[MINUTES] W3C CCG Credentials CG Call - 2023-03-14

Thanks to Our Robot Overlords for scribing this week!

The transcript for the call is now available here:

https://w3c-ccg.github.io/meetings/2023-03-14/

Full text of the discussion follows for W3C archival purposes.
Audio of the meeting is available at the following location:

https://w3c-ccg.github.io/meetings/2023-03-14/audio.ogg

----------------------------------------------------------------
W3C CCG Weekly Teleconference Transcript for 2023-03-14

Agenda:
  https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Mar&period_year=2023&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date
Organizer:
  Mike Prorock, Kimberly Linson, Harrison Tang
Scribe:
  Our Robot Overlords
Present:
  Harrison Tang, Erica Connell, Greg Bernstein, Jennie Meier, 
  TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Gregory 
  natran, Clare Nelson, Jeff O - HumanOS, Amit, Steve Magennis, 
  Robin, Stuart Freeman, Mahmoud Alkhraishi, Leo, Juan Caballero, 
  BrentZ, Wendy Seltzer, Orie Steele, Manu Sporny, David I. Lehn, 
  Dmitri Zagidulin, John Henderson, Phil L (P1), Markus Sabadello, 
  James Chartrand, Kimberly Linson, John Kuo, Sharon Leu, Kayode 
  Ezike, Nate Otto, Nis Jespersen , bengo

Our Robot Overlords are scribing.
Harrison_Tang: So hi everyone thank you for joining this week's 
  at w3c shiji call today our main agenda is that we actually had 
  the honor to invite a robin from Pro collapse the creator of 50 
  coins and ipfs interplanetary file system to actually talk about 
  what you're working on but before we get to the main agenda just 
  want to do the em and stuff first.
Harrison_Tang:  first so.
Harrison_Tang: First of all just a quick reminder about the call 
  of ethics and professional conduct just want to make sure that we 
  all respect and acknowledge each other's perspectives and we've 
  been doing that for ages I don't recall the last time it was any 
  fights or big arguments so the book that's continue to do that 
  all right a quick IP know anyone can participate in these calls 
  however all substantive.
Harrison_Tang:  tribution to.
Harrison_Tang: You work items must be members of the ccg with for 
  IPR agreement sign and make sure you have the w3c account and if 
  you encounter any issues please feel free to reach out to me or 
  any of the co-chairs all right quick call notes these meetings 
  are recorded and we have a little transcription on and we will 
  publish the minutes in a few days we used to teach at to Q 
  speakers during the call.
Harrison_Tang:  so just hacking Q + to add yourself to the key.
Harrison_Tang: Q- to remove it you can do Q question to see who 
  is in the queue.
Harrison_Tang: All right introductions and reintroductions you 
  are new to the community or you haven't been active and you want 
  to re-engage with the community to please feel free to unmute 
  yourself and you introduce yourself.
Harrison_Tang: Okay next announcement and reminders any 
  announcements announcements were reminders Farm on the community.
<manu_sporny> ECDSA Cryptosuite support needed here: 
  https://lists.w3.org/Archives/Public/public-vc-wg/2023Mar/0027.html
Manu Sporny:  Yep couple the first one is a reminder to the 
  community that the ecdsa crypto sweet in the verifiable 
  credentials working group is up for a vote tomorrow I'll put a 
  link to the announcement crypto sweet crib sweet support needed 
  here.
Manu Sporny:  This is as we've been saying there's a call for 
  adoption for the ecdsa crypto Suite in the verifiable credentials 
  working group tomorrow if your organization has a need for this 
  like basically if you have a need for Hardware security modules 
  when assigning verifiable credentials or when using decentralized 
  identifiers then please sign the letter of support so we have 
  plenty of support going.
Manu Sporny:   In so that's announcement number one.
Manu Sporny:  To is that we have another crypto sweet cold BBS 
  that is going to go up for a call for adoption next week in this 
  is cutting it really close because feature freeze happens after 
  the vote so we get like one if we get one chance to get this in 
  there hasn't been a letter to go out that you can sign to support 
  it but BBS is really important for.
Manu Sporny:   Corrective disclosure in verifiable.
<greg_bernstein> Just updated BBS IETF draft to version 2
Manu Sporny:  In on linkable signatures so the ability to produce 
  the same verifiable credential in a way that is privacy 
  respecting it's one of those you know Cutting Edge privacy 
  enhancing technologies that we're trying to also get on the 
  standard Strachan w3c so very important for that one to be 
  supported look out for that request on the mailing list this week 
  please move immediately.
Manu Sporny:   Italy to sign that.
Manu Sporny:  Organization cares about selective disclosure on 
  linkable signatures because it will be going up for a vote next 
  Wednesday that's it the two announcements.
Harrison_Tang: Thank you man you.
Harrison_Tang: Any other announcements or reminders.
Harrison_Tang: It's a pretty quiet week probably a sound us are 
  affected by the SCV or something people might be a little bit 
  better now.
<orie> Reminder that VC-JWT supports ECDSA already.
Harrison_Tang: All right any comments on the work items.
Harrison_Tang: All right I will come back to know calling for 
  introductions reintroductions toward the end if we have time all 
  right let's get to the man jenda so this week as I shared earlier 
  we're very glad to have Robin from a local labs are prolapse 
  actually builds that develops the file coin that decentralized 
  storage and ipfs interplanetary file system.
Harrison_Tang:  and I know through.
Harrison_Tang: This community has been quite intrigued and 
  actually they're having some community members who have expressed 
  that they would like to learn more about ipfs so and actually I 
  think we have someone from ceramic ceramic Network actually 
  presenting about ceramic a few months back and ceramic is built 
  on top of ipfs so very very intrigued about what protocol 
  protocol labs are building and we're very very honored and 
  pleased to have a.
Harrison_Tang: Share their latest development and works so Robin 
  the floor is yours.
Robin: At thank you very much and the the honor is entirely mine 
  thank you very much for the invitation I'm trying to make sure my 
  screen is shared I'm not seeing it being.
Harrison_Tang: U.s. sure before but right now I cannot see it.
Robin: Shared I wish I was here before did you did you see the 
  slide before when I was.
Robin: Okay so hang on that you do this again because it doesn't 
  show for me it's the usual fun.
Robin: Speeding and we share.
Robin: Do you see a big googly spider.
Harrison_Tang: Yep we see the we see we see the background we 
  don't see the screen the sorry we have we don't see that slides 
  yeah.
Robin: That's a yeah sorry yeah that that makes it less 
  interesting without the sides.
Robin: You just see the back that you still just see the 
  background right.
Manu Sporny:  See your mouse cursor and the background Robin if 
  you wanted to throw it into a PDF and send it to the mailing list 
  or one of us we could display while you talk through it as an 
  option.
Robin: Yeah hang on just let me try one last thing and if that 
  doesn't work I'll see you PDF I don't know why I didn't want to 
  share.
Gregory_natran: It looks Robin like you have a Mac running two 
  displays in your presentation is on the other display.
Robin: So I do have a Mac running to this place but if I share 
  this play one here's what you're going to see and maybe that's 
  the trick to making it work.
<phil_l_(p1)> consider mirroring
Robin: Let me share I'll now Jutsu won't even let me press the 
  button but if I shared if I shared the other screen I just showed 
  the Gypsy thing.
Harrison_Tang: Take your time don't worry about it.
Robin: Yeah I didn't try this one okay so now if I do this can 
  you all see yourselves okay that's step one maybe now if I move 
  this in front.
Manu Sporny:  Now we just see the jitsi screen.
Robin: You still don't see preview do you it's weird it's as if 
  like preview preview refused.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I think it's 
  are like.
Robin: Okay I'll email it to hang up.
Harrison_Tang: Now you can email it to me and then.
Harrison_Tang: Can share the screen.
Manu Sporny:  We see it see it.
Robin: Wait what happened I did nothing.
Harrison_Tang: It works now.
Robin: Oh you have it of course you have it wonderful.
Juan Caballero:  I just screen sharing it to mess with you I have 
  an old one though I have an old one if it changes substantially 
  send me the do it in parallel.
Juan Caballero:  To make it verbally and you'll have to say next 
  slide please each time.
Harrison_Tang: Yeah that works like what I thought it's a magic I 
  was like wait what's works.
Robin: So you're missing one joke but that's okay thank you 
  thanks a lot one I will thank you very much thanks a lot of 
  jumping on this so and it was weird because that was not the 
  slide I was showing on my screen I was like whoa anyway let's get 
  to it hi everyone it's a pleasure to be here thanks a lot for the 
  invitation so very quick intro for.
Robin:  for those.
Robin: Pleasure to make to meet yet I work on governance that 
  stand standards at protocol Labs with that I was at the time 
  she'll five years and I've spent way too much time over the past 
  20 25 years working on WT stuff popping on the tag still working 
  on privacy principles and but you should check them out they're 
  out to wide review now if you're interested in privacy I'm also 
  on the WTC board but obviously I'm not speaking for the WPC board 
  because they don't work on this.
Robin:  kind of stuff.
Robin: And so yeah this is a pretty informal presentation it's 
  basically in two parts first I'm going to go through pretty 
  quickly you know a refresher about ipfs and you know just to make 
  sure that everyone's on the same page and then I'll talk about 
  the stuff that I've personally been been working on and so you 
  know it's informal just like jump in any question anything you 
  find outrageous.
Robin:  you know Hollows.
Robin: Mm whatever so let's jump into ipfs so there's like four 
  components of the I know it's a huge ecosystem but like the 
  therefore components that we can think about this protocol Labs 
  which is the company I'm working on that that this research and 
  it's building protocols in this area is ipfs so ipfs is somewhat 
  misunderstood in the in the community but it's best to think of 
  it as a P2P version of HTTP it's.
Robin:  not people.
Robin: Some kind of BitTorrent which isn't it's much more like if 
  you think about HTTP version in which you don't need a you don't 
  need a centralized server that's ipfs for you and in addition to 
  ipfs the Falcone foundation and all coin itself provide a storage 
  Network that integrates with ipfs in English that they will see 
  afterwards next slide please so you know essentially the core the 
  absolutely most.
Robin:  we important Concept in ipfs is the concept of a see.
Robin: CID is an identifier that's generated from the content so 
  it's content addressable just just those of you familiar with 
  from from getting any number of similar systems and so instead of 
  using a system of external Authority it uses intrinsic 
  self-certifying Authority in order to to to find content for 
  those of you who are interested in the history of the web I do 
  encourage.
Robin:  courage you to go read.
<manu_sporny> TimBL === Sir Tim Berners Lee
Robin: In temples design notes or the earlier work of the of the 
  tag back in the in the early 2000s is very interesting to see 
  just how how committed they were to this idea of having it 
  Authority stemming from the scheme and getting stemming from DNS 
  and and you can you can and then inside of that the idea was 
  really that you would own this a strong notion of Federated 
  ownership over.
Robin:  that naming space to the point that when.
https://github.com/timbl :D
Robin: Robots.txt happened or you know dot well known and people 
  people back then we're talking about expropriation is you what 
  you were expropriating names from from what should I have been 
  absolutely local ownership now of course you know what happened 
  next we all know if you own something then then you can you can 
  give it away and and and people lost actual authority over what 
  they were doing over.
Robin:  on the web so see how these really help and.
<manu_sporny> if you own something, seek rents! :P
Robin: Because I'm sure most of you are familiar with c8c IDs and 
  pump ever dressing but I think it's really important to 
  understand that how Central the archived events next slide please 
  yes and so as I was saying you know really the the core value of 
  C IDs is that they can reproduce by anyone and therefore they can 
  be verified by anyone and it allows for for self-certifying 
  Content distribution next slide please.
Robin: And really that's where yes that that.
Robin: That's where I'm repeating this because I think it's some 
  it's a concept that's really key ipfs can feel a bit sprawling 
  because once you start digging into how it works is the entire 
  the P2P stack there's a whole there's a there's a whole slew of 
  like somewhat novel acronyms that that people in the in the more 
  HTTP world might not be familiar with but really if you want to 
  think about what ipfs is it's the space of things that you can 
  interact with using a CID and that's it.
Robin:  but that's that's really.
Robin: To think about in that space and so you know maybe you're 
  acquiring the content directly you know over a sort of 
  traditional ipfs maybe you're getting it from a Gateway maybe 
  it's local it doesn't matter so long as you're interacting with 
  the resource using a CID your knife yet space next slide please 
  and so you know this is this is not something that's entirely 
  abstract ipfs is a a set of systems that has.
Robin:  increasing deployment and an.
<bumblefudge1> @Manu: See 
  https://github.com/everyname-xyz/Public/blob/main/Research.md - 
  rent-seeking in the namespace space is booming lately!
Robin: Of the patient's right now we're going through the 
  teething Pains of specifying and standardizing things up to that 
  the the implementations are interoperable but I just wanted to 
  show that that you know you can you can run you can access I'd 
  give it's called and directly in some browsers here we have the 
  brave browser and and there's this is this is a growing field 
  there's work for a given particle handling in chromium so so 
  this.
Robin:  is a growing space and.
Robin: To see more ipfs formal normalized in at the intersection 
  of webtoon web query in the coming months and years next slide 
  please and so you know the key thing with ipfs is is you know if 
  there's no node serving your content then that content just 
  cannot be retrieved it might exist somewhere in the abstract but 
  it won't be on the net there's several ways in which.
Robin:  got it can be made available override.
Robin: The first and easiest one is of course just to run your 
  notes and you can scale this right you can you can run a series 
  of nodes that are maybe geographically distributed so that you 
  can handle increasing increasing load or then you can start 
  working with a company that might pin your content for you so 
  this is basically what you do if you want to serve content over 
  ipfs but tell you don't you don't have your own Hardware or you 
  don't want to have your own Hardware.
Robin:  or you want to distributed over multiple sources one 
  thing is that that's.
Robin: Years that you can start working with you know 11 pinning 
  service and if you don't like them if you want to just like 
  transition to your own since it's all kind of the addressable any 
  way that the content can easily move anywhere and no one's going 
  to notice a long as it stays on and of course you get you get to 
  the case where if if your content is particularly popular and 
  people want to Cache it themselves and make it available 
  themselves then this becomes that you can you can.
Robin:  you can start benefiting from that.
Robin: That is not something that will happen automatically for 
  you and next slide please.
Robin: And so you know part of part of part of that idea of 
  hosting and storing data over the long term is why it's why file 
  coin was built I'm not here to like sell you on file coin is just 
  to explain how it builds on ipfs and so basically it says it's a 
  massive decentralized storage network with huge capacity and a 
  consensus system built to reward people for.
Robin:  for storing and to.
Robin: Reliable overnight PFS system and next slide please and so 
  you know it's pretty straightforwardly again I'm not going to go 
  to integrate detail here is just to give a rough sense of what 
  that what this is but you know it's actually it's a deal making 
  system in which a client can make it can strike a deal for 
  storage and then provide storage and then the system has a series 
  of of ways of proving that the the.
Robin:  data is properly stored.
Robin: Penalizing people who fail to store data storage as 
  promised and then a retrieval Market to get the the data back out 
  and and the idea here is to go fully cloudless and to enable 
  infrastructural systems that can be shared at that at the level 
  of the of the entire internet in a way that that's interoperable 
  and and that can support any kind of any number of providers 
  pretty next slide please and you know as part of that.
Robin:  also one thing that I like to point people to.
Robin: In part because the stack can be unfamiliar to to web 
  developers I find that it can be good to to get started using 
  webview storage which is a really smooth and nice interface to to 
  ipfs all file coin and basically integrates really well with 
  JavaScript and they have some UI components that they're the 
  shipping and you can basically drag and drop this arriving drop 
  this into into into.
Robin:  or your app and and easily.
Robin: With ipfs using the libraries and their components it's 
  pretty neat next slide please and so that that was you know 
  basically the very quick refresher on ipfs I hope it wasn't too 
  fast or too confusing and of course feel free to ask questions 
  and let so if you don't come in with questions right now you can 
  also ask them later I'm going to switch to the stuff that I've 
  been working on and how I'm trying to.
Robin:  figure out ways you know.
Robin: The bunch of lovely colleagues that to to figure out how 
  ipfs in the and the web work together yes but.
Manu Sporny:  Yeah just wanted to connect a few dots for 
  something the community that might not know that we're already 
  using a number these Technologies when it comes to decentralized 
  identifiers and verifiable credentials some of the lower-level 
  things like multi base multi hash multi codec we're all things 
  that were kind of built you know for ipfs to kind of achieve some 
  of the technical things that that that Rob.
Manu Sporny:   Has been you know.
Manu Sporny:  Two ends so they're already Primitives that this 
  community is using from from ipfs and then at a higher level and 
  you're probably going to get into this Robin there's a desire I 
  think among a number of people in the community that want to do 
  more with content address storage like ipfs like if you have a 
  verifiable credential and it links off to you know a set of 
  pictures or proof or a document of some kind.
Manu Sporny:   And what you really.
Dmitri Zagidulin: Did:key uses IPFS tech! :) (multiformat 
  specifically)
https://github.com/multiformats/multibase
Manu Sporny:  To be able to do if that's at its large document is 
  not necessarily point back to you know like centralized storage 
  for that thing whatever it is picture evidence you want to be 
  able to point to some kind of decentralized network that is 
  storing these things in some cases for the good of society and 
  other cases to make sure that you know it's highly available so I 
  just wanted to clarify that like there's a lot of overlap in the 
  work that you're doing.
Manu Sporny:   In the work that you know protocol labs and the 
  ipfs folks are doing.
Manu Sporny:  Some of the needs you know of this community when 
  it comes to verifiable credentials and decentralized identifiers.
<dmitri_zagidulin> similarly, the VC hashlink proposal (the 
  digestMultibase mechanism) uses multiformats
<manu_sporny> yes, also that ^
Robin: Right yeah I completely agree yeah thanks that's it that's 
  a very good call out and actually I've been wondering if if we 
  seize might be used with the work that like starting lab has been 
  doing about documenting war crimes and the such I think I think 
  that there's a there's definitely is this definitely used for for 
  I mean this is definitely many meeting points in there so yeah.
Robin:  yeah thanks I think that that's very very.
https://www.starlinglab.org/
Robin: Pulling out so jumping into to the web stuff next slide 
  please I want to be I want to be like super super clear here that 
  you know what I'm talking about is highly speculative when we say 
  that we're in R&D lab it is certainly true I'm going to stay a 
  high level a few of you had to have seen some of them bits of 
  this.
Robin:  work and know that.
Robin: The the basically ideation document its 15,000 words long 
  already and that like already lacks details so I'm compacting a 
  lot of that into into a tiny space and also this may contain 
  traces of philosophy it's not purely engineering so let's jump in 
  and if there are any things that that any specific aspects that 
  you know call upon your fancy that don't hesitate jumping so as 
  you know things are bad.
Robin:  on the web next slide.
<manu_sporny> /me lols.
Robin: I don't think this will come as a surprise you know most 
  of the web is highly centralized capture and and you know if we 
  were getting some good products out of out of all this this 
  centralization maybe we'd still be bothered but at least we get 
  the product but the result is pretty unimpressive generally the 
  tools were getting actually quite terrible certainly for the cost 
  and and you know in that context time spent on the way.
Robin:  web instead of apps keeps dropping despite the.
<bumblefudge1> at the very least a failed state machine 🥁
Robin: Being told that all this centralization and all this 
  infrastructure is supposed to be helping keep the well the wet 
  the web alive and then there's all these problems of like you 
  know privacy and harassment and disinformation that you've heard 
  about so in general we can say that the internet is a failed 
  State and things are not a not currently working working great so 
  the question is you know what can we do about it next slide 
  please so you know we should we should be trying to figure out 
  how to fix the web and and.
Robin:  and you know what what how to drive the web forward and 
  where the web should be.
Robin: But the thing is very funny one the thing is we can't see 
  we don't actually have a definition of what web is a lot of 
  people care you know those people who want like web to and web 3 
  and web 5 which is the joke that is not on the slide because it's 
  like the old and the people who say there's only one web but we 
  don't say what it is or that were leading the web to its full 
  potential which is the booties motto but no one knows where that 
  for what their full potential is and so we kind of need some.
Robin:  alignment of you know what the web is in order for all of 
  us to be moving in something that might.
Robin: Be the same direction.
<bumblefudge1> i know it when i see
Robin: At least roughly moves forward it's like this and so you 
  know the question comes back and this is something that many 
  groups have tried to address and fails to address over the years 
  which is the question of like what actually is the web you'd sort 
  of want to say well maybe it's all the stuff that's over HTTP but 
  there's a lot of people doing doing things over HTTP that you 
  wouldn't consider the web that just like API calls between 
  various back-end system so it's not that some.
Robin:  people would want to say.
<bumblefudge1> particularly when it's web-transferred obscenity
Robin: Runs in the browser but that also very limiting and also 
  it includes things that we probably would like to extrude from 
  the web like PDF and yeah there's the the classic vision of like 
  I know I know it's the web when I see it but that doesn't help us 
  figure out a way of moving forward so we don't really have a 
  definition of what the web is and so you know I've decided to see 
  if we could like figure out one and use that as you know North 
  doctor too.
Robin:  move towards.
Robin: That's like these and so the idea really is that you can 
  find no constancy in the bundle of technologies that that we tend 
  to agree is the web will have agreed is the web over the years 
  and so instead the idea is really that the web is a project the 
  web is a set of values and it's the set you know it's basically 
  the set of digital Network Technologies that work to increase 
  user agency now that might seem a bit Vegas but it actually backs 
  off next slide please.
Robin:  he's from a a.
Robin: From a pretty important philosophically Doctrine and that 
  is the part where there's there's there's there's a little bit of 
  philosophy I know that's not always popular in all circles but I 
  do encourage people to pay attention to at least some of that 
  philosophy simply because when we don't we just we just like 
  doing it without without knowledge of it next slide.
Robin: I'm so that that philosophically Foundation that I think 
  Matt's really well to the notion of user agency is the 
  capabilities approach that that nice Bowman sin have developed 
  over the past that we've got an essay 30 years or so and 
  basically it's it's it's an idea of social ethics that was built 
  for development and it's entirely centered on the idea of 
  increasing what each person is able to do and able to be and 
  really there are several days.
Robin:  several advantages to this I'm not going to you know.
Robin: Like probably due to our course on this and I will spare 
  you but you know fundamentally it's meant to be testable because 
  it was meant to be used as a grounding rule for actual 
  development and to solve like real real world problems like 
  poverty it's a good match for for the kind of problems we have 
  because a lot of Technologies tend to remove agency especially 
  centralized.
Robin:  apologies but if you.
Robin: All the efforts to drive in a machine running deep into 
  search engines that that gives people less and less control over 
  what they're searching for it's just like you know generating an 
  answer and and that's it and the idea is to drive in a different 
  direction that actually puts more power in the hands of people 
  and this has all kinds of consequences it helps people organize 
  better it helps people drive their systems around them better and 
  and and it generally helps.
Robin:  oops systems improve so.
Robin: And I'm not.
Robin: You tell but that is basically that the central Focus next 
  slide please and so you know you might be thinking okay that's 
  nice if you get all the philosophy and yes I do think it was it 
  was important to start from figuring out where we wanted to go 
  like go all the way back to to First principles but you know from 
  there what do we want to what we want to build and so I can't 
  cover everything that that that that we're thinking about I'll 
  include the link to the longer thing but let's look at at least 
  one of the basic Primitives that that's it.
Robin:  their next IDs and so the Primitive that that will 
  building.
Robin: Is based on the.
<bengo> 👋
Robin: That you know we've been we've been caught in this browser 
  Paradigm that's that's really good that document retrieval and 
  we've been trying to take it Beyond document retrieval into app 
  space and you know apps are kind of like pretty important if you 
  want to put more power in the hands of people they need to be 
  able to not just read things that do things and over the past 25 
  years we've tried a million things.
Robin:  I'm just listing a few.
Robin: Hi Ben and and you know we've been doing we've been using 
  pretty much everything we've had in our hands to try to do 
  packaging and to try to ship app stuff to people and we've 
  systematically failed it's B is almost like on the on the clock 
  every four years the WC has a workshop that is on a variation of 
  like how do we expose powerful capabilities and how do we package 
  things up so that people can install them we've had widgets 
  which.
Robin:  binary XML packaging that which might sound funny but I 
  was there.
<harrison_tang> haha
Robin: We've had a few successes like like it's funny the 
  transcriber Redbone or XML that's actually better anyway I could 
  go on but it's been a success it's been a succession of failures 
  for 25 years and so you know if we can't solve it what is the 
  problem next slide please and so instead of trying to it trying 
  to basically in trying to re-approach the same set of problems.
Robin: We figured out that they might be a different way of doing 
  a getting there and the idea is is to experiment and we're 
  starting to hack on them with these things we've called 
  professionally at least tiles and they answer to a few a few 
  basic requirements one is that they're safe by default and by 
  safe by default we're actually really strict pretty much all of 
  these previous app like things they.
Robin:  could all connect to the network right away with with.
Robin: No restrictions and so essentially any extra power you 
  give to them they can use immediately in pretty bad ways at least 
  in privacy violating ways and we know from you know having 
  actually been on the web that that is something that people will 
  abuse systematically and so the thing is since since people will 
  abuse it the one of the founding ideas here is well let's just 
  remove that let's let's make it impossible for these things to at 
  least at first touch the network because they're safe by the.
Robin:  fault it also means that.
Robin: By default and so that's an interesting thing instead of 
  having all these endless discussions about permissions and and 
  consent mechanic mechanic sins and security mechanisms that we 
  know don't work because we haven't solved the problem of 
  prompting people for permissions in a way that that they will 
  meaningfully act on we just because because they're safe we just 
  make them powerful by default any you know any functionality that 
  you can't use to break or destroy.
Robin:  boy data the breaker.
Robin: Or destroy data since you can't exfiltrated we just we 
  just we just make it available and now on top of that in order 
  for them to be safe by default the first time you load them you 
  have to be able to load them in a way that's in direct and not 
  necessarily from the source so they are location agnostic and 
  this has like as a consequence that they have to be they have to 
  be packaged because you can't do like back and forth as you would 
  for for you know when you're loading in HTML document.
Robin:  instance and it automatically makes them local first 
  because since they can't addressable do you know.
<greg_bernstein> But what do they do?
<dmitri_zagidulin> I'm super curious how exfiltration is 
  prevented. sounds like GETs over http must also be disabled?
<bengo> render stuff?
Robin: It'd scare quotes installing it just means having it 
  there's no difference and so you know these are all things that 
  might seem like unrelated to ipfs but actually ipfs if you use it 
  with you know the IPL D which is the the data layer car which is 
  a packaging format and also like a strict CSP this is this is the 
  this allows you to create this packaging format that has the 
  these problems and Greg asks but what do they do.
Robin:  now that's a very good question.
https://web3.storage/docs/how-tos/work-with-car-files/
Robin: Yes yes a gets over HTTP also disabled so you this is 
  super strict you cannot touch the network once you've loaded the 
  thing the thing is running what can they do well they can have 
  like any arbitrary HTML JavaScript images svg's CSS you name it 
  inside and they can run as like small contained web apps but they 
  just can't touch the network you might be thinking well that is a 
  pretty stringent limitation and.
Robin:  it is and so.
<greg_bernstein> Cool!
Robin: If we keep going down the slides I'll explain some of the 
  stuff we can do it and so again this is like super early days 
  super speculative super experimental so you know it I'm not 
  promising anything I'm just like explaining what we're working on 
  and the approach we're taking the idea being that that you know 
  maybe we'll find this doesn't work but I do think there's a way 
  to make these interesting and so you know losing the ability to 
  interact with the network.
Robin:  loses a lot of what we tend to.
Robin: And you know what you needs to create a what do you need 
  to create a web app well you kind of need to store data but you 
  know because they are they safe by default we can also give them 
  access to a lot of local information that that can be stored on 
  the user's in the users agent and we can also make them 
  composable with one another today you know we keep hitting that 
  wall of cross-origin issues and we keep actually restricting the 
  ability for web pages to to talk about.
Robin:  across Origins you know like third-party cookies for 
  instance are disappearing.
<bengo> oh yeah perhaps the tiles could do more but only after 
  they request the capabilities they need to do so and end-user 
  consents
Robin: Make it hard to maintain State across across origin and so 
  here the idea is to like reinvigorate the idea of intense and 
  activities which are basically a declarative way to connect 
  pieces of code and so you can have multiple tiles any any one of 
  which can handle any number of intense and you can use that to 
  have them talk to one another and that means that you can start 
  like you know for instance you could install the tile that 
  manages your local image.
Robin:  data store and can provide images to another.
Robin: The might want to I don't know establish a profile picture 
  so those are things where you can think of these as units of 
  functionality part of the idea here being that we've been trying 
  to put apps on the web and apps already a bad idea of the web you 
  can go back 40 Years of you I research with every time you are 
  researchers coming back and saying like well actually these 
  bundles of like functionality that we put inside apps I really 
  not a great way of answering the needs that people.
Robin:  people have but we keep getting stuck on them so instead 
  of putting a.
<bumblefudge1> they are good for rent extraction tho
Robin: This is more about like making a web of apps or of like 
  app functionality that can sort of like be built dynamic they by 
  by people without them even having to think about and so of 
  course you know you still need a Steely at some point to go back 
  to yesterday apps are good for renters extraction that is true 
  that's actually the whole purpose of the bundling and you know 
  you do want to go back to the network sometimes yeah it's 
  important to maybe be able to communicate with other people.
Robin:  and so in order to.
Robin: You the idea is to restrict interactions to things that 
  can be partially user mediated so you can't like arbitrarily open 
  a request to something else but you can interact with the agents 
  native support for a number of protocols and these can include 
  social protocols like all the activity Pub stuff the idea is that 
  they also have to include an idea of native search because you 
  don't want to have searched run by websites that's a terrible 
  idea and.
Robin:  you know you also need to.
Robin: Able to make.
Robin: Money and so there's a series of native protocols that 
  basically these these tiles can interact with but they can only 
  interact with them in ways that are either user mediated or that 
  can be reasoned about by the user agent so that it can it can 
  prevent the exfiltration of data again you know I understand that 
  this is very very Vapor weary but you know the idea is that.
Robin:  that we're using ipfs to build this new.
Robin: Three of this new primitive and and and we're 
  experimenting with ways of making it work.
Manu Sporny:  That's it yeah it just a question about just a 
  question about the the way you're intending it to be constructed 
  and this may turn into like a requirement right so this this kind 
  of community has this use case around this concept called the 
  digital wallet and the idea is that it's kind of analogous to 
  your physical wallet you have things in your physical wallet that 
  you carry around with you so one example of this would be like a 
  digital passport goes in your digital wallet in.
Manu Sporny:   You would hope to have access to that digital 
  passport on your mobile device and maybe on your.
Manu Sporny:  In maybe on a desktop right so there's this concept 
  of shared storage between your devices applying this tile concept 
  which is you know fantastic like this is this is really 
  interesting you know cool stuff one of the things we keep seeing 
  over and over again is like ipfs as applied to public content or 
  semi-public content I don't know if there's been I guess could 
  you tell us kind of what thought has been put into.
Manu Sporny:  Content meaning content that you really don't want 
  replicated that you don't want exposed outside of your devices 
  but at the same time you don't want centralized either so for 
  example you would like to run a decentralized network between 
  your mobile devices your family's mobile devices you know 
  whatever to hold onto that that truly you know private content 
  that you that you don't want replicated where do you see 
  something like.
Manu Sporny:   Like that fitting in in this architecture that.
Robin: Is it that that's a really interesting question so again 
  nothing has been implemented but at that two things and I think 
  they work in potential levels one is of course you can you could 
  have encrypted content over ipfs which you know probably doesn't 
  solve the what you're looking for to the degree that you that 
  that that that you're seeking but the idea is that you can like 
  encrypting.
Robin:  and put.
Robin: On ipfs and someone could you know fetch the encrypted 
  blob that's all they're going to be able to do with it and their 
  systems like w NF s for instance that that that that use that so 
  that's one option the other option is to go for things that that 
  involve for instance more locals are at them Discovery or forms 
  of private networking and so there's there's an implementation of 
  a user agent that's.
Robin:  experimenting with things.
<bumblefudge1> windows native file system
<bumblefudge1> from fission (https://fission.codes)
https://capyloon.org/
Robin: Of ipfs called Cappy loon by fibrous destroyed so it's 
  really cool and one of the things that he does with that is that 
  he discovers peers over emptiness and so he's able to he's able 
  to to basically discover you know from his from his mobile device 
  to his laptop as being due to initiate to way to a connections 
  without going it over any kind of public network now these.
Robin:  are just like two options that exist.
https://github.com/capyloon
<bengo> browser could also do retrieve CIDs from EDV on same host 
  as user-agent
Robin: Me that they're the only options like you could imagine 
  you know completely private but like more distributed systems 
  that that that with the same properties existing does that answer 
  your question.
Manu Sporny:  It does so I guess based on that I'm imagining like 
  a tile that is it has some kind of you know native API to a more 
  decentralized but private file storage so the two options you 
  know the encrypt something on a public network probably not going 
  to work for large corporations that don't want to do that 
  necessarily right but still want some of the advantages of 
  decentralization I certainly wouldn't want my encrypted passport 
  being stored on.
Manu Sporny:   GFS at.
<dmitri_zagidulin> decentralized but "location aware"
<dmitri_zagidulin> in datacenter terms
Manu Sporny:  Right what I'd be hoping for is something that is 
  still decentralized but within a group of you know nodes that I 
  trust meaning like you can walk away from rent-seeking if you see 
  it being used against you so I think with that approach that 
  you're talking about it would be like a tile that or or the 
  platform exposes a native API that allows you to do that kind of 
  discovery of you know only the know.
Manu Sporny:   Nodes that you.
<bengo> put zcaps in the CAR files and then you can express 'who 
  is allowed to retrieve this'.
Manu Sporny:  You store that very private data is that that's.
Robin: Correct yeah you can you can actually I mean nothing says 
  that you have to be on the you know the global ipfs Network you 
  can absolutely run a private version of it and so you could write 
  it in an Enterprise System you know maybe behind a firewall or or 
  whatnot and but you could also run it you know as some kind of 
  like secret private version just for you and your friends but all 
  of this is possible.
Robin:  humble and yes.
Robin: It that's not specifically a problem that I've been 
  working on to just solve right now but yes it's entirely feasible 
  and so unless there are other questions I'll jump to the next 
  slide please.
Robin: And so part of part of the difficulty in doing this and 
  the reason I don't have much to show I mean this we're working 
  like Fabrice has been doing stuff in Kappa Noone I'm doing I'm 
  doing stuff to experiment with it as well but puzzle of the 
  difficulty is that you cannot get to this new notion without also 
  changing the UI so this is not something that's incremental in 
  the browser at least not not running inside a tab because you 
  can't really get to this notion of isolation with multiple tiles.
Robin:  is cooperating and with a good with a good.
Robin: If you stuck inside this tap metaphor so you know with all 
  the risks that that we absolutely know and have experience with 
  in terms of going different routes this is something that has to 
  be done outside not necessarily outside the browser but at least 
  outside outside of tabs of the tab system is that that that is 
  really holding us back next slide please and so yeah I'll share 
  the the links in a more usable form or if you find this doing it 
  right now but so you know for people who.
Robin:  who are interested in ipfs I do recommend that that 
  first.
https://research.protocol.ai/tutorials/
<bumblefudge1> resnetlab-on-tour/
https://hackmd.io/@browsers-n-platforms/
<bumblefudge1> HykU2_jws
Robin: Has a bunch of like tutorials that go into that going to a 
  decent level of detail if people want to know more about this 
  crazy tile thing there's a big messy draft if you're more patient 
  and you don't need to read it like this week you can you can wait 
  a little bit I'm in the process of turning that into a series of 
  articles that will be spaced out over time as we figure these 
  things out and as you know as a.
Robin:  last one.
https://berjon.com/internet-transition/
Robin: It's like this is purely a Shameless plug in case you're 
  interested in the broader topics of governance that that were 
  thinking about that that that is basically the right type that 
  matches that and with that we can go to the last slide and thank 
  you very much again for inviting me and having me here and for 
  the questions and if there's anything else you want to ask about 
  I'm more than happy to.
<bengo> 🎉👏🏻
Robin: That's really I love that sound effect every time.
Harrison_Tang: All right Bumble fuck.
Juan Caballero:  Nothing sorry I was just trying to make.
Harrison_Tang: I do have a kind of newbie question that the how 
  how do you do I do like the sea IDs or update to a CID so when 
  the content changes or update.
<orie> see also IPNS
<orie> which has mutability
<bumblefudge1> IPNS gives you mutable addressing
Robin: So so I mean you don't update a CID at all the CID being 
  content addressable of the content changes then the CID changes 
  what you want is so the a CID is purely a mutable now if you want 
  mutability there's a layer called IPS which basically pairs a key 
  to a CID or something else and so this this makes it possible to 
  keep referring to to the same thing.
Robin:  thing but with a with a.
<dmitri_zagidulin> and wins the worst name award?
Robin: Just over time it's mutable the dressing yes.
Harrison_Tang: Got it thank you.
<orie> but is bound to a single key... which means the mutability 
  is GG, if the key is compromised.
Robin: And there are there there are other things that are people 
  working on alternative naming system so like Dane Cook is going 
  on something called the name name system this is number of like 
  pet naming layers so I penis is one option and it's I would say 
  it's the dominant option but there are there people looking at 
  Alternatives as well.
<orie> IPNS needs to die, we can do better : )
Harrison_Tang: Thanks and the smart Janice you're on the your 
  next on liquor.
<dmitri_zagidulin> 100%
<bumblefudge1> Blaine Cook , for the notes
<bumblefudge1> there is a write-up on the name nameservice on 
  fission's docs site i believe
Steve Magennis:  Sorry Stephen yeah so he immediately you know 
  I'm just starting to get more into ipfs and super fascinated well 
  one thing I notice is that there doesn't seem to be a lot of 
  conversation around the notion that suddenly we really can't 
  remove data once we've pinned it or post it out there which seems 
  to be just kind of inherently problematic I just want to kind of 
  get your thoughts on that if I'm looking at this the wrong way or 
  it may be either folks are working on ways to get around that 
  issue.
https://github.com/DDC-WG
Robin: You're not at all looking at things the wrong way so 
  they're said that this this is something that has been noticed 
  and I agree with you that the conversations aren't in a haven't 
  fully taken off yet but there's something that we recently 
  launched which is this and actually on the want to join to say a 
  word as the as our current.
Juan Caballero:  Oh yeah sure yeah there there's the 
  decentralized and compliance working group it's sort of 
  exploratory and to be honest I think that most people in it are 
  assuming there are there are like two or three layers of control 
  between content and see IDs like it isn't like you just upload.
Juan Caballero:  In regular CID on open ipfs and just say here is 
  here are my baby photos of my child there's always presumed to be 
  at least IPS or some sort of authorization layer what three 
  storage and you know fission or both doing like z cap style 
  authorization layer that would have a lot of different 
  intermediate artifacts that can be deleted that are.
Juan Caballero:  The retrieve ability of data.
Juan Caballero:  What else can I say yeah I mean it's sort of 
  it's sort of depends like what you call a platform or what you 
  call a network because if it's you know ipfs Diego protocol you 
  can make networks within it that are variably closed or bounded 
  so.
Juan Caballero:  Sorry Bobby of spa day.
https://members.newdesigncongress.org/memory-in-uncertainty-web-preservation-in-the-polycrisis/
Robin: I'm also paste also pasting a link we worked with new 
  design Congress on problems that problems in that space right and 
  and so they produce this report which I which I encourage you to 
  read if you're interested in that topic and by all means like 
  come and come and speak to us at the at the DDC working group if 
  you have if you have issues I posted the link higher up as well.
Robin:  you know we're trying to solve these issues.
Harrison_Tang: Bingo you're next in the queue.
Bengo: Robin my question is like do you have a point of view on 
  how like in your vision of tiles if we have a CID and we wanted 
  to make that a URI what you're like what might the URLs look like 
  if anything gets given that Z ideas aren't.
Robin: I'm that so that's it that's a good question where with 
  this is something that we're thinking about so one option would 
  be to use the ipfs scheme and the OPF scheme uses the CID has the 
  authority and then you can pass into it the issue with that is 
  that it doesn't have clear semantics in terms of whether you can 
  load other things what kind of context you load it into excetera 
  Etc so for Bruce and I have been talking about using a tile.
Robin:  scheme and the idea of the tiles.
https://github.com/ipfs/ipfs/issues/36#issuecomment-470617316
<bumblefudge1> ^ related protocol design proposal for CID URIs
Robin: It's kind of similar it takes a CID as its Authority and 
  it supports a path but it also enforces strict CSP Rules by 
  default without without having to rely on anything else and so 
  that that that that that that could be a good option but we 
  haven't we haven't finalized that yet and so if you have if you 
  have opinions that they're definitely well.
<bengo> web+tile:// could be registerProtocolHandlered by a PWA I 
  think?
Harrison_Tang: I do have a question so my impression in my 
  experience with some decentralized applications is that the Speed 
  and Performance is slow and as we know like Speed and Performance 
  is quite important for applications and you act so my question is 
  if my Impressions correct like what are the works that's on going 
  to kind of dress the Speed and Performance issue.
Robin: You mean of ipfs in general.
<bumblefudge1> yeah ipfs:// was >1sec for most blocks a year ago
Harrison_Tang: Yes like because the retrieval of the content can 
  take even though it could be fast in the sense of like you know 
  knows that like for applications where a building you know Mass 
  direct to Consumer applications like Speed and Performance is 
  Paramount right so so if my Impressions correct about the 
  centralized technology being slower than the current Technologies 
  like how are we going to address these issues.
<bumblefudge1> it's getting better incrementally
Robin: Right so I mean it's not intrinsically slow so there's a 
  number of I think you know compared to say HTTP HTTP 3 it hasn't 
  been optimized as much yet so for instance there's a prototype 
  called happied that can currently do multiplexing not expecting 
  and that can lead.
Robin:  like that has like really.
<bumblefudge1> iroh
Robin: In performance properties there's work on indexing to make 
  sure that that that that speed that this piece is up to you know 
  is up to par and there's also the Next Generation iroh 
  implementation is going to be focused it seems I can't speak for 
  them but from what I what I heard is going is going to be focused 
  on performance and they seem to believe that they can get they 
  can get this to be really really fast so yeah it's certainly not.
Robin:  Superfast just yet.
https://github.com/n0-computer/iroh
Robin: From what I've seen in terms of prototypes and and and and 
  work that moves this forward I don't think it's intrinsically 
  slow I haven't seen any evidence that it is.
Harrison_Tang: Got it thank you.
Robin: Yep thank you very much take care.
<robin> thanks a lot all!
Harrison_Tang: Right oh we're at time and thank you Robin thank 
  you again for taking the time to present and be the discussion 
  here if you don't mind like can you send the presentation to me 
  and then I will include that yeah that would be great okay all 
  right thanks thanks a lot this concludes yeah this concludes 
  today's this week's meeting and you know you can see the upcoming 
  meetings in the w3c calendar see w3c ccg calendar right thanks a 
  lot have a good one bye.

Received on Wednesday, 15 March 2023 18:04:45 UTC