W3C home > Mailing lists > Public > public-rww@w3.org > July 2016

Re: Verifiable Claims dissenting opinions now public (was Re: Web Payments IG approves Verifiable Claims to proceed to W3C Management)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 23 Jul 2016 13:27:12 +0000
Message-ID: <CAM1Sok3_vVEe-DAveGQh5L9r1TEFtk27CS+e6=9gniVjhfqktw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>, Web Payments CG <public-webpayments@w3.org>, public-rww <public-rww@w3.org>

- The dissenting opinions came from Google (Chris Wilson), Microsoft
(Mike Champion),
and the W3C Technology and Society Domain leader (Wendy Seltzer).

- In general (and I hope to get more complete statements from each organisation
in the next month or so):

Slide 5 (the pie-graph) is a good representation, yet still debatable due
to the sample methodology, IMHO.
Slide 6 relates to the politics of the process. Therein perhaps opening-up
the process to unnecessary conflict due to issues outside of scope (as
noted in the simplistic form - “not in scope”)
Slide 7; same issue as slide 5
Slide 8: hasn’t this been updated since? The diagram is correct on most
levels, yet, may unnecessarily over-simply
Slide 9: denotes WIP (work in process) nature of the works.  I think
underestimating the scope of work is unreasonable as would be
underestimating the importance of the work and the under-resourced nature
the work is currently inhibited by on a pragmatic developmental level;
therein, means to attain capability and acceptance through available
means.  This in-turn should not (IMHO) negate the importance of the work.
Slide 10: seems important particularly when reviewing the timeline of
alternative solutions (ie: precedent materials, strategy employed by
entities/agents, et.al).

I note; i was engaged by the then Web Payments works sometime ago[2] having
been introduced to the work through other efforts first noted in W3C Lists
in separate areas[3], however a lot of time has passed and should it become
necessary for me to notate the variance and development since then; i’m
happy to do so.

Newer W3C related works form alternatives that modify the paradigms beyond
something that the W3C was established to consider[4] and the notion of
‘conflict of interest’ becomes quite complex when considering the
methodology of appropriate response.  I ponder whether architectural works
need to be considered at executive level of the W3C in consideration of the
change in challenges between the web as it was when W3C was formed; to that
of it’s appropriation today, upon what has considered to relate to Human
Rights[5].  Herein also, is the importance of the IPR strategy made
available by W3C, where related considerations have been made by TimBL[6]
whilst being put to Jeff[7][8] some time ago. Since then of course,
MIT/TimBL/RWW/Sandro/Andrei/Henry/Melvin/Kingsley/(etc) work has been
considered meritorious[9] by others, in which the concern becomes how these
dynamics may be best supported by W3C and indeed; the methodology employed
in furthering works as a neutral, global standards body.

SLIDE 12: i would argue the lack of budget in-turn results in less than
ideal outcomes.  The implications of these works, even simply from an
Australian Petition Heritage point of view[10] (forward looking) may change
the nature of our capacities as humans whom cooperate and collaborate upon
this new communications medium, WWW.  I do not see a strict binding to such
underlying protocols, yet much like the disruption that has happened
throughout the economic world; the management of these works seems, IMHO,
to be imperative, in the interests of much broader things than simply the
laws relating to the acts of an agent for a corporation governed by a
particular jurisdiction, as is further contemplated by international
contract law and related instruments.  Herein; i question the underlying
issues pertaining to the relatively low involvement numbers and therein;
scalability of involvement and related factors that may unintentionally or
unfortunately inhibit this, and other related works within the
Linked-Data[11] capable domain.

RE: PROPOSAL: I think the proposal is exceptional work given the available

I also note; the Dialogue[13] contains no audio-reference but simply the
notation taken and the IRC logs seem unavailable to non-W3C Members
(therein also; i am a community member); this in-turn debilitates my
ability to understand the context or persona related aspects of the events;
which i think is particularly debilitating for the uninitiated, who may
seek to become interested in these works and thereafter seek to undertake
due-diligence surrounding the status and position of various stakeholders.

With regard to the ‘Charter’ document[14] given the organisational
structure and operational capabilities of W3C it may be better to state i
the problem statement, rather than ‘I am a citizen of the USA’; that, ‘i am
a citizen of Australia’ or ‘i am a refugee from Saudi Arabia or Iran’, or a
sex-worker in a foreign country originally from Ukraine, et.al.  Whilst
this distinction is semantic in nature; it is probably helpful for the

Whilst an array of international diplomacy exists, this dynamics of this
should, IMHO, be out-of-scope.  We are trying to support WWW for Humans[15]
and as defined[16][17], IMHO, and perhaps the most universal document
defining this concepts has been defined by the UN[18], as so beautifully
produced in a variety of localised media products such as those from the
US[19] and UK[20].  I am yet to understand how the dissenting organisations
have made best-efforts to consider the merits of the proposal and its
underlying considerations more holistically, yet given the recent events
with regard to the progress of the Web-Payments works[21] consider the
issue to also be outside of scope for the contributors of the Credentials
Spec; who in-turn depend upon others to nurture the grounds on which we
make footprints (in the presence of god, imho, without being distinct about
the book or specified language therein).

With regard to encryption methodologies, my understanding is that the
design principles provide flexibility pending participation of dependencies
(ie: product vendors) to support these forms of end-to-end capabilities,
within context of particular requirements (ie: KYC/AML, Magna Carta or
constitution related sovereignty implications, Et.al.)

RE: XML, JSON, etc.  This appears to be specified push-back upon the
concept of decentralised capabilities / linked-data.  This should be
considered by the relevant groups (ie: other linked-data groups who are
capable of providing assistance in defining the differentiators between
xml, json (et.al) vs. linked-data related syntax / serialisation
methodologies).  Whether the specification is defined to be EXCLUSIVELY
json-ld is a separate issue again; and something that may be handled by
vendors who create web-services built into web-services, ie: Any23[22].

Re: implementations without HTTP-SIGNATURES - seems kinda pointless.  It’s
like taking the teeth out of the capability...

<Padler_> Chris A: This is not a protocol, or a cryptographic format, or an
<Magda> +1 to Chris comments on security/privacy
<Padler_> Chris A: I need this building block to be solid so that I can
build cryptographic signatures and protocols on top of this...
<Padler_> Chris A: This is a fundamental model for other work to progress...

I find these comments really interesting. The Concept of ‘Human Identity’
is really very complex, but certainly involves ‘verifiable claimed’ made by
3rd parties upon a human entity, who in-turn may be subject to ‘agent’
concepts in relation to things they create or actors they act for.  In-turn
i also believe a SoLiD[23] foundation is in the works, however i think the
use of a specified trademark like term, understanding also other uses of
the term within software development[24], to be unfortunate at best.

Later comments review JOSE / JWT which i do not believe relates well to
Linked-Data?  Considerations may be made thereafter, pending analysis of
the concepts embodied within these technological differentiations…

With regard to Use-Cases, which have been praised, i ponder the alternative
technological methods for the delivery of the same use-cases using the
alternatively preferred methods (ie; JOSE/JWT) and the delineation of
interest-areas held within these concepts, as may be considered by the
broader community.

With regard to the concept that is noted continuously about ‘incubation’ a
number of factors are involved; including but not exclusive to,

* TimeSpan (ie: concept through to outcomes)
* Resources (eg: capabilities, means, investment, etc.).

These aspects are quite different in nature and do certainly become
impacted by commercial dynamics that can have quite different influences to
that considered by the merits of disciplines such as Web Science[25].  W3C
in-turn might seemingly have a complicated situation on its hands as it
seeks to separate the prosperous development of W3C / WWW, vs. the
market-force related changes that have occurred since the inception /
initiation of W3C, vs. the challenges of today and how they are forged in a
world where the troubles of the past, are past.  We have new problems that
require support in different ways.  Given the innovative nature of the
Credentials work (and more broadly, RWW / Linked-Data related works) i
ponder whether it is reasonable for the Credentials Team to undertake this
burden, or whether it is more of a W3C issue that needs to be resolved at
an executive level…?

Implicitly, other areas surrounding the security methodologies are of
course involved; yet somewhat out of scope for the credentials work, as far
as i’m aware, yet nonetheless - are an important consideration.

This in-turn appears to be a very difficult and complex matter to be
considered in which guidance is suggested by ‘higher powers’ as to refine
the complex nature of the ‘vote outcome’ and how that applies in relation
to broader policy settings that in-turn may be beyond the scope of W3C
organisationally, yet i’m really not sure how all that kinda stuff works.
I just do my best, with my ‘footsteps’...
* Mike (Microsoft) felt that the work was largely duplicative of the
  JOSE JWT work and it hasn't been incubated enough. His feedback can
  be found here:


I seek clarification surrounding the aspects noted in the minutes and the
concerns raised by “Michael Champion” that “It’s highly unlikely that W3C
will staff the work”.  I do not see this being confirmed by W3C as yet, a
modern reference is welcomed…  In-turn his concerns are duly noted and
shared.  IMHO, W3C should staff the work and self-funding the work is less
than ideal.  Yet the circumstances for this position is unclear to me, and
clarity surrounding why these statements have been made and the current
position of W3C is welcomed as to better understand the context of support
from W3C as it stands at the time of receipt of this correspondence.

With respect the the comment about ‘real skin in the game’ i think that
needs to be better clarified / defined…

With respect to the second point made by denoting a ‘-’, it must be noted
that the WWW as it is today (often referred to as Web 2.0) is an evolution
of prior works, that at the time of inception - also did not have
investment.  It is important to note the distinction between those who have
undertaken innovative works at a time where no-investment (or relatively
minor means to put food on the table) existed for something ‘new’ vs. other
works far further down the track of the innovation curve[26] and the role
in which various humans play, in various tasks in various frameworks.  It
is exactly these forms of considerations that the Verifiable Claims works
(and more broadly W3 Credentials CG team) have been making great efforts
over an extended, and interactive timespan to respond to what are
reasonable considerations.  Yet also, these considerations have less than
ideal levels of funding which in-turn relates to the former consideration
of the nature of the innovation-curve and how actors play various roles.

With regard to the third point raised; i question what representations have
been made by MS with regard to the future potential of these works for
various government projects and whether they’d be interested in being
supplied services relating to the utility of these future standards (and
current works) should they become better incubated / supported by parties
such as MS.  The term ‘credential’ also appears to over-simplify the
technology capabilities offerings via various services.  Perhaps this can
be better explained as to avoid confusion between one technology / science
offering and others, et.al.

Re: bottom line - i think the statements are overly combative.  If they
believe alterations should be made, then suggestions, i assume, are
welcomed.  Ideally this occurs within the CG environment given the
stakeholders and the current means in which accessibility to participation
in the development of these forms of very important works is made available
to humans, regardless of their role, representation or contractual
responsibilities at the time of authorship of any correspondence relating
to the development of these very important works.

"Chris (Google) agreed with Mike's position and felt that the work needed
to be incubated more. He also felt that the work should be constrained to
Education. His feedback can be found here:

Comments made by Chris Wilson suggest simply incubation (the desire to see
additional resources applied to the works?).  Perhaps some form of support
can be provided as to provide a compromise between the various groups.  I
understand an MIT team is currently undertaking related work[27] who whilst
having been furnished some support[28] may well serve as a curator of
decentralised incubation support for these works more broadly and in-turn
support the comments made by Chris, whilst enabling the work to progress
with a broader basis of support, development and capability.

With respect to Wendy’s Comments; i refer to the above considerations, and
wish decision makers my best wishes with figuring out the next steps in
developing these works for the betterment of humanity.

Kind Regards,

Timothy Holborn.

[3] https://lists.w3.org/Archives/Public/public-webid/2013Nov/0000.html
[4] https://twitter.com/WebCivics/status/492707794760392704
[6] https://lists.w3.org/Archives/Public/public-rww/2014Jul/0040.html
[7] https://lists.w3.org/Archives/Public/public-rww/2015Aug/0019.html
[8] https://lists.w3.org/Archives/Public/public-rww/2015Aug/0020.html
[9] http://www.csail.mit.edu/solid_mastercard_gift
[11] https://www.w3.org/DesignIssues/LinkedData.html
[12] https://www.w3.org/2016/07/01-wpay-minutes.html#item04
[13] https://www.w3.org/2016/07/01-wpay-minutes.html#item04
[14] https://w3c.github.io/webpayments-ig/VCTF/charter/
[16] http://whois.domaintools.com/w3.org
[17] http://whois.domaintools.com/w3c.org
[18] http://www.un.org/en/universal-declaration-human-rights/
[19] https://www.youtube.com/watch?v=aiFIu_z4dM8
[20] https://www.youtube.com/watch?v=pRGhrYmUjU4
[21] http://manu.sporny.org/2016/browser-api-incubation-antipattern/
[22] https://any23.apache.org/
[23] https://github.com/solid/
[24] https://en.wikipedia.org/wiki/SOLID_(object-oriented_design)
[25] http://www.webscience.org/
[27] https://github.com/solid/
[28] http://www.csail.mit.edu/solid_mastercard_gift

On Tue, 19 Jul 2016 at 15:46 Timothy Holborn <timothy.holborn@gmail.com>

> Cheers.  Will follow-up once I've had time to review.
> On Tue, 19 Jul 2016, 4:25 AM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>> On 07/16/2016 05:43 AM, Timothy Holborn wrote:
>> > I'm still waiting to hear back about that 1 - 2 pager that helps us
>> > understand their considerations better..
>> >
>> > Unless there is a link I've missed?
>> The Web Payments Interest Group face-to-face meeting minutes went public
>> earlier today, you can try to glean as much as you can from the minutes
>> here:
>> https://www.w3.org/2016/07/01-wpay-minutes.html#item04
>> The dissenting opinions came from Google (Chris Wilson), Microsoft (Mike
>> Champion), and the W3C Technology and Society Domain leader (Wendy
>> Seltzer).
>> In general (and I hope to get more complete statements from each
>> organization in the next month or so):
>> * Mike (Microsoft) felt that the work was largely duplicative of the
>>   JOSE JWT work and it hasn't been incubated enough. His feedback can
>>   be found here:
>> https://lists.w3.org/Archives/Public/public-webpayments-comments/2016Mar/0002.html
>> * Chris (Google) agreed with Mike's position and felt that the work
>> needed to be incubated more. He also felt that the work should be
>> constrained to Education. His feedback can be found here:
>> https://lists.w3.org/Archives/Public/public-webpayments-comments/2016Mar/0003.html
>> * Wendy (W3C) felt that the work was duplicative of JOSE/JWT and
>>   felt that we only had enough members to make an attempt at
>>   standardization wrt. the Education vertical. Her feedback is at the
>>   end here:
>> https://www.w3.org/2016/07/01-wpay-minutes.html#item04
>> > I don't know how we can make good decisions without understanding the
>> > circumstances and underlying considerations made by key stakeholders
>> > who in-turn, yield such important decision making influenced. I note
>> > also, I'm still not sure if these parties are active contributors or
>> > whether they get involved on a more ad-hoc basis?
>> These parties have not been deeply involved in the Verifiable Claims
>> effort to date but have responded when asked for feedback on the
>> charter. Both Wendy and Microsoft have been active with the JOSE/JWT
>> work and Authentication / Security on the Web platform in general.
>> -- manu
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: The Web Browser API Incubation Anti-Pattern
>> http://manu.sporny.org/2016/browser-api-incubation-antipattern/
Received on Saturday, 23 July 2016 13:27:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:10:53 UTC