- From: Kayode Ezike <kezike13@gmail.com>
- Date: Thu, 18 Aug 2022 10:16:37 -0400
- To: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAPXfD679Kyf2Z2jzk=Ln+=ruYZvABqH1JW5N3CSSFRz3TnUd8A@mail.gmail.com>
Hi Snorre, Yes, there are a number of useful resources to note. Here are a few: - Definition of credential status in VC Data Model specification: https://w3c.github.io/vc-data-model/#status - Status List 2021 specification: https://w3c-ccg.github.io/vc-status-list-2021 - Status List 2021 implementation: https://github.com/digitalbazaar/vc-status-list (react-native-compliant fork: https://github.com/digitalcredentials/vc-status-list) Hope this helps and happy to provide more context as needed! Kayode On Thu, Aug 18, 2022 at 3:07 AM Snorre Lothar von Gohren Edwin < snorre@diwala.io> wrote: > Great! In the agenda and its main topic, this sentence is mentioned > "Thanks to the great work of key stakeholders in the identity standards > and developer community, we now have emerging specifications and great > tooling for (1) issuers to manage the status of their credentials and (2) > verifiers to check key status info, such as revocation and suspension." Are > there any meetings, documents or anything that can be looked at to get some > insight about this statement :D > ᐧ > > On Wed, Aug 17, 2022 at 8:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> > wrote: > >> Thanks to Our Robot Overlords for scribing this week! >> >> The transcript for the call is now available here: >> >> https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/ >> >> Full text of the discussion follows for W3C archival purposes. >> Audio of the meeting is available at the following location: >> >> https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/audio.ogg >> >> ---------------------------------------------------------------- >> VC for Education Task Force Transcript for 2022-08-15 >> >> Agenda: >> https://lists.w3.org/Archives/Public/public-vc-edu/2022Aug/0005.html >> Topics: >> 1. IP Note >> 2. Call Notes >> 3. Introductions & Reintroductions >> 4. Announcements >> 5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential >> Status WOrk >> Organizer: >> Kerri Lemoie >> Scribe: >> Our Robot Overlords >> Present: >> Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune, >> David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck, >> Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe >> Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan - >> pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri >> Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar >> Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young, >> Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), >> Allyson Parco, Eric Shepherd, Phil L (P1) >> >> Our Robot Overlords are scribing. >> Kerri Lemoie: Hello everybody Welcome to the August 15th BC edu >> call today our main topic will be on credential status kod a DK >> from MIT digital credential Consortium is going to present us on >> some of the latest work that he's been doing on that over there >> and we can pour we get started with that let's go through a few >> boilerplate items first is IP note everybody for anyone. >> >> Topic: IP Note >> >> Kerri Lemoie: Came to speed in these calls how any. >> <kerri_lemoie> create an account: >> https://www.w3.org/accounts/request >> Kerri Lemoie: You substitute of contributions to any of the ccg >> work items must be done by members of the ccg with full IP are >> agreements signed and to do that you can create an account at w3c >> and put this in the chat for you and then also use this link to >> join the ccg. >> <kerri_lemoie> join the CCG: >> https://www.w3.org/community/credentials/join >> >> Topic: Call Notes >> >> Kerri Lemoie: Hey second All call notes for this call are >> recorded and there are minutes being taken by are called our >> robot Overlord is do the transcription I wish you'll see in the >> chat we are also doing a Wheels do a video recording of This call >> which can be found later we can send out if you need it so coyote >> will have some slides today so it'll be nice to have that >> recorded we use a cue system. >> Kerri Lemoie: To to ask questions and participate. >> Kerri Lemoie: Conversation so if you would have a question or >> would like to say something please kill yourself first you do >> that by putting a q+ and the chat just like I did there you could >> also do to U plus and then say a note about something you want to >> say and that lets us know if you're responding to something >> that's being said right away so we know when to pull you into the >> conversation so that is very helpful and then to remove yourself >> from the queue just uq-. >> Kerri Lemoie: And we get something. >> Kerri Lemoie: They did that wrong okay remove something from the >> queue okay. >> Kerri Lemoie: Because the floor all right when I say we hit q- >> we're actually looking to see who is in the queue. >> >> Topic: Introductions & Reintroductions >> >> Kerri Lemoie: Okay next let's do some introductions and >> reintroductions is there anybody here joining us today for the >> first time that I would like to introduce themselves or anybody >> who's been here for a while and I would just like to say hello >> again and let us know a little bit about something they're >> working on if so go ahead and put yourself in the queue. >> Kerri Lemoie: Yeah I'm going to queue myself up real quick here >> one thing I haven't mentioned is that I started a new role at the >> beginning of August I have the digital credential contortion so >> I'm going to be there director of Technology it doesn't really >> change much for BC I do I will still be here doing all of that >> work because the DCC has made her is really been backing all of >> this work and really significant way making sure that we have >> this open Community to work and so I'm really happy to be able to >> continue the. >> Kerri Lemoie: Work there and help to do what I want to do which >> is in. >> <deb_everhart_(credential_engine)> congrats Kerri! >> Kerri Lemoie: Adoption understanding of verifiable credentials >> that had that has been my my shift recently. >> >> Topic: Announcements >> >> <kerri_lemoie> VC email list: >> https://lists.w3.org/Archives/Public/public-vc-edu/ >> Kerri Lemoie: There's no other introduction to reintroductions >> next we have announcements and reminders one is that if you >> haven't joined it yet we do have an email list and I met email >> this can be joined by going here put this in the chat for you so >> we have it in our notes later. >> Kerri Lemoie: The great list to join you don't have to be >> necessarily technical drawing this or you work on technical >> projects if you just want to stay in the loop on what's going on >> in Education and Training and achievement credentials that's the >> list to join this is where we try to have all those >> conversations. >> Kerri Lemoie: And the other announcement that I have is that >> tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the >> weekly ccg meeting. >> Kerri Lemoie: They recommend doing that as much as you possibly >> can to learn what's going on in the community as a whole. >> Kerri Lemoie: Does anybody else have any announcements or >> anything they'd like to share. >> Kerri Lemoie: It's the money I see that you just joined us would >> you be interested in telling folks about our next week's call >> will be about it sounds really great. >> Simone Ravaoli: Yes hi hello everyone I hope you can hear me so >> we are going to have as a guest get anything on this sea of >> Gattaca Gattaca is a nest site a company based out of Spain and >> they've been involved in the end building and implementing all >> the ab c-- specification so that's that would be the European >> blockchain service infrastructure particularly they have been >> looking into version 2 of. >> Simone Ravaoli: Of the did method did. >> Simone Ravaoli: And they've risked to share some Reflections >> around what is the difference between version 1 and 2 and some of >> the implications that version 2 has with regards to privacy >> regulations in Europe also known as GDP are but they are a >> Community member that has really just been doing a lot of work >> from Europe and so that would be I think an interesting update >> from what's Happening outside of North America. >> Kerri Lemoie: Thank you so much that sounds great I'm really >> looking forward to it okay anybody else have anything else before >> we move on to our main topic. >> >> Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status >> WOrk >> >> Kerri Lemoie: Okay why don't I then introduce Kayode. Kayode is >> working on this great project related to credential status he's >> working on making it possible for issuers to manage the status of >> their credentials and for verifiers to check status info, >> especially a revocation or suspension so he's going to show you >> some of his work today and then feel free to ask questions and >> then we can see what we can learn about it well. >> Kerri Lemoie: Tim Kennedy. >> Kayode Ezike: Slides: >> >> https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo >> Kayode Ezike: Thank you thank you characters interesting here's >> the link to the presentation that be using for today I know we >> generally do not show video for van with purposes I would do that >> really quickly just to introduce myself and turn off every but >> this guy is he gay again and brief introduction is that I've been >> involved with digital credentials since around 2018 but that time >> that I began my master's program around proper credentials and >> personal data storage management. >> Kayode Ezike: Since then I've been contributing to number of >> Open Source projects. >> Kayode Ezike: Optical pulse of my own and these days I primarily >> support the digital credentials Consortium through MIT as well as >> Gobekli which is the startup it's also doing great work in this >> space so thank you for having me and I'll put up my screen so >> that an alternative you'll see how can see we have. >> Kerri Lemoie: Kayode I'll keep an eye on the chat for you. >> Kayode Ezike: Thank you okay so. >> Kayode Ezike: If explosion one second. >> Kayode Ezike: Spell with me. >> Kayode Ezike: Okay I think if I try none. >> Kerri Lemoie: Not yet not yet nope. >> Kayode Ezike: Are you able to see my screen now. >> Dmitri Zagidulin: If you're transmitting from a Mac there you >> might need to update the permissions in the control center which >> means you have to restart the browser and redrawing. >> Kayode Ezike: But you're trying to do something like that but it >> was it. >> Dmitri Zagidulin: One of us can also. >> Dmitri Zagidulin: Screen share the slides and just thanks Kerry. >> Kerri Lemoie: Yeah I can do that that's true. >> Dmitri Zagidulin: I'll probably be faster chaotic. >> Dmitri Zagidulin: Say next slide. >> Kerri Lemoie: Yeah just let me know in and we pull it up here >> hold on one second. >> Kayode Ezike: Animations hopefully syncs >> Kerri Lemoie: I am just clearing everything out of the way here >> on the way everybody's happy about the desert play. >> Kerri Lemoie: Okay can you see. >> Dmitri Zagidulin: Yep we can see your screen. >> Kerri Lemoie: To be this clarity. >> Kayode Ezike: Great yes I can see. >> Kerri Lemoie: Oh there you are okay you can see the head you can >> take it from here now just let me know when you want to move to >> the next slide. >> Kayode Ezike: Awesome thank you Kerry so today we'll be >> discussing a topic I was cussing to what that would get a >> credential status hosting and for scare anybody away this is not >> a new specification for credential status is more so concerning >> ourselves with how can we help issuers to expedite their >> deployment of criticized infrastructure by leveraging familiar >> services to them and and hence sort of taking care of it. >> Kayode Ezike: Origin authorization concerns that. >> Kayode Ezike: To them and so this in terms of what we're >> discussing today I'll be giving a brief background of the topic >> and we'll be going through a bit of the state-of-the-art who tell >> you what our goals were let me Design This solution as well as >> what the actual solution is will then show you a little bit of >> code before you show you the demo of what we've done. >> Kayode Ezike: Granger status management has been around for some >> time and one of the earliest conceptions of it really came from >> certificate authorities with the notion of certificate revocation >> lists which is a list of certificates that an issuer has revoked >> prior to its from its expiry and that is sort of the the main >> model that we think about in this space when we think about >> country status management. >> Kayode Ezike: Generally we think about a resource that is >> managed by an issuer that informed the public about the state of >> outstanding credentials and there's been a lot of work done in >> this space over the years in terms of Standards development and >> developer tools for how to manage the status of these credentials >> as well as how to verify the information on them such as >> revocation or suspension however storage and authorization have >> kind of. >> Kayode Ezike: Been left out of scope largely and. >> Kayode Ezike: Good that it would be great if we can simplify >> that for issuers and their deployments. >> Kayode Ezike: Thank you so next slide great so I want to give a >> quick definition of printer status according to the v-spec mental >> status is an object value property that enables the discovery of >> information about the current status of the verifiable credential >> such as whether it is suspended or revoked. >> Kayode Ezike: So in other words now before we go on another >> words it gives consumers of this credential and idea of the >> issuer's view of the current validity of a credential next please >> so here on the right we have an example of a verifiable >> credential that has a special status property on it but one thing >> to know is that it is an optional value so you not every verify. >> Kayode Ezike: Krista have this field on it. >> Kayode Ezike: If it does have the field on it it must Define two >> main properties which is ID and type and it must also valid like >> the remaining properties are specified by the type field so in >> this example we know that we have a status festering 21 entry the >> type and the three types of rather Fields below it status purpose >> statuses index in status credential relate to or rather are >> defined in the stands for students. >> Kayode Ezike: T10 tree. >> Dmitri Zagidulin: Toyota quick question I do we want to wait >> till the end for questions or do you want to encourage people to. >> Dmitri Zagidulin: If they encounter something or when I ask >> questions about each slide to raise their hand. >> Kayode Ezike: I'm happy to take questions as they come up. >> Kayode Ezike: Is it just the two Fields so the state-of-the-art. >> Kayode Ezike: There have been a lot of great work and done in >> sequential status space and one of the early conceptions of this >> or examples of this came in 2018 from hyper legit Indy via their >> HIV ew1 one penetration spec and they use a bunch of cool >> technology cryptographic graphic accumulators to determine which >> credentials have been revoked and interestingly enough I learned >> in the suspect that it seems that this actually is. >> Kayode Ezike: Predates to know now have medication. >> Kayode Ezike: Like I found to be interesting and a couple years >> later the ccg would develop a speck of their own via the >> revocation list 2020 spec and soon after be a refined version and >> the status was 20 21 spec which sort of granted a more General >> notion of status that goes beyond just a vacation but also >> support system suspension and other forms of criminal status. >> Kayode Ezike: Next please and the most for all these >> specifications all right one more back sorry. >> Kayode Ezike: So this is the this point on hosting so for any >> all these specifications is important for verifiers to be able to >> to check this the status of the credential somehow right and the >> most obvious way to do this is to host the resources and in a >> public location namely a distributed Ledger or a short controlled >> website. >> Kayode Ezike: Any questions here. >> Kayode Ezike: You can move on next slide please. >> Kerri Lemoie: No questions yet sure. >> Kayode Ezike: Great so I want to talk to you all about status >> list 20 21 this is the suspect that we use in our design and the >> it's one of the more advanced specs out there and in my opinion >> and this is examples of the left what you see is a credential >> from a couple slides ago so nothing new here yet we have >> verifiable credential had the credential status on it and it has. >> Kayode Ezike: As all the fields that we discussed earlier. >> Kayode Ezike: Now if you pay attention to the key in on the >> status purpose status index and Status credential properties >> these are the properties that are introduced by the status least >> 2021 spec the first of these properties is the most self >> explanatory this is saying that. >> Kayode Ezike: The issuer. >> Kayode Ezike: Acting this type of status for this credential so >> for verifier when they want to verify the status of the >> credential this is the information that they will learn now the >> other two properties are more specific to sort of like are sort >> of the meat and potatoes of how this specification works and it >> relates to a new resource at the introduced so if you can just go >> forward just a couple steps very until you see a new object in >> the right. >> Kayode Ezike: So this on the right is a status list 2021 >> credential and the best way to think about this credential is it >> is the credential that manages the status of a batch of multiple >> credentials it's not philosophy that one more time but this is a >> credential that the issuer manages that tracks a batch of several >> different credentials and so what this means if you could just >> click one more time Carrie. >> Kayode Ezike: So we so. >> Kayode Ezike: This was the most important information on this >> country is this encoded list value right here and what it is in >> the simplest representation you can think of it as a sequence of >> characters let's let's say X's and O's that represents the the >> status of a credential at that position right and so if the value >> let's say the value of that was X it would mean that it is >> invalid respect to the status purpose so in other words it is >> revoked. >> Kayode Ezike: Value is 0 it means that it is valid with. >> Kayode Ezike: The words is not revoked and if we go back to the >> if you focus again on the left side you will see that the status >> list credential property that is just the way for verifiers to >> retrieve this credential on the right so it's a public link that >> they can access and the status index tells them which position in >> that encoded list is represented a represents this credential. >> Dmitri Zagidulin: So I want to I want to pause here before we >> move on to the next slide I want to make sure everybody absorbs >> this so. >> Dmitri Zagidulin: I want to make sure everybody understands what >> that encoded list is for right because at its at its simplest a >> credential status is binary for a given status purpose so like >> for a vacation rental is either revoked or it's not so the very >> first sort of naive implementations of replication status where >> to host a. >> Dmitri Zagidulin: Some kind of object. >> Dmitri Zagidulin: Either cover fabric credential or something >> else that's a revoked or not for each individual credential right >> easy so or even before that I think what open badges did is just >> publish a plane list of all revoked credential IDs on their >> website yeah so you get you get the credential you can go look up >> that list to see if it's revoked. >> Dmitri Zagidulin: So very easy and we wouldn't be having this >> problem I rather this this conversation here except there's a >> couple of major major problems there one is privacy that if you >> publish a list of remote credentials well you can go see >> everybody whose credentials are revoked but an even more >> important one is what's known as the phone home problem it's one >> of the downsides of Hosting. >> Dmitri Zagidulin: An individual status. >> Dmitri Zagidulin: Nation for each credential is that whoever is >> hosting it covers running that website can track. >> Dmitri Zagidulin: Requests can can track how many times and from >> where from what IP address is and what time stamp some verifier >> is is checking. >> Dmitri Zagidulin: Revocation and that that is generally >> regarding the community has too much information that that's like >> that's not necessary that is a threat so then the reason the >> status list spec arose is that okay so if we don't if we don't >> want the host whoever's controlling the web whole of the web >> server to know each time each individual credential is looked up >> why don't we batch it why don't we rely on. >> Dmitri Zagidulin: On herd immunity on herd privacy. >> Dmitri Zagidulin: And batch a whole bunch of credentials at >> random. >> Dmitri Zagidulin: And then the verifier can request this whole >> batch this this entire credential that has the encoded list that >> contains the status of 20 or 100 I forget how many it is. >> Dmitri Zagidulin: Potential statuses and that way the request >> will be spread out over that entire cohort of credentials and >> that way we get her privacy I see David is on the queue. >> Kayode Ezike: When you credential is revoked right so when your >> credential is revoked this this this French on the right will be >> updated the encoded list will be up to such that the bit at that >> position I 4 5 6 10 is now 1 or Annex discussed earlier. >> Kayode Ezike: Yes yes that comes up I think some question time >> so that really I think bows down to the I think we leave that to >> the implementers of the their system because that really comes >> down to how often how what is it catching sort of system like do >> you check every day do you check every hour and the you'd have to >> give an essay to the individual using your system to let them >> know that this is just going to be valid. >> Kayode Ezike: For a given day or for. >> Kayode Ezike: Etcetera but I don't think that's something that >> this back tries to address or to solve. >> Kerri Lemoie: Give me three. >> Dmitri Zagidulin: If I may add to that so the cache control is >> left to the individual protocol meaning because this particular >> credential is held over http. >> Dmitri Zagidulin: His publishing the status list can rely on >> HTTP cache control directives meaning each time the verifier >> sends an HTTP get for this status credential one of the headers >> in the response says only cash this for an hour meaning we're >> going to we're going to renew this thing every hour and that way >> the verifier knows how long to cash it right so we get that the >> caching mechanism for free with HTTP so we don't need to put in. >> Dmitri Zagidulin: An explicit. >> Dmitri Zagidulin: Potential now if we were if the URL of the >> status of protection was not HTTP was what some other was ipfs or >> some other method that doesn't come with cache-control metadata >> then you're right David we should include an expires field in the >> statuses credential. >> Kayode Ezike: Okay thank you. >> Kerri Lemoie: No more questions for now Kayode if you want to go >> ahead. >> Kayode Ezike: Thank you for question is David and I'm great >> thanks for getting ahead of me Michelle's going to get into the >> herd privacy notion which is I think one of the main benefits of >> the specification which is just to reiterate when a verifier is >> interested in learning about the status of a credential they are >> only communicating to the issuer that they're interested in a >> subset of credentials that they manage not in a specific one so >> it keeps the issuer away from fine-grained details about how a >> specific. >> Kayode Ezike: Potential is being used and if you just. >> Kayode Ezike: Or just one. >> Kayode Ezike: Thank you this is a digital representation just >> the visual Learners out there the green slots represent the valid >> credentials with respect to the purpose so I'm revoked and events >> Lots represent the invalid by evoked credentials. >> Kayode Ezike: Next slide please. >> Kayode Ezike: So we have a number of goals that we were >> considering what we designed our country stars infrastructure the >> main governing goal is that we wanted to simplify the deployment >> for issuers of the printer status infrastructure and we do this >> by leveraging third-party services for the storage and >> optimization of grantor status resources and the great thing >> about this is that we're kind of meeting is adjourned. >> Kayode Ezike: Is worth where they are right. >> Kayode Ezike: Allowing them to use a familiar hosting service >> and and also providing potential path to switch between services. >> Kayode Ezike: So if we can step ahead just one slide. >> Kayode Ezike: We'll get into the solution. >> Kayode Ezike: So we again decided to use a static list 2021 >> specification and feel free to consult the design doc at that >> link and the whole conclusion I think this is really where we >> innovate and we decided to use Source control services such as >> GitHub get lab and code Berg and we also support issuer hosted >> websites traditionally and so what this allows us to do again is >> we. >> Kayode Ezike: It's a biscuit. >> Kayode Ezike: Like that organizations already use these services >> to host their code and and also these Services often provide >> developers with oauth tokens that they can use to access apis of >> these services to update resources and so why don't we just use >> this these services to help issuers manage their current status >> lists and metadata associated with it. >> Kayode Ezike: Any questions here. >> Kayode Ezike: To reload it. >> Kerri Lemoie: Any chance has an adversity. >> Dmitri Zagidulin: Yeah if I could just add a couple more words >> so I want you I want you to everybody to picture the the very >> specific conversation the very specific problem the solves. >> Dmitri Zagidulin: As okay we're issuing credential great can we >> add revocation sure why not what's a good spec what we've got >> this status list 2021 spec okay then engineering how hard of a >> lift is this to add this to our system how many hours before you >> can add revocation to to our issuer and that's where the real >> problem starts because hosting a file on a website that b is easy >> the really difficult part which is what makes okay. >> Dmitri Zagidulin: It is work so. >> Dmitri Zagidulin: Difficult Park is part is adding the user >> interface and specifically adding permissions to who is allowed >> to edit who's allowed to revoke the the credential right so the >> spec gives us the data model gives us the protocol the mechanisms >> very easy what's really not easy and what shoots up the >> implementation time in too many weeks not to mention like really >> hard requirement Gathering is. >> Dmitri Zagidulin: Delegation the chain of command of. >> <xander> I don’t think you can set http cache control headers on >> GitHub-hosted files. >> Dmitri Zagidulin: Okay so you know how do we model the trust and >> permission hierarchy of a particular University down to the >> registrar and then how does it register our delegate individual >> officers to be able to hit the button to flip that bit for for >> the file to be updated so the the the main Innovation here is the >> realization that. >> Dmitri Zagidulin: Because permission control and and login >> systems and graphical user interface is the hardest part about >> this can we Outsource it to somewhere else and the realization >> was made oh get hosting organizations like GitHub and get lab and >> code Berg already provide all of that they provide the permission >> systems the login systems they produce institutions are familiar >> with setting up Gap GitHub organizations all of that. >> Dmitri Zagidulin: Stuff is worked out for us why don't we reuse >> it. >> Dmitri Zagidulin: Geico I'll go ahead Gary. >> Kerri Lemoie: One question I'm asking these are all my be >> hosting Services could someone just use get for this on its own >> without using GitHub get lab and or code Berg. >> Dmitri Zagidulin: So the the question with get is always which >> protocol will get use right because get has SSH it has HTTP and >> it has a number of other protocols words hosted so some server on >> the cloud has to be running it gets server. >> Dmitri Zagidulin: So can you use get a loan sort of it requires >> a get server in a good client. >> Kerri Lemoie: I think so Xander. >> Xander: I guess I have to have you spoken before so I'll just >> quickly I'm the security lead for the pocket team just wanted to >> follow up on David's question real quick so the idea there was >> that you were going to rely on HTTP cache control headers to set >> the expiry time for a different certificate right but you're also >> talking about using services like GitHub to do the hosting I >> don't believe that you can set the expired header value if you're >> using a service like that. >> Xander: So that they. >> Dmitri Zagidulin: And that's that's a very good point. >> Xander: You may need to put that you may need to put the time >> value on the file done. >> Kayode Ezike: Right yeah that's a good description that we can >> we start to use these third party dresses I think there's >> different levels of access that they are each provide and I'm >> sure maybe like if you have a paid account that makes a >> difference as to how much you could control but I think largely >> you make a good point and. >> Xander: I don't think so I got used the Enterprise version before >> I think basically if you're using GitHub to host files like get >> on pages or whatever they really handle everything and you don't >> get access to that level. >> Xander: It may be worth looking into. >> <dmitri_zagidulin> that seems like a good motivation to clarify >> (in the status list spec) the recommendation of always having >> expiration timestamps >> Kerri Lemoie: Yeah time in the queue tell jump in real quick >> that's an excellent point and I know you haven't actually I'm let >> you get into like how you doing this so maybe I'm jumping the gun >> here Harry I'm sorry if I am but um are you considering using >> just as part of this because just get versioned which is >> something to consider okay that's the comment there but yeah. >> Kayode Ezike: This is this is for like the accident the location >> of us for example. >> Kayode Ezike: Yes it's something like this came up actually you >> kind of hear made great recommendation at some point about >> something like that where you would because get help for example >> has a way for you to use a link that it's post using GitHub Pages >> you can also use a link to the file directly that doesn't rely on >> GitHub pages but I would imagine that the. >> Kayode Ezike: Might be a rat. >> Kerri Lemoie: >> >> https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists >> Kayode Ezike: He got distracted the same way in that case as >> well in terms of controlling what the cache mechanism is like so >> yeah that would be something to explore but the good thing I'll >> show you a little bit later how some of these things can be >> customized for different status clients of different services and >> there's a way to add flexibility for for that. >> <kerri_lemoie> Link above to info about gists. >> Kayode Ezike: Again to that little bit. >> Kayode Ezike: There are no other questions can move on to the >> next slide. >> Kayode Ezike: Great so this is a sort of a visual representation >> of the architecture that we have issue admin who presumably would >> already have the permissions that they need inside of a example >> with GitHub organization so they already have access to create >> read and write data to Repose in the organization and if you >> click ahead. >> Kayode Ezike: So this. >> Kayode Ezike: This actor would be able to hit the credential >> status and point of a VC API instance which allows them to update >> the status EG revoke a credential. >> Kayode Ezike: More step and then ultimately that enables them to >> create read and update data in these different services. >> Kayode Ezike: So before we move on to a demo wanted to show a >> little bit of code and so this is the main sort of class that we >> Implement to with this code and so there's this tells subclasses >> different methods that they need to implement for them to be >> valid printer status clients and so for example you need to >> provide a base URL that can be used to reference the printer >> status information you need to. >> Kayode Ezike: Boo the client too. >> Kayode Ezike: That is people from from the code need to enable >> them to read and write status list and log data in config data so >> as long as the subclasses can Implement these abstract methods >> and they're valid client and so if you can step forward this one >> step please carry will see that in this example GitHub a cultural >> status client for their get credentialed status URL you notice >> that there is a GitHub that I owe their meaning that. >> Kayode Ezike: Using GitHub pages but this is also the place >> where. >> Kayode Ezike: I could use a distance that or URL that points >> directly to the file and there's also we also are using the >> octave kit Library a popular GitHub SDK to update and read >> information from the repo which obviously would look different >> for different services. >> Kayode Ezike: Any questions about this. >> Kerri Lemoie: I think we're good once you go ahead. >> Kayode Ezike: So we're just going to get into a demo now just >> step forward one and taxes and maybe that's going to come to my >> email or something. >> Kayode Ezike: Probably going to email about that 17. >> Dmitri Zagidulin: Karen thank you have to hit request again on >> the subsequent page. >> Kerri Lemoie: Let me know when it's all set Katie I'll refresh >> it. >> Kayode Ezike: Yeah it is I just shared it. >> Kayode Ezike: The volume on. >> Kerri Lemoie: Were you able to hear the volume when I get out. >> Kerri Lemoie: Dimitri do you know how to make that work. >> Kerri Lemoie: Yep that's share audio. >> Dmitri Zagidulin: In the settings so if you go to the 3 3. Menu >> at the bottom settings there is yeah share out the others share >> audio checkbox. >> Kerri Lemoie: Thanks your patience everybody but I'm getting >> there. >> Kerri Lemoie: All right let me try that again it doesn't work >> Katie you could just walk us through it. >> <kerri_lemoie> Can you hear? >> Dmitri Zagidulin: Now that doesn't seem to be coming through so >> we can encourage people to watch since we we pasted the link to >> the slide deck everybody can watch the video on the demo on their >> own. >> Dmitri Zagidulin: But you can you can describe what when it's >> done. >> Kerri Lemoie: We're going to start over and you can just sort of >> walk us through what's happening. >> Kayode Ezike: Sure I mean it's a recorded a demo but effectively >> what we were demonstrating is requesting a credential from our >> version of V Capi importing that into DC learner wallet and then >> from there we kind of show you throughout the whole process >> called the repo is updating and so the GitHub repos I'm using a >> demo and and then we revoke the credential. >> Kayode Ezike: Again from the VCA Pi you show you the. >> Kayode Ezike: Two then rebuild me also show you. >> Kayode Ezike: That in the wallet and now shows that the >> credential is revoked. >> Kayode Ezike: Again it's you should be able to view that video >> in the presentation but that's effectively what's going on. >> Kayode Ezike: So that was the last of it actually so if there's >> any questions or feedback I'm happy to take in you David go >> ahead. >> Kayode Ezike: Oh so so the so the credential continues to have >> the same the credential never changes per se it's the information >> at at least the credential that the holder controls is the >> credential that the status could ensure that managers know that >> has been coded list value that manages multiple credentials is >> that one that will be shuffled and change as a credentials are >> revoked suspended. >> Dmitri Zagidulin: Can I can I jump in here as well. >> <nate_otto_(another_device)> Nah. credential.id is optional in VC >> Data model anyway. Reissuing the same one doesn't violate it. >> Dmitri Zagidulin: So David you're proposing or what you're >> saying is essentially if we required verifiable credentials to be >> content addressable so that every time the content of a >> verifiable potential change the ID has to change but the v-spec >> does not actually have that requirement you are you are in this >> very frequently done allowed to publish credentials with the same >> ID while their contents changes for example if you reuse. >> Dmitri Zagidulin: Issue it and then. >> Dmitri Zagidulin: Timestamp or a different signature so that is >> that is not a requirement in this back. >> Kerri Lemoie: I'm to add to that question sort of who may be >> briefly talk about the difference between credential status list >> and also credential refresh carrier to meet you would you mind >> explaining that are both of you. >> Dmitri Zagidulin: Shark a candidate doing on go ahead. >> Kayode Ezike: How can I just ask this versus credential >> refreshing scent. >> Kerri Lemoie: CredentialRefresh: >> https://w3c-ccg.github.io/vc-refresh-2021/ >> Kayode Ezike: Yeah so my understanding generally is that >> subconscious has what we discussed here which is that the issuer >> manages a publicly accessible resource that allows verifiers to >> check the status of the repo or rather the other credential for >> the route for the refresh service my understanding is that >> whenever if that is not provided the issuer exposes an endpoint >> that. >> Kayode Ezike: Allows it that allows. >> Kayode Ezike: Verifiers to to refresh the credentials whenever >> it has rather just to be able to refresh it whenever I would ever >> Cadence in the seems reasonable that's generally how I understand >> it but I'm happy to allow for any other discussion on that as >> well. >> Dmitri Zagidulin: Yeah so the refresh spec. >> Dmitri Zagidulin: Complementary to the expiration mechanism so I >> have my driver's license is good for four years what happens when >> it expires up to four years the refresh spec basically describes >> the credential version of oh I have to take the old one into the >> drive the Bureau of Motor Vehicles on the issue me a new one so. >> Dmitri Zagidulin: Both the status and the refresh exist >> alongside each other and in fact some of the some of our example >> specs have both or if you look at examples in open badges version >> 3 spec a lot of the verify the credentials their have both a >> status list section and a refresh section. >> Kerri Lemoie: Thanks anybody else have any questions about this. >> Kerri Lemoie: Or any other points they'd like to make about the >> status and how this works. >> Kerri Lemoie: I bet I have a question for all of you is there >> anybody here who has implemented credential status and like to >> tell us about how they're using it and how they've implemented >> it. >> Kerri Lemoie: Okay Patti really appreciated that I see so many Q >> Jonathan the floor. >> Dmitri Zagidulin: Anthony might be muted. >> Kerri Lemoie: Yeah you can't hear your Jonathan if you're >> speaking. >> Jonathan_Bethune: Okay is that. >> Dmitri Zagidulin: If you have like an additional Hardware mute >> on your mic maybe yes better yeah. >> Kerri Lemoie: Yep they are to thank you. >> <kerri_lemoie> Link to presentation: >> >> https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo/edit#slide=id.g143e60161fc_0_35 >> Jonathan_Bethune: Better I was using one earpod and it's the one >> that's dead so okay sorry about that so real quick by way of >> introduction I think I've spoken much my name is Jonathan and the >> engineering manager for pocket colleague of Xander who spoke a >> little while ago just real quick I was wondering if there was a >> way to get a link to the presentation and actually had a lot of >> discussion internally about the X and we're just wanted to look >> into a little. >> Kayode Ezike: Sure yeah definitely can share that. >> <phil_l_(p1)> Nate's Comment: >> Jonathan_Bethune: There we go oh that's fast okay let me well I >> actually didn't get the click on it we just grabbed it's in the >> chat right there we go. >> Kerri Lemoie: Yeah it's going up a little bit the chat moves >> pretty fast because of the transcription. >> <phil_l_(p1)> Good point Nate. >> Jonathan_Bethune: Yeah got it alright thank you. >> Kerri Lemoie: Okay if no one has anything else okay did you have >> anything else you would like to add. >> Kayode Ezike: That was that was everything I just thank you all >> for your time and yeah we're continuing to refine this this work >> and we primarily are supporting GitHub and get lab the moment and >> working on some of the other services as well so just happy to >> have this opportunity and thank you all again for there for >> discussion. >> Kerri Lemoie: Yeah thank you very much. >> Dmitri Zagidulin: And if I can add so if. >> Dmitri Zagidulin: If anybody has questions about this work >> please send an email to the VC edu mailing list or if you're free >> to contact KO myself directly the code code is free it references >> an open spec we encourage everybody to join in the conversation. >> Kerri Lemoie: Hip and actually seen my hush you have killed >> yourself up. >> https://imsglobal.github.io/openbadges-specification/ob_v3p0.html >> Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly >> unrelated here but more on the open badges 3.0 spec I've been >> trying to get hold of it and I seem to be pay bald by this IMS >> Global if somebody has that and can make the open badges 30 spec >> which is publicly visible I would appreciate it thank you. >> https://www.imsglobal.org/spec/ob/latest/main/ >> Kerri Lemoie: I can grab that link for you give me one second >> here tell Ted you're in the queue your the floor. >> <kerri_lemoie> Open Badges 3.0 spec: >> https://imsglobal.github.io/openbadges-specification/ob_v3p0.html >> TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just >> following up on responding to David's question about the unique >> identifier for each credential in the same way that a URI is >> expected to be stable that is that is the stability that we mean >> for the ID in these verifiable credentials URI is always meant to >> name the same thing which doesn't mean that it the thing it names >> stays the same forever. >> TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like >> your name always means you, but your contents don't stay the same >> forever. >> <dmitri_zagidulin> thx Ted! >> Kerri Lemoie: Hey Alec it is empty and listen no one has >> anything else we have a few minutes left so we could end the call >> here give another Med see if anybody has anything otherwise I >> hope you all have a great week and I will see you next week. >> <phil_l_(p1)> Nice preso! >> Kayode Ezike: Cheers thank you. >> Dmitri Zagidulin: Thanks KO day thanks everyone. >> <elizabeth_miller> Thank you! >> Kerri Lemoie: Thank you headed. >> <john_kuo> Thanks, great discussion >> >> >> > > -- > > *Snorre Lothar von Gohren Edwin* > Co-Founder & CTO, Diwala > +47 411 611 94 > www.diwala.io > <http://www.diwala.io/> > *Stay on top of Diwala news on social media! **Facebook > <https://www.facebook.com/diwalaorg>** / **LinkedIn > <https://www.linkedin.com/company/diwala>** / **Instagram > <https://www.instagram.com/diwala_/>** / **Twitter > <https://twitter.com/Diwala>* > -- Kayode Ezike | https://ezike.io MIT | BS 2017 | MEng 2019 Engineer | Writer | Creator
Received on Thursday, 18 August 2022 14:17:06 UTC