Minutes for VCWG telecon 21 August 2018

available at:
  https://www.w3.org/2018/08/21-vcwg-minutes.html

also as text below.

Thanks a lot for taking these minutes, Manu and Dave!

Kazuyuki

---

   [1]W3C

      [1] http://www.w3.org/

                               - DRAFT -

                    Verifiable Claims Working Group

21 Aug 2018

   [2]Agenda

      [2] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0006.html

Attendees

   Present
          Allen_Brown, Chris_Webber, Clare_Nelson, Dan_Burnett,
          Daniel_Hardman, Dave_Longley, Gregg_Kellogg,
          Kaliya_Young, Kaz_Ashimura, Manu_Sporny, Matt_Stone,
          Mike_Lodder, Nathan_George, Tim_Tibbals, Tzviya_Siegman,
          markus_sabadello, Benjamin_Young, Ganesh_Annan,
          Gregory_Natran, Stephen_Curran, Ted_Thibodeau,
          Yancy_Ribbens, Bob_Burke, Lovesh_Harchandani

   Regrets

   Chair
          Dan_Burnett, Matt_Stone

   Scribe
          Manu_Sporny, Dave_Longley

Contents

     * [3]Topics
         1. [4]Agenda review, Introductions, Re-introductions
         2. [5]Action Item Review
         3. [6]Assign owners to unassigned issues
         4. [7]Status update on external review of Data Model Spec
         5. [8]Possible TPAC topics
         6. [9]Data Model PR review
     * [10]Summary of Action Items
     * [11]Summary of Resolutions
     __________________________________________________________

   <manu> scribe: Manu_Sporny

Agenda review, Introductions, Re-introductions

   <inserted> scribenick: manu

   burn: We are going to cover our standard agenda and putting
   together TPAC agenda... less than 2 months away.
   ... We need to talk about test suite update...

   <Zakim> manu, you wanted to suggest some items for TPAC

   burn: Any first timer's today?

   <stonematt> Welcome Daniel Hardman!

   DanielHardman: Hi, Daniel Hardman from Evernym. Interested in
   VC spec in general, interested in process on harmonizing wrt.
   ZKPs.
   ... I'm also a member of the Sovrin Technical Governance Board.

Action Item Review

   <burn> [12]https://goo.gl/V4XTBT

     [12] https://goo.gl/V4XTBT

   burn: I believe action item review is quick, don't believe
   there are any.
   ... confirmed, no open action items.

Assign owners to unassigned issues

   <burn>
   [13]https://github.com/w3c/vc-data-model/issues?utf8=%E2%9C%93&
   q=is%3Aissue+is%3Aopen+no%3Aassignee

     [13] https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is:issue+is:open+no:assignee

   burn: 3 new issues... accessibility comment -

   <stonematt> [14]https://github.com/w3c/vc-data-model/issues/221

     [14] https://github.com/w3c/vc-data-model/issues/221

   burn: There were two comments, 2nd comment is already an issue
   in Github.

   stonematt: Editorial, we need to make sure we have image
   captions everywhere.

   burn: wrt. accessibility - they noticed we have an extensive
   security/privacy section... they'd like to see an accessibility
   impact statement in addition. They'd like to work with us on
   that.
   ... Who can move it further with a11y group?

   tzviya: I made the statement, I can work with them... what's
   the timeline?

   burn: We are hoping to be able to issue a CR document before
   TPAC.

   <Zakim> manu, you wanted to say that's unlikely at this point.

   burn: I suggest having the review before TPAC, within a month.
   ... That should be a good amount of time.

   tzviya: That should be fine.

   <stonematt> BTW, Accessibility review issue #1 is
   [15]https://github.com/w3c/vc-data-model/issues/225

     [15] https://github.com/w3c/vc-data-model/issues/225

   burn: Coordinate with PING during review process... we had a
   nice review call w/ PING.

   <Tim_Tibbals> Sorry I was late as well.

   burn: David Chadwick volunteered to do that.
   ... Anyone else interested in doing this instead of David
   Chadwick?

   *crickets*

   kaliya: I'm interested in helping w/ PING review.

   <burn> [16]https://github.com/w3c/vc-data-model/issues/222

     [16] https://github.com/w3c/vc-data-model/issues/222

   burn: Also, help Tzviya if you can.

   [17]https://github.com/w3c/vc-data-model/issues/224

     [17] https://github.com/w3c/vc-data-model/issues/224

   burn: We're looking for someone to help the conversation
   proceed... it could be Daniel Hardman, but could be someone
   else.

   DanielHardman: I'm willing to help on it -- I think there is an
   impedence mismatch in the mental model... assumption that terms
   of use will show up during presentation... need someone that
   has knowledge of previous discussions to work with me.
   ... I can't drive it forward because I lack context.

   burn: Let's leave this without an assignee for now... this
   doesn't mean no one is paying attention, but no one is
   volunteering yet to drive this.
   ... Moving on to
   [18]https://github.com/w3c/vc-data-model/issues/225.. assigning
   to manu.

     [18] https://github.com/w3c/vc-data-model/issues/225

Status update on external review of Data Model Spec

   burn: Nothing else that I'm aware of at this time, no new
   reviews.

Possible TPAC topics

   <inserted> scribenick: dlongley

   manu: One of the best things about TPAC is face to face time
   with other groups. I don't know if the chairs have started
   trying to set up quick meetings with other groups. PING might
   be really good, WebAppSec/security whatever the current
   security thing happening is.
   ... Just so we are reaching out to those groups before CR
   (probably) just so they are aware as a gesture and so we're
   treated more nicely before the vote.
   ... Potentially privacy, security, and I don't know if the TAG
   would be an interesting one to do or not.

   <kaz> [19]TPAC schedule - Thursday/Friday

     [19] https://www.w3.org/2018/10/TPAC/schedule.html#Thursday

   <inserted> scribenick: manu

   burn: Any other suggestions?

   stonematt: We have a couple of topics -- refresh service,
   thought discussion came up in last day or so... cryptoregistry?
   items we should do F2F?
   ... What about cranking through issues, close stuff?

   <Zakim> manu, you wanted to suggest Are we rechartering?

   <kaz> [20]VCWG Charter

     [20] https://www.w3.org/2017/vc/charter.html

   <inserted> scribenick: dlongley

   manu: We might want to discuss chartering or not rechartering.
   There are a lot of calls and people are very busy. At the same
   time, there's a lot of work for the full stack, LDS
   signatures/proofs, so on.

   <inserted> scribenick: manu

   tzviya: Manu said most of what I was going to say - we want to
   discuss relationship w/ CCG -- when the group ends/continues...
   if this group is closing... figure out maintenance model.

   <TallTed> +1 clarity of relationship between groups is vital

   kaz: have two points
   ... 1. We should clarify whether this group would like to
   extend the current work or go to another topic
   ... 2. W3C Project Team is working on maintenance.
   ... how to maintain specs generated by closed groups, etc...
   ... We are still discussing that.

   burn: The thing that takes the longest to arrange are joint
   meetings, so bear with us as we shift our TPAC agenda to
   accommodate other groups.
   ... Anyone else have any input on TPAC agenda?

   kaz: With respect to joint meeting - working w/ Web of Things
   WG... do we want to meet with them?

   manu: Yes, please, let's meet with them! :)

   <TallTed> also +1 to considering extension of current work (vs
   recharter for new work), as I think we're getting a
   better/different understanding of this work than was previously
   held

Data Model PR review

   <burn> [21]https://github.com/w3c/vc-data-model/pulls

     [21] https://github.com/w3c/vc-data-model/pulls

   <inserted> scribenick: dlongley

   manu: Oldest to newest order... Lovesh is in the group now, IPR
   commitment is done. I assumed that was happening in parallel
   and processed the issues.

   burn: His IPR has been approved that he's in the group, but
   there are still issues with it not reflecting properly in
   github, but it's ok to go ahead and merge and of his PRs if
   github will let us do it.

   <manu> [22]https://github.com/w3c/vc-data-model/pull/213/files

     [22] https://github.com/w3c/vc-data-model/pull/213/files

   manu: I'm looking at #213 right now, which is a fairly large
   PR.
   ... So Daniel, this is where I hope we can make progress on the
   call. I see a number of things you're changing in this PR that
   you're also changing in other PRs. Do you want us to drop this
   one?

   daniel: this is one of the problems with the tangling
   interdependencies. I included an example in one of the PRs that
   was also in one from Lovesh. Whatever order we pick, if one is
   mature let's merge that and then I'll go edit others to remove
   redundancies.

   manu: Ok, I'm going to push off #213 if that's ok with you
   because I think a lot of that can get in from the other PRs.
   Let's deal with #214-#220 and deal with those first and then
   update #213 with what's not there later.

   <manu> [23]https://github.com/w3c/vc-data-model/pull/214

     [23] https://github.com/w3c/vc-data-model/pull/214

   manu: Currently, for a long time, we've had this ecosystem with
   an Identifier Registry at the bottom, what we kind of mean is
   things like DID ledgers. As Lovesh has pointed out, it's
   important for this registry to also have cryptographic
   material. I haven't heard back from Lovesh yet, and maybe we
   can call this thing a cryptographic material registry or
   registries.
   ... Whatever term we pick we need to be inclusive. People will
   use URL identifiers, potentially the SOLID team at MIT, other
   people will use cryptomaterial that's strongly identifiable and
   others will use ZKPs with credential schemas and things of that
   sort.
   ... The suggestion is to change the name to cryptographic
   material registry. I'm waiting on a response from Lovesh.
   ... We do need to discuss this in the call because this is not
   an editorial change; we're expanding the scope of the
   identifier registry to make sure it's compatible with some of
   the ZKP stuff that Evernym is doing.

   <inserted> scribenick: manu

   burn: Let's give this 5 minutes

   <mike-lodder> Where are the resources I can review for the ZKP
   stuff? Is it just lovesh's PR or somewhere else

   <nage> If you are using blinded signatures, you may be
   anchoring on the crypto, rather the identifier no? (just
   pointing out that we might need to clarify a lot more if we try
   to keep the current name)

   dlongley: It might be a better idea to call the item that
   lovesh is talking about as a separate piece of architecture,
   rather than renaming the identifier registry. These components
   may be optional components... we may not need to mention them
   in the model. Maybe we can push them off to an advanced
   concepts section. If we don't have a clear story about those
   registries up front, that might not be good. This is not
   necessarily a requirement... ambivalent about

   changing the name, maybe we need to talk about advanced
   concepts?

   dlongley: How we relate to cryptomaterial used elsewhere.

   TallTed: Any time I hear about registry, I get concerned..
   especially in a data model spec. Identifier registry says "We
   are going to try to keep track of every identifier..." that's
   madness and beyond.
   ... I can't imagine doing that.

   <Zakim> manu, you wanted to clarify.

   <inserted> scribenick: manu

   burn: This may take more time... next step?

   <inserted> scribenick: dlongley

   manu: I think the change is easier than it may seem. So, Ted,
   we're definitely not doing what you're concerned about us
   doing. These identifiers are more or less cryptographic
   identifiers, and only those that you want to make public. If
   you came to another conclusion from reading the spec we need to
   clarify.
   ... From Dave Longley's viewpoint, we did actually have a
   discussion on the strategy of how we do this before, with the
   holder registry. We don't put that on the diagram, the holder
   repository doesn't go on that diagram.
   ... That may be the approach that Dave Longley is suggesting.

   <dlongley> +1 I am

   manu: I don't think anyone is arguing against the concept -- we
   just need to make sure we express it. Maybe if you go into the
   Advanced Concepts section you can talk about these things and
   ZKP and so on, without hitting people upfront with it.
   ... Dave Longley and I can take some of this offline and look
   at putting it in the Advanced Concepts section.
   ... Any objections to that approach?

   none

   <manu> [24]https://github.com/w3c/vc-data-model/pull/217

     [24] https://github.com/w3c/vc-data-model/pull/217

   manu: Moving onto #217.
   ... This is somewhat related to the ZKP credential stuff.
   Changes to the core data model. There's some things here that
   have been removed. I provided feedback to Lovesh and we're
   waiting on comments from him.

   <TallTed> I would suggest not using "registry" if we're talking
   about"personal/organizational/private/local stores". which
   might be the better name...

   manu: Ways that the core data model was changed, impedance
   difference with the group.

   burn: Daniel are you able to convey a little more of a
   description than "sign off by"?

   daniel: There was a two page document that was written and
   people told us it was too detailed.

   burn: There's probably a medium between a two page document and
   nothing.

   manu: I forgot to hit submit on review comments, my bad!
   ... Let me redo it or find the tab where I did the review.

   daniel: I will work with Lovesh to add some better description.

   burn: I'm not looking for a big description, it's just so that
   someone who looks at this from the group would understand
   what's going on and perhaps a pointer to the two page document.

   manu: If we get some things straight in #220 it makes #217
   easier to pull in.
   ... Anything else on #217 before we do #220?

   <manu> [25]https://github.com/w3c/vc-data-model/pull/220

     [25] https://github.com/w3c/vc-data-model/pull/220

   nothing

   manu: Daniel and I have been going back and forth for a while
   on this one which is great. We're hammering something through
   that will work for the group.
   ... Only one thing that remains if we can resolve on the call
   and other folks review we can pull the PR in.
   ... Daniel can you do an intro to this PR?
   ... This one has a good summary at the top but can you talk
   about it here on the call and what you're trying to accomplish?

   daniel: Basically we wanted to nuance a little bit about the
   assumptions on what a presentation might be. As it exists on
   the spec today, it says that a presentation is directly
   composed of embedded credentials. We're suggesting that there
   could be a couple of different ways to do it instead, one is
   exactly that and another is to put material that derives from
   credentials without putting the credentials in directly.

   manu: That's great. I think the definition has been expanded in
   a way that the group has meant for a while but it was good for
   someone else to go through the spec and pick out the places
   where the definition didn't work for ZKP style things.

   <manu>
   [26]https://github.com/w3c/vc-data-model/pull/220/files#diff-ea
   cf331f0ffc35d4b482f1d15a887d3bR1037

     [26] https://github.com/w3c/vc-data-model/pull/220/files#diff-eacf331f0ffc35d4b482f1d15a887d3bR1037

   manu: There's a specific example where we include a ZKP style
   credential. The thing in the claims section ... that's going to
   look very foreign to folks. The suggestion is to pull that out
   and put it in another PR or in another issue so we can discuss
   exactly what the format looks like.
   ... If we do that then we can pull #220 in.
   ... Then it will take a while to work through what the ZKP
   style data format is suggesting. I've got some proposals on how
   to do that but I didn't want that discussion slowing #220 from
   getting into the spec.

   daniel: Yeah, sure. I can do that in an hour or two after this
   call and have it in the format you're looking for.

   manu: If anyone else wants to review this, please do it, as
   quickly as you can.
   ... I think it's aligned with what the consensus of the group
   is.
   ... I'm going to pull it in after Daniel makes his changes
   unless there are any objections to me doing that.

   no objections

   manu: That's it for the new outstanding PRs. We do need to talk
   about `refreshService`.

   <Zakim> stonematt, you wanted to say let's discuss the
   refreshService PR #210 quickly
   [27]https://github.com/w3c/vc-data-model/pull/210

     [27] https://github.com/w3c/vc-data-model/pull/210

   <scribe> scribenick: manu

   stonematt: manu and I had misremembered what we're doing about
   the refreshService... is this going in the spec or not?
   ... my memory is that we were doing this, but were deferring
   delegation.
   ... refresh service was a part of the discussion.

   <dlongley> scribenick: dlongley

   manu: I thought I heard group members say kill it. Specifically
   Ted said "this will create a lot of discussion, we should kick
   it back and not include it in this version". I think Mike
   Lodder agreed with him but Dave Longley said he thought Mike
   was responding to something else.
   ... If they could respond it would be good.

   <mike-lodder> No I agree to push it back

   manu: I feel like we should put something like this into the
   spec. A service the holder can use to go renew a credential
   that has expired would be of benefit. David Chadwick had a
   concern about exposing that to the verifier but we can put it
   in the presentation from the issuer to the holder to avoid that
   ... but that's moot if we aren't including it at all.

   <mike-lodder> Yes a later version not now

   stonematt: I want to point out one detail to remind the group.
   The issuer has an opportunity to let an attribute in a claim be
   a refresh service. We wouldn't be codifying a mechanism outside
   of the claim itself for this kind of information if we defer
   this.

   <mike-lodder> +1 to TallTed

   TallTed: Roughly that -- you can put anything in that you want
   so it's certainly possible to include such a URI along with
   everything else. Whether it's inside the credential or outside,
   there's nothing that prevents it. It is a chunk of work and if
   we're extending the work of this group we could do it.
   Everything is interdependent. I don't think this is vital for
   1.0, it may be an enhancement later after some number of
   issuers/holders/etc try it some way.
   ... We get to see how it works in the real world and then it
   can be codified.

   <Zakim> manu, you wanted to mention Digital Bazaar is going to
   do this anyway.

   TallTed: Not everything can be standardized before everyone
   does it.

   manu: Digital Bazaar will need this feature so we'll do it
   anyway, would be nice to have blessing of the group, will try
   to do something aligned with current thinking of the group.
   Sounds like Matt and myself want it now and Ted and Mike
   wanting it later.

   <stonematt> Advanced concept?

   manu: I don't know what to do at this point, if we don't have
   more people talking.

   <scribe> scribenick: manu

   burn: The typical way to do it is to define something and get
   agreement... in time, then great, if not, it gets deferred.

   <Zakim> kaz, you wanted to provide some more information on the
   GH IPR problem

   <kaz> [28]https://labs.w3.org/hatchery/repo-manager/pr/open

     [28] https://labs.w3.org/hatchery/repo-manager/pr/open

   kaz: PR 208 and 214 are ok - good to go
   ... but there are still some problem with PR 213 and 217 -
   working with the W3C Systeam to resolve the problem

   burn: Thank you for input lovesh and Daniel Hardman... we
   appreciate your input.

   bburke: I don't know how refresh is related to verifiable
   credentials... seems unrelated.

   <daniel> Thanks for the call, folks. I have to drop but will
   continue to interact via email, PRs, etc. See you next week.

   [adjourned]

Summary of Action Items

Summary of Resolutions

   [End of minutes]
     __________________________________________________________


    Minutes formatted by David Booth's [29]scribe.perl version
    1.152 ([30]CVS log)
    $Date: 2018/08/21 16:32:15 $

     [29] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
     [30] http://dev.w3.org/cvsweb/2002/scribe/

Received on Tuesday, 21 August 2018 17:23:49 UTC