- From: Kerri Lemoie <klemoie@mit.edu>
- Date: Wed, 17 Aug 2022 18:34:02 +0000
- To: "public-vc-edu@w3.org" <public-vc-edu@w3.org>
- Message-ID: <9555865C-FAFD-45F9-A441-EC81898C1A39@mit.edu>
> Begin forwarded message: > > From: CCG Minutes Bot <minutes@w3c-ccg.org> > Subject: [MINUTES] W3C CCG CCG Verifiable Credentials for Education Task Force Call - 2022-08-15 > Date: August 17, 2022 at 2:01:59 PM EDT > To: public-credentials@w3.org > Resent-From: public-credentials@w3.org > > Thanks to Our Robot Overlords for scribing this week! > > The transcript for the call is now available here: > > https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/ > > Full text of the discussion follows for W3C archival purposes. > Audio of the meeting is available at the following location: > > https://w3c-ccg.github.io/meetings/2022-08-15-vc-education/audio.ogg > > ---------------------------------------------------------------- > VC for Education Task Force Transcript for 2022-08-15 > > Agenda: > https://lists.w3.org/Archives/Public/public-vc-edu/2022Aug/0005.html > Topics: > 1. IP Note > 2. Call Notes > 3. Introductions & Reintroductions > 4. Announcements > 5. Main Topic: Kayode Ezike with Updates on MIT/DCC Credential > Status WOrk > Organizer: > Kerri Lemoie > Scribe: > Our Robot Overlords > Present: > Xander, Andy Miller, John Kuo, Kerri Lemoie, Jonathan Bethune, > David Chadwick, Stuart Freeman, Chandi Cumaranatunge, Mike Peck, > Shawn Butterfield, Kayode Ezike, Dave McCool (Muzzy Lane), Joe > Kaplan, Andy Griebel, Kimberly Linson, Mahesh Balan - > pocketcred.com, David Ward, James Chartrand, Deb Everhart, Dmitri > Zagidulin, JennGreene, Janko, Jon St. John, Nate Otto, Akshar > Patel, Jim Kelly, Jeff O - HumanOS, Simone Ravaoli, Kaliya Young, > Marty Reed, TallTed // Ted Thibodeau (he/him) (OpenLinkSw.com), > Allyson Parco, Eric Shepherd, Phil L (P1) > > Our Robot Overlords are scribing. > Kerri Lemoie: Hello everybody Welcome to the August 15th BC edu > call today our main topic will be on credential status kod a DK > from MIT digital credential Consortium is going to present us on > some of the latest work that he's been doing on that over there > and we can pour we get started with that let's go through a few > boilerplate items first is IP note everybody for anyone. > > Topic: IP Note > > Kerri Lemoie: Came to speed in these calls how any. > <kerri_lemoie> create an account: > https://www.w3.org/accounts/request > Kerri Lemoie: You substitute of contributions to any of the ccg > work items must be done by members of the ccg with full IP are > agreements signed and to do that you can create an account at w3c > and put this in the chat for you and then also use this link to > join the ccg. > <kerri_lemoie> join the CCG: > https://www.w3.org/community/credentials/join > > Topic: Call Notes > > Kerri Lemoie: Hey second All call notes for this call are > recorded and there are minutes being taken by are called our > robot Overlord is do the transcription I wish you'll see in the > chat we are also doing a Wheels do a video recording of This call > which can be found later we can send out if you need it so coyote > will have some slides today so it'll be nice to have that > recorded we use a cue system. > Kerri Lemoie: To to ask questions and participate. > Kerri Lemoie: Conversation so if you would have a question or > would like to say something please kill yourself first you do > that by putting a q+ and the chat just like I did there you could > also do to U plus and then say a note about something you want to > say and that lets us know if you're responding to something > that's being said right away so we know when to pull you into the > conversation so that is very helpful and then to remove yourself > from the queue just uq-. > Kerri Lemoie: And we get something. > Kerri Lemoie: They did that wrong okay remove something from the > queue okay. > Kerri Lemoie: Because the floor all right when I say we hit q- > we're actually looking to see who is in the queue. > > Topic: Introductions & Reintroductions > > Kerri Lemoie: Okay next let's do some introductions and > reintroductions is there anybody here joining us today for the > first time that I would like to introduce themselves or anybody > who's been here for a while and I would just like to say hello > again and let us know a little bit about something they're > working on if so go ahead and put yourself in the queue. > Kerri Lemoie: Yeah I'm going to queue myself up real quick here > one thing I haven't mentioned is that I started a new role at the > beginning of August I have the digital credential contortion so > I'm going to be there director of Technology it doesn't really > change much for BC I do I will still be here doing all of that > work because the DCC has made her is really been backing all of > this work and really significant way making sure that we have > this open Community to work and so I'm really happy to be able to > continue the. > Kerri Lemoie: Work there and help to do what I want to do which > is in. > <deb_everhart_(credential_engine)> congrats Kerri! > Kerri Lemoie: Adoption understanding of verifiable credentials > that had that has been my my shift recently. > > Topic: Announcements > > <kerri_lemoie> VC email list: > https://lists.w3.org/Archives/Public/public-vc-edu/ > Kerri Lemoie: There's no other introduction to reintroductions > next we have announcements and reminders one is that if you > haven't joined it yet we do have an email list and I met email > this can be joined by going here put this in the chat for you so > we have it in our notes later. > Kerri Lemoie: The great list to join you don't have to be > necessarily technical drawing this or you work on technical > projects if you just want to stay in the loop on what's going on > in Education and Training and achievement credentials that's the > list to join this is where we try to have all those > conversations. > Kerri Lemoie: And the other announcement that I have is that > tomorrow at 11:00 and noon sorry tomorrow at noon Eastern is the > weekly ccg meeting. > Kerri Lemoie: They recommend doing that as much as you possibly > can to learn what's going on in the community as a whole. > Kerri Lemoie: Does anybody else have any announcements or > anything they'd like to share. > Kerri Lemoie: It's the money I see that you just joined us would > you be interested in telling folks about our next week's call > will be about it sounds really great. > Simone Ravaoli: Yes hi hello everyone I hope you can hear me so > we are going to have as a guest get anything on this sea of > Gattaca Gattaca is a nest site a company based out of Spain and > they've been involved in the end building and implementing all > the ab c-- specification so that's that would be the European > blockchain service infrastructure particularly they have been > looking into version 2 of. > Simone Ravaoli: Of the did method did. > Simone Ravaoli: And they've risked to share some Reflections > around what is the difference between version 1 and 2 and some of > the implications that version 2 has with regards to privacy > regulations in Europe also known as GDP are but they are a > Community member that has really just been doing a lot of work > from Europe and so that would be I think an interesting update > from what's Happening outside of North America. > Kerri Lemoie: Thank you so much that sounds great I'm really > looking forward to it okay anybody else have anything else before > we move on to our main topic. > > Topic: Main Topic: Kayode Ezike with Updates on MIT/DCC Credential Status WOrk > > Kerri Lemoie: Okay why don't I then introduce Kayode. Kayode is > working on this great project related to credential status he's > working on making it possible for issuers to manage the status of > their credentials and for verifiers to check status info, > especially a revocation or suspension so he's going to show you > some of his work today and then feel free to ask questions and > then we can see what we can learn about it well. > Kerri Lemoie: Tim Kennedy. > Kayode Ezike: Slides: > https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo > Kayode Ezike: Thank you thank you characters interesting here's > the link to the presentation that be using for today I know we > generally do not show video for van with purposes I would do that > really quickly just to introduce myself and turn off every but > this guy is he gay again and brief introduction is that I've been > involved with digital credentials since around 2018 but that time > that I began my master's program around proper credentials and > personal data storage management. > Kayode Ezike: Since then I've been contributing to number of > Open Source projects. > Kayode Ezike: Optical pulse of my own and these days I primarily > support the digital credentials Consortium through MIT as well as > Gobekli which is the startup it's also doing great work in this > space so thank you for having me and I'll put up my screen so > that an alternative you'll see how can see we have. > Kerri Lemoie: Kayode I'll keep an eye on the chat for you. > Kayode Ezike: Thank you okay so. > Kayode Ezike: If explosion one second. > Kayode Ezike: Spell with me. > Kayode Ezike: Okay I think if I try none. > Kerri Lemoie: Not yet not yet nope. > Kayode Ezike: Are you able to see my screen now. > Dmitri Zagidulin: If you're transmitting from a Mac there you > might need to update the permissions in the control center which > means you have to restart the browser and redrawing. > Kayode Ezike: But you're trying to do something like that but it > was it. > Dmitri Zagidulin: One of us can also. > Dmitri Zagidulin: Screen share the slides and just thanks Kerry. > Kerri Lemoie: Yeah I can do that that's true. > Dmitri Zagidulin: I'll probably be faster chaotic. > Dmitri Zagidulin: Say next slide. > Kerri Lemoie: Yeah just let me know in and we pull it up here > hold on one second. > Kayode Ezike: Animations hopefully syncs > Kerri Lemoie: I am just clearing everything out of the way here > on the way everybody's happy about the desert play. > Kerri Lemoie: Okay can you see. > Dmitri Zagidulin: Yep we can see your screen. > Kerri Lemoie: To be this clarity. > Kayode Ezike: Great yes I can see. > Kerri Lemoie: Oh there you are okay you can see the head you can > take it from here now just let me know when you want to move to > the next slide. > Kayode Ezike: Awesome thank you Kerry so today we'll be > discussing a topic I was cussing to what that would get a > credential status hosting and for scare anybody away this is not > a new specification for credential status is more so concerning > ourselves with how can we help issuers to expedite their > deployment of criticized infrastructure by leveraging familiar > services to them and and hence sort of taking care of it. > Kayode Ezike: Origin authorization concerns that. > Kayode Ezike: To them and so this in terms of what we're > discussing today I'll be giving a brief background of the topic > and we'll be going through a bit of the state-of-the-art who tell > you what our goals were let me Design This solution as well as > what the actual solution is will then show you a little bit of > code before you show you the demo of what we've done. > Kayode Ezike: Granger status management has been around for some > time and one of the earliest conceptions of it really came from > certificate authorities with the notion of certificate revocation > lists which is a list of certificates that an issuer has revoked > prior to its from its expiry and that is sort of the the main > model that we think about in this space when we think about > country status management. > Kayode Ezike: Generally we think about a resource that is > managed by an issuer that informed the public about the state of > outstanding credentials and there's been a lot of work done in > this space over the years in terms of Standards development and > developer tools for how to manage the status of these credentials > as well as how to verify the information on them such as > revocation or suspension however storage and authorization have > kind of. > Kayode Ezike: Been left out of scope largely and. > Kayode Ezike: Good that it would be great if we can simplify > that for issuers and their deployments. > Kayode Ezike: Thank you so next slide great so I want to give a > quick definition of printer status according to the v-spec mental > status is an object value property that enables the discovery of > information about the current status of the verifiable credential > such as whether it is suspended or revoked. > Kayode Ezike: So in other words now before we go on another > words it gives consumers of this credential and idea of the > issuer's view of the current validity of a credential next please > so here on the right we have an example of a verifiable > credential that has a special status property on it but one thing > to know is that it is an optional value so you not every verify. > Kayode Ezike: Krista have this field on it. > Kayode Ezike: If it does have the field on it it must Define two > main properties which is ID and type and it must also valid like > the remaining properties are specified by the type field so in > this example we know that we have a status festering 21 entry the > type and the three types of rather Fields below it status purpose > statuses index in status credential relate to or rather are > defined in the stands for students. > Kayode Ezike: T10 tree. > Dmitri Zagidulin: Toyota quick question I do we want to wait > till the end for questions or do you want to encourage people to. > Dmitri Zagidulin: If they encounter something or when I ask > questions about each slide to raise their hand. > Kayode Ezike: I'm happy to take questions as they come up. > Kayode Ezike: Is it just the two Fields so the state-of-the-art. > Kayode Ezike: There have been a lot of great work and done in > sequential status space and one of the early conceptions of this > or examples of this came in 2018 from hyper legit Indy via their > HIV ew1 one penetration spec and they use a bunch of cool > technology cryptographic graphic accumulators to determine which > credentials have been revoked and interestingly enough I learned > in the suspect that it seems that this actually is. > Kayode Ezike: Predates to know now have medication. > Kayode Ezike: Like I found to be interesting and a couple years > later the ccg would develop a speck of their own via the > revocation list 2020 spec and soon after be a refined version and > the status was 20 21 spec which sort of granted a more General > notion of status that goes beyond just a vacation but also > support system suspension and other forms of criminal status. > Kayode Ezike: Next please and the most for all these > specifications all right one more back sorry. > Kayode Ezike: So this is the this point on hosting so for any > all these specifications is important for verifiers to be able to > to check this the status of the credential somehow right and the > most obvious way to do this is to host the resources and in a > public location namely a distributed Ledger or a short controlled > website. > Kayode Ezike: Any questions here. > Kayode Ezike: You can move on next slide please. > Kerri Lemoie: No questions yet sure. > Kayode Ezike: Great so I want to talk to you all about status > list 20 21 this is the suspect that we use in our design and the > it's one of the more advanced specs out there and in my opinion > and this is examples of the left what you see is a credential > from a couple slides ago so nothing new here yet we have > verifiable credential had the credential status on it and it has. > Kayode Ezike: As all the fields that we discussed earlier. > Kayode Ezike: Now if you pay attention to the key in on the > status purpose status index and Status credential properties > these are the properties that are introduced by the status least > 2021 spec the first of these properties is the most self > explanatory this is saying that. > Kayode Ezike: The issuer. > Kayode Ezike: Acting this type of status for this credential so > for verifier when they want to verify the status of the > credential this is the information that they will learn now the > other two properties are more specific to sort of like are sort > of the meat and potatoes of how this specification works and it > relates to a new resource at the introduced so if you can just go > forward just a couple steps very until you see a new object in > the right. > Kayode Ezike: So this on the right is a status list 2021 > credential and the best way to think about this credential is it > is the credential that manages the status of a batch of multiple > credentials it's not philosophy that one more time but this is a > credential that the issuer manages that tracks a batch of several > different credentials and so what this means if you could just > click one more time Carrie. > Kayode Ezike: So we so. > Kayode Ezike: This was the most important information on this > country is this encoded list value right here and what it is in > the simplest representation you can think of it as a sequence of > characters let's let's say X's and O's that represents the the > status of a credential at that position right and so if the value > let's say the value of that was X it would mean that it is > invalid respect to the status purpose so in other words it is > revoked. > Kayode Ezike: Value is 0 it means that it is valid with. > Kayode Ezike: The words is not revoked and if we go back to the > if you focus again on the left side you will see that the status > list credential property that is just the way for verifiers to > retrieve this credential on the right so it's a public link that > they can access and the status index tells them which position in > that encoded list is represented a represents this credential. > Dmitri Zagidulin: So I want to I want to pause here before we > move on to the next slide I want to make sure everybody absorbs > this so. > Dmitri Zagidulin: I want to make sure everybody understands what > that encoded list is for right because at its at its simplest a > credential status is binary for a given status purpose so like > for a vacation rental is either revoked or it's not so the very > first sort of naive implementations of replication status where > to host a. > Dmitri Zagidulin: Some kind of object. > Dmitri Zagidulin: Either cover fabric credential or something > else that's a revoked or not for each individual credential right > easy so or even before that I think what open badges did is just > publish a plane list of all revoked credential IDs on their > website yeah so you get you get the credential you can go look up > that list to see if it's revoked. > Dmitri Zagidulin: So very easy and we wouldn't be having this > problem I rather this this conversation here except there's a > couple of major major problems there one is privacy that if you > publish a list of remote credentials well you can go see > everybody whose credentials are revoked but an even more > important one is what's known as the phone home problem it's one > of the downsides of Hosting. > Dmitri Zagidulin: An individual status. > Dmitri Zagidulin: Nation for each credential is that whoever is > hosting it covers running that website can track. > Dmitri Zagidulin: Requests can can track how many times and from > where from what IP address is and what time stamp some verifier > is is checking. > Dmitri Zagidulin: Revocation and that that is generally > regarding the community has too much information that that's like > that's not necessary that is a threat so then the reason the > status list spec arose is that okay so if we don't if we don't > want the host whoever's controlling the web whole of the web > server to know each time each individual credential is looked up > why don't we batch it why don't we rely on. > Dmitri Zagidulin: On herd immunity on herd privacy. > Dmitri Zagidulin: And batch a whole bunch of credentials at > random. > Dmitri Zagidulin: And then the verifier can request this whole > batch this this entire credential that has the encoded list that > contains the status of 20 or 100 I forget how many it is. > Dmitri Zagidulin: Potential statuses and that way the request > will be spread out over that entire cohort of credentials and > that way we get her privacy I see David is on the queue. > Kayode Ezike: When you credential is revoked right so when your > credential is revoked this this this French on the right will be > updated the encoded list will be up to such that the bit at that > position I 4 5 6 10 is now 1 or Annex discussed earlier. > Kayode Ezike: Yes yes that comes up I think some question time > so that really I think bows down to the I think we leave that to > the implementers of the their system because that really comes > down to how often how what is it catching sort of system like do > you check every day do you check every hour and the you'd have to > give an essay to the individual using your system to let them > know that this is just going to be valid. > Kayode Ezike: For a given day or for. > Kayode Ezike: Etcetera but I don't think that's something that > this back tries to address or to solve. > Kerri Lemoie: Give me three. > Dmitri Zagidulin: If I may add to that so the cache control is > left to the individual protocol meaning because this particular > credential is held over http. > Dmitri Zagidulin: His publishing the status list can rely on > HTTP cache control directives meaning each time the verifier > sends an HTTP get for this status credential one of the headers > in the response says only cash this for an hour meaning we're > going to we're going to renew this thing every hour and that way > the verifier knows how long to cash it right so we get that the > caching mechanism for free with HTTP so we don't need to put in. > Dmitri Zagidulin: An explicit. > Dmitri Zagidulin: Potential now if we were if the URL of the > status of protection was not HTTP was what some other was ipfs or > some other method that doesn't come with cache-control metadata > then you're right David we should include an expires field in the > statuses credential. > Kayode Ezike: Okay thank you. > Kerri Lemoie: No more questions for now Kayode if you want to go > ahead. > Kayode Ezike: Thank you for question is David and I'm great > thanks for getting ahead of me Michelle's going to get into the > herd privacy notion which is I think one of the main benefits of > the specification which is just to reiterate when a verifier is > interested in learning about the status of a credential they are > only communicating to the issuer that they're interested in a > subset of credentials that they manage not in a specific one so > it keeps the issuer away from fine-grained details about how a > specific. > Kayode Ezike: Potential is being used and if you just. > Kayode Ezike: Or just one. > Kayode Ezike: Thank you this is a digital representation just > the visual Learners out there the green slots represent the valid > credentials with respect to the purpose so I'm revoked and events > Lots represent the invalid by evoked credentials. > Kayode Ezike: Next slide please. > Kayode Ezike: So we have a number of goals that we were > considering what we designed our country stars infrastructure the > main governing goal is that we wanted to simplify the deployment > for issuers of the printer status infrastructure and we do this > by leveraging third-party services for the storage and > optimization of grantor status resources and the great thing > about this is that we're kind of meeting is adjourned. > Kayode Ezike: Is worth where they are right. > Kayode Ezike: Allowing them to use a familiar hosting service > and and also providing potential path to switch between services. > Kayode Ezike: So if we can step ahead just one slide. > Kayode Ezike: We'll get into the solution. > Kayode Ezike: So we again decided to use a static list 2021 > specification and feel free to consult the design doc at that > link and the whole conclusion I think this is really where we > innovate and we decided to use Source control services such as > GitHub get lab and code Berg and we also support issuer hosted > websites traditionally and so what this allows us to do again is > we. > Kayode Ezike: It's a biscuit. > Kayode Ezike: Like that organizations already use these services > to host their code and and also these Services often provide > developers with oauth tokens that they can use to access apis of > these services to update resources and so why don't we just use > this these services to help issuers manage their current status > lists and metadata associated with it. > Kayode Ezike: Any questions here. > Kayode Ezike: To reload it. > Kerri Lemoie: Any chance has an adversity. > Dmitri Zagidulin: Yeah if I could just add a couple more words > so I want you I want you to everybody to picture the the very > specific conversation the very specific problem the solves. > Dmitri Zagidulin: As okay we're issuing credential great can we > add revocation sure why not what's a good spec what we've got > this status list 2021 spec okay then engineering how hard of a > lift is this to add this to our system how many hours before you > can add revocation to to our issuer and that's where the real > problem starts because hosting a file on a website that b is easy > the really difficult part which is what makes okay. > Dmitri Zagidulin: It is work so. > Dmitri Zagidulin: Difficult Park is part is adding the user > interface and specifically adding permissions to who is allowed > to edit who's allowed to revoke the the credential right so the > spec gives us the data model gives us the protocol the mechanisms > very easy what's really not easy and what shoots up the > implementation time in too many weeks not to mention like really > hard requirement Gathering is. > Dmitri Zagidulin: Delegation the chain of command of. > <xander> I don’t think you can set http cache control headers on > GitHub-hosted files. > Dmitri Zagidulin: Okay so you know how do we model the trust and > permission hierarchy of a particular University down to the > registrar and then how does it register our delegate individual > officers to be able to hit the button to flip that bit for for > the file to be updated so the the the main Innovation here is the > realization that. > Dmitri Zagidulin: Because permission control and and login > systems and graphical user interface is the hardest part about > this can we Outsource it to somewhere else and the realization > was made oh get hosting organizations like GitHub and get lab and > code Berg already provide all of that they provide the permission > systems the login systems they produce institutions are familiar > with setting up Gap GitHub organizations all of that. > Dmitri Zagidulin: Stuff is worked out for us why don't we reuse > it. > Dmitri Zagidulin: Geico I'll go ahead Gary. > Kerri Lemoie: One question I'm asking these are all my be > hosting Services could someone just use get for this on its own > without using GitHub get lab and or code Berg. > Dmitri Zagidulin: So the the question with get is always which > protocol will get use right because get has SSH it has HTTP and > it has a number of other protocols words hosted so some server on > the cloud has to be running it gets server. > Dmitri Zagidulin: So can you use get a loan sort of it requires > a get server in a good client. > Kerri Lemoie: I think so Xander. > Xander: I guess I have to have you spoken before so I'll just > quickly I'm the security lead for the pocket team just wanted to > follow up on David's question real quick so the idea there was > that you were going to rely on HTTP cache control headers to set > the expiry time for a different certificate right but you're also > talking about using services like GitHub to do the hosting I > don't believe that you can set the expired header value if you're > using a service like that. > Xander: So that they. > Dmitri Zagidulin: And that's that's a very good point. > Xander: You may need to put that you may need to put the time > value on the file done. > Kayode Ezike: Right yeah that's a good description that we can > we start to use these third party dresses I think there's > different levels of access that they are each provide and I'm > sure maybe like if you have a paid account that makes a > difference as to how much you could control but I think largely > you make a good point and. > Xander: I don't think so I got used the Enterprise version before > I think basically if you're using GitHub to host files like get > on pages or whatever they really handle everything and you don't > get access to that level. > Xander: It may be worth looking into. > <dmitri_zagidulin> that seems like a good motivation to clarify > (in the status list spec) the recommendation of always having > expiration timestamps > Kerri Lemoie: Yeah time in the queue tell jump in real quick > that's an excellent point and I know you haven't actually I'm let > you get into like how you doing this so maybe I'm jumping the gun > here Harry I'm sorry if I am but um are you considering using > just as part of this because just get versioned which is > something to consider okay that's the comment there but yeah. > Kayode Ezike: This is this is for like the accident the location > of us for example. > Kayode Ezike: Yes it's something like this came up actually you > kind of hear made great recommendation at some point about > something like that where you would because get help for example > has a way for you to use a link that it's post using GitHub Pages > you can also use a link to the file directly that doesn't rely on > GitHub pages but I would imagine that the. > Kayode Ezike: Might be a rat. > Kerri Lemoie: > https://docs.github.com/en/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists > Kayode Ezike: He got distracted the same way in that case as > well in terms of controlling what the cache mechanism is like so > yeah that would be something to explore but the good thing I'll > show you a little bit later how some of these things can be > customized for different status clients of different services and > there's a way to add flexibility for for that. > <kerri_lemoie> Link above to info about gists. > Kayode Ezike: Again to that little bit. > Kayode Ezike: There are no other questions can move on to the > next slide. > Kayode Ezike: Great so this is a sort of a visual representation > of the architecture that we have issue admin who presumably would > already have the permissions that they need inside of a example > with GitHub organization so they already have access to create > read and write data to Repose in the organization and if you > click ahead. > Kayode Ezike: So this. > Kayode Ezike: This actor would be able to hit the credential > status and point of a VC API instance which allows them to update > the status EG revoke a credential. > Kayode Ezike: More step and then ultimately that enables them to > create read and update data in these different services. > Kayode Ezike: So before we move on to a demo wanted to show a > little bit of code and so this is the main sort of class that we > Implement to with this code and so there's this tells subclasses > different methods that they need to implement for them to be > valid printer status clients and so for example you need to > provide a base URL that can be used to reference the printer > status information you need to. > Kayode Ezike: Boo the client too. > Kayode Ezike: That is people from from the code need to enable > them to read and write status list and log data in config data so > as long as the subclasses can Implement these abstract methods > and they're valid client and so if you can step forward this one > step please carry will see that in this example GitHub a cultural > status client for their get credentialed status URL you notice > that there is a GitHub that I owe their meaning that. > Kayode Ezike: Using GitHub pages but this is also the place > where. > Kayode Ezike: I could use a distance that or URL that points > directly to the file and there's also we also are using the > octave kit Library a popular GitHub SDK to update and read > information from the repo which obviously would look different > for different services. > Kayode Ezike: Any questions about this. > Kerri Lemoie: I think we're good once you go ahead. > Kayode Ezike: So we're just going to get into a demo now just > step forward one and taxes and maybe that's going to come to my > email or something. > Kayode Ezike: Probably going to email about that 17. > Dmitri Zagidulin: Karen thank you have to hit request again on > the subsequent page. > Kerri Lemoie: Let me know when it's all set Katie I'll refresh > it. > Kayode Ezike: Yeah it is I just shared it. > Kayode Ezike: The volume on. > Kerri Lemoie: Were you able to hear the volume when I get out. > Kerri Lemoie: Dimitri do you know how to make that work. > Kerri Lemoie: Yep that's share audio. > Dmitri Zagidulin: In the settings so if you go to the 3 3. Menu > at the bottom settings there is yeah share out the others share > audio checkbox. > Kerri Lemoie: Thanks your patience everybody but I'm getting > there. > Kerri Lemoie: All right let me try that again it doesn't work > Katie you could just walk us through it. > <kerri_lemoie> Can you hear? > Dmitri Zagidulin: Now that doesn't seem to be coming through so > we can encourage people to watch since we we pasted the link to > the slide deck everybody can watch the video on the demo on their > own. > Dmitri Zagidulin: But you can you can describe what when it's > done. > Kerri Lemoie: We're going to start over and you can just sort of > walk us through what's happening. > Kayode Ezike: Sure I mean it's a recorded a demo but effectively > what we were demonstrating is requesting a credential from our > version of V Capi importing that into DC learner wallet and then > from there we kind of show you throughout the whole process > called the repo is updating and so the GitHub repos I'm using a > demo and and then we revoke the credential. > Kayode Ezike: Again from the VCA Pi you show you the. > Kayode Ezike: Two then rebuild me also show you. > Kayode Ezike: That in the wallet and now shows that the > credential is revoked. > Kayode Ezike: Again it's you should be able to view that video > in the presentation but that's effectively what's going on. > Kayode Ezike: So that was the last of it actually so if there's > any questions or feedback I'm happy to take in you David go > ahead. > Kayode Ezike: Oh so so the so the credential continues to have > the same the credential never changes per se it's the information > at at least the credential that the holder controls is the > credential that the status could ensure that managers know that > has been coded list value that manages multiple credentials is > that one that will be shuffled and change as a credentials are > revoked suspended. > Dmitri Zagidulin: Can I can I jump in here as well. > <nate_otto_(another_device)> Nah. credential.id is optional in VC > Data model anyway. Reissuing the same one doesn't violate it. > Dmitri Zagidulin: So David you're proposing or what you're > saying is essentially if we required verifiable credentials to be > content addressable so that every time the content of a > verifiable potential change the ID has to change but the v-spec > does not actually have that requirement you are you are in this > very frequently done allowed to publish credentials with the same > ID while their contents changes for example if you reuse. > Dmitri Zagidulin: Issue it and then. > Dmitri Zagidulin: Timestamp or a different signature so that is > that is not a requirement in this back. > Kerri Lemoie: I'm to add to that question sort of who may be > briefly talk about the difference between credential status list > and also credential refresh carrier to meet you would you mind > explaining that are both of you. > Dmitri Zagidulin: Shark a candidate doing on go ahead. > Kayode Ezike: How can I just ask this versus credential > refreshing scent. > Kerri Lemoie: CredentialRefresh: > https://w3c-ccg.github.io/vc-refresh-2021/ > Kayode Ezike: Yeah so my understanding generally is that > subconscious has what we discussed here which is that the issuer > manages a publicly accessible resource that allows verifiers to > check the status of the repo or rather the other credential for > the route for the refresh service my understanding is that > whenever if that is not provided the issuer exposes an endpoint > that. > Kayode Ezike: Allows it that allows. > Kayode Ezike: Verifiers to to refresh the credentials whenever > it has rather just to be able to refresh it whenever I would ever > Cadence in the seems reasonable that's generally how I understand > it but I'm happy to allow for any other discussion on that as > well. > Dmitri Zagidulin: Yeah so the refresh spec. > Dmitri Zagidulin: Complementary to the expiration mechanism so I > have my driver's license is good for four years what happens when > it expires up to four years the refresh spec basically describes > the credential version of oh I have to take the old one into the > drive the Bureau of Motor Vehicles on the issue me a new one so. > Dmitri Zagidulin: Both the status and the refresh exist > alongside each other and in fact some of the some of our example > specs have both or if you look at examples in open badges version > 3 spec a lot of the verify the credentials their have both a > status list section and a refresh section. > Kerri Lemoie: Thanks anybody else have any questions about this. > Kerri Lemoie: Or any other points they'd like to make about the > status and how this works. > Kerri Lemoie: I bet I have a question for all of you is there > anybody here who has implemented credential status and like to > tell us about how they're using it and how they've implemented > it. > Kerri Lemoie: Okay Patti really appreciated that I see so many Q > Jonathan the floor. > Dmitri Zagidulin: Anthony might be muted. > Kerri Lemoie: Yeah you can't hear your Jonathan if you're > speaking. > Jonathan_Bethune: Okay is that. > Dmitri Zagidulin: If you have like an additional Hardware mute > on your mic maybe yes better yeah. > Kerri Lemoie: Yep they are to thank you. > <kerri_lemoie> Link to presentation: > https://docs.google.com/presentation/d/1UYFcVLYaz8jhmmYM8l43cBg-mtINlxlFMESCbYupjwo/edit#slide=id.g143e60161fc_0_35 > Jonathan_Bethune: Better I was using one earpod and it's the one > that's dead so okay sorry about that so real quick by way of > introduction I think I've spoken much my name is Jonathan and the > engineering manager for pocket colleague of Xander who spoke a > little while ago just real quick I was wondering if there was a > way to get a link to the presentation and actually had a lot of > discussion internally about the X and we're just wanted to look > into a little. > Kayode Ezike: Sure yeah definitely can share that. > <phil_l_(p1)> Nate's Comment: > Jonathan_Bethune: There we go oh that's fast okay let me well I > actually didn't get the click on it we just grabbed it's in the > chat right there we go. > Kerri Lemoie: Yeah it's going up a little bit the chat moves > pretty fast because of the transcription. > <phil_l_(p1)> Good point Nate. > Jonathan_Bethune: Yeah got it alright thank you. > Kerri Lemoie: Okay if no one has anything else okay did you have > anything else you would like to add. > Kayode Ezike: That was that was everything I just thank you all > for your time and yeah we're continuing to refine this this work > and we primarily are supporting GitHub and get lab the moment and > working on some of the other services as well so just happy to > have this opportunity and thank you all again for there for > discussion. > Kerri Lemoie: Yeah thank you very much. > Dmitri Zagidulin: And if I can add so if. > Dmitri Zagidulin: If anybody has questions about this work > please send an email to the VC edu mailing list or if you're free > to contact KO myself directly the code code is free it references > an open spec we encourage everybody to join in the conversation. > Kerri Lemoie: Hip and actually seen my hush you have killed > yourself up. > https://imsglobal.github.io/openbadges-specification/ob_v3p0.html > Mahesh_Balan_-_pocketcred.com: Yes I had a question slightly > unrelated here but more on the open badges 3.0 spec I've been > trying to get hold of it and I seem to be pay bald by this IMS > Global if somebody has that and can make the open badges 30 spec > which is publicly visible I would appreciate it thank you. > https://www.imsglobal.org/spec/ob/latest/main/ > Kerri Lemoie: I can grab that link for you give me one second > here tell Ted you're in the queue your the floor. > <kerri_lemoie> Open Badges 3.0 spec: > https://imsglobal.github.io/openbadges-specification/ob_v3p0.html > TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I just > following up on responding to David's question about the unique > identifier for each credential in the same way that a URI is > expected to be stable that is that is the stability that we mean > for the ID in these verifiable credentials URI is always meant to > name the same thing which doesn't mean that it the thing it names > stays the same forever. > TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Much like > your name always means you, but your contents don't stay the same > forever. > <dmitri_zagidulin> thx Ted! > Kerri Lemoie: Hey Alec it is empty and listen no one has > anything else we have a few minutes left so we could end the call > here give another Med see if anybody has anything otherwise I > hope you all have a great week and I will see you next week. > <phil_l_(p1)> Nice preso! > Kayode Ezike: Cheers thank you. > Dmitri Zagidulin: Thanks KO day thanks everyone. > <elizabeth_miller> Thank you! > Kerri Lemoie: Thank you headed. > <john_kuo> Thanks, great discussion > >
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Wednesday, 17 August 2022 18:34:44 UTC