- From: Kazuyuki Ashimura <ashimura@w3.org>
- Date: Wed, 29 Aug 2018 09:08:26 +0900
- To: public-vc-wg@w3.org
available at:
https://www.w3.org/2018/08/28-vcwg-minutes.html
also as text below.
Thanks a lot for taking these minutes, David Chadwick!
Kazuyuki
---
[1]W3C
[1] http://www.w3.org/
- DRAFT -
Verifiable Claims Working Group
28 Aug 2018
[2]Agenda
[2] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0008.html
Attendees
Present
Brent_Zundel, Clare_Nelson, Dan_Burnett, Dave_Longley,
David_Chadwick, David_Ezell, Ganesh_Annan,
Gregg_Kellogg, Kaz_Ashimura, Lovesh_Harchandani,
Manu_Sporny, Matt_Stone, Mike_Lodder, Ted_Thibodeau,
Yancy_Ribbens, Tim_Tibbals, David_Lehn, Allen_Brown,
Bob_Burke
Regrets
tzviya
Chair
Matt_Stone, Dan_Burnett
Scribe
DavidC
Contents
* [3]Topics
1. [4]Unassigned Issues
2. [5]Introductions
3. [6]TPAC Planning
4. [7]Coordination with PING
5. [8]Test Suite
* [9]Summary of Action Items
* [10]Summary of Resolutions
__________________________________________________________
<stonematt> Agenda:
[11]https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0
008.html
[11] https://lists.w3.org/Archives/Public/public-vc-wg/2018Aug/0008.html
DavidC is scribe
<manu> scribe: DavidC
<burn> scribenick: DavidC
Unassigned Issues
<stonematt>
[12]https://github.com/w3c/vc-data-model/issues?utf8=✓&q=is%3Ai
ssue+is%3Aopen+no%3Aassignee
[12] https://github.com/w3c/vc-data-model/issues?utf8=
issue #224 mike-lodder will take this
<stonematt> [13]https://github.com/w3c/vc-data-model/issues/224
[13] https://github.com/w3c/vc-data-model/issues/224
Introductions
Intro from Brent who works for Evernym
issue #224. ClareNelson asked Dan to clarify some of the terms,
and is happy to contribute to this
<Zakim> ClareNelson, you wanted to discuss 224
<dlongley> +1 to notion that there are many different ZKP
models
<manu> +1, some of the incoming changes seem to be focused on
CL-style ZKPs.
<Zakim> manu, you wanted to get mike-lodder setup
kaz will add mike-lodder and ClareNelson to the github group
TPAC Planning
<stonematt>
[14]https://docs.google.com/spreadsheets/d/1aYodpYXQg_C9zn3HcNQ
oMN2A_ESsArJaA4jl3x0cahE/edit#gid=1978211400
[14] https://docs.google.com/spreadsheets/d/1aYodpYXQg_C9zn3HcNQoMN2A_ESsArJaA4jl3x0cahE/edit#gid=1978211400
Can attendees please add their names to the attendees tab
The TPAC registration procedures will not automatically say who
is attending which meetings
google doc was originally read only, and now it seems to be
unavailable to most people
<burn> matt is fixing
but it is working now. Thanks matt
Need to decide which external groups we should liaise with
We need to determine order of priority and time to meet with
them
Existing issues and PRs is already a discussion topic, so no
need to list individual items
<burn> rrsgaent, draft minutes
Allen_Brown is giving a presentation on use of VCs in B2B
commerce. We should attend that at the TPAC
<Zakim> manu, you wanted to note TAG ... maybe?
Manu suggests a place in the TAG to publicise the use of VCs,
decentralised IDs, and the whole eco-system
ClareNelson suggests an interactive session to discuss trust
model, security model, tamper resistance etc.
So that when the security group review the data model they will
understand the threat model
Unfortunately ClareNelson wont be present at the TPAC so
leading this session would not be optimal
There has been no activity on the PING list this last week
<inserted> kaz points out that we can use wednesday breakout as
well for our joint discussion if needed
<burn> good point about using Wednesday breakout time if our
schedule is full or difficult to coordinate with others
Please add your suggested topics for TPAC to the google doc by
the end of this week
Coordination with PING
<Zakim> manu, you wanted to suggest some focus areas for PING
Manu would like DavidC to bring PING up to speed on our trust
model and privacy sections
<burn> davidc: willing to act as liaison. Plan to encourage
them to focus on data model issues and a reminder that anything
protocol-related is out of scope for this document.
because PING's view was that our model was so broad that they
could not focus on any one thing
The privacy concerns really come into focus when protocols are
defined.
Has PING reviewed a pure data model before?
PING could focus on one use case, e.g. a privacy enabled one,
and see if the data model can support it
Is the data model compatible with the security model for the
web
<burn> matt: do you need anything else DavidC?
<burn> davidc: their main concern was the single-origin policy.
That is not fundamental to our data model, but our diagram
shows such a flow, going from issuer to holder to verifier
<burn> ... this is fundamental to our ecosystem
<burn> davidc: i don't see how we comply with that (responding
to dlongley's comment)
<burn> ... I think we violate same origin policy
<manu> dlongley: There are plenty of examples where data is
stored on one website and it is sent to another website. Case
in point is the Web Payments WG's work.
<manu> dlongley: For example, payment request is made by
merchant website, payment request sent to digital wallet
website, data is sent from digital wallet back to merchant.
This is all implemented in browsers -- that flow is exactly the
same as the web payments API.
<manu> DavidC: That's great, that's a really nice example.
<burn> davidc: that example is good. if that example is not
compliant then the whole world is not compliant
<manu> No, is TODAY... that's exactly the way it works today.
<mike-lodder> Same-Origin does have its issues still as cookies
enable both cross-site attacks and third-party tracking
<mike-lodder> Here is a good paper about that
[15]https://wholeftopenthecookiejar.eu/static/tpc-paper.pdf
[15] https://wholeftopenthecookiejar.eu/static/tpc-paper.pdf
<stonematt> Topic PR Review
<stonematt> [16]https://github.com/w3c/vc-data-model/pulls
[16] https://github.com/w3c/vc-data-model/pulls
<Zakim> manu, you wanted to summarize PR reviews...
Manu. We have made good progress on incorporating PRs this last
week
Still an issue with ZKPs. We need to ensure our document is
generic rather than one ZKP method specific
Refresh service feature is stuck at the moment
<stonematt> [17]https://github.com/w3c/vc-data-model/pull/210
[17] https://github.com/w3c/vc-data-model/pull/210
We need to either add to advance feature section marked at
risk, or not include it
Manu wont be available for September calls due to business
tasks. We need to arrange a different way of working to address
outstanding PRs during this period
Lovesh will update his current PRs with images that conform to
existing standard
<mike-lodder> Manu: I'm okay making ZKP's more general to
account for the various methods to accomplish it, the main
issue is that it be accounted for
<Zakim> manu, you wanted to explain current thinking around
wrt. privacy considerations section and how to balance the
language.
<dlongley> maybe "see privacy consideration" links? ... or is
that overkill?
Manu. Nearly every section has privacy concerns. We would like
to address these in the Privacy Section rather than in each
section
This would lead to duplication and repitition.
Manu. The spec should cater for any technology that can improve
privacy, such as ZKPs.
stonematt has agreed to update the refresh service text and
update the PR
<mike-lodder> That's fine with me
<manu> +1 to refreshService going in the Advanced Concepts
section...
Test Suite
DavidC will review the existing text in refresh to see if
addresses his two concerns of privacy violation and its a
protocol issue
Summary of Action Items
Summary of Resolutions
[End of minutes]
__________________________________________________________
Minutes formatted by David Booth's [18]scribe.perl version
1.152 ([19]CVS log)
$Date: 2018/08/29 00:07:12 $
[18] http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
[19] http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 29 August 2018 00:09:39 UTC