- From: CCG Minutes Bot <minutes@w3c-ccg.org>
- Date: Wed, 06 Nov 2024 05:43:53 +0000
- To: public-credentials@w3.org
Thanks to Our Robot Overlords for scribing this week! The transcript for the call is now available here: https://w3c-ccg.github.io/meetings/2024-11-05/ Full text of the discussion follows for W3C archival purposes. Audio of the meeting is available at the following location: https://w3c-ccg.github.io/meetings/2024-11-05/audio.ogg A video recording is also available at: https://meet.w3c-ccg.org/archives/w3c-ccg-weekly-2024-11-05.mp4 ---------------------------------------------------------------- W3C CCG Weekly Teleconference Transcript for 2024-11-05 Agenda: https://www.w3.org/Search/Mail/Public/advanced_search?hdr-1-name=subject&hdr-1-query=%5BAGENDA&period_month=Nov&period_year=2024&index-grp=Public__FULL&index-type=t&type-index=public-credentials&resultsperpage=20&sortby=date Organizer: Harrison Tang, Kimberly Linson, Will Abramson Scribe: Our Robot Overlords Present: Harrison Tang, Jim Schoening, Susan Stroud, Tom S, Nate Otto, andor, Olvis E. Gil Ríos, Will Abramson, Jeff O / HumanOS, Geun-Hyung Kim, Kimberly Linson, James Chartrand, Manu Sporny, Vanessa, Julien Fraichot, Joe Andrieu, julien fraichot, Limari Navarrete, Leo, Dmitri Zagidulin, Erica Connell, Kerri Lemoie, Stephan Baur, Colin Reynolds, Ed Design Lab, Kaliya Young, Brian, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), Nis Jespersen , David I. Lehn, Geun-Hyung, Gerald Glickman Our Robot Overlords are scribing. <olvis_e._gil_ríos> :wave: Harrison_Tang: Welcome uh welcome everyone uh to this week's wvc ctg call uh last week was the internet identity Workshop 39 and I saw some of you guys so it was really good to actually uh meet the real person behind people's names so uh very very glad about that uh later uh just want to take a quick 3 to 5 minutes uh to see if anyone wants to share their thoughts on IW or great presentations that they saw that maybe we can invite the speakers to actually be a discussion on those topics. Harrison_Tang: Today our main agenda is actually we're very glad to have Adolf uh and Kenya to talk about the dif decentralized identity foundations credentials schemas work but before that I just want to quickly go through some of the administrative stuff um first of all just want to do a quick reminder on the code of ethics and professional conduct basically just use common sense and make sure that we hold constructive and uh great conversations and we've been doing that but still want to uh do a quick reminder. Harrison_Tang: Uh a quick uh IP no intellectual property no uh anyone can participate in these calls however all substantive contributions to any ccg core items must be member of the ccg with full IPR agreement signed so if you have any questions in regards to your w3c account or the community like contributor license agreement um please feel free to reach out to any of the cultures. Harrison_Tang: Now a quick call notes as you can see these meetings are automatically transcribed and uh recorded and we will publish the meeting minutes audio recording and video recording um actually within the next day or 2 I think we've been pretty good like obviously in these meetings on time so if you have any questions in regards to Prior meeting notes just let any 1 of us know. Harrison_Tang: A quick note um so most recently sometimes uh uh you know because we run out of GT's bandwidth uh and some of us will get kicked out um because it's a open source software and all that stuff so when if that happens feel free to just uh uh refresh your web browser and rejoin and uh everything will be. Harrison_Tang: Zoom um was expected. Harrison_Tang: All right if you have any questions in regards to uh anything or you want to have comments uh please type in Q Plus to add yourself to the queue uh Q minus to remove and I will be moderating the queue. Harrison_Tang: Right I just want to take a quick moment moment for the introductions and reintroductions so if you're new to the community or you haven't been active and want to re uh want to re-engage uh feel free to just unmute uh and actually uh introduce yourself. Tom S: Oh hi everyone thank you uh my name is Nas and I'm from India I'm pretty new to this space of SSI or the whole activity that's going on here I'm still learning I come from a monetary reform background uh working in ngos and also a little bit of blockchain experience so that's pretty much about me thank you. Harrison_Tang: Welcome welcome your lovely here so if you have any questions uh feel free to just reach out to any of our any of us because we're quite open and welcoming anyone else feel free to just unmute. Harrison_Tang: All right any announcements and reminders. Manu Sporny: Uh thanks Harrison um a couple of um I guess not well announcement e things on things that happened last week so this is um after iiw I know we're going to talk about iiw a bit but um after iiw the state of California uh their Department of Motor Vehicles the California DMV. Manu Sporny: Held a community hackathon. Manu Sporny: https://www.dmv.ca.gov/portal/news-and-media/dmv-hosts-second-community-hackathon-to-facilitate-additional-public-sector-uses-for-mobile-drivers-license/ Manu Sporny: Focused on government uh use of verifiable credentials uh there's a press release that they released about it here I'll put that link in the chat Channel um. Manu Sporny: It was a real. Manu Sporny: Great event uh a lot uh a lot more California government agencies are starting to use um specifically verifiable credentials so you know when they talk about it they say mdl but that's being used largely as a marketing term when you look at the technology itself underpinning a lot of the use cases there is some ISO mdl usage but the vast majority of the usage is w3c verifiable credentials um and just last week uh number of new initiatives new types of digital credentials uh as verifiable credentials were announced uh unfortunately I don't. Manu Sporny: Think I can. Manu Sporny: Talk about that stuff just yet because they wanted to keep you know it kind of to a government only event um but I think this community should expect many of those uh types new types of verifiable credentials to be announced here over the next couple of weeks um the other kind of takeaways were that. Manu Sporny: Um uh 830,000 uh people have now installed the California DMV app uh which includes uh full support for uh w3c verifiable credentials as well as ISO mdl um. Manu Sporny: https://github.com/stateofca/opencred Manu Sporny: Those uh verifiable credentials are being used uh with the open Credit platform which increasingly a number of agencies in California are starting to deploy I'll put the link. Manu Sporny: To the open Credit platform there that lets you verify um a verifiable credential version of the California driver's license. Manu Sporny: Uh there were a number and this is public the agencies that participated in the hackathon which is actually built stuff out or building stuff out was uh US Air Force um usdhs uh us uh General Services Administration so login.gov things like that um. Manu Sporny: The California governor office of emergency services so caloes they do all the firefighters and uh EMTs and paramedics and folks like that um California Highway Patrol uh DMV uh California office of data Innovation the city of Los Angeles and then they had uh folks come in from overseas and other other states within the US like the M Michigan Department of Health and Human Services uh West Virginia Secretary of State um uh we had uh our neighbors to the South um the city of uh Mex Mexico City and Mexico in general with their digital drivers uh licensed credentials um came into the presentation so uh lots of really good traction um. Manu Sporny: With the digital credential stuff especially in California and I think we're starting to now see how like. Manu Sporny: You know it it really helps to have multiple different agencies all kind of consuming each other's uh credentials uh the driver's license is kind of like 1 of those fundamental uh credentials but now because of that uh being kind of a foundational digital identity document we're seeing other digital identity documents um being published uh through um through California agencies working with each other so lots of really good news for w3c verifiable credentials um last week that's it. Harrison_Tang: Great thank you man uh quick question by the way man uh I know the California supports both uh ISO standards and w3c standards but that said I don't think the users can pick the standards they probably don't even know what's the underlying standards right so when you said that yeah when you said that the usage of w3c is more uh can you explain that a little bit more like how yeah how is w3c has more usage than ISO is the the users cannot even make a choice. Manu Sporny: Um because the the there's 180137 is an implemented anywhere and so you can't ask for it so the only usages of the mdl are kind of like you know uh boarding an airplane uh all the other usages are like the true age verifiable credential um it it we know because of the protocols that are currently being used the only protocol that works online right now is the uh oid for um uh uh VC apis also supported with um. Manu Sporny: With the open Credit platform but most of these agencies are deploying open credit and the only current deployment of open credit that you know works is for the verifiable credential uh version of it so in convenience stores in online settings it's the verifiable credential version of the the credential that's going across um did that answer your question. Harrison_Tang: Yes thank you thanks for the clarification. Harrison_Tang: And Joe you're in the queue. Joe Andrieu: https://digitalfiduciary.org Joe Andrieu: Uh thank you Harrison um just want to share with people that the Monday before I W at vrm day we announced the digital fiduciary initiative which is putting Humanity back in identity by creating a new professional class of individuals who are committed to putting the interests of identity subjects first um you can learn more about the initiative at uh the https://digitalfiduciary.org. Harrison_Tang: Thank you thanks Joe. Harrison_Tang: Any other announcements and reminders. Harrison_Tang: Right just want to take a quick 5 minutes uh to see if anyone want to share their thoughts uh or summary in regards to the internet identity Workshop. Harrison_Tang: Any presentations that they thought is uh quite interesting that they want to share with the community here although please. Geun-Hyung Kim: :Clap: Nate Otto: I mean yeah but by far I take the the most exciting 1 for me was to see the the update by Google on uh the credentials digital credentials API which now includes uh credential issuance as well as the presentation flow um I thought that was quite informative uh seeing how they've you know further the work there and then secondly the the the need for privacy I thought was very interesting uh so much so that Google had you know a couple of phds present uh a creative way on how to do um zero knowledge proof from an ISO MDOC but the conclusion being that you still need to somehow change you know the signature like it it doesn't it doesn't just translate as is on on the current ISO M Dog you do need to to uh a special kind of signature to be able to do on linkability um so I think uh yeah just the need for privacy uh ISO MDOC doesn't solve privacy and we need more Alternatives there so. Harrison_Tang: Well thanks for sharing and by the way do you know those Google guys like because I didn't have the chance to attend that session and I would love if uh love to learn more about the Google's digital credentials API. Nate Otto: Yeah Abby shalat in Mattel frigo I'm happy to share their their contact info. Harrison_Tang: Got it I I'll follow up with you later all right cool well please. Harrison_Tang: Yep well actually it will we can always change the time too I will do a special session we've done it before so yeah. Dmitri Zagidulin: Wanting to press 1 when Auto said about I. Harrison_Tang: No we can't hear you thanks. Harrison_Tang: Actually I think we lost you. Harrison_Tang: We lost the metre. Harrison_Tang: We'll come back to him. Harrison_Tang: After he rejoins uh any anyone else want to share their thoughts. Harrison_Tang: Sorry hold on a second. Kaliya Young: Um I shared about my internet engineering task force research that I this summer. Kaliya Young: It was funny in closing Circle Drummond was like. Kaliya Young: Right like talking about how we've made iaw and it's pretty amazing and. Kaliya Young: How the ITF in some ways I mean the ITF is 30 years older than IBEW um. Kaliya Young: So I shared about what I learned in the research and I'll put a link to the paper that we wrote um. Kaliya Young: Just understanding its governance processes as a kind of living organization with no paid staff that. Kaliya Young: Um defines the protocols for the internet um so. Kaliya Young: I'll just put a link and if folks want to. Kaliya Young: Draw inspiration for it for exploring governance options in our community that would be a great outcome for having done the research I think they have fairly interesting Innovative practices that I've seen almost nowhere else. Kaliya Young: Um including selecting their core leadership via a process. Kaliya Young: Where the decision makers about who gets into leadership are just 10 people. Kaliya Young: Randomly selected from the body of the membership. Kaliya Young: And membership being defined as people who've been to 3 out of the last 5 meetings as there is actually no formal. Kaliya Young: Gatekeeping on who is a member other than joining a mailing list. Harrison_Tang: Cool thank you. Harrison_Tang: Demetry at your back. Dmitri Zagidulin: Yeah uh can you hear me okay. Dmitri Zagidulin: Uh yeah so I wanted to plus 1 what Auto said about what really caught my eye was the. <kaliya_identity_womand> Here is a link Exploring the Dmitri Zagidulin: Uh the updates for the digital credentials API from the uh. Dmitri Zagidulin: Chrome and Os teams uh and also specifically uh presentations on uh potential new. Dmitri Zagidulin: Credential query language uh dcq um so so that that was interesting to see the the other thing that I noticed is that. Dmitri Zagidulin: There were a bunch of sessions on trust Registries a subject near and dear to my heart and I think of interest to to this community here. Dmitri Zagidulin: So I. Dmitri Zagidulin: Did a trust strategies 101 session but more importantly there were uh I series of sessions of European Union is in the process of adopting a trust strategy framework for issuers and verifiers. Dmitri Zagidulin: On a fairly short time scale and so there were the design discussions and brainstorming on what that oh architecture is going to be B and and they're leaning towards. Dmitri Zagidulin: Uh some combination of x509 and open 80 Federation spec uh for that so so a lot of there was a session on trust Registries in higher Academia. Dmitri Zagidulin: Lots of interest there in on that topic that's it for me. Harrison_Tang: Thanks for share so uh yeah I'll definitely work on getting the Google digital credentials API guys uh to present here uh sometime uh actually it will be q1 of next year because we're booked till January 28th now so. Harrison_Tang: Write any 1 last thought and then we'll get to the main agenda. <kaliya_identity_womand> (they only came to one day of IIW and arrived after agenda creation) Harrison_Tang: All right a quick thing so next week uh we will have Stephen uh from open Ai and then actually a lot of you guys are in the co-author of the person who credentials paper so we'll talk about that uh by the way uh I still couldn't get the war coin guys to present here so uh this is uh this is as good as it gets right in terms of proof of a person who the proof of humanity kind of work uh in W3 and then the week after that we'll have the Open session on the Q4 2024 review and work items so uh feel free to uh uh just talk about anything right or if you have further thoughts that we didn't get to today you know like in regards to IBEW um just uh. Harrison_Tang: Just talked about that um November uh 19th it'll be an open session. Harrison_Tang: All right so in the interest of time just want to get to the main agenda again very excited to have Auto here to actually present his work on the dif credential schemas so that you know it's a I I actually briefly look through that work it's very very cool so uh. Harrison_Tang: The floor is yours. Nate Otto: Yeah okay perfect let me just share my screen. Nate Otto: Uh yep let me know if you can see it. Nate Otto: All right thank you so yeah uh tomorrow I would provide ID also a member of the dif co-chair at the credential schemas uh work item and join here by Kim Hamilton who is the uh executive director at the if. Nate Otto: So uh yeah. Nate Otto: Forward and uh talk to you a little bit about um what the work that we've been doing on both the basic person schema as well as some of the work that Kim is starting around the proof of personhood. Nate Otto: Um so I guess this is kind of preaching to the choir here why schemas and why they matter right uh in in it comes down to it the summary is we want to ensure consistency and interoperability uh even across different identity protocols and credential schemas uh being standardized help us to establish that trust and facilitate that interoperability and you can see a little table there of our basic person abstract data model um we've created for uh just reference. Nate Otto: The use cases that we're targeting uh both um in kyc and KYB uh and so the uh discussion today is around our version 1 of the basic person schema which is uh defining a person for kind of kyc type use cases um also proof of humanity and personhood is Kim will be talking about those as well um and then also AML right we do want to have in a separate AML credential that can facilitate identifying whether users have been in any of those sanctions list uh and stating that in a credential uh also another piece of work that we actually did talk about at iaw towards uh the end of the of the conference there 1 session uh an initial effort around H verification and estimation so we want to approve of age credential that can support both verification and estimation. Nate Otto: So um the way that we're managing the credential schemas uh is with this idea of what we call an abstract data model which is this table format with field names and descriptions and then from there on your uh free to be able to implement that in your favorite uh credential format uh that you like whether it's Json LD such as we do in Privado ID VC chats or Json of these and checked or is the jots as you would in an open ID for VC so this allows flexibility and um kind of consistency without imposing any uh. Nate Otto: Restrictions and so on. Nate Otto: So uh to jump into the basic person schema uh the purpose of this schema is is as I said to define the the set of fields that we would need for defining an individual for kyc purposes uh and then enable that interoperability uh you know across various use cases in financial services and others uh the schema spec itself aligns to the open ID connect uh open ID for ID assurance and ebsi for natural person um schemas and we've done harmonization and mapping of the fields in order to facilitate interoperability with those standards uh the schema you know kind of excludes the the the work of assurance levels and verification process uh because we want to Center mainly on the data fields and less so on the process that it took to get that there right but that is not to say that you would be able to perhaps develop a wrapper around this credential schema to include that Assurance level uh and verification process details. Nate Otto: If you so. Nate Otto: And then use cases uh mainly financial services but you could also use it for telecoms or any other uh use case that requires ID verification for customer onboarding and so on. Nate Otto: The structure of the schema is a main table with the basic person uh details uh followed by a set of uh array objects 1 for the names of the person and we do require 1 uh name at least at a minimum the legal name 1 set of addresses uh with a minimum address being the place of birth of the person um a set of identifiers which could be able to government and non-government identifiers and the requirement being that there be at least 1 form of government identifier. Nate Otto: The list of contact channels uh which is just another array of contact Channel objects and then finally uh support for various nationalities uh that the person uh might have as well so um I'll be just summarizing some of the the different objects in in sub objects here but you can feel free to look at this credential schemas uh specification here uh that we have and we are now published this in a working group draft where uh you can just come in and and check it out and you know get a feel for it and so on but we won't be going into a lot of detail of the spec itself just summarizing it. Nate Otto: So um to continue the presentation. Nate Otto: The uh main components are that basic person data model which defines your birth date sex gender and nationalities of the credential subject it includes a provision for an array of custom fields for any additional ones that may be required and some specific instances the name object will be able to record the names of the person it will require at least 1 entry corresponding to the users's legal name. Nate Otto: Secondly we have the identifiers object uh which would record those government identifiers or non-government identifiers and again would you require at least 1 entry corresponding to their uh government identifier because this is a kyc focus type use case. Nate Otto: And then secondly we have the address object with the addresses of the subject uh it just require at least 1 entry for the subjects place of birth and uh finally the contact Channel objects which records various contact methods could be email phone or others uh we do assume that the credential issuer will have verified that the subject is in possession of those contact channels uh if it's an email you probably sent a link to them or if it's a a phone maybe you send an SMS text message or a phone call to validate that the person is in possession of that contact method uh so the details of how that's done is outside of the spec but we do have that that assumption that we documented. <tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> uh-oh... "requires at least one (legal) name". See https://github.com/kdeldycke/awesome-falsehood especially https://shinesolutions.com/2018/01/08/falsehoods-programmers-believe-about-names-with-examples/ specifically "40. People have names." Nate Otto: And that is that is basically it as far as the structure of the of the spec itself in in summary but we do invite you to come participate and and um you know give us your feedback this is now in in working group draft and the idea being that um this will support you know at least uh a variety of use cases in the provider ecosystem we do have an implementation of it and it is actually listed here um you can see it here in our schema Explorer tool where we've actually implemented that and are actually using that with a variety of customers but the idea being we want adoption uh and we want to have your feedback and so on so that's very important also the folks at uh open ID did give us feedback on this uh Adrian field so that is also been very useful in enhancing the schema but we you know we do invite more participation and feedback. Nate Otto: So uh yeah any comments or uh anybody want to jump in here Kim do you want to provide any additional commentary. Geun-Hyung Kim: So can you hear me. Geun-Hyung Kim: Okay excellent I have had issues with jitsi in the past so um thank you Otto the Inn in I want to say just incredibly great work on this Auto and the. Geun-Hyung Kim: Work item in if you've done a lot of work reconciling this with different schemas and I think um 1 thing I like about this approach is calling out the abstract. Geun-Hyung Kim: Data model and then mapping it to different formats and encodings and um you know hoping that that will help us. Geun-Hyung Kim: Kind of. Geun-Hyung Kim: Future proof some of this work a little bit more. Geun-Hyung Kim: Um any questions about this before we move on. Manu Sporny: Yeah I just want not so much a question as like a plus 1 this this looks great like you know I think this is 1 these are these are the things that are kind of um slowing down adoption I've heard that said you know not just in this community but you know in the digital credentials you know group at at at w3c the browser you know things saying that hey we really need to start focusing on the schema so that people can have these things that they can just you know pick up off the shelf and start issuing you know useful credentials um that have you know business value um so plus 1 to that really wonderful to see uh this work being done um there you know I'm kind of looking looking through this I guess there's a. Manu Sporny: Years I think. <harrison_tang> by the way, here is the link to the credential schemas: https://identity.foundation/credential-schemas/#abstract Nate Otto: :+1: Manu Sporny: I think the open question is like where does this work happen it is definitely happening at a diff and I think that's fantastic um and I think we should also you know ensure that the work doesn't centralized in any particular place like I think the whole purpose behind all these technologies that we're building is so that you don't have to go through like you know a quote unquote you know official Global standards development organization to create these vocabularies um but 1 of the 1 of the questions that has come up is like the people that are creating these kinds of things are like well where do we get official review where do we asked uh you know for input so have have y'all put kind of you know um thought into that like you know how do people know that this thing is safe to use is it after it gets through the diff process or is there a notion of like horizontal review with the verifiable credentials working group what what are your thoughts. Manu Sporny: On like. Manu Sporny: How does this thing become stable to the point where people can go I'm just going to use it I can see that it's stable I'm just going to use it. Geun-Hyung Kim: Yeah I can start with it auto and then um I'll turn over to you so the point that it's in right now is it's getting uh working group review slash um you know Auto Spin reaching out to a lot of other orgs uh ietf um and actually 1 of our co-chairs is in ietf and Oasis the lightweight verifiable potential group that's working on something similar and then all of the other schemas that you see referred to so we are getting in informal horizontal review I like the idea of a um you know it's it's not a standard part of the diff process I think usually what we do is after working group review it goes through uh steering committee approval and then we publish it with this 1 we do want to make sure it's broadly socialized. Geun-Hyung Kim: So we're open to any suggestions on that um you know for diff it's a success if schemas get you know we we love incubating them and promoting them and standards can live at diff it's also success if it ends up living somewhere else so there's 2 aspects of that we are um working on within this group we're allowing people to contribute schemas that then the workings group. Geun-Hyung Kim: Um how do you say refines develops so that it can become a um you know. Geun-Hyung Kim: Improve specification and we're working on discovery of those schemas because basically it's it's the usual problem like how do I avoid having to reinvent the wheel when I am issuing my credential right so we want to help promote that discoverability but then we are not we don't those schemas themselves do not have to live in diff we're happy referencing in different locations so I think there's 2 concerned past problems of the fork I guess 1 is discovery of it reference ability the other is where does the schema live and so you know we're making a lot of progress within diff right now I think we're also open to you know if this makes sense that ietf or Oasis or wherever um open to those conversations as well. Harrison_Tang: Money do you have a follow-up comment. Manu Sporny: Uh yeah yes so plus 1 the everything Kim said um you know I think yeah Discovery is super important uh we need to you know as as a community multiple communities focus on that and making that happen I guess I'll I'll mention offhand that you know we're already looking at the next verifiable credential working group Charter and we're thinking that the VCW could have like experimentally do like horizontal review on vocabularies because you've got a lot of people there that kind of understand you know vocabulary stuff not as like a mandatory it has to be done but as kind of a demonstration that hey it it you know multiple communities looked at this to see if it's you know um if it's okay if all its best practices and and things like that um so just putting that out there maybe Kim there's a future discussion to be had around like what does horizontal review look like. Manu Sporny: No matter where these vocabularies happen you know and and the same thing would apply for like vocabulary is done at like w3c there would be horizontal review done by the credential scheme as group at diff because you've got you know there there are set of there's a set of expertise there as as well I think that the key key being get as many eyes on it as possible before you know it's finalized so that we can all kind of make sure that people feel comfortable reusing it you know broadly uh that's it. Geun-Hyung Kim: Perfect we're very interested in that so I'll be in touch on it. Harrison_Tang: Great 10 you're next in the queue. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Uh so a couple of things um these are cautionary and suggestions towards revision of what you've got there. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Um I posted a couple of links up above in the chat about falsehoods that program Believe uh with particular attention to be paid to Pro uh falsehoods about names including that people have them. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Forced in use of quote unquote a legal name. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Is problematic as Facebook learned a number of years ago. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): People must be able to use pseudonyms and there's I can see no reason why that shouldn't be possible in what you're building here. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I would also. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Suggest that instead of requiring a legal name you require illegal name and or X Y and Z whatever other attributes are useful for this or a chosen for this. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Such that people don't have to use their legal name for purposes of these these credentials. TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I think that's it. Harrison_Tang: Great thanks Carrie. Kerri Lemoie: Hey there I'm laughing at the uh the slide that's up right now that's pretty great thank you um and we definitely need those so it's awesome um I I have 1 question about. Kerri Lemoie: Address and the requirement to have at least a place of birth I was wondering where like what what was the justification for thinking that and also like what is meant by place of birth. Kerri Lemoie: How precise is that supposed to be what what's the intention of of that um because I can think of uh I think of situations where. <dmitri_zagidulin> i was wondering that too, re place of birth Kerri Lemoie: I don't know when when context is a libraries right libraries May provide present credentials to their patrons right and their Communications who go to libraries I don't have addresses um or maybe even know their place of birth so I'm just curious about like where that came from and and why that decision was made. <dmitri_zagidulin> LOTS of people where that's not known <dmitri_zagidulin> just take address out of the minimal Nate Otto: Yes so um yeah so just just to set the context right it it is it is a a kyc for financial services focused type of of credential schema and so we try to do is try to have the the very minimum set of fields that it that you do need for requiring an individual identifying an individual sorry for kyc purposes um now we've centered on the very very minimum set of fields um you know you if you're implementing this you know in a particular country or or so on you may require more Fields um but the very minimum 1 that is required it is a place of birth uh and so in that type of situation you may just you know for instance just specify locality region and Country uh but you may not specify the address or any additional Fields uh typically as I've seen it uh address identifying documents don't include the full address over the person. Nate Otto: Was born but maybe just. Nate Otto: Region and Country. Nate Otto: Um so that's sort of the the guideline that we're following uh but again you know open to feedback um if if uh a different set of combination of fields would be sufficient for determining the person's place of birth. Geun-Hyung Kim: Yeah 1 thing I want to add quickly is that there's this line between you know what would be needed for um a kyc you know for if if an institution is performing kyc Now versus what would be something what's the future that we would like to get to um you know say things like as close to traditional credit scores like alternate credit signals and so I think that I'm seeing this as necessary for the traditional path but that it's not prescriptive in the sense that it's not meant to say this is what it should look like for all future right so I think um that would be addressed by different schemas and then or maybe even different sort of use examples of the given schema. <kerri_lemoie> Thanks <tallted_//_ted_thibodeau_(he/him)_(openlinksw.com)> "third tent from the signpost under the bridge"? KYC should not discriminate against the unhoused. Harrison_Tang: Money do you have a follow-up comment on this. Manu Sporny: Oh uh yes sorry you were you were in front of me though Harrison did you want to go. Harrison_Tang: I have a different topic yeah. Manu Sporny: https://github.com/credential-handler/vc-examples/tree/main/credentials Manu Sporny: Okay um uh the other thought I had was it would be really nice to get this thing these credentials into the verifiable credential playground I don't know uh Auto if you've uh thought about doing that anytime soon so there's a there's a VC examples repository and there are bunch of example like verifiable credentials that the community has created over the last you know uh couple of years like jobs for the future and um you know medical technician and alumni and movie Tech and all that kind of stuff um I was wondering these initiatives in general creating schemas you know for Concepts. Manu Sporny: Would be really nice if we could tie it to the verifiable credential playground sooner than later so that we can demonstrate that you know there can be multiple issues and multiple verifiers of these credentials like today the the VC playground I think supports like 8 10 some odd issuers they're going to go up to like 15 or 16 soon when bc20 happens um have you thought about like how to get this work like tighter feedback loop on it like get it into get issuers multiple different types of issues issuing it get multiple different types of verifiers verifying it make sure that it can land in multiple different um uh uh digital wallets uh any any thoughts on like at what point during the process do you do that. Nate Otto: So I mean currently we have um 1 ID and and Privado being the the main ones that are using this but um I don't know Kim I guess we we fairly flexible in that regard as to. Geun-Hyung Kim: Definitely um yes we so as to mention there's the the current issuers Jim sharing who is the other. Geun-Hyung Kim: Has been socializing around to get additional you know feedback from implementers I like the idea of introducing maybe a tight uh uh feedback loop between the div schemas and the VC playground and so let me take a look at you know what we're dealing with it would be nice if there's something that we could make um you know easy to uh reference each other on both sides but not like the risk would be schemas getting out of date or you know just making sure there's a way we can integrate easily I think that would be fantastic so this sounds like a good follow-up item um for you and me man. Harrison_Tang: Uh so I have a question in regards to the contact channels object like I'm my question is like why is it contact channels type and contact identifier instead of just uh spell it out like email phone addresses. Harrison_Tang: Is it just to be flexible or like what's the thought process here. Nate Otto: Or yeah to allow for several because you you want to allow several entries and so it could be just work email personal email personal phone whereas if you just uh have specific fields for each of them then you end up needing to add more entries for it and so just having this enumeration here gives us the flexibility of having multiple entries in that array. <dmitri_zagidulin> thats how vCard does it too Nate Otto: And just keeps it consistent with you know the rest of just like you see here like there's several entries for names several entries for address several entries for identifiers so we just thought from a consistency standpoint that is not to say that in a specific implementation you could change it right again like the. Nate Otto: Uh this is just a reference here and then you know if within your ecosystem you find that perhaps you are more comfortable just having these directly in there that's you know that's a sort of ecosystem identity ecosystem decision. Harrison_Tang: Yeah so so based on my experience I would suggest to flatten it out and here's the reason the reason is because uh as Spokeo for example we have both the web team and data team and the web team loves to use Json objects and the nested structures but the data team when they you know data team mostly work with data frames right or tables like spreadsheets it's 2-dimensional but when you Nest it too much on the Json object you encounter what's called orm object relational model mapping right and then the they will it's it's really really complicated imagining you are mapping uh 4 dimensional tensor right which is 4 dimensional Matrix but it's called tensor um 4 dimensional tensor to a 2 dimensional spreadsheet like you'll have nested and repeated Fields it's it's it's going to be really really complicated so I would suggest to flatten it out and actually do a person emails and all that stuff otherwise asking the data team if if the 1. Harrison_Tang: the end user. Harrison_Tang: Check is the data teams they will have a huge headache and it will be a you will always have informational loss when you map from a high dimensional space to a lower dimensional to dimensional space. Geun-Hyung Kim: I think we need to take it back to the group I mean I see what you're saying but I think for us there's this difference between the abstract data model and then the specific encoding so I don't you know if it's possible that that's sort of addressed right um and you know just in terms of. Geun-Hyung Kim: You're doing something like writing a um a schema. Geun-Hyung Kim: How do you say like. Geun-Hyung Kim: There's a term I'm thinking of oh I like Json schema or something where you're saying like these builds are required there there's a lot of considerations that might argue for the sort of flattened um um you know schema so it's possible that that's explaining the difference but we can we have a meeting right after this and we can talk about that more. <kim_duffy> we're running llow on time Harrison_Tang: Yeah I I think based on my like 10 years like I mean this this problem is uh actually much bigger and harder than I originally thought like um this or in problem and uh based on my experience essentially the web team want to model the data as accurately as possible using nested objects and then the data team they they can only not can but they mostly work with 2 dimensional spreadsheets so there should be a compromise and the compromise in my opinion is you want to Nest the only up to like 3 or 4 and that's it like you don't want to go too far yeah. Geun-Hyung Kim: So we're running kind of low on time um and hoping we can get to the rest so we mentioned um proof of personhood and the context of this 1 and proof of personhood is is um 1 of I'll call it 1 of the schemas that we're focused on but the problem is a lot more complex than that so um I title this section I don't use my driver's license to browse the web and I don't plan to start now and I created this image to put some fear into you so um this is the future we want to avoid uh next slide please. Geun-Hyung Kim: Okay so what is this problem of uh proof of personhood that we're talking about this is a discussion is familiar within this group but just to make it very precise AI uh can now break loan to high-end identity verification techniques used on the web that's at the low end that's capta basically what uh companies service providers use to. Geun-Hyung Kim: High-end that would be say uh selfies videos uh to show that you're alive human person so both of those are broken um I consider the Urgent problem at the low end and it's because you know certainly we just we don't have a whole lot of rigor and you'll even notice it say if the personhood credentials paper uh you know which I was on myself and and I just want to make sure that the the paper has a lot of ground to cover there's a lot to unpack so we had to make some simplifications but 1 of the areas that I see as an urgent takeaway is a need for rigor around the specific use cases in the risks that we're addressing so if we're talking about um you know replacing a capture that's a different set of risks and concerns than if we're talking about interacting on a social media platform and say proving that you're human just. Geun-Hyung Kim: You're not spreading misinformation so we need fit for purpose solutions for and we need to define the problems. Geun-Hyung Kim: The specific concern is that misuse or overreach can lead to extreme privacy risks and will also need regulatory support for sure but we need technical ways to make knowing nothing or knowing very little of the default next slide please. Geun-Hyung Kim: Okay so the way I see it is this if the current techniques are broken if if service providers can no longer rely on capture recapture Etc then they'll need to use something and simultaneously we have mobile driver's license rolling out but mobile driver's license were not designed for this next slide. Geun-Hyung Kim: Um so if you think about how you use your driver's license today. Geun-Hyung Kim: Their uh in general 2 types so in-person or 1-on-1 interactions that would be used in face-to-face use cases where that General expectation is that no 1 is spying on you or recording it unless say their law enforcement officer something like that. Geun-Hyung Kim: Um so in general you do not expect that. Geun-Hyung Kim: You know. Geun-Hyung Kim: So Random other people are are looking at your driver's license knowing that attaching additional information about your activities and this is a huge risk um so you know it's so that's the the getting access to um age restricted um items in person but the other use case would be high Assurance use case so high trust examples I argue that these are not so much the biggest concern for um you know for proof of personhood because you will be having to use some high Assurance like say maybe whether it's a mobile driver's license combined with some other techniques. Geun-Hyung Kim: I think the other thing to call out though is that when you use your driver's license today there are strong privacy expectations and even mandates. Geun-Hyung Kim: And the web as we know it right now um we know and I know from my daily data breach notifications that I can't count on companies to protect my data so when the PHD paper came out already um you know I have daily people telling me Oh we could just use mobile driver's license for this no you can't and the reason is that companies can't be trusted to custody that data and the Assurance is provided by the mobile driver's license a signature it doesn't provide the um you know anonymity or pseudonymity characteristics we need so mobile driver's license you could conceivably see as being a part of it as we were talking about earlier if you have um you know if something is wrapped in a zkp something like that um you know that that could work but then also uh next slide I think um. Geun-Hyung Kim: So um in some cases maybe you don't even need a identity document so say on the lower end if the if the requirement is just capture replacement probe your real human and nothing more it's possible that you're not even worried about anchoring in a person you know some sort of issued credential maybe it's okay that you are preventing a abused systemwide maybe your system can tolerate some upper bound of you know Shenanigans robotic actions so I think 1 of the biggest priorities is to uh further develop what we mean by this uh you know proof of personhood what we're getting at here and explore relaxing requirements for in the in the PHD paper. Geun-Hyung Kim: Know which we I think we have the the lead author of that command soon so a little articulate the uh the main thing but the the idea of it is to prove your real human nothing more and it developed a set of requirements for some of these more uh higher Stakes use cases within it. Geun-Hyung Kim: We can explore relaxing some of the requirements such as the requirement of 1 um credential per issuer per uh per person per issuer um maybe it's just some more systemwide things so what is diff doing. Geun-Hyung Kim: We are uh working on a personhood credential schemas in the the working group but that's probably 1 of the least interesting parts of it so another aspect is where laboratory and use cases and risks and I think the um on the next slide we'll see examples of those we're also investing in um the broad area of SSI and zkp so um for example partnering with ethereum Foundation uh privacy scaling exploration on what they're doing with a non-adoption which are very similar to the Google uh demonstration of wrapping in mdl and a zkp next slide please. Geun-Hyung Kim: So when I talk about use cases in Risk Frameworks I mean um you know what are these use of the use cases for example talked about in the PHD paper and then much Beyond um you know are we talking about AI bot prevention and we talking about the age verification civil resistance voting what are the risks that we're trying to uh um introduced and what are the what are the risks we're trying to combat and what are the risks we also introduced um and so this argues for uh uh. Geun-Hyung Kim: You know. Geun-Hyung Kim: Reducing the amount of requirements because the more um identity sort of more specific you get in identity verification the easier it can get to track people's behavior. Geun-Hyung Kim: Um so also defining PhD types semantics refining the issuing criteria. Geun-Hyung Kim: And next slide please I think we're getting to the end. Geun-Hyung Kim: Um yes and then um. Geun-Hyung Kim: I think the other aspect is that we're sorry I grabbed some of these slides from another thing um but but yeah so I think. Geun-Hyung Kim: Teasing through concerns like are their introductions of dependence on the issuer linkability um it does seem that there's a lot of growing awareness around the privacy concerns of mdls there um that was a much that was much discussed at IBEW here's some references here next slide I think this should be the end um yeah so if you're interested in working on this join us like be great to work with you on this. Harrison_Tang: Great thank you thanks Ken uh any questions I think we still have time for 1 2 questions. Harrison_Tang: Alright great well thank you thank you Kim for a great presentation thanks Aldo uh for great presentation as well so if there's no further questions uh thanks again uh for a great presentation and leading a great discussion. <kerri_lemoie> Thanks!! Nate Otto: Awesome thank you so much and we're happy to work across you know standards orgs and and and collaborate to make uh decentralized automated reality. Harrison_Tang: Definitely thanks a lot have a good 1 uh this concludes this week's ccg meeting thanks.
Received on Wednesday, 6 November 2024 05:44:02 UTC