- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 17 Aug 2022 18:01:59 +0000
Thanks to Our Robot Overlords for scribing this week!
The transcript for the call is now available here:
https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/
Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:
https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/audio.ogg
----------------------------------------------------------------
VC for Education Task Force Transcript for 2022-08-15
Agenda:
https://lists.w3.org/Archives/Public/public-vc-edu/2022Aug/0005.html
Topics:
1. IP Note
2. Call Notes
3. Introductions & Reintroductions
4. Announcements
5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential
Status WOrk
Organizer:
Kerri Lemoie
Scribe:
Our Robot Overlords
Present:
Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune,
David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck,
Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe
Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan -
pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri
Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar
Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young,
Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com),
Allyson Parco, Eric Shepherd, Phil L (P1)
Our Robot Overlords are scribing.
Kerri Lemoie: Hello everybody Welcome to the August 15th BC edu
call today our main topic will be on credential status kod a DK
from MIT digital credential Consortium is going to present us on
some of the latest work that he's been doing on that over there
and we can pour we get started with that let's go through a few
boilerplate items first is IP note everybody for anyone.
Topic: IP Note
Kerri Lemoie: Came to speed in these calls how any.
<kerri_lemoie> create an account:
https://www.w3.org/accounts/request
Kerri Lemoie: You substitute of contributions to any of the ccg
work items must be done by members of the ccg with full IP are
agreements signed and to do that you can create an account at w3c
and put this in the chat for you and then also use this link to
join the ccg.
<kerri_lemoie> join the CCG:
https://www.w3.org/community/credentials/join
Topic: Call Notes
Kerri Lemoie: Hey second All call notes for this call are
recorded and there are minutes being taken by are called our
robot Overlord is do the transcription I wish you'll see in the
chat we are also doing a Wheels do a video recording of This call
which can be found later we can send out if you need it so coyote
will have some slides today so it'll be nice to have that
recorded we use a cue system.
Kerri Lemoie: To to ask questions and participate.
Kerri Lemoie: Conversation so if you would have a question or
would like to say something please kill yourself first you do
that by putting a q+ and the chat just like I did there you could
also do to U plus and then say a note about something you want to
say and that lets us know if you're responding to something
that's being said right away so we know when to pull you into the
conversation so that is very helpful and then to remove yourself
from the queue just uq-.
Kerri Lemoie: And we get something.
Kerri Lemoie: They did that wrong okay remove something from the
queue okay.
Kerri Lemoie: Because the floor all right when I say we hit q-
we're actually looking to see who is in the queue.
Topic: Introductions & Reintroductions
Kerri Lemoie: Okay next let's do some introductions and
reintroductions is there anybody here joining us today for the
first time that I would like to introduce themselves or anybody
who's been here for a while and I would just like to say hello
again and let us know a little bit about something they're
working on if so go ahead and put yourself in the queue.
Kerri Lemoie: Yeah I'm going to queue myself up real quick here
one thing I haven't mentioned is that I started a new role at the
beginning of August I have the digital credential contortion so
I'm going to be there director of Technology it doesn't really
change much for BC I do I will still be here doing all of that
work because the DCC has made her is really been backing all of
this work and really significant way making sure that we have
this open Community to work and so I'm really happy to be able to
continue the.
Kerri Lemoie: Work there and help to do what I want to do which
is in.
<deb_everhart_(credential_engine)> congrats Kerri!
Kerri Lemoie: Adoption understanding of verifiable credentials
that had that has been my my shift recently.
Topic: Announcements
<kerri_lemoie> VC email list:
https://lists.w3.org/Archives/Public/public-vc-edu/
Kerri Lemoie: There's no other introduction to reintroductions
next we have announcements and reminders one is that if you
haven't joined it yet we do have an email list and I met email
this can be joined by going here put this in the chat for you so
we have it in our notes later.
Kerri Lemoie: The great list to join you don't have to be
necessarily technical drawing this or you work on technical
projects if you just want to stay in the loop on what's going on
in Education and Training and achievement credentials that's the
list to join this is where we try to have all those
conversations.
Kerri Lemoie: And the other announcement that I have is that
tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the
weekly ccg meeting.
Kerri Lemoie: They recommend doing that as much as you possibly
can to learn what's going on in the community as a whole.
Kerri Lemoie: Does anybody else have any announcements or
anything they'd like to share.
Kerri Lemoie: It's the money I see that you just joined us would
you be interested in telling folks about our next week's call
will be about it sounds really great.
Simone Ravaoli: Yes hi hello everyone I hope you can hear me so
we are going to have as a guest get anything on this sea of
Gattaca Gattaca is a nest site a company based out of Spain and
they've been involved in the end building and implementing all
the ab c-- specification so that's that would be the European
blockchain service infrastructure particularly they have been
looking into version 2 of.
Simone Ravaoli: Of the did method did.
Simone Ravaoli: And they've risked to share some Reflections
around what is the difference between version 1 and 2 and some of
the implications that version 2 has with regards to privacy
regulations in Europe also known as GDP are but they are a
Community member that has really just been doing a lot of work
from Europe and so that would be I think an interesting update
from what's Happening outside of North America.
Kerri Lemoie: Thank you so much that sounds great I'm really
looking forward to it okay anybody else have anything else before
we move on to our main topic.
Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status WOrk
Kerri Lemoie: Okay why don't I then introduce Kayode. Kayode is
working on this great project related to credential status he's
working on making it possible for issuers to manage the status of
their credentials and for verifiers to check status info,
especially a revocation or suspension so he's going to show you
some of his work today and then feel free to ask questions and
then we can see what we can learn about it well.
Kerri Lemoie: Tim Kennedy.
Kayode Ezike: Slides:
https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo
Kayode Ezike: Thank you thank you characters interesting here's
the link to the presentation that be using for today I know we
generally do not show video for van with purposes I would do that
really quickly just to introduce myself and turn off every but
this guy is he gay again and brief introduction is that I've been
involved with digital credentials since around 2018 but that time
that I began my master's program around proper credentials and
personal data storage management.
Kayode Ezike: Since then I've been contributing to number of
Open Source projects.
Kayode Ezike: Optical pulse of my own and these days I primarily
support the digital credentials Consortium through MIT as well as
Gobekli which is the startup it's also doing great work in this
space so thank you for having me and I'll put up my screen so
that an alternative you'll see how can see we have.
Kerri Lemoie: Kayode I'll keep an eye on the chat for you.
Kayode Ezike: Thank you okay so.
Kayode Ezike: If explosion one second.
Kayode Ezike: Spell with me.
Kayode Ezike: Okay I think if I try none.
Kerri Lemoie: Not yet not yet nope.
Kayode Ezike: Are you able to see my screen now.
Dmitri Zagidulin: If you're transmitting from a Mac there you
might need to update the permissions in the control center which
means you have to restart the browser and redrawing.
Kayode Ezike: But you're trying to do something like that but it
was it.
Dmitri Zagidulin: One of us can also.
Dmitri Zagidulin: Screen share the slides and just thanks Kerry.
Kerri Lemoie: Yeah I can do that that's true.
Dmitri Zagidulin: I'll probably be faster chaotic.
Dmitri Zagidulin: Say next slide.
Kerri Lemoie: Yeah just let me know in and we pull it up here
hold on one second.
Kayode Ezike: Animations hopefully syncs
Kerri Lemoie: I am just clearing everything out of the way here
on the way everybody's happy about the desert play.
Kerri Lemoie: Okay can you see.
Dmitri Zagidulin: Yep we can see your screen.
Kerri Lemoie: To be this clarity.
Kayode Ezike: Great yes I can see.
Kerri Lemoie: Oh there you are okay you can see the head you can
take it from here now just let me know when you want to move to
the next slide.
Kayode Ezike: Awesome thank you Kerry so today we'll be
discussing a topic I was cussing to what that would get a
credential status hosting and for scare anybody away this is not
a new specification for credential status is more so concerning
ourselves with how can we help issuers to expedite their
deployment of criticized infrastructure by leveraging familiar
services to them and and hence sort of taking care of it.
Kayode Ezike: Origin authorization concerns that.
Kayode Ezike: To them and so this in terms of what we're
discussing today I'll be giving a brief background of the topic
and we'll be going through a bit of the state-of-the-art who tell
you what our goals were let me Design This solution as well as
what the actual solution is will then show you a little bit of
code before you show you the demo of what we've done.
Kayode Ezike: Granger status management has been around for some
time and one of the earliest conceptions of it really came from
certificate authorities with the notion of certificate revocation
lists which is a list of certificates that an issuer has revoked
prior to its from its expiry and that is sort of the the main
model that we think about in this space when we think about
country status management.
Kayode Ezike: Generally we think about a resource that is
managed by an issuer that informed the public about the state of
outstanding credentials and there's been a lot of work done in
this space over the years in terms of Standards development and
developer tools for how to manage the status of these credentials
as well as how to verify the information on them such as
revocation or suspension however storage and authorization have
kind of.
Kayode Ezike: Been left out of scope largely and.
Kayode Ezike: Good that it would be great if we can simplify
that for issuers and their deployments.
Kayode Ezike: Thank you so next slide great so I want to give a
quick definition of printer status according to the v-spec mental
status is an object value property that enables the discovery of
information about the current status of the verifiable credential
such as whether it is suspended or revoked.
Kayode Ezike: So in other words now before we go on another
words it gives consumers of this credential and idea of the
issuer's view of the current validity of a credential next please
so here on the right we have an example of a verifiable
credential that has a special status property on it but one thing
to know is that it is an optional value so you not every verify.
Kayode Ezike: Krista have this field on it.
Kayode Ezike: If it does have the field on it it must Define two
main properties which is ID and type and it must also valid like
the remaining properties are specified by the type field so in
this example we know that we have a status festering 21 entry the
type and the three types of rather Fields below it status purpose
statuses index in status credential relate to or rather are
defined in the stands for students.
Kayode Ezike: T10 tree.
Dmitri Zagidulin: Toyota quick question I do we want to wait
till the end for questions or do you want to encourage people to.
Dmitri Zagidulin: If they encounter something or when I ask
questions about each slide to raise their hand.
Kayode Ezike: I'm happy to take questions as they come up.
Kayode Ezike: Is it just the two Fields so the state-of-the-art.
Kayode Ezike: There have been a lot of great work and done in
sequential status space and one of the early conceptions of this
or examples of this came in 2018 from hyper legit Indy via their
HIV ew1 one penetration spec and they use a bunch of cool
technology cryptographic graphic accumulators to determine which
credentials have been revoked and interestingly enough I learned
in the suspect that it seems that this actually is.
Kayode Ezike: Predates to know now have medication.
Kayode Ezike: Like I found to be interesting and a couple years
later the ccg would develop a speck of their own via the
revocation list 2020 spec and soon after be a refined version and
the status was 20 21 spec which sort of granted a more General
notion of status that goes beyond just a vacation but also
support system suspension and other forms of criminal status.
Kayode Ezike: Next please and the most for all these
specifications all right one more back sorry.
Kayode Ezike: So this is the this point on hosting so for any
all these specifications is important for verifiers to be able to
to check this the status of the credential somehow right and the
most obvious way to do this is to host the resources and in a
public location namely a distributed Ledger or a short controlled
website.
Kayode Ezike: Any questions here.
Kayode Ezike: You can move on next slide please.
Kerri Lemoie: No questions yet sure.
Kayode Ezike: Great so I want to talk to you all about status
list 20 21 this is the suspect that we use in our design and the
it's one of the more advanced specs out there and in my opinion
and this is examples of the left what you see is a credential
from a couple slides ago so nothing new here yet we have
verifiable credential had the credential status on it and it has.
Kayode Ezike: As all the fields that we discussed earlier.
Kayode Ezike: Now if you pay attention to the key in on the
status purpose status index and Status credential properties
these are the properties that are introduced by the status least
2021 spec the first of these properties is the most self
explanatory this is saying that.
Kayode Ezike: The issuer.
Kayode Ezike: Acting this type of status for this credential so
for verifier when they want to verify the status of the
credential this is the information that they will learn now the
other two properties are more specific to sort of like are sort
of the meat and potatoes of how this specification works and it
relates to a new resource at the introduced so if you can just go
forward just a couple steps very until you see a new object in
the right.
Kayode Ezike: So this on the right is a status list 2021
credential and the best way to think about this credential is it
is the credential that manages the status of a batch of multiple
credentials it's not philosophy that one more time but this is a
credential that the issuer manages that tracks a batch of several
different credentials and so what this means if you could just
click one more time Carrie.
Kayode Ezike: So we so.
Kayode Ezike: This was the most important information on this
country is this encoded list value right here and what it is in
the simplest representation you can think of it as a sequence of
characters let's let's say X's and O's that represents the the
status of a credential at that position right and so if the value
let's say the value of that was X it would mean that it is
invalid respect to the status purpose so in other words it is
revoked.
Kayode Ezike: Value is 0 it means that it is valid with.
Kayode Ezike: The words is not revoked and if we go back to the
if you focus again on the left side you will see that the status
list credential property that is just the way for verifiers to
retrieve this credential on the right so it's a public link that
they can access and the status index tells them which position in
that encoded list is represented a represents this credential.
Dmitri Zagidulin: So I want to I want to pause here before we
move on to the next slide I want to make sure everybody absorbs
this so.
Dmitri Zagidulin: I want to make sure everybody understands what
that encoded list is for right because at its at its simplest a
credential status is binary for a given status purpose so like
for a vacation rental is either revoked or it's not so the very
first sort of naive implementations of replication status where
to host a.
Dmitri Zagidulin: Some kind of object.
Dmitri Zagidulin: Either cover fabric credential or something
else that's a revoked or not for each individual credential right
easy so or even before that I think what open badges did is just
publish a plane list of all revoked credential IDs on their
website yeah so you get you get the credential you can go look up
that list to see if it's revoked.
Dmitri Zagidulin: So very easy and we wouldn't be having this
problem I rather this this conversation here except there's a
couple of major major problems there one is privacy that if you
publish a list of remote credentials well you can go see
everybody whose credentials are revoked but an even more
important one is what's known as the phone home problem it's one
of the downsides of Hosting.
Dmitri Zagidulin: An individual status.
Dmitri Zagidulin: Nation for each credential is that whoever is
hosting it covers running that website can track.
Dmitri Zagidulin: Requests can can track how many times and from
where from what IP address is and what time stamp some verifier
is is checking.
Dmitri Zagidulin: Revocation and that that is generally
regarding the community has too much information that that's like
that's not necessary that is a threat so then the reason the
status list spec arose is that okay so if we don't if we don't
want the host whoever's controlling the web whole of the web
server to know each time each individual credential is looked up
why don't we batch it why don't we rely on.
Dmitri Zagidulin: On herd immunity on herd privacy.
Dmitri Zagidulin: And batch a whole bunch of credentials at
random.
Dmitri Zagidulin: And then the verifier can request this whole
batch this this entire credential that has the encoded list that
contains the status of 20 or 100 I forget how many it is.
Dmitri Zagidulin: Potential statuses and that way the request
will be spread out over that entire cohort of credentials and
that way we get her privacy I see David is on the queue.
Kayode Ezike: When you credential is revoked right so when your
credential is revoked this this this French on the right will be
updated the encoded list will be up to such that the bit at that
position I 4 5 6 10 is now 1 or Annex discussed earlier.
Kayode Ezike: Yes yes that comes up I think some question time
so that really I think bows down to the I think we leave that to
the implementers of the their system because that really comes
down to how often how what is it catching sort of system like do
you check every day do you check every hour and the you'd have to
give an essay to the individual using your system to let them
know that this is just going to be valid.
Kayode Ezike: For a given day or for.
Kayode Ezike: Etcetera but I don't think that's something that
this back tries to address or to solve.
Kerri Lemoie: Give me three.
Dmitri Zagidulin: If I may add to that so the cache control is
left to the individual protocol meaning because this particular
credential is held over http.
Dmitri Zagidulin: His publishing the status list can rely on
HTTP cache control directives meaning each time the verifier
sends an HTTP get for this status credential one of the headers
in the response says only cash this for an hour meaning we're
going to we're going to renew this thing every hour and that way
the verifier knows how long to cash it right so we get that the
caching mechanism for free with HTTP so we don't need to put in.
Dmitri Zagidulin: An explicit.
Dmitri Zagidulin: Potential now if we were if the URL of the
status of protection was not HTTP was what some other was ipfs or
some other method that doesn't come with cache-control metadata
then you're right David we should include an expires field in the
statuses credential.
Kayode Ezike: Okay thank you.
Kerri Lemoie: No more questions for now Kayode if you want to go
ahead.
Kayode Ezike: Thank you for question is David and I'm great
thanks for getting ahead of me Michelle's going to get into the
herd privacy notion which is I think one of the main benefits of
the specification which is just to reiterate when a verifier is
interested in learning about the status of a credential they are
only communicating to the issuer that they're interested in a
subset of credentials that they manage not in a specific one so
it keeps the issuer away from fine-grained details about how a
specific.
Kayode Ezike: Potential is being used and if you just.
Kayode Ezike: Or just one.
Kayode Ezike: Thank you this is a digital representation just
the visual Learners out there the green slots represent the valid
credentials with respect to the purpose so I'm revoked and events
Lots represent the invalid by evoked credentials.
Kayode Ezike: Next slide please.
Kayode Ezike: So we have a number of goals that we were
considering what we designed our country stars infrastructure the
main governing goal is that we wanted to simplify the deployment
for issuers of the printer status infrastructure and we do this
by leveraging third-party services for the storage and
optimization of grantor status resources and the great thing
about this is that we're kind of meeting is adjourned.
Kayode Ezike: Is worth where they are right.
Kayode Ezike: Allowing them to use a familiar hosting service
and and also providing potential path to switch between services.
Kayode Ezike: So if we can step ahead just one slide.
Kayode Ezike: We'll get into the solution.
Kayode Ezike: So we again decided to use a static list 2021
specification and feel free to consult the design doc at that
link and the whole conclusion I think this is really where we
innovate and we decided to use Source control services such as
GitHub get lab and code Berg and we also support issuer hosted
websites traditionally and so what this allows us to do again is
we.
Kayode Ezike: It's a biscuit.
Kayode Ezike: Like that organizations already use these services
to host their code and and also these Services often provide
developers with oauth tokens that they can use to access apis of
these services to update resources and so why don't we just use
this these services to help issuers manage their current status
lists and metadata associated with it.
Kayode Ezike: Any questions here.
Kayode Ezike: To reload it.
Kerri Lemoie: Any chance has an adversity.
Dmitri Zagidulin: Yeah if I could just add a couple more words
so I want you I want you to everybody to picture the the very
specific conversation the very specific problem the solves.
Dmitri Zagidulin: As okay we're issuing credential great can we
add revocation sure why not what's a good spec what we've got
this status list 2021 spec okay then engineering how hard of a
lift is this to add this to our system how many hours before you
can add revocation to to our issuer and that's where the real
problem starts because hosting a file on a website that b is easy
the really difficult part which is what makes okay.
Dmitri Zagidulin: It is work so.
Dmitri Zagidulin: Difficult Park is part is adding the user
interface and specifically adding permissions to who is allowed
to edit who's allowed to revoke the the credential right so the
spec gives us the data model gives us the protocol the mechanisms
very easy what's really not easy and what shoots up the
implementation time in too many weeks not to mention like really
hard requirement Gathering is.
Dmitri Zagidulin: Delegation the chain of command of.
<xander> I don’t think you can set http cache control headers on
GitHub-hosted files.
Dmitri Zagidulin: Okay so you know how do we model the trust and
permission hierarchy of a particular University down to the
registrar and then how does it register our delegate individual
officers to be able to hit the button to flip that bit for for
the file to be updated so the the the main Innovation here is the
realization that.
Dmitri Zagidulin: Because permission control and and login
systems and graphical user interface is the hardest part about
this can we Outsource it to somewhere else and the realization
was made oh get hosting organizations like GitHub and get lab and
code Berg already provide all of that they provide the permission
systems the login systems they produce institutions are familiar
with setting up Gap GitHub organizations all of that.
Dmitri Zagidulin: Stuff is worked out for us why don't we reuse
it.
Dmitri Zagidulin: Geico I'll go ahead Gary.
Kerri Lemoie: One question I'm asking these are all my be
hosting Services could someone just use get for this on its own
without using GitHub get lab and or code Berg.
Dmitri Zagidulin: So the the question with get is always which
protocol will get use right because get has SSH it has HTTP and
it has a number of other protocols words hosted so some server on
the cloud has to be running it gets server.
Dmitri Zagidulin: So can you use get a loan sort of it requires
a get server in a good client.
Kerri Lemoie: I think so Xander.
Xander: I guess I have to have you spoken before so I'll just
quickly I'm the security lead for the pocket team just wanted to
follow up on David's question real quick so the idea there was
that you were going to rely on HTTP cache control headers to set
the expiry time for a different certificate right but you're also
talking about using services like GitHub to do the hosting I
don't believe that you can set the expired header value if you're
using a service like that.
Xander: So that they.
Dmitri Zagidulin: And that's that's a very good point.
Xander: You may need to put that you may need to put the time
value on the file done.
Kayode Ezike: Right yeah that's a good description that we can
we start to use these third party dresses I think there's
different levels of access that they are each provide and I'm
sure maybe like if you have a paid account that makes a
difference as to how much you could control but I think largely
you make a good point and.
Xander: I don't think so I got used the Enterprise version before
I think basically if you're using GitHub to host files like get
on pages or whatever they really handle everything and you don't
get access to that level.
Xander: It may be worth looking into.
<dmitri_zagidulin> that seems like a good motivation to clarify
(in the status list spec) the recommendation of always having
expiration timestamps
Kerri Lemoie: Yeah time in the queue tell jump in real quick
that's an excellent point and I know you haven't actually I'm let
you get into like how you doing this so maybe I'm jumping the gun
here Harry I'm sorry if I am but um are you considering using
just as part of this because just get versioned which is
something to consider okay that's the comment there but yeah.
Kayode Ezike: This is this is for like the accident the location
of us for example.
Kayode Ezike: Yes it's something like this came up actually you
kind of hear made great recommendation at some point about
something like that where you would because get help for example
has a way for you to use a link that it's post using GitHub Pages
you can also use a link to the file directly that doesn't rely on
GitHub pages but I would imagine that the.
Kayode Ezike: Might be a rat.
Kerri Lemoie:
https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists
Kayode Ezike: He got distracted the same way in that case as
well in terms of controlling what the cache mechanism is like so
yeah that would be something to explore but the good thing I'll
show you a little bit later how some of these things can be
customized for different status clients of different services and
there's a way to add flexibility for for that.
<kerri_lemoie> Link above to info about gists.
Kayode Ezike: Again to that little bit.
Kayode Ezike: There are no other questions can move on to the
next slide.
Kayode Ezike: Great so this is a sort of a visual representation
of the architecture that we have issue admin who presumably would
already have the permissions that they need inside of a example
with GitHub organization so they already have access to create
read and write data to Repose in the organization and if you
click ahead.
Kayode Ezike: So this.
Kayode Ezike: This actor would be able to hit the credential
status and point of a VC API instance which allows them to update
the status EG revoke a credential.
Kayode Ezike: More step and then ultimately that enables them to
create read and update data in these different services.
Kayode Ezike: So before we move on to a demo wanted to show a
little bit of code and so this is the main sort of class that we
Implement to with this code and so there's this tells subclasses
different methods that they need to implement for them to be
valid printer status clients and so for example you need to
provide a base URL that can be used to reference the printer
status information you need to.
Kayode Ezike: Boo the client too.
Kayode Ezike: That is people from from the code need to enable
them to read and write status list and log data in config data so
as long as the subclasses can Implement these abstract methods
and they're valid client and so if you can step forward this one
step please carry will see that in this example GitHub a cultural
status client for their get credentialed status URL you notice
that there is a GitHub that I owe their meaning that.
Kayode Ezike: Using GitHub pages but this is also the place
where.
Kayode Ezike: I could use a distance that or URL that points
directly to the file and there's also we also are using the
octave kit Library a popular GitHub SDK to update and read
information from the repo which obviously would look different
for different services.
Kayode Ezike: Any questions about this.
Kerri Lemoie: I think we're good once you go ahead.
Kayode Ezike: So we're just going to get into a demo now just
step forward one and taxes and maybe that's going to come to my
email or something.
Kayode Ezike: Probably going to email about that 17.
Dmitri Zagidulin: Karen thank you have to hit request again on
the subsequent page.
Kerri Lemoie: Let me know when it's all set Katie I'll refresh
it.
Kayode Ezike: Yeah it is I just shared it.
Kayode Ezike: The volume on.
Kerri Lemoie: Were you able to hear the volume when I get out.
Kerri Lemoie: Dimitri do you know how to make that work.
Kerri Lemoie: Yep that's share audio.
Dmitri Zagidulin: In the settings so if you go to the 3 3. Menu
at the bottom settings there is yeah share out the others share
audio checkbox.
Kerri Lemoie: Thanks your patience everybody but I'm getting
there.
Kerri Lemoie: All right let me try that again it doesn't work
Katie you could just walk us through it.
<kerri_lemoie> Can you hear?
Dmitri Zagidulin: Now that doesn't seem to be coming through so
we can encourage people to watch since we we pasted the link to
the slide deck everybody can watch the video on the demo on their
own.
Dmitri Zagidulin: But you can you can describe what when it's
done.
Kerri Lemoie: We're going to start over and you can just sort of
walk us through what's happening.
Kayode Ezike: Sure I mean it's a recorded a demo but effectively
what we were demonstrating is requesting a credential from our
version of V Capi importing that into DC learner wallet and then
from there we kind of show you throughout the whole process
called the repo is updating and so the GitHub repos I'm using a
demo and and then we revoke the credential.
Kayode Ezike: Again from the VCA Pi you show you the.
Kayode Ezike: Two then rebuild me also show you.
Kayode Ezike: That in the wallet and now shows that the
credential is revoked.
Kayode Ezike: Again it's you should be able to view that video
in the presentation but that's effectively what's going on.
Kayode Ezike: So that was the last of it actually so if there's
any questions or feedback I'm happy to take in you David go
ahead.
Kayode Ezike: Oh so so the so the credential continues to have
the same the credential never changes per se it's the information
at at least the credential that the holder controls is the
credential that the status could ensure that managers know that
has been coded list value that manages multiple credentials is
that one that will be shuffled and change as a credentials are
revoked suspended.
Dmitri Zagidulin: Can I can I jump in here as well.
<nate_otto_(another_device)> Nah. credential.id is optional in VC
Data model anyway. Reissuing the same one doesn't violate it.
Dmitri Zagidulin: So David you're proposing or what you're
saying is essentially if we required verifiable credentials to be
content addressable so that every time the content of a
verifiable potential change the ID has to change but the v-spec
does not actually have that requirement you are you are in this
very frequently done allowed to publish credentials with the same
ID while their contents changes for example if you reuse.
Dmitri Zagidulin: Issue it and then.
Dmitri Zagidulin: Timestamp or a different signature so that is
that is not a requirement in this back.
Kerri Lemoie: I'm to add to that question sort of who may be
briefly talk about the difference between credential status list
and also credential refresh carrier to meet you would you mind
explaining that are both of you.
Dmitri Zagidulin: Shark a candidate doing on go ahead.
Kayode Ezike: How can I just ask this versus credential
refreshing scent.
Kerri Lemoie: CredentialRefresh:
https://w3c-ccg.github.io/vc-refresh-2021/
Kayode Ezike: Yeah so my understanding generally is that
subconscious has what we discussed here which is that the issuer
manages a publicly accessible resource that allows verifiers to
check the status of the repo or rather the other credential for
the route for the refresh service my understanding is that
whenever if that is not provided the issuer exposes an endpoint
that.
Kayode Ezike: Allows it that allows.
Kayode Ezike: Verifiers to to refresh the credentials whenever
it has rather just to be able to refresh it whenever I would ever
Cadence in the seems reasonable that's generally how I understand
it but I'm happy to allow for any other discussion on that as
well.
Dmitri Zagidulin: Yeah so the refresh spec.
Dmitri Zagidulin: Complementary to the expiration mechanism so I
have my driver's license is good for four years what happens when
it expires up to four years the refresh spec basically describes
the credential version of oh I have to take the old one into the
drive the Bureau of Motor Vehicles on the issue me a new one so.
Dmitri Zagidulin: Both the status and the refresh exist
alongside each other and in fact some of the some of our example
specs have both or if you look at examples in open badges version
3 spec a lot of the verify the credentials their have both a
status list section and a refresh section.
Kerri Lemoie: Thanks anybody else have any questions about this.
Kerri Lemoie: Or any other points they'd like to make about the
status and how this works.
Kerri Lemoie: I bet I have a question for all of you is there
anybody here who has implemented credential status and like to
tell us about how they're using it and how they've implemented
it.
Kerri Lemoie: Okay Patti really appreciated that I see so many Q
Jonathan the floor.
Dmitri Zagidulin: Anthony might be muted.
Kerri Lemoie: Yeah you can't hear your Jonathan if you're
speaking.
Jonathan_Bethune: Okay is that.
Dmitri Zagidulin: If you have like an additional Hardware mute
on your mic maybe yes better yeah.
Kerri Lemoie: Yep they are to thank you.
<kerri_lemoie> Link to presentation:
https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo/edit#slide=id.g143e60161fc_0_35
Jonathan_Bethune: Better I was using one earpod and it's the one
that's dead so okay sorry about that so real quick by way of
introduction I think I've spoken much my name is Jonathan and the
engineering manager for pocket colleague of Xander who spoke a
little while ago just real quick I was wondering if there was a
way to get a link to the presentation and actually had a lot of
discussion internally about the X and we're just wanted to look
into a little.
Kayode Ezike: Sure yeah definitely can share that.
<phil_l_(p1)> Nate's Comment:
Jonathan_Bethune: There we go oh that's fast okay let me well I
actually didn't get the click on it we just grabbed it's in the
chat right there we go.
Kerri Lemoie: Yeah it's going up a little bit the chat moves
pretty fast because of the transcription.
<phil_l_(p1)> Good point Nate.
Jonathan_Bethune: Yeah got it alright thank you.
Kerri Lemoie: Okay if no one has anything else okay did you have
anything else you would like to add.
Kayode Ezike: That was that was everything I just thank you all
for your time and yeah we're continuing to refine this this work
and we primarily are supporting GitHub and get lab the moment and
working on some of the other services as well so just happy to
have this opportunity and thank you all again for there for
discussion.
Kerri Lemoie: Yeah thank you very much.
Dmitri Zagidulin: And if I can add so if.
Dmitri Zagidulin: If anybody has questions about this work
please send an email to the VC edu mailing list or if you're free
to contact KO myself directly the code code is free it references
an open spec we encourage everybody to join in the conversation.
Kerri Lemoie: Hip and actually seen my hush you have killed
yourself up.
https://imsglobal.github.io/openbadges-specification/ob_v3p0.html
Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly
unrelated here but more on the open badges 3.0 spec I've been
trying to get hold of it and I seem to be pay bald by this IMS
Global if somebody has that and can make the open badges 30 spec
which is publicly visible I would appreciate it thank you.
https://www.imsglobal.org/spec/ob/latest/main/
Kerri Lemoie: I can grab that link for you give me one second
here tell Ted you're in the queue your the floor.
<kerri_lemoie> Open Badges 3.0 spec:
https://imsglobal.github.io/openbadges-specification/ob_v3p0.html
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just
following up on responding to David's question about the unique
identifier for each credential in the same way that a URI is
expected to be stable that is that is the stability that we mean
for the ID in these verifiable credentials URI is always meant to
name the same thing which doesn't mean that it the thing it names
stays the same forever.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like
your name always means you, but your contents don't stay the same
forever.
<dmitri_zagidulin> thx Ted!
Kerri Lemoie: Hey Alec it is empty and listen no one has
anything else we have a few minutes left so we could end the call
here give another Med see if anybody has anything otherwise I
hope you all have a great week and I will see you next week.
<phil_l_(p1)> Nice preso!
Kayode Ezike: Cheers thank you.
Dmitri Zagidulin: Thanks KO day thanks everyone.
<elizabeth_miller> Thank you!
Kerri Lemoie: Thank you headed.
<john_kuo> Thanks, great discussion
Received on Wednesday, 17 August 2022 18:01:59 UTC