[MINUTES] W3C CCG CCG Verifiable Credentials for Education Task Force Call - 2022-08-15

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:


Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:


VC for Education Task Force Transcript for 2022-08-15

  1. IP Note
  2. Call Notes
  3. Introductions & Reintroductions
  4. Announcements
  5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential 
    Status WOrk
  Kerri Lemoie
  Our Robot Overlords
  Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune, 
  David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck, 
  Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe 
  Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan - 
  pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri 
  Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar 
  Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young, 
  Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), 
  Allyson Parco, Eric Shepherd, Phil L (P1)

Our Robot Overlords are scribing.
Kerri Lemoie:  Hello everybody Welcome to the August 15th BC edu 
  call today our main topic will be on credential status kod a DK 
  from MIT digital credential Consortium is going to present us on 
  some of the latest work that he's been doing on that over there 
  and we can pour we get started with that let's go through a few 
  boilerplate items first is IP note everybody for anyone.

Topic: IP Note

Kerri Lemoie:   Came to speed in these calls how any.
<kerri_lemoie> create an account: 
Kerri Lemoie:  You substitute of contributions to any of the ccg 
  work items must be done by members of the ccg with full IP are 
  agreements signed and to do that you can create an account at w3c 
  and put this in the chat for you and then also use this link to 
  join the ccg.
<kerri_lemoie> join the CCG: 

Topic: Call Notes

Kerri Lemoie:  Hey second All call notes for this call are 
  recorded and there are minutes being taken by are called our 
  robot Overlord is do the transcription I wish you'll see in the 
  chat we are also doing a Wheels do a video recording of This call 
  which can be found later we can send out if you need it so coyote 
  will have some slides today so it'll be nice to have that 
  recorded we use a cue system.
Kerri Lemoie:   To to ask questions and participate.
Kerri Lemoie:  Conversation so if you would have a question or 
  would like to say something please kill yourself first you do 
  that by putting a q+ and the chat just like I did there you could 
  also do to U plus and then say a note about something you want to 
  say and that lets us know if you're responding to something 
  that's being said right away so we know when to pull you into the 
  conversation so that is very helpful and then to remove yourself 
  from the queue just uq-.
Kerri Lemoie:   And we get something.
Kerri Lemoie:  They did that wrong okay remove something from the 
  queue okay.
Kerri Lemoie:  Because the floor all right when I say we hit q- 
  we're actually looking to see who is in the queue.

Topic: Introductions & Reintroductions

Kerri Lemoie:  Okay next let's do some introductions and 
  reintroductions is there anybody here joining us today for the 
  first time that I would like to introduce themselves or anybody 
  who's been here for a while and I would just like to say hello 
  again and let us know a little bit about something they're 
  working on if so go ahead and put yourself in the queue.
Kerri Lemoie:  Yeah I'm going to queue myself up real quick here 
  one thing I haven't mentioned is that I started a new role at the 
  beginning of August I have the digital credential contortion so 
  I'm going to be there director of Technology it doesn't really 
  change much for BC I do I will still be here doing all of that 
  work because the DCC has made her is really been backing all of 
  this work and really significant way making sure that we have 
  this open Community to work and so I'm really happy to be able to 
  continue the.
Kerri Lemoie:   Work there and help to do what I want to do which 
  is in.
<deb_everhart_(credential_engine)> congrats Kerri!
Kerri Lemoie:  Adoption understanding of verifiable credentials 
  that had that has been my my shift recently.

Topic: Announcements

<kerri_lemoie> VC email list: 
Kerri Lemoie:  There's no other introduction to reintroductions 
  next we have announcements and reminders one is that if you 
  haven't joined it yet we do have an email list and I met email 
  this can be joined by going here put this in the chat for you so 
  we have it in our notes later.
Kerri Lemoie:  The great list to join you don't have to be 
  necessarily technical drawing this or you work on technical 
  projects if you just want to stay in the loop on what's going on 
  in Education and Training and achievement credentials that's the 
  list to join this is where we try to have all those 
Kerri Lemoie:  And the other announcement that I have is that 
  tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the 
  weekly ccg meeting.
Kerri Lemoie:  They recommend doing that as much as you possibly 
  can to learn what's going on in the community as a whole.
Kerri Lemoie:  Does anybody else have any announcements or 
  anything they'd like to share.
Kerri Lemoie:  It's the money I see that you just joined us would 
  you be interested in telling folks about our next week's call 
  will be about it sounds really great.
Simone Ravaoli:  Yes hi hello everyone I hope you can hear me so 
  we are going to have as a guest get anything on this sea of 
  Gattaca Gattaca is a nest site a company based out of Spain and 
  they've been involved in the end building and implementing all 
  the ab c-- specification so that's that would be the European 
  blockchain service infrastructure particularly they have been 
  looking into version 2 of.
Simone Ravaoli:   Of the did method did.
Simone Ravaoli:  And they've risked to share some Reflections 
  around what is the difference between version 1 and 2 and some of 
  the implications that version 2 has with regards to privacy 
  regulations in Europe also known as GDP are but they are a 
  Community member that has really just been doing a lot of work 
  from Europe and so that would be I think an interesting update 
  from what's Happening outside of North America.
Kerri Lemoie:  Thank you so much that sounds great I'm really 
  looking forward to it okay anybody else have anything else before 
  we move on to our main topic.

Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status WOrk

Kerri Lemoie:  Okay why don't I then introduce Kayode. Kayode is 
  working on this great project related to credential status he's 
  working on making it possible for issuers to manage the status of 
  their credentials and for verifiers to check status info, 
  especially a revocation or suspension so he's going to show you 
  some of his work today and then feel free to ask questions and 
  then we can see what we can learn about it well.
Kerri Lemoie:   Tim Kennedy.
Kayode Ezike: Slides: 
Kayode Ezike:  Thank you thank you characters interesting here's 
  the link to the presentation that be using for today I know we 
  generally do not show video for van with purposes I would do that 
  really quickly just to introduce myself and turn off every but 
  this guy is he gay again and brief introduction is that I've been 
  involved with digital credentials since around 2018 but that time 
  that I began my master's program around proper credentials and 
  personal data storage management.
Kayode Ezike:   Since then I've been contributing to number of 
  Open Source projects.
Kayode Ezike:  Optical pulse of my own and these days I primarily 
  support the digital credentials Consortium through MIT as well as 
  Gobekli which is the startup it's also doing great work in this 
  space so thank you for having me and I'll put up my screen so 
  that an alternative you'll see how can see we have.
Kerri Lemoie:  Kayode I'll keep an eye on the chat for you.
Kayode Ezike:  Thank you okay so.
Kayode Ezike:  If explosion one second.
Kayode Ezike:  Spell with me.
Kayode Ezike:  Okay I think if I try none.
Kerri Lemoie:  Not yet not yet nope.
Kayode Ezike:  Are you able to see my screen now.
Dmitri Zagidulin:  If you're transmitting from a Mac there you 
  might need to update the permissions in the control center which 
  means you have to restart the browser and redrawing.
Kayode Ezike:  But you're trying to do something like that but it 
  was it.
Dmitri Zagidulin:  One of us can also.
Dmitri Zagidulin:  Screen share the slides and just thanks Kerry.
Kerri Lemoie:  Yeah I can do that that's true.
Dmitri Zagidulin:  I'll probably be faster chaotic.
Dmitri Zagidulin:  Say next slide.
Kerri Lemoie:  Yeah just let me know in and we pull it up here 
  hold on one second.
Kayode Ezike:  Animations hopefully syncs
Kerri Lemoie:  I am just clearing everything out of the way here 
  on the way everybody's happy about the desert play.
Kerri Lemoie:  Okay can you see.
Dmitri Zagidulin:  Yep we can see your screen.
Kerri Lemoie:  To be this clarity.
Kayode Ezike:  Great yes I can see.
Kerri Lemoie:  Oh there you are okay you can see the head you can 
  take it from here now just let me know when you want to move to 
  the next slide.
Kayode Ezike:  Awesome thank you Kerry so today we'll be 
  discussing a topic I was cussing to what that would get a 
  credential status hosting and for scare anybody away this is not 
  a new specification for credential status is more so concerning 
  ourselves with how can we help issuers to expedite their 
  deployment of criticized infrastructure by leveraging familiar 
  services to them and and hence sort of taking care of it.
Kayode Ezike:  Origin authorization concerns that.
Kayode Ezike:  To them and so this in terms of what we're 
  discussing today I'll be giving a brief background of the topic 
  and we'll be going through a bit of the state-of-the-art who tell 
  you what our goals were let me Design This solution as well as 
  what the actual solution is will then show you a little bit of 
  code before you show you the demo of what we've done.
Kayode Ezike:  Granger status management has been around for some 
  time and one of the earliest conceptions of it really came from 
  certificate authorities with the notion of certificate revocation 
  lists which is a list of certificates that an issuer has revoked 
  prior to its from its expiry and that is sort of the the main 
  model that we think about in this space when we think about 
  country status management.
Kayode Ezike:  Generally we think about a resource that is 
  managed by an issuer that informed the public about the state of 
  outstanding credentials and there's been a lot of work done in 
  this space over the years in terms of Standards development and 
  developer tools for how to manage the status of these credentials 
  as well as how to verify the information on them such as 
  revocation or suspension however storage and authorization have 
  kind of.
Kayode Ezike:   Been left out of scope largely and.
Kayode Ezike:  Good that it would be great if we can simplify 
  that for issuers and their deployments.
Kayode Ezike:  Thank you so next slide great so I want to give a 
  quick definition of printer status according to the v-spec mental 
  status is an object value property that enables the discovery of 
  information about the current status of the verifiable credential 
  such as whether it is suspended or revoked.
Kayode Ezike:  So in other words now before we go on another 
  words it gives consumers of this credential and idea of the 
  issuer's view of the current validity of a credential next please 
  so here on the right we have an example of a verifiable 
  credential that has a special status property on it but one thing 
  to know is that it is an optional value so you not every verify.
Kayode Ezike:  Krista have this field on it.
Kayode Ezike:  If it does have the field on it it must Define two 
  main properties which is ID and type and it must also valid like 
  the remaining properties are specified by the type field so in 
  this example we know that we have a status festering 21 entry the 
  type and the three types of rather Fields below it status purpose 
  statuses index in status credential relate to or rather are 
  defined in the stands for students.
Kayode Ezike:   T10 tree.
Dmitri Zagidulin:  Toyota quick question I do we want to wait 
  till the end for questions or do you want to encourage people to.
Dmitri Zagidulin:  If they encounter something or when I ask 
  questions about each slide to raise their hand.
Kayode Ezike:  I'm happy to take questions as they come up.
Kayode Ezike:  Is it just the two Fields so the state-of-the-art.
Kayode Ezike:  There have been a lot of great work and done in 
  sequential status space and one of the early conceptions of this 
  or examples of this came in 2018 from hyper legit Indy via their 
  HIV ew1 one penetration spec and they use a bunch of cool 
  technology cryptographic graphic accumulators to determine which 
  credentials have been revoked and interestingly enough I learned 
  in the suspect that it seems that this actually is.
Kayode Ezike:  Predates to know now have medication.
Kayode Ezike:  Like I found to be interesting and a couple years 
  later the ccg would develop a speck of their own via the 
  revocation list 2020 spec and soon after be a refined version and 
  the status was 20 21 spec which sort of granted a more General 
  notion of status that goes beyond just a vacation but also 
  support system suspension and other forms of criminal status.
Kayode Ezike:  Next please and the most for all these 
  specifications all right one more back sorry.
Kayode Ezike:  So this is the this point on hosting so for any 
  all these specifications is important for verifiers to be able to 
  to check this the status of the credential somehow right and the 
  most obvious way to do this is to host the resources and in a 
  public location namely a distributed Ledger or a short controlled 
Kayode Ezike:  Any questions here.
Kayode Ezike:  You can move on next slide please.
Kerri Lemoie:  No questions yet sure.
Kayode Ezike:  Great so I want to talk to you all about status 
  list 20 21 this is the suspect that we use in our design and the 
  it's one of the more advanced specs out there and in my opinion 
  and this is examples of the left what you see is a credential 
  from a couple slides ago so nothing new here yet we have 
  verifiable credential had the credential status on it and it has.
Kayode Ezike:   As all the fields that we discussed earlier.
Kayode Ezike:  Now if you pay attention to the key in on the 
  status purpose status index and Status credential properties 
  these are the properties that are introduced by the status least 
  2021 spec the first of these properties is the most self 
  explanatory this is saying that.
Kayode Ezike:   The issuer.
Kayode Ezike:  Acting this type of status for this credential so 
  for verifier when they want to verify the status of the 
  credential this is the information that they will learn now the 
  other two properties are more specific to sort of like are sort 
  of the meat and potatoes of how this specification works and it 
  relates to a new resource at the introduced so if you can just go 
  forward just a couple steps very until you see a new object in 
  the right.
Kayode Ezike:  So this on the right is a status list 2021 
  credential and the best way to think about this credential is it 
  is the credential that manages the status of a batch of multiple 
  credentials it's not philosophy that one more time but this is a 
  credential that the issuer manages that tracks a batch of several 
  different credentials and so what this means if you could just 
  click one more time Carrie.
Kayode Ezike:   So we so.
Kayode Ezike:  This was the most important information on this 
  country is this encoded list value right here and what it is in 
  the simplest representation you can think of it as a sequence of 
  characters let's let's say X's and O's that represents the the 
  status of a credential at that position right and so if the value 
  let's say the value of that was X it would mean that it is 
  invalid respect to the status purpose so in other words it is 
Kayode Ezike:   Value is 0 it means that it is valid with.
Kayode Ezike:  The words is not revoked and if we go back to the 
  if you focus again on the left side you will see that the status 
  list credential property that is just the way for verifiers to 
  retrieve this credential on the right so it's a public link that 
  they can access and the status index tells them which position in 
  that encoded list is represented a represents this credential.
Dmitri Zagidulin:  So I want to I want to pause here before we 
  move on to the next slide I want to make sure everybody absorbs 
  this so.
Dmitri Zagidulin:  I want to make sure everybody understands what 
  that encoded list is for right because at its at its simplest a 
  credential status is binary for a given status purpose so like 
  for a vacation rental is either revoked or it's not so the very 
  first sort of naive implementations of replication status where 
  to host a.
Dmitri Zagidulin:   Some kind of object.
Dmitri Zagidulin:  Either cover fabric credential or something 
  else that's a revoked or not for each individual credential right 
  easy so or even before that I think what open badges did is just 
  publish a plane list of all revoked credential IDs on their 
  website yeah so you get you get the credential you can go look up 
  that list to see if it's revoked.
Dmitri Zagidulin:  So very easy and we wouldn't be having this 
  problem I rather this this conversation here except there's a 
  couple of major major problems there one is privacy that if you 
  publish a list of remote credentials well you can go see 
  everybody whose credentials are revoked but an even more 
  important one is what's known as the phone home problem it's one 
  of the downsides of Hosting.
Dmitri Zagidulin:   An individual status.
Dmitri Zagidulin:  Nation for each credential is that whoever is 
  hosting it covers running that website can track.
Dmitri Zagidulin:  Requests can can track how many times and from 
  where from what IP address is and what time stamp some verifier 
  is is checking.
Dmitri Zagidulin:  Revocation and that that is generally 
  regarding the community has too much information that that's like 
  that's not necessary that is a threat so then the reason the 
  status list spec arose is that okay so if we don't if we don't 
  want the host whoever's controlling the web whole of the web 
  server to know each time each individual credential is looked up 
  why don't we batch it why don't we rely on.
Dmitri Zagidulin:   On herd immunity on herd privacy.
Dmitri Zagidulin:  And batch a whole bunch of credentials at 
Dmitri Zagidulin:  And then the verifier can request this whole 
  batch this this entire credential that has the encoded list that 
  contains the status of 20 or 100 I forget how many it is.
Dmitri Zagidulin:  Potential statuses and that way the request 
  will be spread out over that entire cohort of credentials and 
  that way we get her privacy I see David is on the queue.
Kayode Ezike:  When you credential is revoked right so when your 
  credential is revoked this this this French on the right will be 
  updated the encoded list will be up to such that the bit at that 
  position I 4 5 6 10 is now 1 or Annex discussed earlier.
Kayode Ezike:  Yes yes that comes up I think some question time 
  so that really I think bows down to the I think we leave that to 
  the implementers of the their system because that really comes 
  down to how often how what is it catching sort of system like do 
  you check every day do you check every hour and the you'd have to 
  give an essay to the individual using your system to let them 
  know that this is just going to be valid.
Kayode Ezike:  For a given day or for.
Kayode Ezike:  Etcetera but I don't think that's something that 
  this back tries to address or to solve.
Kerri Lemoie:  Give me three.
Dmitri Zagidulin:  If I may add to that so the cache control is 
  left to the individual protocol meaning because this particular 
  credential is held over http.
Dmitri Zagidulin:  His publishing the status list can rely on 
  HTTP cache control directives meaning each time the verifier 
  sends an HTTP get for this status credential one of the headers 
  in the response says only cash this for an hour meaning we're 
  going to we're going to renew this thing every hour and that way 
  the verifier knows how long to cash it right so we get that the 
  caching mechanism for free with HTTP so we don't need to put in.
Dmitri Zagidulin:   An explicit.
Dmitri Zagidulin:  Potential now if we were if the URL of the 
  status of protection was not HTTP was what some other was ipfs or 
  some other method that doesn't come with cache-control metadata 
  then you're right David we should include an expires field in the 
  statuses credential.
Kayode Ezike:  Okay thank you.
Kerri Lemoie:  No more questions for now Kayode if you want to go 
Kayode Ezike:  Thank you for question is David and I'm great 
  thanks for getting ahead of me Michelle's going to get into the 
  herd privacy notion which is I think one of the main benefits of 
  the specification which is just to reiterate when a verifier is 
  interested in learning about the status of a credential they are 
  only communicating to the issuer that they're interested in a 
  subset of credentials that they manage not in a specific one so 
  it keeps the issuer away from fine-grained details about how a 
Kayode Ezike:  Potential is being used and if you just.
Kayode Ezike:  Or just one.
Kayode Ezike:  Thank you this is a digital representation just 
  the visual Learners out there the green slots represent the valid 
  credentials with respect to the purpose so I'm revoked and events 
  Lots represent the invalid by evoked credentials.
Kayode Ezike:  Next slide please.
Kayode Ezike:  So we have a number of goals that we were 
  considering what we designed our country stars infrastructure the 
  main governing goal is that we wanted to simplify the deployment 
  for issuers of the printer status infrastructure and we do this 
  by leveraging third-party services for the storage and 
  optimization of grantor status resources and the great thing 
  about this is that we're kind of meeting is adjourned.
Kayode Ezike:  Is worth where they are right.
Kayode Ezike:  Allowing them to use a familiar hosting service 
  and and also providing potential path to switch between services.
Kayode Ezike:  So if we can step ahead just one slide.
Kayode Ezike:  We'll get into the solution.
Kayode Ezike:  So we again decided to use a static list 2021 
  specification and feel free to consult the design doc at that 
  link and the whole conclusion I think this is really where we 
  innovate and we decided to use Source control services such as 
  GitHub get lab and code Berg and we also support issuer hosted 
  websites traditionally and so what this allows us to do again is 
Kayode Ezike:   It's a biscuit.
Kayode Ezike:  Like that organizations already use these services 
  to host their code and and also these Services often provide 
  developers with oauth tokens that they can use to access apis of 
  these services to update resources and so why don't we just use 
  this these services to help issuers manage their current status 
  lists and metadata associated with it.
Kayode Ezike:  Any questions here.
Kayode Ezike:  To reload it.
Kerri Lemoie:  Any chance has an adversity.
Dmitri Zagidulin:  Yeah if I could just add a couple more words 
  so I want you I want you to everybody to picture the the very 
  specific conversation the very specific problem the solves.
Dmitri Zagidulin:  As okay we're issuing credential great can we 
  add revocation sure why not what's a good spec what we've got 
  this status list 2021 spec okay then engineering how hard of a 
  lift is this to add this to our system how many hours before you 
  can add revocation to to our issuer and that's where the real 
  problem starts because hosting a file on a website that b is easy 
  the really difficult part which is what makes okay.
Dmitri Zagidulin:   It is work so.
Dmitri Zagidulin:  Difficult Park is part is adding the user 
  interface and specifically adding permissions to who is allowed 
  to edit who's allowed to revoke the the credential right so the 
  spec gives us the data model gives us the protocol the mechanisms 
  very easy what's really not easy and what shoots up the 
  implementation time in too many weeks not to mention like really 
  hard requirement Gathering is.
Dmitri Zagidulin:  Delegation the chain of command of.
<xander> I don’t think you can set http cache control headers on 
  GitHub-hosted files.
Dmitri Zagidulin:  Okay so you know how do we model the trust and 
  permission hierarchy of a particular University down to the 
  registrar and then how does it register our delegate individual 
  officers to be able to hit the button to flip that bit for for 
  the file to be updated so the the the main Innovation here is the 
  realization that.
Dmitri Zagidulin:  Because permission control and and login 
  systems and graphical user interface is the hardest part about 
  this can we Outsource it to somewhere else and the realization 
  was made oh get hosting organizations like GitHub and get lab and 
  code Berg already provide all of that they provide the permission 
  systems the login systems they produce institutions are familiar 
  with setting up Gap GitHub organizations all of that.
Dmitri Zagidulin:   Stuff is worked out for us why don't we reuse 
Dmitri Zagidulin:  Geico I'll go ahead Gary.
Kerri Lemoie:  One question I'm asking these are all my be 
  hosting Services could someone just use get for this on its own 
  without using GitHub get lab and or code Berg.
Dmitri Zagidulin:  So the the question with get is always which 
  protocol will get use right because get has SSH it has HTTP and 
  it has a number of other protocols words hosted so some server on 
  the cloud has to be running it gets server.
Dmitri Zagidulin:  So can you use get a loan sort of it requires 
  a get server in a good client.
Kerri Lemoie:  I think so Xander.
Xander: I guess I have to have you spoken before so I'll just 
  quickly I'm the security lead for the pocket team just wanted to 
  follow up on David's question real quick so the idea there was 
  that you were going to rely on HTTP cache control headers to set 
  the expiry time for a different certificate right but you're also 
  talking about using services like GitHub to do the hosting I 
  don't believe that you can set the expired header value if you're 
  using a service like that.
Xander: So that they.
Dmitri Zagidulin:  And that's that's a very good point.
Xander: You may need to put that you may need to put the time 
  value on the file done.
Kayode Ezike:  Right yeah that's a good description that we can 
  we start to use these third party dresses I think there's 
  different levels of access that they are each provide and I'm 
  sure maybe like if you have a paid account that makes a 
  difference as to how much you could control but I think largely 
  you make a good point and.
Xander: I don't think so I got used the Enterprise version before 
  I think basically if you're using GitHub to host files like get 
  on pages or whatever they really handle everything and you don't 
  get access to that level.
Xander: It may be worth looking into.
<dmitri_zagidulin> that seems like a good motivation to clarify 
  (in the status list spec) the recommendation of always having 
  expiration timestamps
Kerri Lemoie:  Yeah time in the queue tell jump in real quick 
  that's an excellent point and I know you haven't actually I'm let 
  you get into like how you doing this so maybe I'm jumping the gun 
  here Harry I'm sorry if I am but um are you considering using 
  just as part of this because just get versioned which is 
  something to consider okay that's the comment there but yeah.
Kayode Ezike:  This is this is for like the accident the location 
  of us for example.
Kayode Ezike:  Yes it's something like this came up actually you 
  kind of hear made great recommendation at some point about 
  something like that where you would because get help for example 
  has a way for you to use a link that it's post using GitHub Pages 
  you can also use a link to the file directly that doesn't rely on 
  GitHub pages but I would imagine that the.
Kayode Ezike:  Might be a rat.
Kerri Lemoie: 
Kayode Ezike:  He got distracted the same way in that case as 
  well in terms of controlling what the cache mechanism is like so 
  yeah that would be something to explore but the good thing I'll 
  show you a little bit later how some of these things can be 
  customized for different status clients of different services and 
  there's a way to add flexibility for for that.
<kerri_lemoie> Link above to info about gists.
Kayode Ezike:   Again to that little bit.
Kayode Ezike:  There are no other questions can move on to the 
  next slide.
Kayode Ezike:  Great so this is a sort of a visual representation 
  of the architecture that we have issue admin who presumably would 
  already have the permissions that they need inside of a example 
  with GitHub organization so they already have access to create 
  read and write data to Repose in the organization and if you 
  click ahead.
Kayode Ezike:   So this.
Kayode Ezike:  This actor would be able to hit the credential 
  status and point of a VC API instance which allows them to update 
  the status EG revoke a credential.
Kayode Ezike:  More step and then ultimately that enables them to 
  create read and update data in these different services.
Kayode Ezike:  So before we move on to a demo wanted to show a 
  little bit of code and so this is the main sort of class that we 
  Implement to with this code and so there's this tells subclasses 
  different methods that they need to implement for them to be 
  valid printer status clients and so for example you need to 
  provide a base URL that can be used to reference the printer 
  status information you need to.
Kayode Ezike:  Boo the client too.
Kayode Ezike:  That is people from from the code need to enable 
  them to read and write status list and log data in config data so 
  as long as the subclasses can Implement these abstract methods 
  and they're valid client and so if you can step forward this one 
  step please carry will see that in this example GitHub a cultural 
  status client for their get credentialed status URL you notice 
  that there is a GitHub that I owe their meaning that.
Kayode Ezike:   Using GitHub pages but this is also the place 
Kayode Ezike:  I could use a distance that or URL that points 
  directly to the file and there's also we also are using the 
  octave kit Library a popular GitHub SDK to update and read 
  information from the repo which obviously would look different 
  for different services.
Kayode Ezike:  Any questions about this.
Kerri Lemoie:  I think we're good once you go ahead.
Kayode Ezike:  So we're just going to get into a demo now just 
  step forward one and taxes and maybe that's going to come to my 
  email or something.
Kayode Ezike:  Probably going to email about that 17.
Dmitri Zagidulin:  Karen thank you have to hit request again on 
  the subsequent page.
Kerri Lemoie:  Let me know when it's all set Katie I'll refresh 
Kayode Ezike:  Yeah it is I just shared it.
Kayode Ezike:  The volume on.
Kerri Lemoie:  Were you able to hear the volume when I get out.
Kerri Lemoie:  Dimitri do you know how to make that work.
Kerri Lemoie:  Yep that's share audio.
Dmitri Zagidulin:  In the settings so if you go to the 3 3. Menu 
  at the bottom settings there is yeah share out the others share 
  audio checkbox.
Kerri Lemoie:  Thanks your patience everybody but I'm getting 
Kerri Lemoie:  All right let me try that again it doesn't work 
  Katie you could just walk us through it.
<kerri_lemoie> Can you hear?
Dmitri Zagidulin:  Now that doesn't seem to be coming through so 
  we can encourage people to watch since we we pasted the link to 
  the slide deck everybody can watch the video on the demo on their 
Dmitri Zagidulin:  But you can you can describe what when it's 
Kerri Lemoie:  We're going to start over and you can just sort of 
  walk us through what's happening.
Kayode Ezike:  Sure I mean it's a recorded a demo but effectively 
  what we were demonstrating is requesting a credential from our 
  version of V Capi importing that into DC learner wallet and then 
  from there we kind of show you throughout the whole process 
  called the repo is updating and so the GitHub repos I'm using a 
  demo and and then we revoke the credential.
Kayode Ezike:  Again from the VCA Pi you show you the.
Kayode Ezike:  Two then rebuild me also show you.
Kayode Ezike:  That in the wallet and now shows that the 
  credential is revoked.
Kayode Ezike:  Again it's you should be able to view that video 
  in the presentation but that's effectively what's going on.
Kayode Ezike:  So that was the last of it actually so if there's 
  any questions or feedback I'm happy to take in you David go 
Kayode Ezike:  Oh so so the so the credential continues to have 
  the same the credential never changes per se it's the information 
  at at least the credential that the holder controls is the 
  credential that the status could ensure that managers know that 
  has been coded list value that manages multiple credentials is 
  that one that will be shuffled and change as a credentials are 
  revoked suspended.
Dmitri Zagidulin:  Can I can I jump in here as well.
<nate_otto_(another_device)> Nah. credential.id is optional in VC 
  Data model anyway. Reissuing the same one doesn't violate it.
Dmitri Zagidulin:  So David you're proposing or what you're 
  saying is essentially if we required verifiable credentials to be 
  content addressable so that every time the content of a 
  verifiable potential change the ID has to change but the v-spec 
  does not actually have that requirement you are you are in this 
  very frequently done allowed to publish credentials with the same 
  ID while their contents changes for example if you reuse.
Dmitri Zagidulin:   Issue it and then.
Dmitri Zagidulin:  Timestamp or a different signature so that is 
  that is not a requirement in this back.
Kerri Lemoie:  I'm to add to that question sort of who may be 
  briefly talk about the difference between credential status list 
  and also credential refresh carrier to meet you would you mind 
  explaining that are both of you.
Dmitri Zagidulin:  Shark a candidate doing on go ahead.
Kayode Ezike:  How can I just ask this versus credential 
  refreshing scent.
Kerri Lemoie: CredentialRefresh: 
Kayode Ezike:  Yeah so my understanding generally is that 
  subconscious has what we discussed here which is that the issuer 
  manages a publicly accessible resource that allows verifiers to 
  check the status of the repo or rather the other credential for 
  the route for the refresh service my understanding is that 
  whenever if that is not provided the issuer exposes an endpoint 
Kayode Ezike:  Allows it that allows.
Kayode Ezike:  Verifiers to to refresh the credentials whenever 
  it has rather just to be able to refresh it whenever I would ever 
  Cadence in the seems reasonable that's generally how I understand 
  it but I'm happy to allow for any other discussion on that as 
Dmitri Zagidulin:  Yeah so the refresh spec.
Dmitri Zagidulin:  Complementary to the expiration mechanism so I 
  have my driver's license is good for four years what happens when 
  it expires up to four years the refresh spec basically describes 
  the credential version of oh I have to take the old one into the 
  drive the Bureau of Motor Vehicles on the issue me a new one so.
Dmitri Zagidulin:  Both the status and the refresh exist 
  alongside each other and in fact some of the some of our example 
  specs have both or if you look at examples in open badges version 
  3 spec a lot of the verify the credentials their have both a 
  status list section and a refresh section.
Kerri Lemoie:  Thanks anybody else have any questions about this.
Kerri Lemoie:  Or any other points they'd like to make about the 
  status and how this works.
Kerri Lemoie:  I bet I have a question for all of you is there 
  anybody here who has implemented credential status and like to 
  tell us about how they're using it and how they've implemented 
Kerri Lemoie:  Okay Patti really appreciated that I see so many Q 
  Jonathan the floor.
Dmitri Zagidulin:  Anthony might be muted.
Kerri Lemoie:  Yeah you can't hear your Jonathan if you're 
Jonathan_Bethune: Okay is that.
Dmitri Zagidulin:  If you have like an additional Hardware mute 
  on your mic maybe yes better yeah.
Kerri Lemoie:  Yep they are to thank you.
<kerri_lemoie> Link to presentation: 
Jonathan_Bethune: Better I was using one earpod and it's the one 
  that's dead so okay sorry about that so real quick by way of 
  introduction I think I've spoken much my name is Jonathan and the 
  engineering manager for pocket colleague of Xander who spoke a 
  little while ago just real quick I was wondering if there was a 
  way to get a link to the presentation and actually had a lot of 
  discussion internally about the X and we're just wanted to look 
  into a little.
Kayode Ezike:  Sure yeah definitely can share that.
<phil_l_(p1)> Nate's Comment:
Jonathan_Bethune: There we go oh that's fast okay let me well I 
  actually didn't get the click on it we just grabbed it's in the 
  chat right there we go.
Kerri Lemoie:  Yeah it's going up a little bit the chat moves 
  pretty fast because of the transcription.
<phil_l_(p1)> Good point Nate.
Jonathan_Bethune: Yeah got it alright thank you.
Kerri Lemoie:  Okay if no one has anything else okay did you have 
  anything else you would like to add.
Kayode Ezike:  That was that was everything I just thank you all 
  for your time and yeah we're continuing to refine this this work 
  and we primarily are supporting GitHub and get lab the moment and 
  working on some of the other services as well so just happy to 
  have this opportunity and thank you all again for there for 
Kerri Lemoie:  Yeah thank you very much.
Dmitri Zagidulin:  And if I can add so if.
Dmitri Zagidulin:  If anybody has questions about this work 
  please send an email to the VC edu mailing list or if you're free 
  to contact KO myself directly the code code is free it references 
  an open spec we encourage everybody to join in the conversation.
Kerri Lemoie:  Hip and actually seen my hush you have killed 
  yourself up.
Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly 
  unrelated here but more on the open badges 3.0 spec I've been 
  trying to get hold of it and I seem to be pay bald by this IMS 
  Global if somebody has that and can make the open badges 30 spec 
  which is publicly visible I would appreciate it thank you.
Kerri Lemoie:  I can grab that link for you give me one second 
  here tell Ted you're in the queue your the floor.
<kerri_lemoie> Open Badges 3.0 spec: 
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just 
  following up on responding to David's question about the unique 
  identifier for each credential in the same way that a URI is 
  expected to be stable that is that is the stability that we mean 
  for the ID in these verifiable credentials URI is always meant to 
  name the same thing which doesn't mean that it the thing it names 
  stays the same forever.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like 
  your name always means you, but your contents don't stay the same 
<dmitri_zagidulin> thx Ted!
Kerri Lemoie:  Hey Alec it is empty and listen no one has 
  anything else we have a few minutes left so we could end the call 
  here give another Med see if anybody has anything otherwise I 
  hope you all have a great week and I will see you next week.
<phil_l_(p1)> Nice preso!
Kayode Ezike:  Cheers thank you.
Dmitri Zagidulin:  Thanks KO day thanks everyone.
<elizabeth_miller> Thank you!
Kerri Lemoie:  Thank you headed.
<john_kuo> Thanks, great discussion

Received on Wednesday, 17 August 2022 18:01:59 UTC