiable credentials or 
  directly compete with the verifiable credential API and we should 
  be aware of those initiatives I think that's the one of the 
  things I'm hearing the other thing I'm hearing is that.
Manu Sporny:  Ricci might not be the best place for some of this 
  work and I think there was a finger pointed at the VC API 
  potentially so those are the two things I heard both Orion and 
  Mike you saying please correct me if I didn't hear that correctly 
  the third thing is a bit it's so nebulous it's hard for me to 
  understand what you're asking the community to do.
Manu Sporny:   Do other than be.
<orie> I am not asking for anyone to do anything.
<orie> contribute where you think you should.
Manu Sporny:  In the be aware even that is kind of like it's you 
  know it's not clear to me what the alternate plan wouldn't what 
  an alternate plan would be so I'm not hearing a very okay so are 
  you saying he's not asking anyone to do anything just be aware 
  that other work is happening elsewhere so let me let me stop 
  talking no mics on the Q I'm having a hard time.
Mike Prorock:  Yeah I can get I can get into some very specifics 
  you know from like my personal and this is not chair hat right 
  this is just like me personal member of the community writing and 
  deploying software that is dependent on these specs right and 
  building a business that touches all this stuff you know you know 
  I think this is one of the reasons I fought very hard to make 
  sure in.
Mike Prorock:   The working group.
Mike Prorock:  Order for the next version of the VC API that we 
  can discuss from a practical developer standpoint what are the 
  implications of this and how do you work with these things and I 
  fought very strongly for the inclusion of two key items one was 
  the ability for us to discuss the oid see work going on you know 
  for exchange of credentials right over oid see that is obviously 
  work that is going on outside the w3c that is directly related.
Mike Prorock:   And impacting on VCs I don't think that's.
Mike Prorock:  I think that's just a thing right but we when we 
  think about it from a broader verifiable credential standpoint we 
  need to be able to guide and provide advice around how do you 
  actually interact with that stuff are we so you know what is 
  helpful etcetera same thing with the VC API and I don't see a 
  problem and I'm fact I plan to and I've stated multiple times in 
  the working group you know plan to one author you know or make 
  significant contributions.
Mike Prorock:   Tribution stew that developer guide for both.
Mike Prorock:  And for the VC API aspect if not fully flushing 
  and helping to fully flush out into find the VC API in a note 
  standpoint so I that is the path that I am proceeding down that 
  does not negate more detailed you know specific work that may 
  have normative requirements either in w3c or elsewhere right and 
  so that's I think the hit man who does that help clarify a bit 
  like you know but I.
Mike Prorock:   Yeah and in the main reason on like the be.
<identitywoman> The Relying party problem  (where can  VCs be 
  accepted) is a really big one - the OIDC relying party "solution" 
  is reasonable - expecting everyone to rip and replace completely 
  to use VCs.
<identitywoman> is not reasonable
Mike Prorock:  It's like especially from you know and I'm you 
  know being blunt here but like especially when we look at the 
  Microsoft's the IBM's the sap is the world right these are the 
  folks that to date have had a Stranglehold on this kind of 
  information exchange possibly also with GSX if you want to go 
  down the EDI path also you know additionally and so we need to be 
  aware that they will do you know players that have an established 
  foothold will do what they can to prevent losing.
Mike Prorock:   That established footholds.
Mike Prorock:  And it's just something we talked around that 
  issue a lot but we should be aware of it concretely and also be 
  very much Mindful and watching carefully what they are doing in a 
  standards basis to that could potentially serve as something that 
  is a competing standard that is a standard possibly even 
  sometimes in name only in order to justify a proprietary solution 
  and those are things we need to avoid from a lock-in standpoint 
  etcetera.
Kimberly Linson:  Thanks Mike Adrian you're on the Queue next.
Adrian Gropper:  Yes after working on this issue that we're 
  talking about now for about a year and talking to a lot of people 
  my conclusion has is that the protocol work that's going on here 
  under the very reasonable flag of self Sovereign identity and 
  authentication things does not Translate.
Adrian Gropper:   Late in.
Adrian Gropper:  Moving those under that decentralisation self 
  Sovereign flag to protocol work as it's being done in w3c and so 
  I at least you know have am completely moving the protocol 
  attention to ietf basically because you know the things that are 
  very much in the news these days whether you want to call.
Adrian Gropper:   Them human.
Adrian Gropper:  You trust or other things like that have to do 
  with the platform issues regulating the platforms and and things 
  like that and we just seeing that every day and to me the 
  protocol work that I've witnessed here is just completely 
  detached from the reality of what the world is worried about in 
  Europe and different cultures.
Adrian Gropper:  Seeing again from this antitrust and human 
  rights perspective thank you that's it.
Kimberly Linson:  Man who I have you on the queue.
Mike Prorock: +1 Manu
Manu Sporny:  Yeah just real quick to Adrian Adrian that is just 
  not true we have gotten delegate abby'll authorization 
  capabilities working for the VC API full delegation so it 
  achieves the things you've been asking for for a long time we 
  have yet to put it in scope because the group's not ready to do 
  it yet so I strongly strongly disagree with your notion that 
  we're not paying attention to things like human rights and 
  delegation.
Manu Sporny:   And specifically.
Manu Sporny:  Ensuring that providers don't prevent you know 
  those holders from delegation so that's the first point the 
  second Point Orion Mike maybe I read what you two are saying as 
  in as a you're abandoning the be Capi work I don't think that's 
  what you meant to communicate but that's how I read it or even 
  abandon the be Capi work at w3c so.
Manu Sporny: +1 To support VC-API, yes, DB is fully committed to 
  that work item.
Mike Prorock:  Okay quite the yeah and I'm on Q I'm just going to 
  act myself because of time and quite the opposite I mean that's 
  why I stated clearly like I plan on you know if not being a 
  primary author like major contributions on the actual developer 
  guide node or whatever that ends up becoming and that will 
  include how do we do restful exchange and handling of verifiable 
  credentials period end of sentence right but so and I'm assuming 
  that we'll start with the.
Mike Prorock:  Capi we bring that in and then we evolve it as 
  well.
Mike Prorock:  Group I'd be that's.
Mike Prorock:  That is absolutely my attention there so I don't I 
  think that Baseline how do you do this stuff over rest is such a 
  core implied thing that we have to talk about it as working group 
  right and to the point where I am willing to sacrifice a lot of 
  my own time to go make sure that gets done so.
Kimberly Linson:  Thanks  Mike, Orie.
Manu Sporny: +1 To what MikeP was saying.
Orie Steele:  Yeah I'm you know working with folks on the 
  verifiable credentials Charter on in support of the work items 
  that have been added both you know as normative deliverables on 
  non-normative deliverables and in the VC working group is going 
  to be the place where the VC API even gets defined better or it 
  doesn't but good news is that it's a note in either case so I 
  mean I'm contribute to working in that workgroup on the item and 
  yes like at some point this community.
Orie Steele:   Group should theoretically.
Orie Steele:  Each day final Community Draft before handing that 
  work to them but if it's going to go into a note it doesn't seem 
  like that really matters and so really what I'm saying is I'll 
  continue to do work on the item wherever it is.
Manu Sporny:  Yeah okay plus 1 that's so that's that's crystal 
  clear and that's good thank you for making clarification like a 
  Nori the note thing a w3c has traditionally been used to signal 
  that the group would like to pick something up like groups 
  actually right in the top of the document we intend to pick this 
  up as a normative work item at some point in the future and that 
  is usually a very good signal that leads to a smoother each 
  ordering process so that's why.
Manu Sporny:  Some groups have published notes for things.
Mike Prorock: +1 Manu
Manu Sporny:  To take wreck track in Annex recharter it just 
  makes it all you know it makes all of it much much easier my 
  suggestion is that we can do both we can continue to work on that 
  in this group and refine it and get the test Suites get 
  interoperability working while throwing snapshots over the wall 
  to the verifiable credential working group I think that gets us 
  the best of both worlds.
Manu Sporny:   And keeps us very nimble.
Manu Sporny:  In ensures that we keep it at number one priority 
  will not be a number one priority in the verifiable credentials 
  working group but we as the ccg for the VCA be I can keep in a 
  you know very high priority and in finish it up with respect to 
  like work going on elsewhere yes indeed be again to be to be 
  blunt I think that there is damaging work happening in other 
  organizations when it comes to protocols and verifiable 
  credentials.
Manu Sporny:   And I don't expect that to be.
Manu Sporny:  Traversal will point fingers at which organizations 
  are doing it but you know I think you're both Orion my core right 
  we need to be on top of that we need to pay attention to the work 
  happening elsewhere in there are very powerful Market forces that 
  could either accidentally re centralize everything or on purpose 
  centralized things for you know the purposes of market dominance 
  and things of that nature that's it.
<orie> Many folks feel the same way about the CCG manu... it's 
  the nature of human tribalism.
Kimberly Linson:  Mike you've got 30 seconds.
Mike Prorock:  Yeah and in conclusion I would also say that and 
  you know in a little bit of clarification man who around like 
  damaging work I think in some cases like the software supply 
  chain stuff I think it's extremely well intentioned and really 
  important work just that VCS weren't on their radar neither were 
  kids but there was a desire to go after there is a desire to go 
  after decentralisation so they seem willing to learn and engage 
  at least at the you know early stages.
<bumblefudge> perhaps they were really wed to COSE?
<orie> yes, some folks like COSE over JSON.
<manu_sporny> I know folks feel the same way about CCG, Orie :) 
  -- and it is the unfortunate nature of tribalism. People spend 
  time on the things that they want to contribute to, where they 
  want to contribute to them.
Mike Prorock:  They can write and ultimately could help adoption 
  if you know if we approach the right way if we don't approach it 
  in a you know we can't you know like anything right you can't go 
  in assuming that we have the only right path and everything else 
  right it's yes we have a a path it is right in many many ways but 
  it also can be adopted into other things right or as a piece of 
  other things so.
<bumblefudge> patience!?
Kimberly Linson:  Great thank you this was a really interesting 
  discussion and I'm I learned a lot about sort of how the 
  community group and and the working groups work together and so I 
  really appreciate everybody's input we're just about at time so 
  I'm going to go ahead and wrap us up I'll let you know that next 
  week I'm going to be talking about decentralized storage thank 
  you everybody for your patience with me today and have a great 
  rest of your day thank you.
<manu_sporny> You did great, Kimberly! :)
<heather_vescent> Great job Kimberly!!
<bumblefudge> you're doing great! thanks so much
<kerri_lemoie> Thank you!
Received on Monday, 4 April 2022 14:01:44 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 April 2022 14:01:45 UTC