- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 22 Aug 2018 02:22:39 +0900
- To: public-vc-wg@w3.org
available at:
https://www.w3.org/2018/08/21-vcwg-minutes.html
also as text below.
Thanks a lot for taking these minutes, Manu and Dave!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
Verifiable Claims Working Group
21 Aug 2018
[2]Agenda
[2] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0006.html
Attendees
Present
Allen_Brown, Chris_Webber, Clare_Nelson, Dan_Burnett,
Daniel_Hardman, Dave_Longley, Gregg_Kellogg,
Kaliya_Young, Kaz_Ashimura, Manu_Sporny, Matt_Stone,
Mike_Lodder, Nathan_George, Tim_Tibbals, Tzviya_Siegman,
markus_sabadello, Benjamin_Young, Ganesh_Annan,
Gregory_Natran, Stephen_Curran, Ted_Thibodeau,
Yancy_Ribbens, Bob_Burke, Lovesh_Harchandani
Regrets
Chair
Dan_Burnett, Matt_Stone
Scribe
Manu_Sporny, Dave_Longley
Contents
* [3]Topics
1. [4]Agenda review, Introductions, Re-introductions
2. [5]Action Item Review
3. [6]Assign owners to unassigned issues
4. [7]Status update on external review of Data Model Spec
5. [8]Possible TPAC topics
6. [9]Data Model PR review
* [10]Summary of Action Items
* [11]Summary of Resolutions
__________________________________________________________
<manu> scribe: Manu_Sporny
Agenda review, Introductions, Re-introductions
<inserted> scribenick: manu
burn: We are going to cover our standard agenda and putting
together TPAC agenda... less than 2 months away.
... We need to talk about test suite update...
<Zakim> manu, you wanted to suggest some items for TPAC
burn: Any first timer's today?
<stonematt> Welcome Daniel Hardman!
DanielHardman: Hi, Daniel Hardman from Evernym. Interested in
VC spec in general, interested in process on harmonizing wrt.
ZKPs.
... I'm also a member of the Sovrin Technical Governance Board.
Action Item Review
<burn> [12]https://goo.gl/V4XTBT
[12] https://goo.gl/V4XTBT
burn: I believe action item review is quick, don't believe
there are any.
... confirmed, no open action items.
Assign owners to unassigned issues
<burn>
[13]https://github.com/w3c/vc-data-model/issues?utf8=%E2%9C%93&
q=is%3Aissue+is%3Aopen+no%3Aassignee
[13] https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is:issue+is:open+no:assignee
burn: 3 new issues... accessibility comment -
<stonematt> [14]https://github.com/w3c/vc-data-model/issues/221
[14] https://github.com/w3c/vc-data-model/issues/221
burn: There were two comments, 2nd comment is already an issue
in Github.
stonematt: Editorial, we need to make sure we have image
captions everywhere.
burn: wrt. accessibility - they noticed we have an extensive
security/privacy section... they'd like to see an accessibility
impact statement in addition. They'd like to work with us on
that.
... Who can move it further with a11y group?
tzviya: I made the statement, I can work with them... what's
the timeline?
burn: We are hoping to be able to issue a CR document before
TPAC.
<Zakim> manu, you wanted to say that's unlikely at this point.
burn: I suggest having the review before TPAC, within a month.
... That should be a good amount of time.
tzviya: That should be fine.
<stonematt> BTW, Accessibility review issue #1 is
[15]https://github.com/w3c/vc-data-model/issues/225
[15] https://github.com/w3c/vc-data-model/issues/225
burn: Coordinate with PING during review process... we had a
nice review call w/ PING.
<Tim_Tibbals> Sorry I was late as well.
burn: David Chadwick volunteered to do that.
... Anyone else interested in doing this instead of David
Chadwick?
*crickets*
kaliya: I'm interested in helping w/ PING review.
<burn> [16]https://github.com/w3c/vc-data-model/issues/222
[16] https://github.com/w3c/vc-data-model/issues/222
burn: Also, help Tzviya if you can.
[17]https://github.com/w3c/vc-data-model/issues/224
[17] https://github.com/w3c/vc-data-model/issues/224
burn: We're looking for someone to help the conversation
proceed... it could be Daniel Hardman, but could be someone
else.
DanielHardman: I'm willing to help on it -- I think there is an
impedence mismatch in the mental model... assumption that terms
of use will show up during presentation... need someone that
has knowledge of previous discussions to work with me.
... I can't drive it forward because I lack context.
burn: Let's leave this without an assignee for now... this
doesn't mean no one is paying attention, but no one is
volunteering yet to drive this.
... Moving on to
[18]https://github.com/w3c/vc-data-model/issues/225.. assigning
to manu.
[18] https://github.com/w3c/vc-data-model/issues/225
Status update on external review of Data Model Spec
burn: Nothing else that I'm aware of at this time, no new
reviews.
Possible TPAC topics
<inserted> scribenick: dlongley
manu: One of the best things about TPAC is face to face time
with other groups. I don't know if the chairs have started
trying to set up quick meetings with other groups. PING might
be really good, WebAppSec/security whatever the current
security thing happening is.
... Just so we are reaching out to those groups before CR
(probably) just so they are aware as a gesture and so we're
treated more nicely before the vote.
... Potentially privacy, security, and I don't know if the TAG
would be an interesting one to do or not.
<kaz> [19]TPAC schedule - Thursday/Friday
[19] https://www.w3.org/2018/10/TPAC/schedule.html#Thursday
<inserted> scribenick: manu
burn: Any other suggestions?
stonematt: We have a couple of topics -- refresh service,
thought discussion came up in last day or so... cryptoregistry?
items we should do F2F?
... What about cranking through issues, close stuff?
<Zakim> manu, you wanted to suggest Are we rechartering?
<kaz> [20]VCWG Charter
[20] https://www.w3.org/2017/vc/charter.html
<inserted> scribenick: dlongley
manu: We might want to discuss chartering or not rechartering.
There are a lot of calls and people are very busy. At the same
time, there's a lot of work for the full stack, LDS
signatures/proofs, so on.
<inserted> scribenick: manu
tzviya: Manu said most of what I was going to say - we want to
discuss relationship w/ CCG -- when the group ends/continues...
if this group is closing... figure out maintenance model.
<TallTed> +1 clarity of relationship between groups is vital
kaz: have two points
... 1. We should clarify whether this group would like to
extend the current work or go to another topic
... 2. W3C Project Team is working on maintenance.
... how to maintain specs generated by closed groups, etc...
... We are still discussing that.
burn: The thing that takes the longest to arrange are joint
meetings, so bear with us as we shift our TPAC agenda to
accommodate other groups.
... Anyone else have any input on TPAC agenda?
kaz: With respect to joint meeting - working w/ Web of Things
WG... do we want to meet with them?
manu: Yes, please, let's meet with them! :)
<TallTed> also +1 to considering extension of current work (vs
recharter for new work), as I think we're getting a
better/different understanding of this work than was previously
held
Data Model PR review
<burn> [21]https://github.com/w3c/vc-data-model/pulls
[21] https://github.com/w3c/vc-data-model/pulls
<inserted> scribenick: dlongley
manu: Oldest to newest order... Lovesh is in the group now, IPR
commitment is done. I assumed that was happening in parallel
and processed the issues.
burn: His IPR has been approved that he's in the group, but
there are still issues with it not reflecting properly in
github, but it's ok to go ahead and merge and of his PRs if
github will let us do it.
<manu> [22]https://github.com/w3c/vc-data-model/pull/213/files
[22] https://github.com/w3c/vc-data-model/pull/213/files
manu: I'm looking at #213 right now, which is a fairly large
PR.
... So Daniel, this is where I hope we can make progress on the
call. I see a number of things you're changing in this PR that
you're also changing in other PRs. Do you want us to drop this
one?
daniel: this is one of the problems with the tangling
interdependencies. I included an example in one of the PRs that
was also in one from Lovesh. Whatever order we pick, if one is
mature let's merge that and then I'll go edit others to remove
redundancies.
manu: Ok, I'm going to push off #213 if that's ok with you
because I think a lot of that can get in from the other PRs.
Let's deal with #214-#220 and deal with those first and then
update #213 with what's not there later.
<manu> [23]https://github.com/w3c/vc-data-model/pull/214
[23] https://github.com/w3c/vc-data-model/pull/214
manu: Currently, for a long time, we've had this ecosystem with
an Identifier Registry at the bottom, what we kind of mean is
things like DID ledgers. As Lovesh has pointed out, it's
important for this registry to also have cryptographic
material. I haven't heard back from Lovesh yet, and maybe we
can call this thing a cryptographic material registry or
registries.
... Whatever term we pick we need to be inclusive. People will
use URL identifiers, potentially the SOLID team at MIT, other
people will use cryptomaterial that's strongly identifiable and
others will use ZKPs with credential schemas and things of that
sort.
... The suggestion is to change the name to cryptographic
material registry. I'm waiting on a response from Lovesh.
... We do need to discuss this in the call because this is not
an editorial change; we're expanding the scope of the
identifier registry to make sure it's compatible with some of
the ZKP stuff that Evernym is doing.
<inserted> scribenick: manu
burn: Let's give this 5 minutes
<mike-lodder> Where are the resources I can review for the ZKP
stuff? Is it just lovesh's PR or somewhere else
<nage> If you are using blinded signatures, you may be
anchoring on the crypto, rather the identifier no? (just
pointing out that we might need to clarify a lot more if we try
to keep the current name)
dlongley: It might be a better idea to call the item that
lovesh is talking about as a separate piece of architecture,
rather than renaming the identifier registry. These components
may be optional components... we may not need to mention them
in the model. Maybe we can push them off to an advanced
concepts section. If we don't have a clear story about those
registries up front, that might not be good. This is not
necessarily a requirement... ambivalent about
changing the name, maybe we need to talk about advanced
concepts?
dlongley: How we relate to cryptomaterial used elsewhere.
TallTed: Any time I hear about registry, I get concerned..
especially in a data model spec. Identifier registry says "We
are going to try to keep track of every identifier..." that's
madness and beyond.
... I can't imagine doing that.
<Zakim> manu, you wanted to clarify.
<inserted> scribenick: manu
burn: This may take more time... next step?
<inserted> scribenick: dlongley
manu: I think the change is easier than it may seem. So, Ted,
we're definitely not doing what you're concerned about us
doing. These identifiers are more or less cryptographic
identifiers, and only those that you want to make public. If
you came to another conclusion from reading the spec we need to
clarify.
... From Dave Longley's viewpoint, we did actually have a
discussion on the strategy of how we do this before, with the
holder registry. We don't put that on the diagram, the holder
repository doesn't go on that diagram.
... That may be the approach that Dave Longley is suggesting.
<dlongley> +1 I am
manu: I don't think anyone is arguing against the concept -- we
just need to make sure we express it. Maybe if you go into the
Advanced Concepts section you can talk about these things and
ZKP and so on, without hitting people upfront with it.
... Dave Longley and I can take some of this offline and look
at putting it in the Advanced Concepts section.
... Any objections to that approach?
none
<manu> [24]https://github.com/w3c/vc-data-model/pull/217
[24] https://github.com/w3c/vc-data-model/pull/217
manu: Moving onto #217.
... This is somewhat related to the ZKP credential stuff.
Changes to the core data model. There's some things here that
have been removed. I provided feedback to Lovesh and we're
waiting on comments from him.
<TallTed> I would suggest not using "registry" if we're talking
about"personal/organizational/private/local stores". which
might be the better name...
manu: Ways that the core data model was changed, impedance
difference with the group.
burn: Daniel are you able to convey a little more of a
description than "sign off by"?
daniel: There was a two page document that was written and
people told us it was too detailed.
burn: There's probably a medium between a two page document and
nothing.
manu: I forgot to hit submit on review comments, my bad!
... Let me redo it or find the tab where I did the review.
daniel: I will work with Lovesh to add some better description.
burn: I'm not looking for a big description, it's just so that
someone who looks at this from the group would understand
what's going on and perhaps a pointer to the two page document.
manu: If we get some things straight in #220 it makes #217
easier to pull in.
... Anything else on #217 before we do #220?
<manu> [25]https://github.com/w3c/vc-data-model/pull/220
[25] https://github.com/w3c/vc-data-model/pull/220
nothing
manu: Daniel and I have been going back and forth for a while
on this one which is great. We're hammering something through
that will work for the group.
... Only one thing that remains if we can resolve on the call
and other folks review we can pull the PR in.
... Daniel can you do an intro to this PR?
... This one has a good summary at the top but can you talk
about it here on the call and what you're trying to accomplish?
daniel: Basically we wanted to nuance a little bit about the
assumptions on what a presentation might be. As it exists on
the spec today, it says that a presentation is directly
composed of embedded credentials. We're suggesting that there
could be a couple of different ways to do it instead, one is
exactly that and another is to put material that derives from
credentials without putting the credentials in directly.
manu: That's great. I think the definition has been expanded in
a way that the group has meant for a while but it was good for
someone else to go through the spec and pick out the places
where the definition didn't work for ZKP style things.
<manu>
[26]https://github.com/w3c/vc-data-model/pull/220/files#diff-ea
cf331f0ffc35d4b482f1d15a887d3bR1037
[26] https://github.com/w3c/vc-data-model/pull/220/files#diff-eacf331f0ffc35d4b482f1d15a887d3bR1037
manu: There's a specific example where we include a ZKP style
credential. The thing in the claims section ... that's going to
look very foreign to folks. The suggestion is to pull that out
and put it in another PR or in another issue so we can discuss
exactly what the format looks like.
... If we do that then we can pull #220 in.
... Then it will take a while to work through what the ZKP
style data format is suggesting. I've got some proposals on how
to do that but I didn't want that discussion slowing #220 from
getting into the spec.
daniel: Yeah, sure. I can do that in an hour or two after this
call and have it in the format you're looking for.
manu: If anyone else wants to review this, please do it, as
quickly as you can.
... I think it's aligned with what the consensus of the group
is.
... I'm going to pull it in after Daniel makes his changes
unless there are any objections to me doing that.
no objections
manu: That's it for the new outstanding PRs. We do need to talk
about `refreshService`.
<Zakim> stonematt, you wanted to say let's discuss the
refreshService PR #210 quickly
[27]https://github.com/w3c/vc-data-model/pull/210
[27] https://github.com/w3c/vc-data-model/pull/210
<scribe> scribenick: manu
stonematt: manu and I had misremembered what we're doing about
the refreshService... is this going in the spec or not?
... my memory is that we were doing this, but were deferring
delegation.
... refresh service was a part of the discussion.
<dlongley> scribenick: dlongley
manu: I thought I heard group members say kill it. Specifically
Ted said "this will create a lot of discussion, we should kick
it back and not include it in this version". I think Mike
Lodder agreed with him but Dave Longley said he thought Mike
was responding to something else.
... If they could respond it would be good.
<mike-lodder> No I agree to push it back
manu: I feel like we should put something like this into the
spec. A service the holder can use to go renew a credential
that has expired would be of benefit. David Chadwick had a
concern about exposing that to the verifier but we can put it
in the presentation from the issuer to the holder to avoid that
... but that's moot if we aren't including it at all.
<mike-lodder> Yes a later version not now
stonematt: I want to point out one detail to remind the group.
The issuer has an opportunity to let an attribute in a claim be
a refresh service. We wouldn't be codifying a mechanism outside
of the claim itself for this kind of information if we defer
this.
<mike-lodder> +1 to TallTed
TallTed: Roughly that -- you can put anything in that you want
so it's certainly possible to include such a URI along with
everything else. Whether it's inside the credential or outside,
there's nothing that prevents it. It is a chunk of work and if
we're extending the work of this group we could do it.
Everything is interdependent. I don't think this is vital for
1.0, it may be an enhancement later after some number of
issuers/holders/etc try it some way.
... We get to see how it works in the real world and then it
can be codified.
<Zakim> manu, you wanted to mention Digital Bazaar is going to
do this anyway.
TallTed: Not everything can be standardized before everyone
does it.
manu: Digital Bazaar will need this feature so we'll do it
anyway, would be nice to have blessing of the group, will try
to do something aligned with current thinking of the group.
Sounds like Matt and myself want it now and Ted and Mike
wanting it later.
<stonematt> Advanced concept?
manu: I don't know what to do at this point, if we don't have
more people talking.
<scribe> scribenick: manu
burn: The typical way to do it is to define something and get
agreement... in time, then great, if not, it gets deferred.
<Zakim> kaz, you wanted to provide some more information on the
GH IPR problem
<kaz> [28]https://labs.w3.org/hatchery/repo-manager/pr/open
[28] https://labs.w3.org/hatchery/repo-manager/pr/open
kaz: PR 208 and 214 are ok - good to go
... but there are still some problem with PR 213 and 217 -
working with the W3C Systeam to resolve the problem
burn: Thank you for input lovesh and Daniel Hardman... we
appreciate your input.
bburke: I don't know how refresh is related to verifiable
credentials... seems unrelated.
<daniel> Thanks for the call, folks. I have to drop but will
continue to interact via email, PRs, etc. See you next week.
[adjourned]
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [29]scribe.perl version
1.152 ([30]CVS log)
$Date: 2018/08/21 16:32:15 $
[29] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[30] http://dev.w3.org/cvsweb/2002/scribe/
Received on Tuesday, 21 August 2018 17:23:49 UTC