Re: [MINUTES] W3C CCG CCG Verifiable Credentials for Education Task Force Call - 2022-08-15

Hi Snorre,

Yes, there are a number of useful resources to note. Here are a few:

   - Definition of credential status in VC Data Model specification:
   - Status List 2021 specification:
   - Status List 2021 implementation: (react-native-compliant

Hope this helps and happy to provide more context as needed!


On Thu, Aug 18, 2022 at 3:07 AM Snorre Lothar von Gohren Edwin <> wrote:

> Great! In the agenda and its main topic, this sentence is mentioned
> "Thanks to the great work of key stakeholders in the identity standards
> and developer community, we now have emerging specifications and great
> tooling for (1) issuers to manage the status of their credentials and (2)
> verifiers to check key status info, such as revocation and suspension." Are
> there any meetings, documents or anything that can be looked at to get some
> insight about this statement :D
> ᐧ
> On Wed, Aug 17, 2022 at 8:04 PM CCG Minutes Bot <>
> wrote:
>> Thanks to Our Robot Overlords for scribing this week!
>> The transcript for the call is now available here:
>> Full text of the discussion follows for W3C archival purposes.
>> Audio of the meeting is available at the following location:
>> ----------------------------------------------------------------
>> VC for Education Task Force Transcript for 2022-08-15
>> Agenda:
>> Topics:
>>   1. IP Note
>>   2. Call Notes
>>   3. Introductions & Reintroductions
>>   4. Announcements
>>   5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential
>>     Status WOrk
>> Organizer:
>>   Kerri Lemoie
>> Scribe:
>>   Our Robot Overlords
>> Present:
>>   Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune,
>>   David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck,
>>   Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe
>>   Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan -
>>, David Ward, James Chartrand, Deb Everhart, Dmitri
>>   Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar
>>   Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young,
>>   Marty Reed, TallTed // Ted Thibodeau (he/him) (,
>>   Allyson Parco, Eric Shepherd, Phil L (P1)
>> Our Robot Overlords are scribing.
>> Kerri Lemoie:  Hello everybody Welcome to the August 15th BC edu
>>   call today our main topic will be on credential status kod a DK
>>   from MIT digital credential Consortium is going to present us on
>>   some of the latest work that he's been doing on that over there
>>   and we can pour we get started with that let's go through a few
>>   boilerplate items first is IP note everybody for anyone.
>> Topic: IP Note
>> Kerri Lemoie:   Came to speed in these calls how any.
>> <kerri_lemoie> create an account:
>> Kerri Lemoie:  You substitute of contributions to any of the ccg
>>   work items must be done by members of the ccg with full IP are
>>   agreements signed and to do that you can create an account at w3c
>>   and put this in the chat for you and then also use this link to
>>   join the ccg.
>> <kerri_lemoie> join the CCG:
>> Topic: Call Notes
>> Kerri Lemoie:  Hey second All call notes for this call are
>>   recorded and there are minutes being taken by are called our
>>   robot Overlord is do the transcription I wish you'll see in the
>>   chat we are also doing a Wheels do a video recording of This call
>>   which can be found later we can send out if you need it so coyote
>>   will have some slides today so it'll be nice to have that
>>   recorded we use a cue system.
>> Kerri Lemoie:   To to ask questions and participate.
>> Kerri Lemoie:  Conversation so if you would have a question or
>>   would like to say something please kill yourself first you do
>>   that by putting a q+ and the chat just like I did there you could
>>   also do to U plus and then say a note about something you want to
>>   say and that lets us know if you're responding to something
>>   that's being said right away so we know when to pull you into the
>>   conversation so that is very helpful and then to remove yourself
>>   from the queue just uq-.
>> Kerri Lemoie:   And we get something.
>> Kerri Lemoie:  They did that wrong okay remove something from the
>>   queue okay.
>> Kerri Lemoie:  Because the floor all right when I say we hit q-
>>   we're actually looking to see who is in the queue.
>> Topic: Introductions & Reintroductions
>> Kerri Lemoie:  Okay next let's do some introductions and
>>   reintroductions is there anybody here joining us today for the
>>   first time that I would like to introduce themselves or anybody
>>   who's been here for a while and I would just like to say hello
>>   again and let us know a little bit about something they're
>>   working on if so go ahead and put yourself in the queue.
>> Kerri Lemoie:  Yeah I'm going to queue myself up real quick here
>>   one thing I haven't mentioned is that I started a new role at the
>>   beginning of August I have the digital credential contortion so
>>   I'm going to be there director of Technology it doesn't really
>>   change much for BC I do I will still be here doing all of that
>>   work because the DCC has made her is really been backing all of
>>   this work and really significant way making sure that we have
>>   this open Community to work and so I'm really happy to be able to
>>   continue the.
>> Kerri Lemoie:   Work there and help to do what I want to do which
>>   is in.
>> <deb_everhart_(credential_engine)> congrats Kerri!
>> Kerri Lemoie:  Adoption understanding of verifiable credentials
>>   that had that has been my my shift recently.
>> Topic: Announcements
>> <kerri_lemoie> VC email list:
>> Kerri Lemoie:  There's no other introduction to reintroductions
>>   next we have announcements and reminders one is that if you
>>   haven't joined it yet we do have an email list and I met email
>>   this can be joined by going here put this in the chat for you so
>>   we have it in our notes later.
>> Kerri Lemoie:  The great list to join you don't have to be
>>   necessarily technical drawing this or you work on technical
>>   projects if you just want to stay in the loop on what's going on
>>   in Education and Training and achievement credentials that's the
>>   list to join this is where we try to have all those
>>   conversations.
>> Kerri Lemoie:  And the other announcement that I have is that
>>   tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the
>>   weekly ccg meeting.
>> Kerri Lemoie:  They recommend doing that as much as you possibly
>>   can to learn what's going on in the community as a whole.
>> Kerri Lemoie:  Does anybody else have any announcements or
>>   anything they'd like to share.
>> Kerri Lemoie:  It's the money I see that you just joined us would
>>   you be interested in telling folks about our next week's call
>>   will be about it sounds really great.
>> Simone Ravaoli:  Yes hi hello everyone I hope you can hear me so
>>   we are going to have as a guest get anything on this sea of
>>   Gattaca Gattaca is a nest site a company based out of Spain and
>>   they've been involved in the end building and implementing all
>>   the ab c-- specification so that's that would be the European
>>   blockchain service infrastructure particularly they have been
>>   looking into version 2 of.
>> Simone Ravaoli:   Of the did method did.
>> Simone Ravaoli:  And they've risked to share some Reflections
>>   around what is the difference between version 1 and 2 and some of
>>   the implications that version 2 has with regards to privacy
>>   regulations in Europe also known as GDP are but they are a
>>   Community member that has really just been doing a lot of work
>>   from Europe and so that would be I think an interesting update
>>   from what's Happening outside of North America.
>> Kerri Lemoie:  Thank you so much that sounds great I'm really
>>   looking forward to it okay anybody else have anything else before
>>   we move on to our main topic.
>> Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status
>> WOrk
>> Kerri Lemoie:  Okay why don't I then introduce Kayode. Kayode is
>>   working on this great project related to credential status he's
>>   working on making it possible for issuers to manage the status of
>>   their credentials and for verifiers to check status info,
>>   especially a revocation or suspension so he's going to show you
>>   some of his work today and then feel free to ask questions and
>>   then we can see what we can learn about it well.
>> Kerri Lemoie:   Tim Kennedy.
>> Kayode Ezike: Slides:
>> Kayode Ezike:  Thank you thank you characters interesting here's
>>   the link to the presentation that be using for today I know we
>>   generally do not show video for van with purposes I would do that
>>   really quickly just to introduce myself and turn off every but
>>   this guy is he gay again and brief introduction is that I've been
>>   involved with digital credentials since around 2018 but that time
>>   that I began my master's program around proper credentials and
>>   personal data storage management.
>> Kayode Ezike:   Since then I've been contributing to number of
>>   Open Source projects.
>> Kayode Ezike:  Optical pulse of my own and these days I primarily
>>   support the digital credentials Consortium through MIT as well as
>>   Gobekli which is the startup it's also doing great work in this
>>   space so thank you for having me and I'll put up my screen so
>>   that an alternative you'll see how can see we have.
>> Kerri Lemoie:  Kayode I'll keep an eye on the chat for you.
>> Kayode Ezike:  Thank you okay so.
>> Kayode Ezike:  If explosion one second.
>> Kayode Ezike:  Spell with me.
>> Kayode Ezike:  Okay I think if I try none.
>> Kerri Lemoie:  Not yet not yet nope.
>> Kayode Ezike:  Are you able to see my screen now.
>> Dmitri Zagidulin:  If you're transmitting from a Mac there you
>>   might need to update the permissions in the control center which
>>   means you have to restart the browser and redrawing.
>> Kayode Ezike:  But you're trying to do something like that but it
>>   was it.
>> Dmitri Zagidulin:  One of us can also.
>> Dmitri Zagidulin:  Screen share the slides and just thanks Kerry.
>> Kerri Lemoie:  Yeah I can do that that's true.
>> Dmitri Zagidulin:  I'll probably be faster chaotic.
>> Dmitri Zagidulin:  Say next slide.
>> Kerri Lemoie:  Yeah just let me know in and we pull it up here
>>   hold on one second.
>> Kayode Ezike:  Animations hopefully syncs
>> Kerri Lemoie:  I am just clearing everything out of the way here
>>   on the way everybody's happy about the desert play.
>> Kerri Lemoie:  Okay can you see.
>> Dmitri Zagidulin:  Yep we can see your screen.
>> Kerri Lemoie:  To be this clarity.
>> Kayode Ezike:  Great yes I can see.
>> Kerri Lemoie:  Oh there you are okay you can see the head you can
>>   take it from here now just let me know when you want to move to
>>   the next slide.
>> Kayode Ezike:  Awesome thank you Kerry so today we'll be
>>   discussing a topic I was cussing to what that would get a
>>   credential status hosting and for scare anybody away this is not
>>   a new specification for credential status is more so concerning
>>   ourselves with how can we help issuers to expedite their
>>   deployment of criticized infrastructure by leveraging familiar
>>   services to them and and hence sort of taking care of it.
>> Kayode Ezike:  Origin authorization concerns that.
>> Kayode Ezike:  To them and so this in terms of what we're
>>   discussing today I'll be giving a brief background of the topic
>>   and we'll be going through a bit of the state-of-the-art who tell
>>   you what our goals were let me Design This solution as well as
>>   what the actual solution is will then show you a little bit of
>>   code before you show you the demo of what we've done.
>> Kayode Ezike:  Granger status management has been around for some
>>   time and one of the earliest conceptions of it really came from
>>   certificate authorities with the notion of certificate revocation
>>   lists which is a list of certificates that an issuer has revoked
>>   prior to its from its expiry and that is sort of the the main
>>   model that we think about in this space when we think about
>>   country status management.
>> Kayode Ezike:  Generally we think about a resource that is
>>   managed by an issuer that informed the public about the state of
>>   outstanding credentials and there's been a lot of work done in
>>   this space over the years in terms of Standards development and
>>   developer tools for how to manage the status of these credentials
>>   as well as how to verify the information on them such as
>>   revocation or suspension however storage and authorization have
>>   kind of.
>> Kayode Ezike:   Been left out of scope largely and.
>> Kayode Ezike:  Good that it would be great if we can simplify
>>   that for issuers and their deployments.
>> Kayode Ezike:  Thank you so next slide great so I want to give a
>>   quick definition of printer status according to the v-spec mental
>>   status is an object value property that enables the discovery of
>>   information about the current status of the verifiable credential
>>   such as whether it is suspended or revoked.
>> Kayode Ezike:  So in other words now before we go on another
>>   words it gives consumers of this credential and idea of the
>>   issuer's view of the current validity of a credential next please
>>   so here on the right we have an example of a verifiable
>>   credential that has a special status property on it but one thing
>>   to know is that it is an optional value so you not every verify.
>> Kayode Ezike:  Krista have this field on it.
>> Kayode Ezike:  If it does have the field on it it must Define two
>>   main properties which is ID and type and it must also valid like
>>   the remaining properties are specified by the type field so in
>>   this example we know that we have a status festering 21 entry the
>>   type and the three types of rather Fields below it status purpose
>>   statuses index in status credential relate to or rather are
>>   defined in the stands for students.
>> Kayode Ezike:   T10 tree.
>> Dmitri Zagidulin:  Toyota quick question I do we want to wait
>>   till the end for questions or do you want to encourage people to.
>> Dmitri Zagidulin:  If they encounter something or when I ask
>>   questions about each slide to raise their hand.
>> Kayode Ezike:  I'm happy to take questions as they come up.
>> Kayode Ezike:  Is it just the two Fields so the state-of-the-art.
>> Kayode Ezike:  There have been a lot of great work and done in
>>   sequential status space and one of the early conceptions of this
>>   or examples of this came in 2018 from hyper legit Indy via their
>>   HIV ew1 one penetration spec and they use a bunch of cool
>>   technology cryptographic graphic accumulators to determine which
>>   credentials have been revoked and interestingly enough I learned
>>   in the suspect that it seems that this actually is.
>> Kayode Ezike:  Predates to know now have medication.
>> Kayode Ezike:  Like I found to be interesting and a couple years
>>   later the ccg would develop a speck of their own via the
>>   revocation list 2020 spec and soon after be a refined version and
>>   the status was 20 21 spec which sort of granted a more General
>>   notion of status that goes beyond just a vacation but also
>>   support system suspension and other forms of criminal status.
>> Kayode Ezike:  Next please and the most for all these
>>   specifications all right one more back sorry.
>> Kayode Ezike:  So this is the this point on hosting so for any
>>   all these specifications is important for verifiers to be able to
>>   to check this the status of the credential somehow right and the
>>   most obvious way to do this is to host the resources and in a
>>   public location namely a distributed Ledger or a short controlled
>>   website.
>> Kayode Ezike:  Any questions here.
>> Kayode Ezike:  You can move on next slide please.
>> Kerri Lemoie:  No questions yet sure.
>> Kayode Ezike:  Great so I want to talk to you all about status
>>   list 20 21 this is the suspect that we use in our design and the
>>   it's one of the more advanced specs out there and in my opinion
>>   and this is examples of the left what you see is a credential
>>   from a couple slides ago so nothing new here yet we have
>>   verifiable credential had the credential status on it and it has.
>> Kayode Ezike:   As all the fields that we discussed earlier.
>> Kayode Ezike:  Now if you pay attention to the key in on the
>>   status purpose status index and Status credential properties
>>   these are the properties that are introduced by the status least
>>   2021 spec the first of these properties is the most self
>>   explanatory this is saying that.
>> Kayode Ezike:   The issuer.
>> Kayode Ezike:  Acting this type of status for this credential so
>>   for verifier when they want to verify the status of the
>>   credential this is the information that they will learn now the
>>   other two properties are more specific to sort of like are sort
>>   of the meat and potatoes of how this specification works and it
>>   relates to a new resource at the introduced so if you can just go
>>   forward just a couple steps very until you see a new object in
>>   the right.
>> Kayode Ezike:  So this on the right is a status list 2021
>>   credential and the best way to think about this credential is it
>>   is the credential that manages the status of a batch of multiple
>>   credentials it's not philosophy that one more time but this is a
>>   credential that the issuer manages that tracks a batch of several
>>   different credentials and so what this means if you could just
>>   click one more time Carrie.
>> Kayode Ezike:   So we so.
>> Kayode Ezike:  This was the most important information on this
>>   country is this encoded list value right here and what it is in
>>   the simplest representation you can think of it as a sequence of
>>   characters let's let's say X's and O's that represents the the
>>   status of a credential at that position right and so if the value
>>   let's say the value of that was X it would mean that it is
>>   invalid respect to the status purpose so in other words it is
>>   revoked.
>> Kayode Ezike:   Value is 0 it means that it is valid with.
>> Kayode Ezike:  The words is not revoked and if we go back to the
>>   if you focus again on the left side you will see that the status
>>   list credential property that is just the way for verifiers to
>>   retrieve this credential on the right so it's a public link that
>>   they can access and the status index tells them which position in
>>   that encoded list is represented a represents this credential.
>> Dmitri Zagidulin:  So I want to I want to pause here before we
>>   move on to the next slide I want to make sure everybody absorbs
>>   this so.
>> Dmitri Zagidulin:  I want to make sure everybody understands what
>>   that encoded list is for right because at its at its simplest a
>>   credential status is binary for a given status purpose so like
>>   for a vacation rental is either revoked or it's not so the very
>>   first sort of naive implementations of replication status where
>>   to host a.
>> Dmitri Zagidulin:   Some kind of object.
>> Dmitri Zagidulin:  Either cover fabric credential or something
>>   else that's a revoked or not for each individual credential right
>>   easy so or even before that I think what open badges did is just
>>   publish a plane list of all revoked credential IDs on their
>>   website yeah so you get you get the credential you can go look up
>>   that list to see if it's revoked.
>> Dmitri Zagidulin:  So very easy and we wouldn't be having this
>>   problem I rather this this conversation here except there's a
>>   couple of major major problems there one is privacy that if you
>>   publish a list of remote credentials well you can go see
>>   everybody whose credentials are revoked but an even more
>>   important one is what's known as the phone home problem it's one
>>   of the downsides of Hosting.
>> Dmitri Zagidulin:   An individual status.
>> Dmitri Zagidulin:  Nation for each credential is that whoever is
>>   hosting it covers running that website can track.
>> Dmitri Zagidulin:  Requests can can track how many times and from
>>   where from what IP address is and what time stamp some verifier
>>   is is checking.
>> Dmitri Zagidulin:  Revocation and that that is generally
>>   regarding the community has too much information that that's like
>>   that's not necessary that is a threat so then the reason the
>>   status list spec arose is that okay so if we don't if we don't
>>   want the host whoever's controlling the web whole of the web
>>   server to know each time each individual credential is looked up
>>   why don't we batch it why don't we rely on.
>> Dmitri Zagidulin:   On herd immunity on herd privacy.
>> Dmitri Zagidulin:  And batch a whole bunch of credentials at
>>   random.
>> Dmitri Zagidulin:  And then the verifier can request this whole
>>   batch this this entire credential that has the encoded list that
>>   contains the status of 20 or 100 I forget how many it is.
>> Dmitri Zagidulin:  Potential statuses and that way the request
>>   will be spread out over that entire cohort of credentials and
>>   that way we get her privacy I see David is on the queue.
>> Kayode Ezike:  When you credential is revoked right so when your
>>   credential is revoked this this this French on the right will be
>>   updated the encoded list will be up to such that the bit at that
>>   position I 4 5 6 10 is now 1 or Annex discussed earlier.
>> Kayode Ezike:  Yes yes that comes up I think some question time
>>   so that really I think bows down to the I think we leave that to
>>   the implementers of the their system because that really comes
>>   down to how often how what is it catching sort of system like do
>>   you check every day do you check every hour and the you'd have to
>>   give an essay to the individual using your system to let them
>>   know that this is just going to be valid.
>> Kayode Ezike:  For a given day or for.
>> Kayode Ezike:  Etcetera but I don't think that's something that
>>   this back tries to address or to solve.
>> Kerri Lemoie:  Give me three.
>> Dmitri Zagidulin:  If I may add to that so the cache control is
>>   left to the individual protocol meaning because this particular
>>   credential is held over http.
>> Dmitri Zagidulin:  His publishing the status list can rely on
>>   HTTP cache control directives meaning each time the verifier
>>   sends an HTTP get for this status credential one of the headers
>>   in the response says only cash this for an hour meaning we're
>>   going to we're going to renew this thing every hour and that way
>>   the verifier knows how long to cash it right so we get that the
>>   caching mechanism for free with HTTP so we don't need to put in.
>> Dmitri Zagidulin:   An explicit.
>> Dmitri Zagidulin:  Potential now if we were if the URL of the
>>   status of protection was not HTTP was what some other was ipfs or
>>   some other method that doesn't come with cache-control metadata
>>   then you're right David we should include an expires field in the
>>   statuses credential.
>> Kayode Ezike:  Okay thank you.
>> Kerri Lemoie:  No more questions for now Kayode if you want to go
>>   ahead.
>> Kayode Ezike:  Thank you for question is David and I'm great
>>   thanks for getting ahead of me Michelle's going to get into the
>>   herd privacy notion which is I think one of the main benefits of
>>   the specification which is just to reiterate when a verifier is
>>   interested in learning about the status of a credential they are
>>   only communicating to the issuer that they're interested in a
>>   subset of credentials that they manage not in a specific one so
>>   it keeps the issuer away from fine-grained details about how a
>>   specific.
>> Kayode Ezike:  Potential is being used and if you just.
>> Kayode Ezike:  Or just one.
>> Kayode Ezike:  Thank you this is a digital representation just
>>   the visual Learners out there the green slots represent the valid
>>   credentials with respect to the purpose so I'm revoked and events
>>   Lots represent the invalid by evoked credentials.
>> Kayode Ezike:  Next slide please.
>> Kayode Ezike:  So we have a number of goals that we were
>>   considering what we designed our country stars infrastructure the
>>   main governing goal is that we wanted to simplify the deployment
>>   for issuers of the printer status infrastructure and we do this
>>   by leveraging third-party services for the storage and
>>   optimization of grantor status resources and the great thing
>>   about this is that we're kind of meeting is adjourned.
>> Kayode Ezike:  Is worth where they are right.
>> Kayode Ezike:  Allowing them to use a familiar hosting service
>>   and and also providing potential path to switch between services.
>> Kayode Ezike:  So if we can step ahead just one slide.
>> Kayode Ezike:  We'll get into the solution.
>> Kayode Ezike:  So we again decided to use a static list 2021
>>   specification and feel free to consult the design doc at that
>>   link and the whole conclusion I think this is really where we
>>   innovate and we decided to use Source control services such as
>>   GitHub get lab and code Berg and we also support issuer hosted
>>   websites traditionally and so what this allows us to do again is
>>   we.
>> Kayode Ezike:   It's a biscuit.
>> Kayode Ezike:  Like that organizations already use these services
>>   to host their code and and also these Services often provide
>>   developers with oauth tokens that they can use to access apis of
>>   these services to update resources and so why don't we just use
>>   this these services to help issuers manage their current status
>>   lists and metadata associated with it.
>> Kayode Ezike:  Any questions here.
>> Kayode Ezike:  To reload it.
>> Kerri Lemoie:  Any chance has an adversity.
>> Dmitri Zagidulin:  Yeah if I could just add a couple more words
>>   so I want you I want you to everybody to picture the the very
>>   specific conversation the very specific problem the solves.
>> Dmitri Zagidulin:  As okay we're issuing credential great can we
>>   add revocation sure why not what's a good spec what we've got
>>   this status list 2021 spec okay then engineering how hard of a
>>   lift is this to add this to our system how many hours before you
>>   can add revocation to to our issuer and that's where the real
>>   problem starts because hosting a file on a website that b is easy
>>   the really difficult part which is what makes okay.
>> Dmitri Zagidulin:   It is work so.
>> Dmitri Zagidulin:  Difficult Park is part is adding the user
>>   interface and specifically adding permissions to who is allowed
>>   to edit who's allowed to revoke the the credential right so the
>>   spec gives us the data model gives us the protocol the mechanisms
>>   very easy what's really not easy and what shoots up the
>>   implementation time in too many weeks not to mention like really
>>   hard requirement Gathering is.
>> Dmitri Zagidulin:  Delegation the chain of command of.
>> <xander> I don’t think you can set http cache control headers on
>>   GitHub-hosted files.
>> Dmitri Zagidulin:  Okay so you know how do we model the trust and
>>   permission hierarchy of a particular University down to the
>>   registrar and then how does it register our delegate individual
>>   officers to be able to hit the button to flip that bit for for
>>   the file to be updated so the the the main Innovation here is the
>>   realization that.
>> Dmitri Zagidulin:  Because permission control and and login
>>   systems and graphical user interface is the hardest part about
>>   this can we Outsource it to somewhere else and the realization
>>   was made oh get hosting organizations like GitHub and get lab and
>>   code Berg already provide all of that they provide the permission
>>   systems the login systems they produce institutions are familiar
>>   with setting up Gap GitHub organizations all of that.
>> Dmitri Zagidulin:   Stuff is worked out for us why don't we reuse
>>   it.
>> Dmitri Zagidulin:  Geico I'll go ahead Gary.
>> Kerri Lemoie:  One question I'm asking these are all my be
>>   hosting Services could someone just use get for this on its own
>>   without using GitHub get lab and or code Berg.
>> Dmitri Zagidulin:  So the the question with get is always which
>>   protocol will get use right because get has SSH it has HTTP and
>>   it has a number of other protocols words hosted so some server on
>>   the cloud has to be running it gets server.
>> Dmitri Zagidulin:  So can you use get a loan sort of it requires
>>   a get server in a good client.
>> Kerri Lemoie:  I think so Xander.
>> Xander: I guess I have to have you spoken before so I'll just
>>   quickly I'm the security lead for the pocket team just wanted to
>>   follow up on David's question real quick so the idea there was
>>   that you were going to rely on HTTP cache control headers to set
>>   the expiry time for a different certificate right but you're also
>>   talking about using services like GitHub to do the hosting I
>>   don't believe that you can set the expired header value if you're
>>   using a service like that.
>> Xander: So that they.
>> Dmitri Zagidulin:  And that's that's a very good point.
>> Xander: You may need to put that you may need to put the time
>>   value on the file done.
>> Kayode Ezike:  Right yeah that's a good description that we can
>>   we start to use these third party dresses I think there's
>>   different levels of access that they are each provide and I'm
>>   sure maybe like if you have a paid account that makes a
>>   difference as to how much you could control but I think largely
>>   you make a good point and.
>> Xander: I don't think so I got used the Enterprise version before
>>   I think basically if you're using GitHub to host files like get
>>   on pages or whatever they really handle everything and you don't
>>   get access to that level.
>> Xander: It may be worth looking into.
>> <dmitri_zagidulin> that seems like a good motivation to clarify
>>   (in the status list spec) the recommendation of always having
>>   expiration timestamps
>> Kerri Lemoie:  Yeah time in the queue tell jump in real quick
>>   that's an excellent point and I know you haven't actually I'm let
>>   you get into like how you doing this so maybe I'm jumping the gun
>>   here Harry I'm sorry if I am but um are you considering using
>>   just as part of this because just get versioned which is
>>   something to consider okay that's the comment there but yeah.
>> Kayode Ezike:  This is this is for like the accident the location
>>   of us for example.
>> Kayode Ezike:  Yes it's something like this came up actually you
>>   kind of hear made great recommendation at some point about
>>   something like that where you would because get help for example
>>   has a way for you to use a link that it's post using GitHub Pages
>>   you can also use a link to the file directly that doesn't rely on
>>   GitHub pages but I would imagine that the.
>> Kayode Ezike:  Might be a rat.
>> Kerri Lemoie:
>> Kayode Ezike:  He got distracted the same way in that case as
>>   well in terms of controlling what the cache mechanism is like so
>>   yeah that would be something to explore but the good thing I'll
>>   show you a little bit later how some of these things can be
>>   customized for different status clients of different services and
>>   there's a way to add flexibility for for that.
>> <kerri_lemoie> Link above to info about gists.
>> Kayode Ezike:   Again to that little bit.
>> Kayode Ezike:  There are no other questions can move on to the
>>   next slide.
>> Kayode Ezike:  Great so this is a sort of a visual representation
>>   of the architecture that we have issue admin who presumably would
>>   already have the permissions that they need inside of a example
>>   with GitHub organization so they already have access to create
>>   read and write data to Repose in the organization and if you
>>   click ahead.
>> Kayode Ezike:   So this.
>> Kayode Ezike:  This actor would be able to hit the credential
>>   status and point of a VC API instance which allows them to update
>>   the status EG revoke a credential.
>> Kayode Ezike:  More step and then ultimately that enables them to
>>   create read and update data in these different services.
>> Kayode Ezike:  So before we move on to a demo wanted to show a
>>   little bit of code and so this is the main sort of class that we
>>   Implement to with this code and so there's this tells subclasses
>>   different methods that they need to implement for them to be
>>   valid printer status clients and so for example you need to
>>   provide a base URL that can be used to reference the printer
>>   status information you need to.
>> Kayode Ezike:  Boo the client too.
>> Kayode Ezike:  That is people from from the code need to enable
>>   them to read and write status list and log data in config data so
>>   as long as the subclasses can Implement these abstract methods
>>   and they're valid client and so if you can step forward this one
>>   step please carry will see that in this example GitHub a cultural
>>   status client for their get credentialed status URL you notice
>>   that there is a GitHub that I owe their meaning that.
>> Kayode Ezike:   Using GitHub pages but this is also the place
>>   where.
>> Kayode Ezike:  I could use a distance that or URL that points
>>   directly to the file and there's also we also are using the
>>   octave kit Library a popular GitHub SDK to update and read
>>   information from the repo which obviously would look different
>>   for different services.
>> Kayode Ezike:  Any questions about this.
>> Kerri Lemoie:  I think we're good once you go ahead.
>> Kayode Ezike:  So we're just going to get into a demo now just
>>   step forward one and taxes and maybe that's going to come to my
>>   email or something.
>> Kayode Ezike:  Probably going to email about that 17.
>> Dmitri Zagidulin:  Karen thank you have to hit request again on
>>   the subsequent page.
>> Kerri Lemoie:  Let me know when it's all set Katie I'll refresh
>>   it.
>> Kayode Ezike:  Yeah it is I just shared it.
>> Kayode Ezike:  The volume on.
>> Kerri Lemoie:  Were you able to hear the volume when I get out.
>> Kerri Lemoie:  Dimitri do you know how to make that work.
>> Kerri Lemoie:  Yep that's share audio.
>> Dmitri Zagidulin:  In the settings so if you go to the 3 3. Menu
>>   at the bottom settings there is yeah share out the others share
>>   audio checkbox.
>> Kerri Lemoie:  Thanks your patience everybody but I'm getting
>>   there.
>> Kerri Lemoie:  All right let me try that again it doesn't work
>>   Katie you could just walk us through it.
>> <kerri_lemoie> Can you hear?
>> Dmitri Zagidulin:  Now that doesn't seem to be coming through so
>>   we can encourage people to watch since we we pasted the link to
>>   the slide deck everybody can watch the video on the demo on their
>>   own.
>> Dmitri Zagidulin:  But you can you can describe what when it's
>>   done.
>> Kerri Lemoie:  We're going to start over and you can just sort of
>>   walk us through what's happening.
>> Kayode Ezike:  Sure I mean it's a recorded a demo but effectively
>>   what we were demonstrating is requesting a credential from our
>>   version of V Capi importing that into DC learner wallet and then
>>   from there we kind of show you throughout the whole process
>>   called the repo is updating and so the GitHub repos I'm using a
>>   demo and and then we revoke the credential.
>> Kayode Ezike:  Again from the VCA Pi you show you the.
>> Kayode Ezike:  Two then rebuild me also show you.
>> Kayode Ezike:  That in the wallet and now shows that the
>>   credential is revoked.
>> Kayode Ezike:  Again it's you should be able to view that video
>>   in the presentation but that's effectively what's going on.
>> Kayode Ezike:  So that was the last of it actually so if there's
>>   any questions or feedback I'm happy to take in you David go
>>   ahead.
>> Kayode Ezike:  Oh so so the so the credential continues to have
>>   the same the credential never changes per se it's the information
>>   at at least the credential that the holder controls is the
>>   credential that the status could ensure that managers know that
>>   has been coded list value that manages multiple credentials is
>>   that one that will be shuffled and change as a credentials are
>>   revoked suspended.
>> Dmitri Zagidulin:  Can I can I jump in here as well.
>> <nate_otto_(another_device)> Nah. is optional in VC
>>   Data model anyway. Reissuing the same one doesn't violate it.
>> Dmitri Zagidulin:  So David you're proposing or what you're
>>   saying is essentially if we required verifiable credentials to be
>>   content addressable so that every time the content of a
>>   verifiable potential change the ID has to change but the v-spec
>>   does not actually have that requirement you are you are in this
>>   very frequently done allowed to publish credentials with the same
>>   ID while their contents changes for example if you reuse.
>> Dmitri Zagidulin:   Issue it and then.
>> Dmitri Zagidulin:  Timestamp or a different signature so that is
>>   that is not a requirement in this back.
>> Kerri Lemoie:  I'm to add to that question sort of who may be
>>   briefly talk about the difference between credential status list
>>   and also credential refresh carrier to meet you would you mind
>>   explaining that are both of you.
>> Dmitri Zagidulin:  Shark a candidate doing on go ahead.
>> Kayode Ezike:  How can I just ask this versus credential
>>   refreshing scent.
>> Kerri Lemoie: CredentialRefresh:
>> Kayode Ezike:  Yeah so my understanding generally is that
>>   subconscious has what we discussed here which is that the issuer
>>   manages a publicly accessible resource that allows verifiers to
>>   check the status of the repo or rather the other credential for
>>   the route for the refresh service my understanding is that
>>   whenever if that is not provided the issuer exposes an endpoint
>>   that.
>> Kayode Ezike:  Allows it that allows.
>> Kayode Ezike:  Verifiers to to refresh the credentials whenever
>>   it has rather just to be able to refresh it whenever I would ever
>>   Cadence in the seems reasonable that's generally how I understand
>>   it but I'm happy to allow for any other discussion on that as
>>   well.
>> Dmitri Zagidulin:  Yeah so the refresh spec.
>> Dmitri Zagidulin:  Complementary to the expiration mechanism so I
>>   have my driver's license is good for four years what happens when
>>   it expires up to four years the refresh spec basically describes
>>   the credential version of oh I have to take the old one into the
>>   drive the Bureau of Motor Vehicles on the issue me a new one so.
>> Dmitri Zagidulin:  Both the status and the refresh exist
>>   alongside each other and in fact some of the some of our example
>>   specs have both or if you look at examples in open badges version
>>   3 spec a lot of the verify the credentials their have both a
>>   status list section and a refresh section.
>> Kerri Lemoie:  Thanks anybody else have any questions about this.
>> Kerri Lemoie:  Or any other points they'd like to make about the
>>   status and how this works.
>> Kerri Lemoie:  I bet I have a question for all of you is there
>>   anybody here who has implemented credential status and like to
>>   tell us about how they're using it and how they've implemented
>>   it.
>> Kerri Lemoie:  Okay Patti really appreciated that I see so many Q
>>   Jonathan the floor.
>> Dmitri Zagidulin:  Anthony might be muted.
>> Kerri Lemoie:  Yeah you can't hear your Jonathan if you're
>>   speaking.
>> Jonathan_Bethune: Okay is that.
>> Dmitri Zagidulin:  If you have like an additional Hardware mute
>>   on your mic maybe yes better yeah.
>> Kerri Lemoie:  Yep they are to thank you.
>> <kerri_lemoie> Link to presentation:
>> Jonathan_Bethune: Better I was using one earpod and it's the one
>>   that's dead so okay sorry about that so real quick by way of
>>   introduction I think I've spoken much my name is Jonathan and the
>>   engineering manager for pocket colleague of Xander who spoke a
>>   little while ago just real quick I was wondering if there was a
>>   way to get a link to the presentation and actually had a lot of
>>   discussion internally about the X and we're just wanted to look
>>   into a little.
>> Kayode Ezike:  Sure yeah definitely can share that.
>> <phil_l_(p1)> Nate's Comment:
>> Jonathan_Bethune: There we go oh that's fast okay let me well I
>>   actually didn't get the click on it we just grabbed it's in the
>>   chat right there we go.
>> Kerri Lemoie:  Yeah it's going up a little bit the chat moves
>>   pretty fast because of the transcription.
>> <phil_l_(p1)> Good point Nate.
>> Jonathan_Bethune: Yeah got it alright thank you.
>> Kerri Lemoie:  Okay if no one has anything else okay did you have
>>   anything else you would like to add.
>> Kayode Ezike:  That was that was everything I just thank you all
>>   for your time and yeah we're continuing to refine this this work
>>   and we primarily are supporting GitHub and get lab the moment and
>>   working on some of the other services as well so just happy to
>>   have this opportunity and thank you all again for there for
>>   discussion.
>> Kerri Lemoie:  Yeah thank you very much.
>> Dmitri Zagidulin:  And if I can add so if.
>> Dmitri Zagidulin:  If anybody has questions about this work
>>   please send an email to the VC edu mailing list or if you're free
>>   to contact KO myself directly the code code is free it references
>>   an open spec we encourage everybody to join in the conversation.
>> Kerri Lemoie:  Hip and actually seen my hush you have killed
>>   yourself up.
>> Yes I had a question slightly
>>   unrelated here but more on the open badges 3.0 spec I've been
>>   trying to get hold of it and I seem to be pay bald by this IMS
>>   Global if somebody has that and can make the open badges 30 spec
>>   which is publicly visible I would appreciate it thank you.
>> Kerri Lemoie:  I can grab that link for you give me one second
>>   here tell Ted you're in the queue your the floor.
>> <kerri_lemoie> Open Badges 3.0 spec:
>> TallTed_//_Ted_Thibodeau_(he/him)_( I just
>>   following up on responding to David's question about the unique
>>   identifier for each credential in the same way that a URI is
>>   expected to be stable that is that is the stability that we mean
>>   for the ID in these verifiable credentials URI is always meant to
>>   name the same thing which doesn't mean that it the thing it names
>>   stays the same forever.
>> TallTed_//_Ted_Thibodeau_(he/him)_( Much like
>>   your name always means you, but your contents don't stay the same
>>   forever.
>> <dmitri_zagidulin> thx Ted!
>> Kerri Lemoie:  Hey Alec it is empty and listen no one has
>>   anything else we have a few minutes left so we could end the call
>>   here give another Med see if anybody has anything otherwise I
>>   hope you all have a great week and I will see you next week.
>> <phil_l_(p1)> Nice preso!
>> Kayode Ezike:  Cheers thank you.
>> Dmitri Zagidulin:  Thanks KO day thanks everyone.
>> <elizabeth_miller> Thank you!
>> Kerri Lemoie:  Thank you headed.
>> <john_kuo> Thanks, great discussion
> --
> *Snorre Lothar von Gohren Edwin*
> Co-Founder & CTO, Diwala
> +47 411 611 94
> <>
> *Stay on top of Diwala news on social media! **Facebook
> <>** / **LinkedIn
> <>** / **Instagram
> <>** / **Twitter
> <>*

Kayode Ezike |
MIT | BS 2017 | MEng 2019
Engineer | Writer | Creator

Received on Thursday, 18 August 2022 14:17:06 UTC