- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Tue, 30 Jul 2024 21:49:59 +0000
- To: public-credentials@w3.org
Thanks to Our Robot Overlords and Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2024-07-30/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2024-07-30/audio.ogg A video recording is also available at: https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-07-30.mp4 ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2024-07-30 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Jul&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Mike Prorock, Kimberly Linson, Harrison Tang Scribe: Our Robot Overlords and Our Robot Overlords Present: Yvonne, Harrison Tang, cxcheng, Kyle Huang Junyuan, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Hiroyuki Sano, Japan, Gregory Natran, PL/T3, Nis Jespersen , Manu Sporny, Jennie M, Stephan Baur, seth, Wes-Smith, Lucy Yang, Erica Connell, Will Abramson, Chandi, Mike Xu, Joe Andrieu, Wendy Seltzer, Timg, julien fraichot, Benjamin Young, Markus Sabadello, Dmitri Zagidulin, Barry, Brandi Delancey, Jeff O - HumanOS, alex, Rashmi Siravara, R Our Robot Overlords are scribing. Manu Sporny: Hey well um uh yeah just uh 1 announcement pretty big announcement um. <manu_sporny> Decentralized identity leaders partner to accelerate DID method standardization: https://blog.identity.foundation/decentralized-identity-leaders-partner-to-accelerate-did-method-standardization/ Manu Sporny: I just sent this out to the mailing list but some of you may have seen that um the decentralized identity Foundation um the trust over IP Foundation the w3c credentials community group this group uh the w3c did work in group uh and a few other leading organizations have uh just made an announcement about um kind of a partnering collaboration agreement to standardize did methods so there's a letter of intent uh that has gone out to the community at large the the global community at large I'll put that. Manu Sporny: Here in um the chat um. Manu Sporny: And the intent here is to basically standardize a number of dead methods um 1 of the kind of regular criticisms on the dead ecosystem is that they aren't certain did methods standardized so this is just to kind of kick off the process uh the general uh approach is you know any 1 of these organizations can pursue did method standardization we're just kind of sending a very clear um outline uh or very clear message to kind of the global community that um we are prioritizing this work and and plan to get it done um uh so there's this letter of intent that you can kind of read through there's also a sign up there's a call to action at the end to like if you're interested in participating in this work no matter what community that you're in um you can show your support for you know did method standardization and you can also if you want to uh sign up to participate in the work uh wherever it might. Manu Sporny: It happen. Manu Sporny: Over the next couple of uh weeks uh we will be hope you know hosting kind of open meetings between all of these different uh uh groups to kind of get a plan in place suggest standardization Charters um figure out you know what did methods um. Manu Sporny: Aware for standardization and in general kind of uh start with Earnest on uh the uh standardization Arc for these Technologies um so if you're interested uh please sign up uh please read the letter um we and and definitely please circulate this among your communities um I think that's it thanks. Lucy Yang: https://www.dmv.ca.gov/portal/ca-dmv-wallet/mdl-for-technology-developers/hackathons-2024/ Lucy Yang: Thank you uh I just so I I probably some of you already saw the announcement about the the cadmv.com. Lucy Yang: Um so yeah just wanted to make sure like you and I shared I shared this with the group on this call so if you have any further questions you have like the email on in on on the web page so you can reach out to us. Our Robot Overlords are scribing. Manu Sporny: We are but a bunch of people got kicked off so you might wait a bit including Calvin so you might wait a bit to um start. <pl/t3> many of us were :-( Manu Sporny: Yeah thank you um Calvin and and Kyle for the presentation it's it's really um it's really neat work right I I think uh Singapore is is definitely far ahead of many other initiatives in the space when it comes to um you know being able to render this stuff being able to redact it uh using you know a custom UI for the individual to make it easy for them to understand um what they're reacting um uh there are a bunch of really neat uh you know features in here and it's great to you know that that um you're also engaging with the global standards process to enable this you know functionality for the the rest of the world um I'm I'm wondering what um kind of the focus uh for your team over the next uh 6 months to a year uh is going to be are there um things that are missing uh from. Manu Sporny: Would like to fix do you have like a road map that you can share with us um. Manu Sporny: I I think it would be really great I mean that was a great great answer on the the the privacy concerns implications part of it I think it's probably worth writing that up in the in the specification to to note that you know they're you know what those privacy implications are um because just now when you you know I've taken a look at the PRS and the spec and all that kind of stuff and it didn't click until just now when you said what you did uh uh Kyle so um uh so that's great I mean I think that's a very defensible you know privacy position um as far as kind of you know roadmap is concerned I know that there are a number of us that would like to take the render method specification onto the standards track at the worldwide Web Consortium so it's great that uh your team is going to uh be there um because we'll need you know all the support that we can get to uh convince the w3c membership to uh put at least you know render method along with a number of other things. Manu Sporny: If I will. Manu Sporny: Into the next Charter um uh the the the uh securing mechanism that you're talking about which I believe is like a Merkel tree proof based you know securing mechanism um is is that also of interest to put on the standards track the reason I I ask is because there are other selective disclosure mechanisms that are probably going to be Global standards um I know that there are differences in the way that you're employing kind of the the your selective disclosure mechanisms that are important um is that something also that you're interested in kind of pursuing on the global standards track or do you feel some of the other things that are being worked on like BBS um uh on linkable and selective disclosure or the ecdsa SD thing would would fit your use case as well um so so the general question is what are your thoughts on. Manu Sporny: Standardizing uh the the marlay proofs um uh stuff that you're working on. PL/T3: Yes um man is comment can you hear me. PL/T3: Is it there. PL/T3: Manage comment um about on linkability uh led me to think about whether if an if a number of credentials are being rendered um to the same individual from the same institution it sounds like that is 1 is a potential issue that might be uh correlated to Identity um if there's uh if that's happening over time and I not sure that the comment about processing a lot of the JavaScript internally to the browser quite addresses that aspect but perhaps you can comment on that. PL/T3: Sure I mean I think the main thing is if there's if the if the party that we're talking about is a third party watching the transactions cross the cross the web and they're seeing these these transactions coming from this institution for a particular credential type um if there's any way for them to to um see that over time from multiple places for example because it's being rendered for different applications of employment from the different institutions the probability that you'll be able to start correlating that uh process. PL/T3: with other. PL/T3: And thereby identify the actual identity of the individual For Whom the who's the credential subject that's the question that I was really focusing on and man you might be able to elaborate more clearly than I have. <pl/t3> q` Manu Sporny: Yeah do do follow on to that um uh it does seem like uh you know caching client side uh can address some of those things but I think Phil you you do have a a um a good point meaning that um there are patterns like if you're not caching things client side their patterns that someone watching this could pick up on that oh we're dealing with an individual here with a very specific kind of educational history or Healthcare history or document history uh and you can't and you can you know start linking the the individual through those things um uh however you know as Kyle mentioned I think you know the more caching you use um the the less uh you can you can trace that in fact you could probably mitigate the concern almost entirely Phil if uh they're only like you know 10 or 15 credentials that the verifier deals with and they fetch 15 of those things. Manu Sporny: And then. Manu Sporny: Mash them for a month. Manu Sporny: For the rest of the month any kind of attacker really doesn't get any kind of um. <pl/t3> Caching is great thing to go into an implementation guide for this. Manu Sporny: New information right so for example that's 1 Thing could that that could be done you know through caching I'm wondering Kyle if you've also considered uh things like oblivious HTTP uh or fetching some of these documents off of a um more decentralized Network like ipfs I did notice in the network traces as you were doing your demo that you were hitting uh ethereum and some cloudflare ethereum um uh uh um endpoints um so I'm curious if you're already kind of doing that a bit or uh if you've uh considered using things like oblivious HTTP uh to serve up some of these files. <manu_sporny> Oblivious HTTP: https://blog.cloudflare.com/stronger-than-a-promise-proving-oblivious-http-privacy-properties Manu Sporny: https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html https://www.openattestation.com/docs/verify-section/document-integrity <harrison_tang> Great presentation and demo! Manu Sporny: Okay sorry I'm full of questions today um uh could you speak more to the work that you're doing with uh Cambodia is there kind of a drive to um kind of uh work with uh groups um in the Asia Pacific region to uh also set up open out of station uh systems uh what's kind of the the plan there if you can share any. <kyle_huang_junyuan> Thank you all for your time! <harrison_tang> Thanks!
Received on Tuesday, 30 July 2024 21:50:06 UTC