- From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
- Date: Thu, 18 Aug 2022 16:35:30 +0200
- To: Kayode Ezike <kezike13@gmail.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CAE8zwO0+Zdcvv0D-NYjSbWE=dzGVXvpQQBSaX1=NnyTcVEj62A@mail.gmail.com>
Thank you for sharing! ᐧ On Thu, Aug 18, 2022 at 4:16 PM Kayode Ezike <kezike13@gmail.com> wrote: > Hi Snorre, > > Yes, there are a number of useful resources to note. Here are a few: > > - Definition of credential status in VC Data Model specification: > https://w3c.github.io/vc-data-model/#status > - Status List 2021 specification: > https://w3c-ccg.github.io/vc-status-list-2021 > - Status List 2021 implementation: > https://github.com/digitalbazaar/vc-status-list > (react-native-compliant fork: > https://github.com/digitalcredentials/vc-status-list) > > Hope this helps and happy to provide more context as needed! > > Kayode > > On Thu, Aug 18, 2022 at 3:07 AM Snorre Lothar von Gohren Edwin < > snorre@diwala.io> wrote: > >> Great! In the agenda and its main topic, this sentence is mentioned >> "Thanks to the great work of key stakeholders in the identity standards >> and developer community, we now have emerging specifications and great >> tooling for (1) issuers to manage the status of their credentials and (2) >> verifiers to check key status info, such as revocation and suspension." Are >> there any meetings, documents or anything that can be looked at to get some >> insight about this statement :D >> ᐧ >> >> On Wed, Aug 17, 2022 at 8:04 PM CCG Minutes Bot <minutes@w3c-ccg.org> >> wrote: >> >>> Thanks to Our Robot Overlords for scribing this week! >>> >>> The transcript for the call is now available here: >>> >>> https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/ >>> >>> Full text of the discussion follows for W3C archival purposes. >>> Audio of the meeting is available at the following location: >>> >>> https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/audio.ogg >>> >>> ---------------------------------------------------------------- >>> VC for Education Task Force Transcript for 2022-08-15 >>> >>> Agenda: >>> https://lists.w3.org/Archives/Public/public-vc-edu/2022Aug/0005.html >>> Topics: >>> 1. IP Note >>> 2. Call Notes >>> 3. Introductions & Reintroductions >>> 4. Announcements >>> 5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential >>> Status WOrk >>> Organizer: >>> Kerri Lemoie >>> Scribe: >>> Our Robot Overlords >>> Present: >>> Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune, >>> David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck, >>> Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe >>> Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan - >>> pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri >>> Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar >>> Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young, >>> Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), >>> Allyson Parco, Eric Shepherd, Phil L (P1) >>> >>> Our Robot Overlords are scribing. >>> Kerri Lemoie: Hello everybody Welcome to the August 15th BC edu >>> call today our main topic will be on credential status kod a DK >>> from MIT digital credential Consortium is going to present us on >>> some of the latest work that he's been doing on that over there >>> and we can pour we get started with that let's go through a few >>> boilerplate items first is IP note everybody for anyone. >>> >>> Topic: IP Note >>> >>> Kerri Lemoie: Came to speed in these calls how any. >>> <kerri_lemoie> create an account: >>> https://www.w3.org/accounts/request >>> Kerri Lemoie: You substitute of contributions to any of the ccg >>> work items must be done by members of the ccg with full IP are >>> agreements signed and to do that you can create an account at w3c >>> and put this in the chat for you and then also use this link to >>> join the ccg. >>> <kerri_lemoie> join the CCG: >>> https://www.w3.org/community/credentials/join >>> >>> Topic: Call Notes >>> >>> Kerri Lemoie: Hey second All call notes for this call are >>> recorded and there are minutes being taken by are called our >>> robot Overlord is do the transcription I wish you'll see in the >>> chat we are also doing a Wheels do a video recording of This call >>> which can be found later we can send out if you need it so coyote >>> will have some slides today so it'll be nice to have that >>> recorded we use a cue system. >>> Kerri Lemoie: To to ask questions and participate. >>> Kerri Lemoie: Conversation so if you would have a question or >>> would like to say something please kill yourself first you do >>> that by putting a q+ and the chat just like I did there you could >>> also do to U plus and then say a note about something you want to >>> say and that lets us know if you're responding to something >>> that's being said right away so we know when to pull you into the >>> conversation so that is very helpful and then to remove yourself >>> from the queue just uq-. >>> Kerri Lemoie: And we get something. >>> Kerri Lemoie: They did that wrong okay remove something from the >>> queue okay. >>> Kerri Lemoie: Because the floor all right when I say we hit q- >>> we're actually looking to see who is in the queue. >>> >>> Topic: Introductions & Reintroductions >>> >>> Kerri Lemoie: Okay next let's do some introductions and >>> reintroductions is there anybody here joining us today for the >>> first time that I would like to introduce themselves or anybody >>> who's been here for a while and I would just like to say hello >>> again and let us know a little bit about something they're >>> working on if so go ahead and put yourself in the queue. >>> Kerri Lemoie: Yeah I'm going to queue myself up real quick here >>> one thing I haven't mentioned is that I started a new role at the >>> beginning of August I have the digital credential contortion so >>> I'm going to be there director of Technology it doesn't really >>> change much for BC I do I will still be here doing all of that >>> work because the DCC has made her is really been backing all of >>> this work and really significant way making sure that we have >>> this open Community to work and so I'm really happy to be able to >>> continue the. >>> Kerri Lemoie: Work there and help to do what I want to do which >>> is in. >>> <deb_everhart_(credential_engine)> congrats Kerri! >>> Kerri Lemoie: Adoption understanding of verifiable credentials >>> that had that has been my my shift recently. >>> >>> Topic: Announcements >>> >>> <kerri_lemoie> VC email list: >>> https://lists.w3.org/Archives/Public/public-vc-edu/ >>> Kerri Lemoie: There's no other introduction to reintroductions >>> next we have announcements and reminders one is that if you >>> haven't joined it yet we do have an email list and I met email >>> this can be joined by going here put this in the chat for you so >>> we have it in our notes later. >>> Kerri Lemoie: The great list to join you don't have to be >>> necessarily technical drawing this or you work on technical >>> projects if you just want to stay in the loop on what's going on >>> in Education and Training and achievement credentials that's the >>> list to join this is where we try to have all those >>> conversations. >>> Kerri Lemoie: And the other announcement that I have is that >>> tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the >>> weekly ccg meeting. >>> Kerri Lemoie: They recommend doing that as much as you possibly >>> can to learn what's going on in the community as a whole. >>> Kerri Lemoie: Does anybody else have any announcements or >>> anything they'd like to share. >>> Kerri Lemoie: It's the money I see that you just joined us would >>> you be interested in telling folks about our next week's call >>> will be about it sounds really great. >>> Simone Ravaoli: Yes hi hello everyone I hope you can hear me so >>> we are going to have as a guest get anything on this sea of >>> Gattaca Gattaca is a nest site a company based out of Spain and >>> they've been involved in the end building and implementing all >>> the ab c-- specification so that's that would be the European >>> blockchain service infrastructure particularly they have been >>> looking into version 2 of. >>> Simone Ravaoli: Of the did method did. >>> Simone Ravaoli: And they've risked to share some Reflections >>> around what is the difference between version 1 and 2 and some of >>> the implications that version 2 has with regards to privacy >>> regulations in Europe also known as GDP are but they are a >>> Community member that has really just been doing a lot of work >>> from Europe and so that would be I think an interesting update >>> from what's Happening outside of North America. >>> Kerri Lemoie: Thank you so much that sounds great I'm really >>> looking forward to it okay anybody else have anything else before >>> we move on to our main topic. >>> >>> Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential >>> Status WOrk >>> >>> Kerri Lemoie: Okay why don't I then introduce Kayode. Kayode is >>> working on this great project related to credential status he's >>> working on making it possible for issuers to manage the status of >>> their credentials and for verifiers to check status info, >>> especially a revocation or suspension so he's going to show you >>> some of his work today and then feel free to ask questions and >>> then we can see what we can learn about it well. >>> Kerri Lemoie: Tim Kennedy. >>> Kayode Ezike: Slides: >>> >>> https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo >>> Kayode Ezike: Thank you thank you characters interesting here's >>> the link to the presentation that be using for today I know we >>> generally do not show video for van with purposes I would do that >>> really quickly just to introduce myself and turn off every but >>> this guy is he gay again and brief introduction is that I've been >>> involved with digital credentials since around 2018 but that time >>> that I began my master's program around proper credentials and >>> personal data storage management. >>> Kayode Ezike: Since then I've been contributing to number of >>> Open Source projects. >>> Kayode Ezike: Optical pulse of my own and these days I primarily >>> support the digital credentials Consortium through MIT as well as >>> Gobekli which is the startup it's also doing great work in this >>> space so thank you for having me and I'll put up my screen so >>> that an alternative you'll see how can see we have. >>> Kerri Lemoie: Kayode I'll keep an eye on the chat for you. >>> Kayode Ezike: Thank you okay so. >>> Kayode Ezike: If explosion one second. >>> Kayode Ezike: Spell with me. >>> Kayode Ezike: Okay I think if I try none. >>> Kerri Lemoie: Not yet not yet nope. >>> Kayode Ezike: Are you able to see my screen now. >>> Dmitri Zagidulin: If you're transmitting from a Mac there you >>> might need to update the permissions in the control center which >>> means you have to restart the browser and redrawing. >>> Kayode Ezike: But you're trying to do something like that but it >>> was it. >>> Dmitri Zagidulin: One of us can also. >>> Dmitri Zagidulin: Screen share the slides and just thanks Kerry. >>> Kerri Lemoie: Yeah I can do that that's true. >>> Dmitri Zagidulin: I'll probably be faster chaotic. >>> Dmitri Zagidulin: Say next slide. >>> Kerri Lemoie: Yeah just let me know in and we pull it up here >>> hold on one second. >>> Kayode Ezike: Animations hopefully syncs >>> Kerri Lemoie: I am just clearing everything out of the way here >>> on the way everybody's happy about the desert play. >>> Kerri Lemoie: Okay can you see. >>> Dmitri Zagidulin: Yep we can see your screen. >>> Kerri Lemoie: To be this clarity. >>> Kayode Ezike: Great yes I can see. >>> Kerri Lemoie: Oh there you are okay you can see the head you can >>> take it from here now just let me know when you want to move to >>> the next slide. >>> Kayode Ezike: Awesome thank you Kerry so today we'll be >>> discussing a topic I was cussing to what that would get a >>> credential status hosting and for scare anybody away this is not >>> a new specification for credential status is more so concerning >>> ourselves with how can we help issuers to expedite their >>> deployment of criticized infrastructure by leveraging familiar >>> services to them and and hence sort of taking care of it. >>> Kayode Ezike: Origin authorization concerns that. >>> Kayode Ezike: To them and so this in terms of what we're >>> discussing today I'll be giving a brief background of the topic >>> and we'll be going through a bit of the state-of-the-art who tell >>> you what our goals were let me Design This solution as well as >>> what the actual solution is will then show you a little bit of >>> code before you show you the demo of what we've done. >>> Kayode Ezike: Granger status management has been around for some >>> time and one of the earliest conceptions of it really came from >>> certificate authorities with the notion of certificate revocation >>> lists which is a list of certificates that an issuer has revoked >>> prior to its from its expiry and that is sort of the the main >>> model that we think about in this space when we think about >>> country status management. >>> Kayode Ezike: Generally we think about a resource that is >>> managed by an issuer that informed the public about the state of >>> outstanding credentials and there's been a lot of work done in >>> this space over the years in terms of Standards development and >>> developer tools for how to manage the status of these credentials >>> as well as how to verify the information on them such as >>> revocation or suspension however storage and authorization have >>> kind of. >>> Kayode Ezike: Been left out of scope largely and. >>> Kayode Ezike: Good that it would be great if we can simplify >>> that for issuers and their deployments. >>> Kayode Ezike: Thank you so next slide great so I want to give a >>> quick definition of printer status according to the v-spec mental >>> status is an object value property that enables the discovery of >>> information about the current status of the verifiable credential >>> such as whether it is suspended or revoked. >>> Kayode Ezike: So in other words now before we go on another >>> words it gives consumers of this credential and idea of the >>> issuer's view of the current validity of a credential next please >>> so here on the right we have an example of a verifiable >>> credential that has a special status property on it but one thing >>> to know is that it is an optional value so you not every verify. >>> Kayode Ezike: Krista have this field on it. >>> Kayode Ezike: If it does have the field on it it must Define two >>> main properties which is ID and type and it must also valid like >>> the remaining properties are specified by the type field so in >>> this example we know that we have a status festering 21 entry the >>> type and the three types of rather Fields below it status purpose >>> statuses index in status credential relate to or rather are >>> defined in the stands for students. >>> Kayode Ezike: T10 tree. >>> Dmitri Zagidulin: Toyota quick question I do we want to wait >>> till the end for questions or do you want to encourage people to. >>> Dmitri Zagidulin: If they encounter something or when I ask >>> questions about each slide to raise their hand. >>> Kayode Ezike: I'm happy to take questions as they come up. >>> Kayode Ezike: Is it just the two Fields so the state-of-the-art. >>> Kayode Ezike: There have been a lot of great work and done in >>> sequential status space and one of the early conceptions of this >>> or examples of this came in 2018 from hyper legit Indy via their >>> HIV ew1 one penetration spec and they use a bunch of cool >>> technology cryptographic graphic accumulators to determine which >>> credentials have been revoked and interestingly enough I learned >>> in the suspect that it seems that this actually is. >>> Kayode Ezike: Predates to know now have medication. >>> Kayode Ezike: Like I found to be interesting and a couple years >>> later the ccg would develop a speck of their own via the >>> revocation list 2020 spec and soon after be a refined version and >>> the status was 20 21 spec which sort of granted a more General >>> notion of status that goes beyond just a vacation but also >>> support system suspension and other forms of criminal status. >>> Kayode Ezike: Next please and the most for all these >>> specifications all right one more back sorry. >>> Kayode Ezike: So this is the this point on hosting so for any >>> all these specifications is important for verifiers to be able to >>> to check this the status of the credential somehow right and the >>> most obvious way to do this is to host the resources and in a >>> public location namely a distributed Ledger or a short controlled >>> website. >>> Kayode Ezike: Any questions here. >>> Kayode Ezike: You can move on next slide please. >>> Kerri Lemoie: No questions yet sure. >>> Kayode Ezike: Great so I want to talk to you all about status >>> list 20 21 this is the suspect that we use in our design and the >>> it's one of the more advanced specs out there and in my opinion >>> and this is examples of the left what you see is a credential >>> from a couple slides ago so nothing new here yet we have >>> verifiable credential had the credential status on it and it has. >>> Kayode Ezike: As all the fields that we discussed earlier. >>> Kayode Ezike: Now if you pay attention to the key in on the >>> status purpose status index and Status credential properties >>> these are the properties that are introduced by the status least >>> 2021 spec the first of these properties is the most self >>> explanatory this is saying that. >>> Kayode Ezike: The issuer. >>> Kayode Ezike: Acting this type of status for this credential so >>> for verifier when they want to verify the status of the >>> credential this is the information that they will learn now the >>> other two properties are more specific to sort of like are sort >>> of the meat and potatoes of how this specification works and it >>> relates to a new resource at the introduced so if you can just go >>> forward just a couple steps very until you see a new object in >>> the right. >>> Kayode Ezike: So this on the right is a status list 2021 >>> credential and the best way to think about this credential is it >>> is the credential that manages the status of a batch of multiple >>> credentials it's not philosophy that one more time but this is a >>> credential that the issuer manages that tracks a batch of several >>> different credentials and so what this means if you could just >>> click one more time Carrie. >>> Kayode Ezike: So we so. >>> Kayode Ezike: This was the most important information on this >>> country is this encoded list value right here and what it is in >>> the simplest representation you can think of it as a sequence of >>> characters let's let's say X's and O's that represents the the >>> status of a credential at that position right and so if the value >>> let's say the value of that was X it would mean that it is >>> invalid respect to the status purpose so in other words it is >>> revoked. >>> Kayode Ezike: Value is 0 it means that it is valid with. >>> Kayode Ezike: The words is not revoked and if we go back to the >>> if you focus again on the left side you will see that the status >>> list credential property that is just the way for verifiers to >>> retrieve this credential on the right so it's a public link that >>> they can access and the status index tells them which position in >>> that encoded list is represented a represents this credential. >>> Dmitri Zagidulin: So I want to I want to pause here before we >>> move on to the next slide I want to make sure everybody absorbs >>> this so. >>> Dmitri Zagidulin: I want to make sure everybody understands what >>> that encoded list is for right because at its at its simplest a >>> credential status is binary for a given status purpose so like >>> for a vacation rental is either revoked or it's not so the very >>> first sort of naive implementations of replication status where >>> to host a. >>> Dmitri Zagidulin: Some kind of object. >>> Dmitri Zagidulin: Either cover fabric credential or something >>> else that's a revoked or not for each individual credential right >>> easy so or even before that I think what open badges did is just >>> publish a plane list of all revoked credential IDs on their >>> website yeah so you get you get the credential you can go look up >>> that list to see if it's revoked. >>> Dmitri Zagidulin: So very easy and we wouldn't be having this >>> problem I rather this this conversation here except there's a >>> couple of major major problems there one is privacy that if you >>> publish a list of remote credentials well you can go see >>> everybody whose credentials are revoked but an even more >>> important one is what's known as the phone home problem it's one >>> of the downsides of Hosting. >>> Dmitri Zagidulin: An individual status. >>> Dmitri Zagidulin: Nation for each credential is that whoever is >>> hosting it covers running that website can track. >>> Dmitri Zagidulin: Requests can can track how many times and from >>> where from what IP address is and what time stamp some verifier >>> is is checking. >>> Dmitri Zagidulin: Revocation and that that is generally >>> regarding the community has too much information that that's like >>> that's not necessary that is a threat so then the reason the >>> status list spec arose is that okay so if we don't if we don't >>> want the host whoever's controlling the web whole of the web >>> server to know each time each individual credential is looked up >>> why don't we batch it why don't we rely on. >>> Dmitri Zagidulin: On herd immunity on herd privacy. >>> Dmitri Zagidulin: And batch a whole bunch of credentials at >>> random. >>> Dmitri Zagidulin: And then the verifier can request this whole >>> batch this this entire credential that has the encoded list that >>> contains the status of 20 or 100 I forget how many it is. >>> Dmitri Zagidulin: Potential statuses and that way the request >>> will be spread out over that entire cohort of credentials and >>> that way we get her privacy I see David is on the queue. >>> Kayode Ezike: When you credential is revoked right so when your >>> credential is revoked this this this French on the right will be >>> updated the encoded list will be up to such that the bit at that >>> position I 4 5 6 10 is now 1 or Annex discussed earlier. >>> Kayode Ezike: Yes yes that comes up I think some question time >>> so that really I think bows down to the I think we leave that to >>> the implementers of the their system because that really comes >>> down to how often how what is it catching sort of system like do >>> you check every day do you check every hour and the you'd have to >>> give an essay to the individual using your system to let them >>> know that this is just going to be valid. >>> Kayode Ezike: For a given day or for. >>> Kayode Ezike: Etcetera but I don't think that's something that >>> this back tries to address or to solve. >>> Kerri Lemoie: Give me three. >>> Dmitri Zagidulin: If I may add to that so the cache control is >>> left to the individual protocol meaning because this particular >>> credential is held over http. >>> Dmitri Zagidulin: His publishing the status list can rely on >>> HTTP cache control directives meaning each time the verifier >>> sends an HTTP get for this status credential one of the headers >>> in the response says only cash this for an hour meaning we're >>> going to we're going to renew this thing every hour and that way >>> the verifier knows how long to cash it right so we get that the >>> caching mechanism for free with HTTP so we don't need to put in. >>> Dmitri Zagidulin: An explicit. >>> Dmitri Zagidulin: Potential now if we were if the URL of the >>> status of protection was not HTTP was what some other was ipfs or >>> some other method that doesn't come with cache-control metadata >>> then you're right David we should include an expires field in the >>> statuses credential. >>> Kayode Ezike: Okay thank you. >>> Kerri Lemoie: No more questions for now Kayode if you want to go >>> ahead. >>> Kayode Ezike: Thank you for question is David and I'm great >>> thanks for getting ahead of me Michelle's going to get into the >>> herd privacy notion which is I think one of the main benefits of >>> the specification which is just to reiterate when a verifier is >>> interested in learning about the status of a credential they are >>> only communicating to the issuer that they're interested in a >>> subset of credentials that they manage not in a specific one so >>> it keeps the issuer away from fine-grained details about how a >>> specific. >>> Kayode Ezike: Potential is being used and if you just. >>> Kayode Ezike: Or just one. >>> Kayode Ezike: Thank you this is a digital representation just >>> the visual Learners out there the green slots represent the valid >>> credentials with respect to the purpose so I'm revoked and events >>> Lots represent the invalid by evoked credentials. >>> Kayode Ezike: Next slide please. >>> Kayode Ezike: So we have a number of goals that we were >>> considering what we designed our country stars infrastructure the >>> main governing goal is that we wanted to simplify the deployment >>> for issuers of the printer status infrastructure and we do this >>> by leveraging third-party services for the storage and >>> optimization of grantor status resources and the great thing >>> about this is that we're kind of meeting is adjourned. >>> Kayode Ezike: Is worth where they are right. >>> Kayode Ezike: Allowing them to use a familiar hosting service >>> and and also providing potential path to switch between services. >>> Kayode Ezike: So if we can step ahead just one slide. >>> Kayode Ezike: We'll get into the solution. >>> Kayode Ezike: So we again decided to use a static list 2021 >>> specification and feel free to consult the design doc at that >>> link and the whole conclusion I think this is really where we >>> innovate and we decided to use Source control services such as >>> GitHub get lab and code Berg and we also support issuer hosted >>> websites traditionally and so what this allows us to do again is >>> we. >>> Kayode Ezike: It's a biscuit. >>> Kayode Ezike: Like that organizations already use these services >>> to host their code and and also these Services often provide >>> developers with oauth tokens that they can use to access apis of >>> these services to update resources and so why don't we just use >>> this these services to help issuers manage their current status >>> lists and metadata associated with it. >>> Kayode Ezike: Any questions here. >>> Kayode Ezike: To reload it. >>> Kerri Lemoie: Any chance has an adversity. >>> Dmitri Zagidulin: Yeah if I could just add a couple more words >>> so I want you I want you to everybody to picture the the very >>> specific conversation the very specific problem the solves. >>> Dmitri Zagidulin: As okay we're issuing credential great can we >>> add revocation sure why not what's a good spec what we've got >>> this status list 2021 spec okay then engineering how hard of a >>> lift is this to add this to our system how many hours before you >>> can add revocation to to our issuer and that's where the real >>> problem starts because hosting a file on a website that b is easy >>> the really difficult part which is what makes okay. >>> Dmitri Zagidulin: It is work so. >>> Dmitri Zagidulin: Difficult Park is part is adding the user >>> interface and specifically adding permissions to who is allowed >>> to edit who's allowed to revoke the the credential right so the >>> spec gives us the data model gives us the protocol the mechanisms >>> very easy what's really not easy and what shoots up the >>> implementation time in too many weeks not to mention like really >>> hard requirement Gathering is. >>> Dmitri Zagidulin: Delegation the chain of command of. >>> <xander> I don’t think you can set http cache control headers on >>> GitHub-hosted files. >>> Dmitri Zagidulin: Okay so you know how do we model the trust and >>> permission hierarchy of a particular University down to the >>> registrar and then how does it register our delegate individual >>> officers to be able to hit the button to flip that bit for for >>> the file to be updated so the the the main Innovation here is the >>> realization that. >>> Dmitri Zagidulin: Because permission control and and login >>> systems and graphical user interface is the hardest part about >>> this can we Outsource it to somewhere else and the realization >>> was made oh get hosting organizations like GitHub and get lab and >>> code Berg already provide all of that they provide the permission >>> systems the login systems they produce institutions are familiar >>> with setting up Gap GitHub organizations all of that. >>> Dmitri Zagidulin: Stuff is worked out for us why don't we reuse >>> it. >>> Dmitri Zagidulin: Geico I'll go ahead Gary. >>> Kerri Lemoie: One question I'm asking these are all my be >>> hosting Services could someone just use get for this on its own >>> without using GitHub get lab and or code Berg. >>> Dmitri Zagidulin: So the the question with get is always which >>> protocol will get use right because get has SSH it has HTTP and >>> it has a number of other protocols words hosted so some server on >>> the cloud has to be running it gets server. >>> Dmitri Zagidulin: So can you use get a loan sort of it requires >>> a get server in a good client. >>> Kerri Lemoie: I think so Xander. >>> Xander: I guess I have to have you spoken before so I'll just >>> quickly I'm the security lead for the pocket team just wanted to >>> follow up on David's question real quick so the idea there was >>> that you were going to rely on HTTP cache control headers to set >>> the expiry time for a different certificate right but you're also >>> talking about using services like GitHub to do the hosting I >>> don't believe that you can set the expired header value if you're >>> using a service like that. >>> Xander: So that they. >>> Dmitri Zagidulin: And that's that's a very good point. >>> Xander: You may need to put that you may need to put the time >>> value on the file done. >>> Kayode Ezike: Right yeah that's a good description that we can >>> we start to use these third party dresses I think there's >>> different levels of access that they are each provide and I'm >>> sure maybe like if you have a paid account that makes a >>> difference as to how much you could control but I think largely >>> you make a good point and. >>> Xander: I don't think so I got used the Enterprise version before >>> I think basically if you're using GitHub to host files like get >>> on pages or whatever they really handle everything and you don't >>> get access to that level. >>> Xander: It may be worth looking into. >>> <dmitri_zagidulin> that seems like a good motivation to clarify >>> (in the status list spec) the recommendation of always having >>> expiration timestamps >>> Kerri Lemoie: Yeah time in the queue tell jump in real quick >>> that's an excellent point and I know you haven't actually I'm let >>> you get into like how you doing this so maybe I'm jumping the gun >>> here Harry I'm sorry if I am but um are you considering using >>> just as part of this because just get versioned which is >>> something to consider okay that's the comment there but yeah. >>> Kayode Ezike: This is this is for like the accident the location >>> of us for example. >>> Kayode Ezike: Yes it's something like this came up actually you >>> kind of hear made great recommendation at some point about >>> something like that where you would because get help for example >>> has a way for you to use a link that it's post using GitHub Pages >>> you can also use a link to the file directly that doesn't rely on >>> GitHub pages but I would imagine that the. >>> Kayode Ezike: Might be a rat. >>> Kerri Lemoie: >>> >>> https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists >>> Kayode Ezike: He got distracted the same way in that case as >>> well in terms of controlling what the cache mechanism is like so >>> yeah that would be something to explore but the good thing I'll >>> show you a little bit later how some of these things can be >>> customized for different status clients of different services and >>> there's a way to add flexibility for for that. >>> <kerri_lemoie> Link above to info about gists. >>> Kayode Ezike: Again to that little bit. >>> Kayode Ezike: There are no other questions can move on to the >>> next slide. >>> Kayode Ezike: Great so this is a sort of a visual representation >>> of the architecture that we have issue admin who presumably would >>> already have the permissions that they need inside of a example >>> with GitHub organization so they already have access to create >>> read and write data to Repose in the organization and if you >>> click ahead. >>> Kayode Ezike: So this. >>> Kayode Ezike: This actor would be able to hit the credential >>> status and point of a VC API instance which allows them to update >>> the status EG revoke a credential. >>> Kayode Ezike: More step and then ultimately that enables them to >>> create read and update data in these different services. >>> Kayode Ezike: So before we move on to a demo wanted to show a >>> little bit of code and so this is the main sort of class that we >>> Implement to with this code and so there's this tells subclasses >>> different methods that they need to implement for them to be >>> valid printer status clients and so for example you need to >>> provide a base URL that can be used to reference the printer >>> status information you need to. >>> Kayode Ezike: Boo the client too. >>> Kayode Ezike: That is people from from the code need to enable >>> them to read and write status list and log data in config data so >>> as long as the subclasses can Implement these abstract methods >>> and they're valid client and so if you can step forward this one >>> step please carry will see that in this example GitHub a cultural >>> status client for their get credentialed status URL you notice >>> that there is a GitHub that I owe their meaning that. >>> Kayode Ezike: Using GitHub pages but this is also the place >>> where. >>> Kayode Ezike: I could use a distance that or URL that points >>> directly to the file and there's also we also are using the >>> octave kit Library a popular GitHub SDK to update and read >>> information from the repo which obviously would look different >>> for different services. >>> Kayode Ezike: Any questions about this. >>> Kerri Lemoie: I think we're good once you go ahead. >>> Kayode Ezike: So we're just going to get into a demo now just >>> step forward one and taxes and maybe that's going to come to my >>> email or something. >>> Kayode Ezike: Probably going to email about that 17. >>> Dmitri Zagidulin: Karen thank you have to hit request again on >>> the subsequent page. >>> Kerri Lemoie: Let me know when it's all set Katie I'll refresh >>> it. >>> Kayode Ezike: Yeah it is I just shared it. >>> Kayode Ezike: The volume on. >>> Kerri Lemoie: Were you able to hear the volume when I get out. >>> Kerri Lemoie: Dimitri do you know how to make that work. >>> Kerri Lemoie: Yep that's share audio. >>> Dmitri Zagidulin: In the settings so if you go to the 3 3. Menu >>> at the bottom settings there is yeah share out the others share >>> audio checkbox. >>> Kerri Lemoie: Thanks your patience everybody but I'm getting >>> there. >>> Kerri Lemoie: All right let me try that again it doesn't work >>> Katie you could just walk us through it. >>> <kerri_lemoie> Can you hear? >>> Dmitri Zagidulin: Now that doesn't seem to be coming through so >>> we can encourage people to watch since we we pasted the link to >>> the slide deck everybody can watch the video on the demo on their >>> own. >>> Dmitri Zagidulin: But you can you can describe what when it's >>> done. >>> Kerri Lemoie: We're going to start over and you can just sort of >>> walk us through what's happening. >>> Kayode Ezike: Sure I mean it's a recorded a demo but effectively >>> what we were demonstrating is requesting a credential from our >>> version of V Capi importing that into DC learner wallet and then >>> from there we kind of show you throughout the whole process >>> called the repo is updating and so the GitHub repos I'm using a >>> demo and and then we revoke the credential. >>> Kayode Ezike: Again from the VCA Pi you show you the. >>> Kayode Ezike: Two then rebuild me also show you. >>> Kayode Ezike: That in the wallet and now shows that the >>> credential is revoked. >>> Kayode Ezike: Again it's you should be able to view that video >>> in the presentation but that's effectively what's going on. >>> Kayode Ezike: So that was the last of it actually so if there's >>> any questions or feedback I'm happy to take in you David go >>> ahead. >>> Kayode Ezike: Oh so so the so the credential continues to have >>> the same the credential never changes per se it's the information >>> at at least the credential that the holder controls is the >>> credential that the status could ensure that managers know that >>> has been coded list value that manages multiple credentials is >>> that one that will be shuffled and change as a credentials are >>> revoked suspended. >>> Dmitri Zagidulin: Can I can I jump in here as well. >>> <nate_otto_(another_device)> Nah. credential.id is optional in VC >>> Data model anyway. Reissuing the same one doesn't violate it. >>> Dmitri Zagidulin: So David you're proposing or what you're >>> saying is essentially if we required verifiable credentials to be >>> content addressable so that every time the content of a >>> verifiable potential change the ID has to change but the v-spec >>> does not actually have that requirement you are you are in this >>> very frequently done allowed to publish credentials with the same >>> ID while their contents changes for example if you reuse. >>> Dmitri Zagidulin: Issue it and then. >>> Dmitri Zagidulin: Timestamp or a different signature so that is >>> that is not a requirement in this back. >>> Kerri Lemoie: I'm to add to that question sort of who may be >>> briefly talk about the difference between credential status list >>> and also credential refresh carrier to meet you would you mind >>> explaining that are both of you. >>> Dmitri Zagidulin: Shark a candidate doing on go ahead. >>> Kayode Ezike: How can I just ask this versus credential >>> refreshing scent. >>> Kerri Lemoie: CredentialRefresh: >>> https://w3c-ccg.github.io/vc-refresh-2021/ >>> Kayode Ezike: Yeah so my understanding generally is that >>> subconscious has what we discussed here which is that the issuer >>> manages a publicly accessible resource that allows verifiers to >>> check the status of the repo or rather the other credential for >>> the route for the refresh service my understanding is that >>> whenever if that is not provided the issuer exposes an endpoint >>> that. >>> Kayode Ezike: Allows it that allows. >>> Kayode Ezike: Verifiers to to refresh the credentials whenever >>> it has rather just to be able to refresh it whenever I would ever >>> Cadence in the seems reasonable that's generally how I understand >>> it but I'm happy to allow for any other discussion on that as >>> well. >>> Dmitri Zagidulin: Yeah so the refresh spec. >>> Dmitri Zagidulin: Complementary to the expiration mechanism so I >>> have my driver's license is good for four years what happens when >>> it expires up to four years the refresh spec basically describes >>> the credential version of oh I have to take the old one into the >>> drive the Bureau of Motor Vehicles on the issue me a new one so. >>> Dmitri Zagidulin: Both the status and the refresh exist >>> alongside each other and in fact some of the some of our example >>> specs have both or if you look at examples in open badges version >>> 3 spec a lot of the verify the credentials their have both a >>> status list section and a refresh section. >>> Kerri Lemoie: Thanks anybody else have any questions about this. >>> Kerri Lemoie: Or any other points they'd like to make about the >>> status and how this works. >>> Kerri Lemoie: I bet I have a question for all of you is there >>> anybody here who has implemented credential status and like to >>> tell us about how they're using it and how they've implemented >>> it. >>> Kerri Lemoie: Okay Patti really appreciated that I see so many Q >>> Jonathan the floor. >>> Dmitri Zagidulin: Anthony might be muted. >>> Kerri Lemoie: Yeah you can't hear your Jonathan if you're >>> speaking. >>> Jonathan_Bethune: Okay is that. >>> Dmitri Zagidulin: If you have like an additional Hardware mute >>> on your mic maybe yes better yeah. >>> Kerri Lemoie: Yep they are to thank you. >>> <kerri_lemoie> Link to presentation: >>> >>> https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo/edit#slide=id.g143e60161fc_0_35 >>> Jonathan_Bethune: Better I was using one earpod and it's the one >>> that's dead so okay sorry about that so real quick by way of >>> introduction I think I've spoken much my name is Jonathan and the >>> engineering manager for pocket colleague of Xander who spoke a >>> little while ago just real quick I was wondering if there was a >>> way to get a link to the presentation and actually had a lot of >>> discussion internally about the X and we're just wanted to look >>> into a little. >>> Kayode Ezike: Sure yeah definitely can share that. >>> <phil_l_(p1)> Nate's Comment: >>> Jonathan_Bethune: There we go oh that's fast okay let me well I >>> actually didn't get the click on it we just grabbed it's in the >>> chat right there we go. >>> Kerri Lemoie: Yeah it's going up a little bit the chat moves >>> pretty fast because of the transcription. >>> <phil_l_(p1)> Good point Nate. >>> Jonathan_Bethune: Yeah got it alright thank you. >>> Kerri Lemoie: Okay if no one has anything else okay did you have >>> anything else you would like to add. >>> Kayode Ezike: That was that was everything I just thank you all >>> for your time and yeah we're continuing to refine this this work >>> and we primarily are supporting GitHub and get lab the moment and >>> working on some of the other services as well so just happy to >>> have this opportunity and thank you all again for there for >>> discussion. >>> Kerri Lemoie: Yeah thank you very much. >>> Dmitri Zagidulin: And if I can add so if. >>> Dmitri Zagidulin: If anybody has questions about this work >>> please send an email to the VC edu mailing list or if you're free >>> to contact KO myself directly the code code is free it references >>> an open spec we encourage everybody to join in the conversation. >>> Kerri Lemoie: Hip and actually seen my hush you have killed >>> yourself up. >>> https://imsglobal.github.io/openbadges-specification/ob_v3p0.html >>> Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly >>> unrelated here but more on the open badges 3.0 spec I've been >>> trying to get hold of it and I seem to be pay bald by this IMS >>> Global if somebody has that and can make the open badges 30 spec >>> which is publicly visible I would appreciate it thank you. >>> https://www.imsglobal.org/spec/ob/latest/main/ >>> Kerri Lemoie: I can grab that link for you give me one second >>> here tell Ted you're in the queue your the floor. >>> <kerri_lemoie> Open Badges 3.0 spec: >>> https://imsglobal.github.io/openbadges-specification/ob_v3p0.html >>> TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just >>> following up on responding to David's question about the unique >>> identifier for each credential in the same way that a URI is >>> expected to be stable that is that is the stability that we mean >>> for the ID in these verifiable credentials URI is always meant to >>> name the same thing which doesn't mean that it the thing it names >>> stays the same forever. >>> TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like >>> your name always means you, but your contents don't stay the same >>> forever. >>> <dmitri_zagidulin> thx Ted! >>> Kerri Lemoie: Hey Alec it is empty and listen no one has >>> anything else we have a few minutes left so we could end the call >>> here give another Med see if anybody has anything otherwise I >>> hope you all have a great week and I will see you next week. >>> <phil_l_(p1)> Nice preso! >>> Kayode Ezike: Cheers thank you. >>> Dmitri Zagidulin: Thanks KO day thanks everyone. >>> <elizabeth_miller> Thank you! >>> Kerri Lemoie: Thank you headed. >>> <john_kuo> Thanks, great discussion >>> >>> >>> >> >> -- >> >> *Snorre Lothar von Gohren Edwin* >> Co-Founder & CTO, Diwala >> +47 411 611 94 >> www.diwala.io >> <http://www.diwala.io/> >> *Stay on top of Diwala news on social media! **Facebook >> <https://www.facebook.com/diwalaorg>** / **LinkedIn >> <https://www.linkedin.com/company/diwala>** / **Instagram >> <https://www.instagram.com/diwala_/>** / **Twitter >> <https://twitter.com/Diwala>* >> > > > -- > Kayode Ezike | https://ezike.io > MIT | BS 2017 | MEng 2019 > Engineer | Writer | Creator > -- *Snorre Lothar von Gohren Edwin* Co-Founder & CTO, Diwala +47 411 611 94 www.diwala.io <http://www.diwala.io/> *Stay on top of Diwala news on social media! **Facebook <https://www.facebook.com/diwalaorg>** / **LinkedIn <https://www.linkedin.com/company/diwala>** / **Instagram <https://www.instagram.com/diwala_/>** / **Twitter <https://twitter.com/Diwala>*
Received on Thursday, 18 August 2022 14:35:58 UTC