Verifiable Claims Telecon Minutes for 2015-12-01

Thanks to Matt Collier for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2015-12-01/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2015-12-01

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2015Nov/0085.html
Topics:
  1. Introduction of Participants
  2. Review the purpose of the call
  3. Review Goals
  4. Review Weekly Meetings
  5. Review Definitions
  6. Review Problem Statement
Resolutions:
  1. Adopt the goals statement as it exists in the Verifiable 
    Claims Task Force Proposal.
  2. Adopt the weekly telecon format, tools, and time listed here 
    http://w3c.github.io/vctf/#telecons with fixes to the URLs 
    pointed out by Dave Longley.
  3. There is a significant difference between user-centric and 
    service-centric architectures when it comes to verifiable claims.
  4. Adopt the definitions as they stand in the Verifiable Claims 
    Task Force Proposal.
  5. Adopt the Problem Statement in the Verifiable Claims Task 
    Force Proposal with the changes made during the call today.
Organizer:
  Manu Sporny
Scribe:
  Matt Collier
Present:
  Matt Collier, Manu Sporny, David Ezell, Shane McCarron, John 
  Tibbetts, Daniel C. Burnett, Bill DeLorenzo, Brian Sletten, Gregg 
  Kellogg, Arto Bendiken, Dave Longley, Eric Korb, Greg Kidd, 
  Richard Varn, Jim Goodell, Nate Otto, David I. Lehn
Audio:
  http://w3c.github.io/vctf/meetings/2015-12-01/audio.ogg

Matt Collier is scribing.

Topic: Introduction of Participants

Manu Sporny:  First up, intros
  ... please type name, affiliation and your interest in the 
  work.
David Ezell: David Ezell - I co-chair the Web Payments IG, and 
  represent NACS (convenience retailers) at W3C, and want to see 
  credentials become a non-blocker for web payments.  I've worked 
  on W3C WGs both chairing and membering since 1999.
Shane McCarron: Shane McCarron, Digital Bazaar.  I have been 
  working in the standards space for many many years.  My personal 
  goal for this work is to have a standard way to readily exchange 
  finely grained information; especially among merchants, payment 
  agents, and consumers.
John Tibbetts: John Tibbetts, Chief Product Architect, IMS 
  Global.  Interest: Intense requirements in education for 
  verifiable claims.  i.e. electronic transcripts, statements of 
  competency
Daniel C. Burnett: Dan Burnett, unaffiliated consultant, Just 
  want to see this work replace all the outdated and misguided 
  notions of identity that exist today.
Manu Sporny: Manu Sporny, Digital Bazaar, interested in getting 
  this work to the next step - verifiable claims are important for 
  payments, education, and healthcare. I'd like to see a widely 
  deployed standard in the space.
Bill DeLorenzo:  Bill DeLorenzo, currently doing consulting for 
  Accreditrust, interest in credential architecture
  ... will be auditing meetings
Brian Sletten: Brian Sletten, Bosatsu Consulting, Interested in 
  standards for machine processable, secure, privacy-preserving, 
  portable credentials.
Gregg Kellogg: Gregg Kellogg, unaffiliated. I’ve worked on a 
  number of RDF related standards as an editor and contributor. 
  Generally want to make the web a better place.
Arto Bendiken: Arto Bendiken, from Datagraph 
  (http://dydra.com/about). Can't dial in today, but will observe 
  here on IRC.
Dave Longley: Dave Longley, Digital Bazaar. Interested in helping 
  work on a standard for user-centric verifiable claims; useful in 
  across many different industries and generally helpful to people 
  and creating a rich digital identity ecosystem for them.
Eric Korb: Eric Korb, CEO, Accreditrust Technologies, Warren, NJ 
  - Credentials Community Group Founding Member
Greg Kidd: Greg Kidd, co-founder Global ID Framework
Richard Varn: I am with Educational Testing Service and am 
  looking to support the open credentials market and standards into 
  which our assessment data would be placed.  I have worked on 
  credentials, identity management, and security in a variety of 
  roles.
Matt Collier:  Matthew Collier - Digital Bazaar, Inc. - 
  Credentials and payments are important work.
Others present - Nate Otto - Interim Director - Badge Alliance, 
  Jim Goodell, content lead for the Common Education Data Standards 
  (CEDS)

Topic: Review the purpose of the call

Manu Sporny:  We had a meeting in the Web Payments Interest Group 
  last week and there was a desire to make sure we polish up the 
  problem statement about what the task force should be doing.
  ... we want buy in from organizations who have not been 
  participating in the work.
  ... we want everyone to understand the problem statement and 
  that it strikes the right balance.
  ... we want to refine the problem statement.
  ... dezell, do you agree with this direction (as co-chair of 
  the Web Payments IG)?
David Ezell:  Yes, I agree

Topic: Review Goals

Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce
Manu Sporny:  This is the proposal for the task force
  ... there's a section that talks about the goals.
  ... on reading the goals, does anyone have any issues with the 
  goals of the taskforce?
Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#Goals
David Ezell:  The goals seem good.  Is there a goal to see 
  whatever is done here is going to work in browsers?
Manu Sporny:  That comes in the charter discussion.
Manu Sporny:  Before talking about the charter, we should discuss 
  the problem statement.
  ...  I would expect browser support would be a natural part of 
  the charter creation discussion.
  ... I think you're asking if we should specifically point it 
  out...
Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/ProposalsQ42015/VerifiableClaimsTaskForce#Desired_Characteristics
Manu Sporny: "Web Browser APIs for issuing, storing, and 
  consuming credentials"
Manu Sporny:  We have a section that discusses web browser API
  ... in the work plan
  ... you OK with that dezell?
David Ezell:  Yes
Dave Longley: +1 To goals.
Manu Sporny:  Any other comments on the goals?
Eric Korb: +1 Goals
Manu Sporny:  A straw poll:

PROPOSAL:  Adopt the goals statement as it exists in the 
  Verifiable Claims Task Force Proposal.

Gregg Kellogg: +1
John Tibbetts: +1 For goals
Manu Sporny: +1
Shane McCarron: +1
Matt Collier: +1
Dave Longley: +1
Daniel C. Burnett: +1 To goals
David Ezell: +1 To goals.
Brian Sletten: +1
David I. Lehn: +1
Greg Kidd: +1
Richard Varn: +1
Manu Sporny:  Any objections?

RESOLUTION: Adopt the goals statement as it exists in the 
  Verifiable Claims Task Force Proposal.

Manu Sporny:  No objections indicated.
Manu Sporny:  Our weekly meetings will be run like this call 
  right now.

Topic: Review Weekly Meetings

Manu Sporny:  We have a wiki page
Manu Sporny: http://w3c.github.io/vctf/#telecons
Manu Sporny:  Any concerns about the calls being minuted, 
  recorded, time, how we take minutes, etc?
John Tibbetts: +1 On calls...they're way better than our IMS 
  calls!
Dave Longley:  The links on the wiki are inaccurate.
Manu Sporny:  That should be corrected

PROPOSAL:  Adopt the weekly telecon format, tools, and time 
  listed here http

Richard Varn: +1 On calls
Eric Korb: +1 On calls
Shane McCarron: +1 On calls
Gregg Kellogg: +1
Manu Sporny: +1
Daniel C. Burnett: +1 On calls
Dave Longley: +1
Matt Collier: +1
David Ezell: +1
David I. Lehn: +1
Brian Sletten: +1
Greg Kidd: +1

RESOLUTION: Adopt the weekly telecon format, tools, and time 
  listed here http://w3c.github.io/vctf/#telecons with fixes to the 
  URLs pointed out by Dave Longley.

Manu Sporny:  Next up is the section on definitions.

Topic: Review Definitions

Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#Definitions
Manu Sporny:  The verifiable claim is the easiest definition.
Manu Sporny: Verifiable claim - a cryptographically 
  non-repudiable set of statements made by an entity about another 
  entity.
Manu Sporny:  Any issue with the scope/wording of this term?
David Ezell:  Non-repudiable is a strong word.
Dave Longley:  Non-repudiability is a common term used in 
  cryptography
Dave Longley:  The fact that the statement was made is provably 
  true, but the contents of the statements are not necessarily 
  true.
David Ezell:  I like the term cryptographically secure
Matt Collier:  You're saying you like "cryptographically secured" 
  better? [scribe assist by Manu Sporny]
Dave Longley:  I think cryptographically secure is OK
Dave Longley:  Some people might mistake this term for something 
  referring to encryption
Dave Longley:  Perhaps cryptographically authentic would be 
  better?
Daniel C. Burnett:  I think non-repudiable is the correct term to 
  use.
David Ezell:  I would like to withdrawal the suggestion to change 
  the term.
Manu Sporny:  We can certainly make changes in the future as 
  necessary.
Manu Sporny:  There is a user centric design philosophy which 
  puts people in the middle
  ... a service centric ecosystem give a lot of power to the 
  system, and not so much power to the users
Manu Sporny: Ramifications of user-centric vs. service-centric 
  architecture: 
  https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#ramifications
  ...  I don't know if we need to go through each bullet item.
  ... it's a summary of the work of the credentials CG
  ... the reason for this comparison is because we need to 
  demonstrate that what we are attempting to do does not have a set 
  of standards behind it.
  ... some could argue that there are service-centric means 
  already in existence.
  ... however, we have found that there are not user-centric 
  standards.
  ... user get to choose where credentials are stored, when they 
  are sent, issuers are separate from consumers which is separate 
  from storage.
  ... there are many differences between the two philosophies.
Manu Sporny: 
  https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#User-Centric_vs._Service-Centric_Architecture
  ... are there concerns about the bulleted list?
Dave Longley:  A straw poll asking if the differences between the 
  two philosophies are important.

PROPOSAL:  There is a significant difference between user-centric 
  and service-centric architectures when it comes to verifiable 
  claims.

John Tibbetts: +1 In significant difference
Brian Sletten: +1
Gregg Kellogg: +1 There is a significant difference
Dave Longley: +1
Matt Collier: +1
Daniel C. Burnett: +1
Manu Sporny: +1
Richard Varn: +1
Shane McCarron: +1 There is a big difference - and I like users
David Ezell: +1 There is a significant difference
Manu Sporny:  Please +0 if you have no opinion.
Jim Goodell: +1 And +1
David I. Lehn: +1
Eric Korb: +1 Is a difference

RESOLUTION: There is a significant difference between 
  user-centric and service-centric architectures when it comes to 
  verifiable claims.

Manu Sporny:  Now back to the definitions
Manu Sporny:  Does anyone feel we need additional definitions at 
  this point?

PROPOSAL:  Adopt the definitions as they stand in the Verifiable 
  Claims Task Force Proposal.

Brian Sletten: +1
Matt Collier: +1
Shane McCarron: +1
Manu Sporny: +1
Gregg Kellogg: +1
Daniel C. Burnett: +1
Dave Longley: +1
John Tibbetts: +1
Jim Goodell: +1
David Ezell: +1
David I. Lehn: +1
Richard Varn: +1

RESOLUTION: Adopt the definitions as they stand in the Verifiable 
  Claims Task Force Proposal.

Topic: Review Problem Statement

Manu Sporny:  Next up is the problem statement.
Manu Sporny:  Hopefully you've already read the problem 
  statement.
Manu Sporny:  Anyone feel anything should be changed before we 
  review?
Manu Sporny:  This is the primary statement that W3C wanted to 
  make sure we have buy in for.
Manu reads the problem statement.
Eric Korb: +1
David Ezell: Now I remember - "reduced privacy" is not just for 
  the credential holder - also for the checker.  Not sure if that 
  deserves a mention.
Dave Longley: My only minor nitpick would be to say "identity 
  credentials" instead of "credentials" to better differentiate 
  from other types of credentials.
Dave Longley: (In the aka parenthetical)
Manu Sporny:  Anything confusing about the first bullet point?
Shane McCarron:  I want to say that the term privacy could be 
  expanded.
Manu Sporny:  Privacy is a key element of the user-centric 
  design.
Shane McCarron:  You agree we could say more about privacy?
Manu Sporny:  Yes
Shane McCarron:  Anyone else misunderstand how 'privacy' is being 
  used?
Eric Korb: Privacy is important to Edu, Med
David Ezell:  I think privacy should definitely be in there and 
  we should indicate the importance to all parties
Dave Longley: Suggestion: "and reduced privacy [for all 
  stakeholders]."
Shane McCarron: There is also a potential lack of granularity in 
  a service-centric model.
Eric Korb: Edu - FERPA, Med - HIPPA
Eric Korb: US Banking is now under HIPPA
Gregg Kellogg: Issuer has no expectation of privacy. user has 
  expectation that claim will only be used by consumer. consumer 
  has expectation that it is a private transaction between user and 
  consumer, unless claim is verified, in which case the issuer 
  necessarily knows the consumer has interest.
Eric Korb:  I'm trying to understand if reduced privacy is a 
  positive or a negative?
Manu Sporny:  We want to increase privacy.
Manu Sporny:  The goal is to increase privacy.
Eric Korb:  I also indicated that education and banking are also 
  affected.
Manu Sporny:  I hear that we need to be stronger about privacy.
Eric Korb: And Health Care
Richard Varn:  Privacy is a relative term.
Richard Varn:  Loss of control or reduced control might be a 
  better way of saying it.
Shane McCarron: +1 - I like control of confidential information
Manu Sporny:  We have 10 minutes on the call and 2 bullet points 
  left, let's tighten up the comments.
Manu Sporny:  Any other issues with the first bullet point?
Manu Sporny:  Reads second bullet point.
Manu Sporny:  Concerns about second bullet item?
Jim Goodell: Well worded statement!
Dave Longley:  In a service centric ecosystem, your identity 
  information is spread out across the ecosystem.
Shane McCarron:  I don't like 'coherent'
Dave Longley: Cohesive?
Nate Otto: What @dlongley just said was more specific and 
  understandable than "coherent"
Shane McCarron:  Yes, I like cohesive
Eric Korb: How about "standardized"?
Nate Otto: Cohesive is better. Maybe we can add "that is not 
  fractured between different systems."
Eric Korb: Collective?
Brian Sletten: +1 On cohesive vs coherent
Daniel C. Burnett: +1 Cohesive
Dave Longley: +1 Cohesive, seems like simplest change to the 
  sentence to me
Manu Sporny:  Any other issues with second bullet I item.
Eric Korb:  I want to make sure that a user is not 'required' to 
  put their credentials in one place.
Manu Sporny:  Now on to the third bullet item.
Shane McCarron: There is no standard that makes it easy for users 
  to restrict the information exposed to a service provider to the 
  bare minimum that service provider requires.
  ... any issues?
Shane McCarron: S/makes it easy/allows/
Daniel C. Burnett: +1 Makes it easy
Greg Kidd: Apologies, I have to head out.  Highly supportive of 
  direction of conversation.
Shane McCarron: +1 That affordance is not a word in common use
Eric Korb: How about "simple"?
David Ezell: +0
John Tibbetts: +1 Makes it easy
Richard Varn: Enables
Richard Varn: Ok
Nate Otto: I like "affords" for its precision but it would take 
  us away from nice simple language of the sentence. I like this 
  statement. +1
Manu Sporny:  Any other concerns about problem statements after 
  the revisions we've made on this call?
Daniel C. Burnett: +0 For adding (no objection)
Eric Korb: +0
David Ezell: +0
Dave Longley: +0 (I'm supportive of it, just worried about 
  complexity or redundancy in problem statement)
Daniel C. Burnett: Agree with dlongley

PROPOSAL:  Adopt the Problem Statement in the Verifiable Claims 
  Task Force Proposal with the changes made during the call today.

Brian Sletten: +1
Dave Longley: +1
Daniel C. Burnett: +1
Shane McCarron: +1
Gregg Kellogg: +1
Nate Otto: +1
David Ezell: +1
Matt Collier: +1
Manu Sporny: +1
John Tibbetts: +1
David I. Lehn: +1
Richard Varn: +1

RESOLUTION: Adopt the Problem Statement in the Verifiable Claims 
  Task Force Proposal with the changes made during the call today.

Manu Sporny:  We will be having another call next week to go 
  through the rest of the proposal and ensure we have buy-in. 
  Thanks all!
Manu Sporny:  Same time, same channel

Received on Tuesday, 1 December 2015 20:27:48 UTC