Minutes for VCWG telecon 14 August 2018

available at:
  https://www.w3.org/2018/08/14-vcwg-minutes.html

also as text below.

Thanks a lot for taking these minutes, Chris Webber!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                    Verifiable Claims Working Group

14 Aug 2018

   [2]Agenda

      [2] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0004.html

Attendees

   Present
          Adrian_Gropper, Allen_Brown, Benjamin_Young,
          Chris_Webber, Clare_Nelson, Dan_Burnett, Dave_Longley,
          David_Chadwick, Ganesh_Annan, Gregg_Kellogg,
          Gregory_Natran, Kaz_Ashimura, Manu_Sporny,
          Markus_Sabadello, Matt_Stone, Mike_Lodder,
          Nathan_George, Ted_Thibodeau, Tim_Tibbals, Yancy_Ribbens

   Regrets

   Chair
          Matt_Stone, Dan_Burnett

   Scribe
          cwebber2

Contents

     * [3]Topics
         1. [4]Agenda review, Introductions, Re-introductions
         2. [5]Assign owners to unassigned issues
         3. [6]Status update on external review of Data Model Spec
         4. [7]PING feedback and response
     * [8]Summary of Action Items
     * [9]Summary of Resolutions
     __________________________________________________________

   <scribe> scribenick: cwebber2

Agenda review, Introductions, Re-introductions

   stonematt: quick review of the agenda

   <stonematt>
   [10]https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0
   004.html

     [10] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0004.html

   stonematt: that's where we published previously for the mailing
   list, plan for the day is to do this, agenda intros if
   necessary, review of data model spec including feedback from
   PING, overview of PRs, and if time test suite update
   ... anything we can add or amend in order of items before we
   dive in?
   ... not hearing any volunteers to change, so let's open with
   introductions & re-introductions
   ... any new participant on the call?
   ... brief intro of who you are, so we can welcome you to the
   group

   tim_tibbals: I'm working on the c-ledger project, working with
   John Best

   gannan: I'm new with Digital Bazaar, excited to do stuff with
   the VC group

Assign owners to unassigned issues

   stonematt: next is unassigned issues
   ... no action items in the running action items list so let's
   go to assigning owners to unassigned on the agenda

   <stonematt>
   [11]https://github.com/w3c/vc-data-model/issues?utf8=%E2%9C%93&
   q=is%3Aissue+is%3Aopen+no%3Aassignee

     [11] https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is:issue+is:open+no:assignee

   stonematt: I'll add a link
   ... there we go
   ... couple of new items opened, let's start with the first 212,
   duplicated syntax section
   ... opened by elf pavlik

   <stonematt> [12]https://github.com/w3c/vc-data-model/issues/212

     [12] https://github.com/w3c/vc-data-model/issues/212

   manu: I can take it... I can take both

   <burn> Both meaning 212 and 211

Status update on external review of Data Model Spec

   stonematt: next on the list is the update about the external
   review
   ... *looking at notes*
   ... we obviously had a big meeting with PING last week which
   many members participated in, that will be its own topic
   ... we had a couple of other items, the only group we have no
   response from that is confirming a review is actually our CG
   ... we've gotten a response from all other groups requesting
   review that they are starting to review
   ... who's at the CG who might volunteer to get an official
   acceptance that they will do review and get feedback

   DavidC: shouldn't it be someone in the CG group but who's not
   in the WG who does the review?

   stonematt: that's fine, I'm just asking someone who's here and
   in the CG to bring it up so we can find a reviewer

   burn: I'll bring it up on today's call
   ... I'll mention we sent an email and ask for it to be taken on
   as an action item

   stonematt: thx dan, that'd be great

PING feedback and response

   stonematt: next one is feedback from Privacy Interest Group
   (PING)
   ... for those who weren't there, it had several participants
   from the WG join, we took much of their hour describing and
   introducing our work
   ... Manu did a very nice job introducing the goals of the group
   and the ecosystem, the objectives and ecosystem around what a
   VC is and how it works
   ... had a dialogue and feedback from their members asking how
   it might work
   ... and how they might proceed with their review
   ... this was an introduction to get them started on their
   feedback process
   ... we introduced the idea that there's a pretty broad spectrum
   of privacy concerns that VCs are meant to address, from lightly
   identified to anonymous, to highly identified such as licenses
   where holder/subject is well known
   ... they said given that spectrum it'll be difficult to give
   feedback about privacy to the spec
   ... second element of feedback I heard was that examples from
   data model tend to use examples where subject / holder is
   highly identified. We don't have examples of bearer credentials
   or ZKPs
   ... I'm sure there's other feedback items of note
   ... in case someone wants to add to that summary
   ... DavidC?

   DavidC: yes in the meeting last week when discussing subject !=
   holder I thought manu was going to incorporate that immediately
   after the meeting, but manu has only gotten to do it today...
   one concern was that when we met with PING I didn't raise it
   yet, but there's clearly an extra privacy concern when subject
   != holder
   ... I'm not sure if PING will review today's subject != holder
   text, or if they will see the stuff added today. because I feel
   there's an extra level of privacy stuff when subject != holder
   they are unaware of at the moment

   manu: sure, so purely because of time, not because we were
   trying to keep it from them. Just this morning I incorporated
   David's PR, and I've been doing a bit of rework we might
   discuss later

   <Zakim> manu, you wanted to provide expected feedback.

   manu: typically when asking groups to do review and you're
   still in the draft version you ask them to review the latest
   draft. We can point them to the latest document
   ... they understand it's WIP, that said I think that section
   makes the review more difficult, in that I think you're right
   in that it opens a new can of worms related to privacy
   considerations
   ... I think there are a couple of elephants in the room that we
   didn't get into
   ... if you listen very closely, the feedback is "well what we
   can do is that VCs don't meet the security model for the web"
   ... I think we need to understand that we're going to hear that
   the security model of the web is same-origin
   ... the second you introduce multi-origin you get certain
   people concerned
   ... we have to be ready for that concern, I think there's that
   undertone when talking with PING
   ... I wanted to call attention to that
   ... other thing of concern is that the statement was made
   multiple times, "we don't know where to start"
   ... "can you narrow it?"

   manu: we said "not really, we have a lot of stakeholders
   [listed] and we're trying to make a general data model"
   ... a review focused on a single thing will focus on a tiny
   sliver of the ecosystem
   ... except for review per the web security model, which we know
   will be a negative review. third thing I found concerning was
   focus on bearer credentials and ZKPs. I think our position has
   always been we have to support it, but I think problem is
   potentially focusing on something like the over the age of 18
   credential, which while useful explaination strategy, in
   reality I don't know many companies basing their current
   customer engagements off of that
   ... concern may be we allow full spectrum of privacy, but many
   of companies working in this space are working in fully
   identified realm
   ... doing things like over the age of 18 credentials are
   difficult not for tech reasons but for regulatory burden
   currently
   ... there's a request that we focus on the more pseudononymous
   credentials, but concern is that moves us into a toy
   specification
   ... so anyway those are some loose thoughts, I think all we can
   do is wait for feedback
   ... I think changes we can make are add more bearer credentials
   and ZKPs
   ... as for multi-origin there's not much we can do... we are
   introducing a new security model for the web and we expect that
   to be a hot debate

   stonematt: two things to follow up
   ... I noticed that 1) it seems like we're coming at this from
   the perspective of an open world mentality... we want adoption
   of this. when we chartered the group one of the driving queries
   we heard were market adoption / organic adoption of this, and
   many companies we're working with are doing the highly
   identified part of the spectrum generally speaking
   ... and this is a data model not a protocol
   ... privacy enforcement might happen in protocol rather than in
   data model itself

   <dlongley> i disagree that we're suggesting a new security
   model for the Web, rather, we're just sharing things cross
   origin in a way that respects the same origin policy (user only
   interacts with one origin at a time and consent is required to
   move data from one origin to another)

   stonematt: in eg an SQL model there's all sorts of data you can
   put in

   <manu> yeah, I think we can approach as dlongley said... it's
   just that some people don't agree.

   <Zakim> kaz, you wanted to ask who call-in user 6 and 7 are

   kaz: who is call-in user 6 and 7?
   ... who dialed in 5-10 minutes ago

   stonematt: if you're on the telephone would you please speak up
   one at a time

   Yancy: *identifies self as 6*

   <nage> I agree with the point about protocol issues, Sovrin has
   been doing a lot on the privacy side, but it is hard to bring
   up when we are just working on data model. Perhaps we should
   bring more ZKP concepts into the spec as optional to better
   show the spectrum?

   markus_sabadello: *identifies self as 7*

   <manu> nage - agreed, I think that would help.

   DavidC: I agree with Matt in that solving the single origin
   issue
   ... I wonder if a way out of this is to have a profile
   document, the profile document would say how you can use this
   with same origin document

   <manu> nage - although, I think we'll still have folks that
   won't be happy until we make everything either a bearer
   credential or a ZKP (without any PII).

   DavidC: (???) FIDO model
   ... do you think that's a good way to satisfy PING, is to say
   it's possible to obey same origin policy

   <Zakim> cwebber, you wanted to address how do we deal with open
   world / broad usage

   <dlongley> we don't allow scripts on one page from one origin
   to access data from another page on another origin ... that
   would be a violation of the same origin security model -- we
   simply don't do this or even touch it at all.

   <manu> cwebber2: The issue with having such a broad range of
   applications... I'm surprised to hear that's such a concern.
   There is a lot of technology developed at W3C that fits into
   that boat... for example, HTML.

   <manu> cwebber2: We are trying to create a general technology
   that's broad... it's surprising to hear that pushback.

   <DavidC> @cwebber -> same origin document -> same origin policy

   <manu> cwebber2: Is there a way we can respond with that? This
   is a general technology?

   stonematt: for someone else who was at the call, perhaps
   jumping to the conclusion that it's the open data model that's
   the problem rather than the same origin model that's the
   problem is the nuance we should tease out of this

   TallTed: I'm sorry I wasn't able to make the call... similar to
   what you said earlier about reviewing SQL server, it's less
   about that and more about reviewing a schema and ontology, and
   there are no privacy implications to an ontology, it's a
   datastructure. It's just not relevant
   ... I'm surprised this hasn't been said, including on their
   side
   ... there's no protocol, just a datastructure... and not even a
   datastructure, it's an ontology

   DavidC: just to say something on last call, the verifiable
   presentation is the protocol

   TallTed: the way it's used may have implications, but that's
   not what we're doing

   DavidC: I disagree we're suggesting a new security model for
   the web... we're just making a data model, which I think fits
   into what TallTed is saying
   ... we're not in any way creating a situation or even touching
   anything where a script on one origin touches another origin

   <DavidC> @cwebber DavidC -> dlongley

   dlongley: we are talking about sharing information from
   different sources, but whenever we talk about that
   informatively we talk about involving user consent in that
   process. So I don't think we're even touching the security
   model on the web and don't intend to do it in any way
   ... we're trying to work within those bounds when workign on
   things

   <Zakim> burn, you wanted to respond to Ted

   <stonematt> +1 to dlongley

   <Zakim> manu, you wanted to clarify data model, presentation,
   credential, etc.

   burn: +1 to what dlongley just said. we did mention this on the
   call, and it sounds like all we did was mention it but no we
   did state that, but sometimes there are subtle issues where
   certain kinds of privacy implications can be inferred from a
   data model (or people will try to do that). We didn't focus as
   much on that argument because I've found that argument doesn't
   always get us as far as we'd like which is that what we're
   doing has nothing to do

   with the security model of the web, it's irrelevant

   manu: I stand corrected, I think that when people look at this
   work we're doing that it's very difficult for them... they're
   not familiar with what we're working on, and it's hard to
   separate what we're working on from what it could become
   ... it's very easy to map it to a 1984 style future because
   that's what privacy folks mostly work on, and in some ways
   we're putting plenty of ways to deal with that
   ... some people are happy with that, others are upset that if
   anyone's privacy leaks in the process, it doesn't matter if you
   took it into account
   ... what if you have an ashley madison style leak, and now you
   have signatures and know it wasn't tampered with
   ... I don't think our biggest challenges will be with the ones
   dave just made, we're not doing that we're not touching same
   origin, but I think the same people dealing with this don't
   have a technical understanding of same-origin
   ... they're worried about being phished, and making sure that
   if you're phished that it's not very useful to that person
   ... the people viewing this are not as sophisticated, I think
   the argument that TallTed made is absolutely solid but you need
   years upon years to get that understanding
   ... but I don't think they may be understood by those doing the
   review
   ... but those are the arguments we have
   ... now for what I put myself on the queue for, I get where
   Ted's going, but I think Nathan has a solid point which is that
   there are pieces of protocol that inevitably end up in the data
   model
   ... for example we're using VC in the credential handler model
   ... there's nothing on top of it, no http headers no extra
   anything, everything is in the verifiable presentation
   ... that's an example of the data model being reused by the
   data model
   ... I think we can make a solid distinction between the two,
   but there's always a blurring, and the blurring will come from
   the privacy folks saying "that's what you're designing, but
   what happens when someone abuses that"

   nage: so I think we have to ack a few things, I don't think the
   views in the group in general might not be universal... I have
   some disagreements about how some of the privacy issues have
   been handled, I think most of that is because we've been so
   focused on the data model part of it
   ... in order to improve the review I think we should provide
   advice on how to use it
   ... i can think of a few issues to make it friendlier to
   privacy eyes
   ... I think we need to take a step back, think where a generic
   web browser would think it's applied, they're probably thinking
   about web storage
   ... it's easy in that case to think of data model use cases of
   eg pulling something out of a wallet
   ... for those not familiar we probably need to describe those
   workflows, but doing or saying somethign might help reviewers
   understand

   TallTed: anywhere we have "protocol" in the data model spec is
   an error. Anywhere we have anything more than the column header
   names is an error in a data model spec. if we're doing anything
   other than that we're doing it wrong
   ... I'm sorry if that impacts the work we've done or going
   forward, but that's the hazard of the current
   compartmentalization happening with w3c work
   ... we have a very specific charter, production list, etc
   ... it doesn't include how it's used
   ... it's just a model
   ... if I'm describing a lion, these are the characteristics
   that go along with it. If I'm describing a VC, here's what goes
   along with it
   ... if there's sensitive information, there's sensitive
   information, there's use cases for using a paper and pencil
   ... we'll make it not pass through
   ... many times we've said we're close to the end of our time
   ... our focus should not be on what's happening in the CG even
   if it overlaps
   ... W3C is broken in a new way than it was 5 years ago, but we
   have to fight against the things causing us problems

   agropper: speaking of a privacy professional on this topic, we
   might find it easier to convince those concerned if we describe
   the goal as giving individuals agency as opposed to privacy

   <manu> Very good point, agropper.

   agropper: eg what you take out of your wallet as a form of
   agency
   ... not arguing we shouldn't talk about a data model very
   strictly

   <burn> +1 to Adrian's example of giving control over what you
   take out of your wallet

   agropper: when people ask why we're stepping into a
   non-single-domain situation, we need to give people agency

   bigbluehat: just wanted to say a quick thing from experience
   with the web annotations wg, we did data model and protocol. we
   didn't add html integration, we didn't add user interface
   requirements to the spec, but accessibility is a problem people
   keep asking about, and I say the spec is a data model and
   accessibility is a user interface challenge
   ... I think as TallTed described, I think we should post new
   advisory board elections
   ... contact the person in charge and make the case that this
   needs some new solutioning and discussion

   tzvia is a new AB elect

   bigbluehat: then we can narrow in on "we're just building a
   data model"
   ... in the same way web annotations kept making the argument
   for that
   ... we need better signaling in the w3c
   ... don't let the process choke this work

   <Zakim> cwebber, you wanted to ask doesn't this apply to all
   linked data systems

   <manu> cwebber: Just thinking about everything just said -
   generality that this is a data model spec... seems like
   complaints apply to literally any Linked Data system that could
   be built. Is that part of the challenge? Is that part of the
   issue? Or is this the same sort of origin stuff that have
   happened in any of the Linked Data systems that have been
   proposed so far?

   manu: there have been plenty of other linked data systems and
   data models that have gone through w3c that have not had this
   scrutiny
   ... plenty of other specs where you could shove PII into it and
   nothing was said
   ... I think the issue has mostly to do with the use cases we're
   dealing with
   ... since we're dealing with PII use cases people are having a
   tough time making a distinction between this is just a data
   model with understanding how it may be used
   ... I think it's purely an optics thing, about the data use
   cases we're dealing with
   ... other groups don't think about their person's name or
   address
   ... unfortunately I think that won't get us out

   <burn> yes, Manu gave the analogy of a database in our PING
   call.

   stonematt: timecheck, 5 minutes till CG call

   gkellogg: so I think this is where nomenclature gets in the
   way. data model implies something more closed, whereas ontology
   implies the specification of the way the data links
   ... if ther was a property with a clear password, and the
   ontology required a clear password to be present, that would be
   a clear privacy problem. since anyone can say anything and
   include data from othere ontologies, there's limits to what can
   be done about privacy / exposure that could be exposed

   TallTed: we've got theoretically a use case document that
   informs the data model, maybe if we refine it to draw
   distinction between protocol-relevant and model-relevant that
   may help
   ... again, yes, unsophisticated / uneducated people may think
   of implications outside our realm
   ... our responsibility is to say this is our scope, you're
   outside the wall, otherwise we'll never pass reviews
   ... you don't want a lengthy call with w3c management; it's no
   fun

   <burn> +1 to TallTed

   <dlongley> +1 to TallTed

   <manu> +1 to TallTed

   <bigbluehat> +1 to TallTed

   <gkellogg> +1 to TallTed

   <cwebber2> +1

   <stonematt> +1 to reiterate our scope during review thanks
   TallTed

   TallTed: we've just got to be clear, this is the wall we're
   working with... the stuff you're working with, make a different
   charter, it's outside our scope

   stonematt: thanks TallTed, I think that's right
   ... I agree with your comments that we should put +1s to
   minutes instead of /me comments
   ... burn and I can talk more about this later this week
   ... unless more comments we'll adjourn, cya next week

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [13]scribe.perl version
    1.152 ([14]CVS log)
    $Date: 2018/08/14 19:22:37 $

     [13] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [14] http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 14 August 2018 19:37:51 UTC