- From: <msporny@digitalbazaar.com>
- Date: Tue, 01 Dec 2015 15:27:01 -0500
- To: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
Thanks to Matt Collier for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:
http://w3c.github.io/vctf/meetings/2015-12-01/
Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).
----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2015-12-01
Agenda:
https://lists.w3.org/Archives/Public/public-webpayments-ig/2015Nov/0085.html
Topics:
1. Introduction of Participants
2. Review the purpose of the call
3. Review Goals
4. Review Weekly Meetings
5. Review Definitions
6. Review Problem Statement
Resolutions:
1. Adopt the goals statement as it exists in the Verifiable
Claims Task Force Proposal.
2. Adopt the weekly telecon format, tools, and time listed here
http://w3c.github.io/vctf/#telecons with fixes to the URLs
pointed out by Dave Longley.
3. There is a significant difference between user-centric and
service-centric architectures when it comes to verifiable claims.
4. Adopt the definitions as they stand in the Verifiable Claims
Task Force Proposal.
5. Adopt the Problem Statement in the Verifiable Claims Task
Force Proposal with the changes made during the call today.
Organizer:
Manu Sporny
Scribe:
Matt Collier
Present:
Matt Collier, Manu Sporny, David Ezell, Shane McCarron, John
Tibbetts, Daniel C. Burnett, Bill DeLorenzo, Brian Sletten, Gregg
Kellogg, Arto Bendiken, Dave Longley, Eric Korb, Greg Kidd,
Richard Varn, Jim Goodell, Nate Otto, David I. Lehn
Audio:
http://w3c.github.io/vctf/meetings/2015-12-01/audio.ogg
Matt Collier is scribing.
Topic: Introduction of Participants
Manu Sporny: First up, intros
... please type name, affiliation and your interest in the
work.
David Ezell: David Ezell - I co-chair the Web Payments IG, and
represent NACS (convenience retailers) at W3C, and want to see
credentials become a non-blocker for web payments. I've worked
on W3C WGs both chairing and membering since 1999.
Shane McCarron: Shane McCarron, Digital Bazaar. I have been
working in the standards space for many many years. My personal
goal for this work is to have a standard way to readily exchange
finely grained information; especially among merchants, payment
agents, and consumers.
John Tibbetts: John Tibbetts, Chief Product Architect, IMS
Global. Interest: Intense requirements in education for
verifiable claims. i.e. electronic transcripts, statements of
competency
Daniel C. Burnett: Dan Burnett, unaffiliated consultant, Just
want to see this work replace all the outdated and misguided
notions of identity that exist today.
Manu Sporny: Manu Sporny, Digital Bazaar, interested in getting
this work to the next step - verifiable claims are important for
payments, education, and healthcare. I'd like to see a widely
deployed standard in the space.
Bill DeLorenzo: Bill DeLorenzo, currently doing consulting for
Accreditrust, interest in credential architecture
... will be auditing meetings
Brian Sletten: Brian Sletten, Bosatsu Consulting, Interested in
standards for machine processable, secure, privacy-preserving,
portable credentials.
Gregg Kellogg: Gregg Kellogg, unaffiliated. I’ve worked on a
number of RDF related standards as an editor and contributor.
Generally want to make the web a better place.
Arto Bendiken: Arto Bendiken, from Datagraph
(http://dydra.com/about). Can't dial in today, but will observe
here on IRC.
Dave Longley: Dave Longley, Digital Bazaar. Interested in helping
work on a standard for user-centric verifiable claims; useful in
across many different industries and generally helpful to people
and creating a rich digital identity ecosystem for them.
Eric Korb: Eric Korb, CEO, Accreditrust Technologies, Warren, NJ
- Credentials Community Group Founding Member
Greg Kidd: Greg Kidd, co-founder Global ID Framework
Richard Varn: I am with Educational Testing Service and am
looking to support the open credentials market and standards into
which our assessment data would be placed. I have worked on
credentials, identity management, and security in a variety of
roles.
Matt Collier: Matthew Collier - Digital Bazaar, Inc. -
Credentials and payments are important work.
Others present - Nate Otto - Interim Director - Badge Alliance,
Jim Goodell, content lead for the Common Education Data Standards
(CEDS)
Topic: Review the purpose of the call
Manu Sporny: We had a meeting in the Web Payments Interest Group
last week and there was a desire to make sure we polish up the
problem statement about what the task force should be doing.
... we want buy in from organizations who have not been
participating in the work.
... we want everyone to understand the problem statement and
that it strikes the right balance.
... we want to refine the problem statement.
... dezell, do you agree with this direction (as co-chair of
the Web Payments IG)?
David Ezell: Yes, I agree
Topic: Review Goals
Manu Sporny:
https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce
Manu Sporny: This is the proposal for the task force
... there's a section that talks about the goals.
... on reading the goals, does anyone have any issues with the
goals of the taskforce?
Manu Sporny:
https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#Goals
David Ezell: The goals seem good. Is there a goal to see
whatever is done here is going to work in browsers?
Manu Sporny: That comes in the charter discussion.
Manu Sporny: Before talking about the charter, we should discuss
the problem statement.
... I would expect browser support would be a natural part of
the charter creation discussion.
... I think you're asking if we should specifically point it
out...
Manu Sporny:
https://www.w3.org/Payments/IG/wiki/ProposalsQ42015/VerifiableClaimsTaskForce#Desired_Characteristics
Manu Sporny: "Web Browser APIs for issuing, storing, and
consuming credentials"
Manu Sporny: We have a section that discusses web browser API
... in the work plan
... you OK with that dezell?
David Ezell: Yes
Dave Longley: +1 To goals.
Manu Sporny: Any other comments on the goals?
Eric Korb: +1 Goals
Manu Sporny: A straw poll:
PROPOSAL: Adopt the goals statement as it exists in the
Verifiable Claims Task Force Proposal.
Gregg Kellogg: +1
John Tibbetts: +1 For goals
Manu Sporny: +1
Shane McCarron: +1
Matt Collier: +1
Dave Longley: +1
Daniel C. Burnett: +1 To goals
David Ezell: +1 To goals.
Brian Sletten: +1
David I. Lehn: +1
Greg Kidd: +1
Richard Varn: +1
Manu Sporny: Any objections?
RESOLUTION: Adopt the goals statement as it exists in the
Verifiable Claims Task Force Proposal.
Manu Sporny: No objections indicated.
Manu Sporny: Our weekly meetings will be run like this call
right now.
Topic: Review Weekly Meetings
Manu Sporny: We have a wiki page
Manu Sporny: http://w3c.github.io/vctf/#telecons
Manu Sporny: Any concerns about the calls being minuted,
recorded, time, how we take minutes, etc?
John Tibbetts: +1 On calls...they're way better than our IMS
calls!
Dave Longley: The links on the wiki are inaccurate.
Manu Sporny: That should be corrected
PROPOSAL: Adopt the weekly telecon format, tools, and time
listed here http
Richard Varn: +1 On calls
Eric Korb: +1 On calls
Shane McCarron: +1 On calls
Gregg Kellogg: +1
Manu Sporny: +1
Daniel C. Burnett: +1 On calls
Dave Longley: +1
Matt Collier: +1
David Ezell: +1
David I. Lehn: +1
Brian Sletten: +1
Greg Kidd: +1
RESOLUTION: Adopt the weekly telecon format, tools, and time
listed here http://w3c.github.io/vctf/#telecons with fixes to the
URLs pointed out by Dave Longley.
Manu Sporny: Next up is the section on definitions.
Topic: Review Definitions
Manu Sporny:
https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#Definitions
Manu Sporny: The verifiable claim is the easiest definition.
Manu Sporny: Verifiable claim - a cryptographically
non-repudiable set of statements made by an entity about another
entity.
Manu Sporny: Any issue with the scope/wording of this term?
David Ezell: Non-repudiable is a strong word.
Dave Longley: Non-repudiability is a common term used in
cryptography
Dave Longley: The fact that the statement was made is provably
true, but the contents of the statements are not necessarily
true.
David Ezell: I like the term cryptographically secure
Matt Collier: You're saying you like "cryptographically secured"
better? [scribe assist by Manu Sporny]
Dave Longley: I think cryptographically secure is OK
Dave Longley: Some people might mistake this term for something
referring to encryption
Dave Longley: Perhaps cryptographically authentic would be
better?
Daniel C. Burnett: I think non-repudiable is the correct term to
use.
David Ezell: I would like to withdrawal the suggestion to change
the term.
Manu Sporny: We can certainly make changes in the future as
necessary.
Manu Sporny: There is a user centric design philosophy which
puts people in the middle
... a service centric ecosystem give a lot of power to the
system, and not so much power to the users
Manu Sporny: Ramifications of user-centric vs. service-centric
architecture:
https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#ramifications
... I don't know if we need to go through each bullet item.
... it's a summary of the work of the credentials CG
... the reason for this comparison is because we need to
demonstrate that what we are attempting to do does not have a set
of standards behind it.
... some could argue that there are service-centric means
already in existence.
... however, we have found that there are not user-centric
standards.
... user get to choose where credentials are stored, when they
are sent, issuers are separate from consumers which is separate
from storage.
... there are many differences between the two philosophies.
Manu Sporny:
https://www.w3.org/Payments/IG/wiki/Main_Page/ProposalsQ42015/VerifiableClaimsTaskForce#User-Centric_vs._Service-Centric_Architecture
... are there concerns about the bulleted list?
Dave Longley: A straw poll asking if the differences between the
two philosophies are important.
PROPOSAL: There is a significant difference between user-centric
and service-centric architectures when it comes to verifiable
claims.
John Tibbetts: +1 In significant difference
Brian Sletten: +1
Gregg Kellogg: +1 There is a significant difference
Dave Longley: +1
Matt Collier: +1
Daniel C. Burnett: +1
Manu Sporny: +1
Richard Varn: +1
Shane McCarron: +1 There is a big difference - and I like users
David Ezell: +1 There is a significant difference
Manu Sporny: Please +0 if you have no opinion.
Jim Goodell: +1 And +1
David I. Lehn: +1
Eric Korb: +1 Is a difference
RESOLUTION: There is a significant difference between
user-centric and service-centric architectures when it comes to
verifiable claims.
Manu Sporny: Now back to the definitions
Manu Sporny: Does anyone feel we need additional definitions at
this point?
PROPOSAL: Adopt the definitions as they stand in the Verifiable
Claims Task Force Proposal.
Brian Sletten: +1
Matt Collier: +1
Shane McCarron: +1
Manu Sporny: +1
Gregg Kellogg: +1
Daniel C. Burnett: +1
Dave Longley: +1
John Tibbetts: +1
Jim Goodell: +1
David Ezell: +1
David I. Lehn: +1
Richard Varn: +1
RESOLUTION: Adopt the definitions as they stand in the Verifiable
Claims Task Force Proposal.
Topic: Review Problem Statement
Manu Sporny: Next up is the problem statement.
Manu Sporny: Hopefully you've already read the problem
statement.
Manu Sporny: Anyone feel anything should be changed before we
review?
Manu Sporny: This is the primary statement that W3C wanted to
make sure we have buy in for.
Manu reads the problem statement.
Eric Korb: +1
David Ezell: Now I remember - "reduced privacy" is not just for
the credential holder - also for the checker. Not sure if that
deserves a mention.
Dave Longley: My only minor nitpick would be to say "identity
credentials" instead of "credentials" to better differentiate
from other types of credentials.
Dave Longley: (In the aka parenthetical)
Manu Sporny: Anything confusing about the first bullet point?
Shane McCarron: I want to say that the term privacy could be
expanded.
Manu Sporny: Privacy is a key element of the user-centric
design.
Shane McCarron: You agree we could say more about privacy?
Manu Sporny: Yes
Shane McCarron: Anyone else misunderstand how 'privacy' is being
used?
Eric Korb: Privacy is important to Edu, Med
David Ezell: I think privacy should definitely be in there and
we should indicate the importance to all parties
Dave Longley: Suggestion: "and reduced privacy [for all
stakeholders]."
Shane McCarron: There is also a potential lack of granularity in
a service-centric model.
Eric Korb: Edu - FERPA, Med - HIPPA
Eric Korb: US Banking is now under HIPPA
Gregg Kellogg: Issuer has no expectation of privacy. user has
expectation that claim will only be used by consumer. consumer
has expectation that it is a private transaction between user and
consumer, unless claim is verified, in which case the issuer
necessarily knows the consumer has interest.
Eric Korb: I'm trying to understand if reduced privacy is a
positive or a negative?
Manu Sporny: We want to increase privacy.
Manu Sporny: The goal is to increase privacy.
Eric Korb: I also indicated that education and banking are also
affected.
Manu Sporny: I hear that we need to be stronger about privacy.
Eric Korb: And Health Care
Richard Varn: Privacy is a relative term.
Richard Varn: Loss of control or reduced control might be a
better way of saying it.
Shane McCarron: +1 - I like control of confidential information
Manu Sporny: We have 10 minutes on the call and 2 bullet points
left, let's tighten up the comments.
Manu Sporny: Any other issues with the first bullet point?
Manu Sporny: Reads second bullet point.
Manu Sporny: Concerns about second bullet item?
Jim Goodell: Well worded statement!
Dave Longley: In a service centric ecosystem, your identity
information is spread out across the ecosystem.
Shane McCarron: I don't like 'coherent'
Dave Longley: Cohesive?
Nate Otto: What @dlongley just said was more specific and
understandable than "coherent"
Shane McCarron: Yes, I like cohesive
Eric Korb: How about "standardized"?
Nate Otto: Cohesive is better. Maybe we can add "that is not
fractured between different systems."
Eric Korb: Collective?
Brian Sletten: +1 On cohesive vs coherent
Daniel C. Burnett: +1 Cohesive
Dave Longley: +1 Cohesive, seems like simplest change to the
sentence to me
Manu Sporny: Any other issues with second bullet I item.
Eric Korb: I want to make sure that a user is not 'required' to
put their credentials in one place.
Manu Sporny: Now on to the third bullet item.
Shane McCarron: There is no standard that makes it easy for users
to restrict the information exposed to a service provider to the
bare minimum that service provider requires.
... any issues?
Shane McCarron: S/makes it easy/allows/
Daniel C. Burnett: +1 Makes it easy
Greg Kidd: Apologies, I have to head out. Highly supportive of
direction of conversation.
Shane McCarron: +1 That affordance is not a word in common use
Eric Korb: How about "simple"?
David Ezell: +0
John Tibbetts: +1 Makes it easy
Richard Varn: Enables
Richard Varn: Ok
Nate Otto: I like "affords" for its precision but it would take
us away from nice simple language of the sentence. I like this
statement. +1
Manu Sporny: Any other concerns about problem statements after
the revisions we've made on this call?
Daniel C. Burnett: +0 For adding (no objection)
Eric Korb: +0
David Ezell: +0
Dave Longley: +0 (I'm supportive of it, just worried about
complexity or redundancy in problem statement)
Daniel C. Burnett: Agree with dlongley
PROPOSAL: Adopt the Problem Statement in the Verifiable Claims
Task Force Proposal with the changes made during the call today.
Brian Sletten: +1
Dave Longley: +1
Daniel C. Burnett: +1
Shane McCarron: +1
Gregg Kellogg: +1
Nate Otto: +1
David Ezell: +1
Matt Collier: +1
Manu Sporny: +1
John Tibbetts: +1
David I. Lehn: +1
Richard Varn: +1
RESOLUTION: Adopt the Problem Statement in the Verifiable Claims
Task Force Proposal with the changes made during the call today.
Manu Sporny: We will be having another call next week to go
through the rest of the proposal and ensure we have buy-in.
Thanks all!
Manu Sporny: Same time, same channel
Received on Tuesday, 1 December 2015 20:27:48 UTC