- From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
- Date: Thu, 18 Aug 2022 09:03:50 +0200
- To: public-credentials@w3.org
- Message-ID: <CAE8zwO2h0ODdksXE_Z2n-yGCw1pO5Q_p7KphDF0fw9Hhf-A_wA@mail.gmail.com>
Great! In the agenda and its main topic, this sentence is mentioned "Thanks to the great work of key stakeholders in the identity standards and developer community, we now have emerging specifications and great tooling for (1) issuers to manage the status of their credentials and (2) verifiers to check key status info, such as revocation and suspension." Are there any meetings, documents or anything that can be looked at to get some insight about this statement :D ᐧ On Wed, Aug 17, 2022 at 8:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> wrote: > Thanks to Our Robot Overlords for scribing this week! > > The transcript for the call is now available here: > > https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/ > > Full text of the discussion follows for W3C archival purposes. > Audio of the meeting is available at the following location: > > https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/audio.ogg > > ---------------------------------------------------------------- > VC for Education Task Force Transcript for 2022-08-15 > > Agenda: > https://lists.w3.org/Archives/Public/public-vc-edu/2022Aug/0005.html > Topics: > 1. IP Note > 2. Call Notes > 3. Introductions & Reintroductions > 4. Announcements > 5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential > Status WOrk > Organizer: > Kerri Lemoie > Scribe: > Our Robot Overlords > Present: > Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune, > David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck, > Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe > Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan - > pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri > Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar > Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young, > Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), > Allyson Parco, Eric Shepherd, Phil L (P1) > > Our Robot Overlords are scribing. > Kerri Lemoie: Hello everybody Welcome to the August 15th BC edu > call today our main topic will be on credential status kod a DK > from MIT digital credential Consortium is going to present us on > some of the latest work that he's been doing on that over there > and we can pour we get started with that let's go through a few > boilerplate items first is IP note everybody for anyone. > > Topic: IP Note > > Kerri Lemoie: Came to speed in these calls how any. > <kerri_lemoie> create an account: > https://www.w3.org/accounts/request > Kerri Lemoie: You substitute of contributions to any of the ccg > work items must be done by members of the ccg with full IP are > agreements signed and to do that you can create an account at w3c > and put this in the chat for you and then also use this link to > join the ccg. > <kerri_lemoie> join the CCG: > https://www.w3.org/community/credentials/join > > Topic: Call Notes > > Kerri Lemoie: Hey second All call notes for this call are > recorded and there are minutes being taken by are called our > robot Overlord is do the transcription I wish you'll see in the > chat we are also doing a Wheels do a video recording of This call > which can be found later we can send out if you need it so coyote > will have some slides today so it'll be nice to have that > recorded we use a cue system. > Kerri Lemoie: To to ask questions and participate. > Kerri Lemoie: Conversation so if you would have a question or > would like to say something please kill yourself first you do > that by putting a q+ and the chat just like I did there you could > also do to U plus and then say a note about something you want to > say and that lets us know if you're responding to something > that's being said right away so we know when to pull you into the > conversation so that is very helpful and then to remove yourself > from the queue just uq-. > Kerri Lemoie: And we get something. > Kerri Lemoie: They did that wrong okay remove something from the > queue okay. > Kerri Lemoie: Because the floor all right when I say we hit q- > we're actually looking to see who is in the queue. > > Topic: Introductions & Reintroductions > > Kerri Lemoie: Okay next let's do some introductions and > reintroductions is there anybody here joining us today for the > first time that I would like to introduce themselves or anybody > who's been here for a while and I would just like to say hello > again and let us know a little bit about something they're > working on if so go ahead and put yourself in the queue. > Kerri Lemoie: Yeah I'm going to queue myself up real quick here > one thing I haven't mentioned is that I started a new role at the > beginning of August I have the digital credential contortion so > I'm going to be there director of Technology it doesn't really > change much for BC I do I will still be here doing all of that > work because the DCC has made her is really been backing all of > this work and really significant way making sure that we have > this open Community to work and so I'm really happy to be able to > continue the. > Kerri Lemoie: Work there and help to do what I want to do which > is in. > <deb_everhart_(credential_engine)> congrats Kerri! > Kerri Lemoie: Adoption understanding of verifiable credentials > that had that has been my my shift recently. > > Topic: Announcements > > <kerri_lemoie> VC email list: > https://lists.w3.org/Archives/Public/public-vc-edu/ > Kerri Lemoie: There's no other introduction to reintroductions > next we have announcements and reminders one is that if you > haven't joined it yet we do have an email list and I met email > this can be joined by going here put this in the chat for you so > we have it in our notes later. > Kerri Lemoie: The great list to join you don't have to be > necessarily technical drawing this or you work on technical > projects if you just want to stay in the loop on what's going on > in Education and Training and achievement credentials that's the > list to join this is where we try to have all those > conversations. > Kerri Lemoie: And the other announcement that I have is that > tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the > weekly ccg meeting. > Kerri Lemoie: They recommend doing that as much as you possibly > can to learn what's going on in the community as a whole. > Kerri Lemoie: Does anybody else have any announcements or > anything they'd like to share. > Kerri Lemoie: It's the money I see that you just joined us would > you be interested in telling folks about our next week's call > will be about it sounds really great. > Simone Ravaoli: Yes hi hello everyone I hope you can hear me so > we are going to have as a guest get anything on this sea of > Gattaca Gattaca is a nest site a company based out of Spain and > they've been involved in the end building and implementing all > the ab c-- specification so that's that would be the European > blockchain service infrastructure particularly they have been > looking into version 2 of. > Simone Ravaoli: Of the did method did. > Simone Ravaoli: And they've risked to share some Reflections > around what is the difference between version 1 and 2 and some of > the implications that version 2 has with regards to privacy > regulations in Europe also known as GDP are but they are a > Community member that has really just been doing a lot of work > from Europe and so that would be I think an interesting update > from what's Happening outside of North America. > Kerri Lemoie: Thank you so much that sounds great I'm really > looking forward to it okay anybody else have anything else before > we move on to our main topic. > > Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status > WOrk > > Kerri Lemoie: Okay why don't I then introduce Kayode. Kayode is > working on this great project related to credential status he's > working on making it possible for issuers to manage the status of > their credentials and for verifiers to check status info, > especially a revocation or suspension so he's going to show you > some of his work today and then feel free to ask questions and > then we can see what we can learn about it well. > Kerri Lemoie: Tim Kennedy. > Kayode Ezike: Slides: > > https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo > Kayode Ezike: Thank you thank you characters interesting here's > the link to the presentation that be using for today I know we > generally do not show video for van with purposes I would do that > really quickly just to introduce myself and turn off every but > this guy is he gay again and brief introduction is that I've been > involved with digital credentials since around 2018 but that time > that I began my master's program around proper credentials and > personal data storage management. > Kayode Ezike: Since then I've been contributing to number of > Open Source projects. > Kayode Ezike: Optical pulse of my own and these days I primarily > support the digital credentials Consortium through MIT as well as > Gobekli which is the startup it's also doing great work in this > space so thank you for having me and I'll put up my screen so > that an alternative you'll see how can see we have. > Kerri Lemoie: Kayode I'll keep an eye on the chat for you. > Kayode Ezike: Thank you okay so. > Kayode Ezike: If explosion one second. > Kayode Ezike: Spell with me. > Kayode Ezike: Okay I think if I try none. > Kerri Lemoie: Not yet not yet nope. > Kayode Ezike: Are you able to see my screen now. > Dmitri Zagidulin: If you're transmitting from a Mac there you > might need to update the permissions in the control center which > means you have to restart the browser and redrawing. > Kayode Ezike: But you're trying to do something like that but it > was it. > Dmitri Zagidulin: One of us can also. > Dmitri Zagidulin: Screen share the slides and just thanks Kerry. > Kerri Lemoie: Yeah I can do that that's true. > Dmitri Zagidulin: I'll probably be faster chaotic. > Dmitri Zagidulin: Say next slide. > Kerri Lemoie: Yeah just let me know in and we pull it up here > hold on one second. > Kayode Ezike: Animations hopefully syncs > Kerri Lemoie: I am just clearing everything out of the way here > on the way everybody's happy about the desert play. > Kerri Lemoie: Okay can you see. > Dmitri Zagidulin: Yep we can see your screen. > Kerri Lemoie: To be this clarity. > Kayode Ezike: Great yes I can see. > Kerri Lemoie: Oh there you are okay you can see the head you can > take it from here now just let me know when you want to move to > the next slide. > Kayode Ezike: Awesome thank you Kerry so today we'll be > discussing a topic I was cussing to what that would get a > credential status hosting and for scare anybody away this is not > a new specification for credential status is more so concerning > ourselves with how can we help issuers to expedite their > deployment of criticized infrastructure by leveraging familiar > services to them and and hence sort of taking care of it. > Kayode Ezike: Origin authorization concerns that. > Kayode Ezike: To them and so this in terms of what we're > discussing today I'll be giving a brief background of the topic > and we'll be going through a bit of the state-of-the-art who tell > you what our goals were let me Design This solution as well as > what the actual solution is will then show you a little bit of > code before you show you the demo of what we've done. > Kayode Ezike: Granger status management has been around for some > time and one of the earliest conceptions of it really came from > certificate authorities with the notion of certificate revocation > lists which is a list of certificates that an issuer has revoked > prior to its from its expiry and that is sort of the the main > model that we think about in this space when we think about > country status management. > Kayode Ezike: Generally we think about a resource that is > managed by an issuer that informed the public about the state of > outstanding credentials and there's been a lot of work done in > this space over the years in terms of Standards development and > developer tools for how to manage the status of these credentials > as well as how to verify the information on them such as > revocation or suspension however storage and authorization have > kind of. > Kayode Ezike: Been left out of scope largely and. > Kayode Ezike: Good that it would be great if we can simplify > that for issuers and their deployments. > Kayode Ezike: Thank you so next slide great so I want to give a > quick definition of printer status according to the v-spec mental > status is an object value property that enables the discovery of > information about the current status of the verifiable credential > such as whether it is suspended or revoked. > Kayode Ezike: So in other words now before we go on another > words it gives consumers of this credential and idea of the > issuer's view of the current validity of a credential next please > so here on the right we have an example of a verifiable > credential that has a special status property on it but one thing > to know is that it is an optional value so you not every verify. > Kayode Ezike: Krista have this field on it. > Kayode Ezike: If it does have the field on it it must Define two > main properties which is ID and type and it must also valid like > the remaining properties are specified by the type field so in > this example we know that we have a status festering 21 entry the > type and the three types of rather Fields below it status purpose > statuses index in status credential relate to or rather are > defined in the stands for students. > Kayode Ezike: T10 tree. > Dmitri Zagidulin: Toyota quick question I do we want to wait > till the end for questions or do you want to encourage people to. > Dmitri Zagidulin: If they encounter something or when I ask > questions about each slide to raise their hand. > Kayode Ezike: I'm happy to take questions as they come up. > Kayode Ezike: Is it just the two Fields so the state-of-the-art. > Kayode Ezike: There have been a lot of great work and done in > sequential status space and one of the early conceptions of this > or examples of this came in 2018 from hyper legit Indy via their > HIV ew1 one penetration spec and they use a bunch of cool > technology cryptographic graphic accumulators to determine which > credentials have been revoked and interestingly enough I learned > in the suspect that it seems that this actually is. > Kayode Ezike: Predates to know now have medication. > Kayode Ezike: Like I found to be interesting and a couple years > later the ccg would develop a speck of their own via the > revocation list 2020 spec and soon after be a refined version and > the status was 20 21 spec which sort of granted a more General > notion of status that goes beyond just a vacation but also > support system suspension and other forms of criminal status. > Kayode Ezike: Next please and the most for all these > specifications all right one more back sorry. > Kayode Ezike: So this is the this point on hosting so for any > all these specifications is important for verifiers to be able to > to check this the status of the credential somehow right and the > most obvious way to do this is to host the resources and in a > public location namely a distributed Ledger or a short controlled > website. > Kayode Ezike: Any questions here. > Kayode Ezike: You can move on next slide please. > Kerri Lemoie: No questions yet sure. > Kayode Ezike: Great so I want to talk to you all about status > list 20 21 this is the suspect that we use in our design and the > it's one of the more advanced specs out there and in my opinion > and this is examples of the left what you see is a credential > from a couple slides ago so nothing new here yet we have > verifiable credential had the credential status on it and it has. > Kayode Ezike: As all the fields that we discussed earlier. > Kayode Ezike: Now if you pay attention to the key in on the > status purpose status index and Status credential properties > these are the properties that are introduced by the status least > 2021 spec the first of these properties is the most self > explanatory this is saying that. > Kayode Ezike: The issuer. > Kayode Ezike: Acting this type of status for this credential so > for verifier when they want to verify the status of the > credential this is the information that they will learn now the > other two properties are more specific to sort of like are sort > of the meat and potatoes of how this specification works and it > relates to a new resource at the introduced so if you can just go > forward just a couple steps very until you see a new object in > the right. > Kayode Ezike: So this on the right is a status list 2021 > credential and the best way to think about this credential is it > is the credential that manages the status of a batch of multiple > credentials it's not philosophy that one more time but this is a > credential that the issuer manages that tracks a batch of several > different credentials and so what this means if you could just > click one more time Carrie. > Kayode Ezike: So we so. > Kayode Ezike: This was the most important information on this > country is this encoded list value right here and what it is in > the simplest representation you can think of it as a sequence of > characters let's let's say X's and O's that represents the the > status of a credential at that position right and so if the value > let's say the value of that was X it would mean that it is > invalid respect to the status purpose so in other words it is > revoked. > Kayode Ezike: Value is 0 it means that it is valid with. > Kayode Ezike: The words is not revoked and if we go back to the > if you focus again on the left side you will see that the status > list credential property that is just the way for verifiers to > retrieve this credential on the right so it's a public link that > they can access and the status index tells them which position in > that encoded list is represented a represents this credential. > Dmitri Zagidulin: So I want to I want to pause here before we > move on to the next slide I want to make sure everybody absorbs > this so. > Dmitri Zagidulin: I want to make sure everybody understands what > that encoded list is for right because at its at its simplest a > credential status is binary for a given status purpose so like > for a vacation rental is either revoked or it's not so the very > first sort of naive implementations of replication status where > to host a. > Dmitri Zagidulin: Some kind of object. > Dmitri Zagidulin: Either cover fabric credential or something > else that's a revoked or not for each individual credential right > easy so or even before that I think what open badges did is just > publish a plane list of all revoked credential IDs on their > website yeah so you get you get the credential you can go look up > that list to see if it's revoked. > Dmitri Zagidulin: So very easy and we wouldn't be having this > problem I rather this this conversation here except there's a > couple of major major problems there one is privacy that if you > publish a list of remote credentials well you can go see > everybody whose credentials are revoked but an even more > important one is what's known as the phone home problem it's one > of the downsides of Hosting. > Dmitri Zagidulin: An individual status. > Dmitri Zagidulin: Nation for each credential is that whoever is > hosting it covers running that website can track. > Dmitri Zagidulin: Requests can can track how many times and from > where from what IP address is and what time stamp some verifier > is is checking. > Dmitri Zagidulin: Revocation and that that is generally > regarding the community has too much information that that's like > that's not necessary that is a threat so then the reason the > status list spec arose is that okay so if we don't if we don't > want the host whoever's controlling the web whole of the web > server to know each time each individual credential is looked up > why don't we batch it why don't we rely on. > Dmitri Zagidulin: On herd immunity on herd privacy. > Dmitri Zagidulin: And batch a whole bunch of credentials at > random. > Dmitri Zagidulin: And then the verifier can request this whole > batch this this entire credential that has the encoded list that > contains the status of 20 or 100 I forget how many it is. > Dmitri Zagidulin: Potential statuses and that way the request > will be spread out over that entire cohort of credentials and > that way we get her privacy I see David is on the queue. > Kayode Ezike: When you credential is revoked right so when your > credential is revoked this this this French on the right will be > updated the encoded list will be up to such that the bit at that > position I 4 5 6 10 is now 1 or Annex discussed earlier. > Kayode Ezike: Yes yes that comes up I think some question time > so that really I think bows down to the I think we leave that to > the implementers of the their system because that really comes > down to how often how what is it catching sort of system like do > you check every day do you check every hour and the you'd have to > give an essay to the individual using your system to let them > know that this is just going to be valid. > Kayode Ezike: For a given day or for. > Kayode Ezike: Etcetera but I don't think that's something that > this back tries to address or to solve. > Kerri Lemoie: Give me three. > Dmitri Zagidulin: If I may add to that so the cache control is > left to the individual protocol meaning because this particular > credential is held over http. > Dmitri Zagidulin: His publishing the status list can rely on > HTTP cache control directives meaning each time the verifier > sends an HTTP get for this status credential one of the headers > in the response says only cash this for an hour meaning we're > going to we're going to renew this thing every hour and that way > the verifier knows how long to cash it right so we get that the > caching mechanism for free with HTTP so we don't need to put in. > Dmitri Zagidulin: An explicit. > Dmitri Zagidulin: Potential now if we were if the URL of the > status of protection was not HTTP was what some other was ipfs or > some other method that doesn't come with cache-control metadata > then you're right David we should include an expires field in the > statuses credential. > Kayode Ezike: Okay thank you. > Kerri Lemoie: No more questions for now Kayode if you want to go > ahead. > Kayode Ezike: Thank you for question is David and I'm great > thanks for getting ahead of me Michelle's going to get into the > herd privacy notion which is I think one of the main benefits of > the specification which is just to reiterate when a verifier is > interested in learning about the status of a credential they are > only communicating to the issuer that they're interested in a > subset of credentials that they manage not in a specific one so > it keeps the issuer away from fine-grained details about how a > specific. > Kayode Ezike: Potential is being used and if you just. > Kayode Ezike: Or just one. > Kayode Ezike: Thank you this is a digital representation just > the visual Learners out there the green slots represent the valid > credentials with respect to the purpose so I'm revoked and events > Lots represent the invalid by evoked credentials. > Kayode Ezike: Next slide please. > Kayode Ezike: So we have a number of goals that we were > considering what we designed our country stars infrastructure the > main governing goal is that we wanted to simplify the deployment > for issuers of the printer status infrastructure and we do this > by leveraging third-party services for the storage and > optimization of grantor status resources and the great thing > about this is that we're kind of meeting is adjourned. > Kayode Ezike: Is worth where they are right. > Kayode Ezike: Allowing them to use a familiar hosting service > and and also providing potential path to switch between services. > Kayode Ezike: So if we can step ahead just one slide. > Kayode Ezike: We'll get into the solution. > Kayode Ezike: So we again decided to use a static list 2021 > specification and feel free to consult the design doc at that > link and the whole conclusion I think this is really where we > innovate and we decided to use Source control services such as > GitHub get lab and code Berg and we also support issuer hosted > websites traditionally and so what this allows us to do again is > we. > Kayode Ezike: It's a biscuit. > Kayode Ezike: Like that organizations already use these services > to host their code and and also these Services often provide > developers with oauth tokens that they can use to access apis of > these services to update resources and so why don't we just use > this these services to help issuers manage their current status > lists and metadata associated with it. > Kayode Ezike: Any questions here. > Kayode Ezike: To reload it. > Kerri Lemoie: Any chance has an adversity. > Dmitri Zagidulin: Yeah if I could just add a couple more words > so I want you I want you to everybody to picture the the very > specific conversation the very specific problem the solves. > Dmitri Zagidulin: As okay we're issuing credential great can we > add revocation sure why not what's a good spec what we've got > this status list 2021 spec okay then engineering how hard of a > lift is this to add this to our system how many hours before you > can add revocation to to our issuer and that's where the real > problem starts because hosting a file on a website that b is easy > the really difficult part which is what makes okay. > Dmitri Zagidulin: It is work so. > Dmitri Zagidulin: Difficult Park is part is adding the user > interface and specifically adding permissions to who is allowed > to edit who's allowed to revoke the the credential right so the > spec gives us the data model gives us the protocol the mechanisms > very easy what's really not easy and what shoots up the > implementation time in too many weeks not to mention like really > hard requirement Gathering is. > Dmitri Zagidulin: Delegation the chain of command of. > <xander> I don’t think you can set http cache control headers on > GitHub-hosted files. > Dmitri Zagidulin: Okay so you know how do we model the trust and > permission hierarchy of a particular University down to the > registrar and then how does it register our delegate individual > officers to be able to hit the button to flip that bit for for > the file to be updated so the the the main Innovation here is the > realization that. > Dmitri Zagidulin: Because permission control and and login > systems and graphical user interface is the hardest part about > this can we Outsource it to somewhere else and the realization > was made oh get hosting organizations like GitHub and get lab and > code Berg already provide all of that they provide the permission > systems the login systems they produce institutions are familiar > with setting up Gap GitHub organizations all of that. > Dmitri Zagidulin: Stuff is worked out for us why don't we reuse > it. > Dmitri Zagidulin: Geico I'll go ahead Gary. > Kerri Lemoie: One question I'm asking these are all my be > hosting Services could someone just use get for this on its own > without using GitHub get lab and or code Berg. > Dmitri Zagidulin: So the the question with get is always which > protocol will get use right because get has SSH it has HTTP and > it has a number of other protocols words hosted so some server on > the cloud has to be running it gets server. > Dmitri Zagidulin: So can you use get a loan sort of it requires > a get server in a good client. > Kerri Lemoie: I think so Xander. > Xander: I guess I have to have you spoken before so I'll just > quickly I'm the security lead for the pocket team just wanted to > follow up on David's question real quick so the idea there was > that you were going to rely on HTTP cache control headers to set > the expiry time for a different certificate right but you're also > talking about using services like GitHub to do the hosting I > don't believe that you can set the expired header value if you're > using a service like that. > Xander: So that they. > Dmitri Zagidulin: And that's that's a very good point. > Xander: You may need to put that you may need to put the time > value on the file done. > Kayode Ezike: Right yeah that's a good description that we can > we start to use these third party dresses I think there's > different levels of access that they are each provide and I'm > sure maybe like if you have a paid account that makes a > difference as to how much you could control but I think largely > you make a good point and. > Xander: I don't think so I got used the Enterprise version before > I think basically if you're using GitHub to host files like get > on pages or whatever they really handle everything and you don't > get access to that level. > Xander: It may be worth looking into. > <dmitri_zagidulin> that seems like a good motivation to clarify > (in the status list spec) the recommendation of always having > expiration timestamps > Kerri Lemoie: Yeah time in the queue tell jump in real quick > that's an excellent point and I know you haven't actually I'm let > you get into like how you doing this so maybe I'm jumping the gun > here Harry I'm sorry if I am but um are you considering using > just as part of this because just get versioned which is > something to consider okay that's the comment there but yeah. > Kayode Ezike: This is this is for like the accident the location > of us for example. > Kayode Ezike: Yes it's something like this came up actually you > kind of hear made great recommendation at some point about > something like that where you would because get help for example > has a way for you to use a link that it's post using GitHub Pages > you can also use a link to the file directly that doesn't rely on > GitHub pages but I would imagine that the. > Kayode Ezike: Might be a rat. > Kerri Lemoie: > > https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists > Kayode Ezike: He got distracted the same way in that case as > well in terms of controlling what the cache mechanism is like so > yeah that would be something to explore but the good thing I'll > show you a little bit later how some of these things can be > customized for different status clients of different services and > there's a way to add flexibility for for that. > <kerri_lemoie> Link above to info about gists. > Kayode Ezike: Again to that little bit. > Kayode Ezike: There are no other questions can move on to the > next slide. > Kayode Ezike: Great so this is a sort of a visual representation > of the architecture that we have issue admin who presumably would > already have the permissions that they need inside of a example > with GitHub organization so they already have access to create > read and write data to Repose in the organization and if you > click ahead. > Kayode Ezike: So this. > Kayode Ezike: This actor would be able to hit the credential > status and point of a VC API instance which allows them to update > the status EG revoke a credential. > Kayode Ezike: More step and then ultimately that enables them to > create read and update data in these different services. > Kayode Ezike: So before we move on to a demo wanted to show a > little bit of code and so this is the main sort of class that we > Implement to with this code and so there's this tells subclasses > different methods that they need to implement for them to be > valid printer status clients and so for example you need to > provide a base URL that can be used to reference the printer > status information you need to. > Kayode Ezike: Boo the client too. > Kayode Ezike: That is people from from the code need to enable > them to read and write status list and log data in config data so > as long as the subclasses can Implement these abstract methods > and they're valid client and so if you can step forward this one > step please carry will see that in this example GitHub a cultural > status client for their get credentialed status URL you notice > that there is a GitHub that I owe their meaning that. > Kayode Ezike: Using GitHub pages but this is also the place > where. > Kayode Ezike: I could use a distance that or URL that points > directly to the file and there's also we also are using the > octave kit Library a popular GitHub SDK to update and read > information from the repo which obviously would look different > for different services. > Kayode Ezike: Any questions about this. > Kerri Lemoie: I think we're good once you go ahead. > Kayode Ezike: So we're just going to get into a demo now just > step forward one and taxes and maybe that's going to come to my > email or something. > Kayode Ezike: Probably going to email about that 17. > Dmitri Zagidulin: Karen thank you have to hit request again on > the subsequent page. > Kerri Lemoie: Let me know when it's all set Katie I'll refresh > it. > Kayode Ezike: Yeah it is I just shared it. > Kayode Ezike: The volume on. > Kerri Lemoie: Were you able to hear the volume when I get out. > Kerri Lemoie: Dimitri do you know how to make that work. > Kerri Lemoie: Yep that's share audio. > Dmitri Zagidulin: In the settings so if you go to the 3 3. Menu > at the bottom settings there is yeah share out the others share > audio checkbox. > Kerri Lemoie: Thanks your patience everybody but I'm getting > there. > Kerri Lemoie: All right let me try that again it doesn't work > Katie you could just walk us through it. > <kerri_lemoie> Can you hear? > Dmitri Zagidulin: Now that doesn't seem to be coming through so > we can encourage people to watch since we we pasted the link to > the slide deck everybody can watch the video on the demo on their > own. > Dmitri Zagidulin: But you can you can describe what when it's > done. > Kerri Lemoie: We're going to start over and you can just sort of > walk us through what's happening. > Kayode Ezike: Sure I mean it's a recorded a demo but effectively > what we were demonstrating is requesting a credential from our > version of V Capi importing that into DC learner wallet and then > from there we kind of show you throughout the whole process > called the repo is updating and so the GitHub repos I'm using a > demo and and then we revoke the credential. > Kayode Ezike: Again from the VCA Pi you show you the. > Kayode Ezike: Two then rebuild me also show you. > Kayode Ezike: That in the wallet and now shows that the > credential is revoked. > Kayode Ezike: Again it's you should be able to view that video > in the presentation but that's effectively what's going on. > Kayode Ezike: So that was the last of it actually so if there's > any questions or feedback I'm happy to take in you David go > ahead. > Kayode Ezike: Oh so so the so the credential continues to have > the same the credential never changes per se it's the information > at at least the credential that the holder controls is the > credential that the status could ensure that managers know that > has been coded list value that manages multiple credentials is > that one that will be shuffled and change as a credentials are > revoked suspended. > Dmitri Zagidulin: Can I can I jump in here as well. > <nate_otto_(another_device)> Nah. credential.id is optional in VC > Data model anyway. Reissuing the same one doesn't violate it. > Dmitri Zagidulin: So David you're proposing or what you're > saying is essentially if we required verifiable credentials to be > content addressable so that every time the content of a > verifiable potential change the ID has to change but the v-spec > does not actually have that requirement you are you are in this > very frequently done allowed to publish credentials with the same > ID while their contents changes for example if you reuse. > Dmitri Zagidulin: Issue it and then. > Dmitri Zagidulin: Timestamp or a different signature so that is > that is not a requirement in this back. > Kerri Lemoie: I'm to add to that question sort of who may be > briefly talk about the difference between credential status list > and also credential refresh carrier to meet you would you mind > explaining that are both of you. > Dmitri Zagidulin: Shark a candidate doing on go ahead. > Kayode Ezike: How can I just ask this versus credential > refreshing scent. > Kerri Lemoie: CredentialRefresh: > https://w3c-ccg.github.io/vc-refresh-2021/ > Kayode Ezike: Yeah so my understanding generally is that > subconscious has what we discussed here which is that the issuer > manages a publicly accessible resource that allows verifiers to > check the status of the repo or rather the other credential for > the route for the refresh service my understanding is that > whenever if that is not provided the issuer exposes an endpoint > that. > Kayode Ezike: Allows it that allows. > Kayode Ezike: Verifiers to to refresh the credentials whenever > it has rather just to be able to refresh it whenever I would ever > Cadence in the seems reasonable that's generally how I understand > it but I'm happy to allow for any other discussion on that as > well. > Dmitri Zagidulin: Yeah so the refresh spec. > Dmitri Zagidulin: Complementary to the expiration mechanism so I > have my driver's license is good for four years what happens when > it expires up to four years the refresh spec basically describes > the credential version of oh I have to take the old one into the > drive the Bureau of Motor Vehicles on the issue me a new one so. > Dmitri Zagidulin: Both the status and the refresh exist > alongside each other and in fact some of the some of our example > specs have both or if you look at examples in open badges version > 3 spec a lot of the verify the credentials their have both a > status list section and a refresh section. > Kerri Lemoie: Thanks anybody else have any questions about this. > Kerri Lemoie: Or any other points they'd like to make about the > status and how this works. > Kerri Lemoie: I bet I have a question for all of you is there > anybody here who has implemented credential status and like to > tell us about how they're using it and how they've implemented > it. > Kerri Lemoie: Okay Patti really appreciated that I see so many Q > Jonathan the floor. > Dmitri Zagidulin: Anthony might be muted. > Kerri Lemoie: Yeah you can't hear your Jonathan if you're > speaking. > Jonathan_Bethune: Okay is that. > Dmitri Zagidulin: If you have like an additional Hardware mute > on your mic maybe yes better yeah. > Kerri Lemoie: Yep they are to thank you. > <kerri_lemoie> Link to presentation: > > https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo/edit#slide=id.g143e60161fc_0_35 > Jonathan_Bethune: Better I was using one earpod and it's the one > that's dead so okay sorry about that so real quick by way of > introduction I think I've spoken much my name is Jonathan and the > engineering manager for pocket colleague of Xander who spoke a > little while ago just real quick I was wondering if there was a > way to get a link to the presentation and actually had a lot of > discussion internally about the X and we're just wanted to look > into a little. > Kayode Ezike: Sure yeah definitely can share that. > <phil_l_(p1)> Nate's Comment: > Jonathan_Bethune: There we go oh that's fast okay let me well I > actually didn't get the click on it we just grabbed it's in the > chat right there we go. > Kerri Lemoie: Yeah it's going up a little bit the chat moves > pretty fast because of the transcription. > <phil_l_(p1)> Good point Nate. > Jonathan_Bethune: Yeah got it alright thank you. > Kerri Lemoie: Okay if no one has anything else okay did you have > anything else you would like to add. > Kayode Ezike: That was that was everything I just thank you all > for your time and yeah we're continuing to refine this this work > and we primarily are supporting GitHub and get lab the moment and > working on some of the other services as well so just happy to > have this opportunity and thank you all again for there for > discussion. > Kerri Lemoie: Yeah thank you very much. > Dmitri Zagidulin: And if I can add so if. > Dmitri Zagidulin: If anybody has questions about this work > please send an email to the VC edu mailing list or if you're free > to contact KO myself directly the code code is free it references > an open spec we encourage everybody to join in the conversation. > Kerri Lemoie: Hip and actually seen my hush you have killed > yourself up. > https://imsglobal.github.io/openbadges-specification/ob_v3p0.html > Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly > unrelated here but more on the open badges 3.0 spec I've been > trying to get hold of it and I seem to be pay bald by this IMS > Global if somebody has that and can make the open badges 30 spec > which is publicly visible I would appreciate it thank you. > https://www.imsglobal.org/spec/ob/latest/main/ > Kerri Lemoie: I can grab that link for you give me one second > here tell Ted you're in the queue your the floor. > <kerri_lemoie> Open Badges 3.0 spec: > https://imsglobal.github.io/openbadges-specification/ob_v3p0.html > TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just > following up on responding to David's question about the unique > identifier for each credential in the same way that a URI is > expected to be stable that is that is the stability that we mean > for the ID in these verifiable credentials URI is always meant to > name the same thing which doesn't mean that it the thing it names > stays the same forever. > TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like > your name always means you, but your contents don't stay the same > forever. > <dmitri_zagidulin> thx Ted! > Kerri Lemoie: Hey Alec it is empty and listen no one has > anything else we have a few minutes left so we could end the call > here give another Med see if anybody has anything otherwise I > hope you all have a great week and I will see you next week. > <phil_l_(p1)> Nice preso! > Kayode Ezike: Cheers thank you. > Dmitri Zagidulin: Thanks KO day thanks everyone. > <elizabeth_miller> Thank you! > Kerri Lemoie: Thank you headed. > <john_kuo> Thanks, great discussion > > > -- *Snorre Lothar von Gohren Edwin* Co-Founder & CTO, Diwala +47 411 611 94 www.diwala.io <http://www.diwala.io/> *Stay on top of Diwala news on social media! **Facebook <https://www.facebook.com/diwalaorg>** / **LinkedIn <https://www.linkedin.com/company/diwala>** / **Instagram <https://www.instagram.com/diwala_/>** / **Twitter <https://twitter.com/Diwala>*
Received on Thursday, 18 August 2022 07:04:18 UTC