Verifiable Claims Telecon Minutes for 2016-04-19

Thanks to Daniel C. Burnett for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-04-19/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-04-19

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Apr/0035.html
Topics:
  1. Introductions to New Participants
  2. United Nations ID2020 Initiative
  3. Review of Questionnaire Responses
  4. Work Items
Organizer:
  Manu Sporny
Scribe:
  Daniel C. Burnett
Present:
  Daniel C. Burnett, Manu Sporny, Kaspar Korjus, Christopher Allen, 
  David Ezell, Nate Otto, Shane McCarron, Dave Longley, Jim 
  Goodell, Brian Sletten, Gregg Kellogg, David I. Lehn, Peter 
  Hofman, Rob Trainer
Audio:
  http://w3c.github.io/vctf/meetings/2016-04-19/audio.ogg

Daniel C. Burnett is scribing.
Manu Sporny:   (Reviews agenda)

Topic: Introductions to New Participants

Manu Sporny:   United Nations meeting happening soon that we'll 
  hear an update on.  That's the only addition I have to the 
  agenda.
Manu Sporny:   New participant from Estonian government.
Kaspar Korjus:   Started program 18 months ago to give digital 
  identities to everyone internationally who wants one.  Have done 
  this domestically for 15 years.  Already have prescriptions, many 
  other areas using digital ids.  Over 10000 eResidents so far.
  ... most from Asia so far.  Used heavily to be able to run 
  businesses remotely.
  ... Have experience with both problem and solution.  Want to 
  share eResident information (if permission given) to other 
  service providers (PayPal, BrainTree).  Here to learn more about 
  what W3C is doing and how to use existing platforms and 
  standards, as well as to give feedback on what Estonia has done.
Manu Sporny:   Estonia is the leader in government-supplied 
  e-identities, FYI.

Topic: United Nations ID2020 Initiative

Manu Sporny: 
  https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust
Christopher Allen:   In "rebooting web of trust", top crypto 
  people looked at what decentralized identity means.  The ID2020 
  people were there a year ago and proposed a UN event.  It will be 
  on May 20th.  First digital identity summit at UN.
  ... one-day event.  Not a design workshop, but followed by a 
  2-day design workshop to look at use cases from the policy people 
  the prior day.
Manu Sporny: ID2020 Design Workshop: http://www.weboftrust.info/
Christopher Allen:  There are 1.8 billion people without any form 
  of identity, and the ID2020 people want to be able to provide 
  that for them.
  ... One concern raised is abuse within or across countries 
  where privacy is not paramount.  Also, many approaches rely on 
  biometrics or other info tightly tied to individuals.  Just some 
  perspectives being considered.
  ... One expected topic is something like verified credentials.
Christopher Allen: Www.weboftrust.info
Manu Sporny:   May 20th for the ID2020, then 21-22 for design 
  summit
Manu Sporny: http://id2020summit.org/
Christopher Allen:  Working with Blockscreen (?), have recently 
  joined W3C.  Interested in payments, other blockchain protocols.
Manu Sporny:   Who can come to summit and workshop?
Christopher Allen:   Need to apply at the summit website since 
  attendance is limited.  The workshop requires a one or two page 
  position/problem/solution paper to be submitted.
Kaspar Korjus:   I was invited but could not attend.  Aman Kumar 
  will be there and can talk about eResident program.
Christopher Allen: I will also be at IIW next week.
Christopher Allen: I would be glad to meet with anyone. 
  Unconference, so easy to meet.
Manu Sporny:   Christopher and Drummond will be at IIW.

Topic: Review of Questionnaire Responses

Manu Sporny: 
  https://docs.google.com/forms/d/1wS32QHfxeqVu32LyZt57fVjqnywdET2ytLcaHhVxbFY/viewform?c=0&w=1
Manu Sporny:   Please fill out this questionnaire if you haven't 
  and want this work to proceed.
  ... if we do not get enough people the work will not start.
  ... we have asked around 65 people in this space already and 
  have gotten 24 responses so far.  We are hoping for 50 responses 
  total at least. Will be sending two more reminders.
  ... Feedback from payment/financial companies, educational 
  sector, federal governments so far.  Heavy on education but could 
  use more!
Manu Sporny: We asked "The Verifiable Claims Problem Statement is 
  accurate" - 64% strongly agreeing, 36% mostly agreeing
  ... (Manu summarizes results for each question and will post 
  into IRC)
Manu Sporny: We asked "The Goals proposed by the Verifiable 
  Claims work are good goals to pursue": 72% strongly agreeing, 28% 
  mostly agreeing
Manu Sporny: We asked "The Scope of Work and Deliverables would 
  help address the Problem Statement": 32% strongly agree, 68% 
  mostly agreeing
Manu Sporny: We asked "My organizations verifiable claims 
  problems would be addressed if the use cases in the Use Cases 
  document were addressed" 28% strongly agreeing, 48% mostly 
  agreeing, 12% neutral, 4% mostly disagreeing, other
Daniel C. Burnett:  Seeing strongly agreeing and mostly agreeing 
  is good - but it's obvious on the third question that there was a 
  reversal - first two, predominantly, but that dropped to scope of 
  work and deliverables - haven't seen results from the 
  questionnaire - why do people feel scope of work and deliverables 
  didn't get "strongly agree". [scribe assist by Manu Sporny]
David Ezell:  Quick comment - we got some pushback from various 
  folks on ongoing work - the specs that are a part of ISO - JCT1 - 
  I think these specific issues ISO20111 - not an expert in these, 
  so talked to colleagues in X9 - deeply involved in ISO but also 
  deeply involved in payments, offered an interesting perspective - 
  from point of view of payments folks - the ISO29000 series of 
  work is too general to be of use to payments people.  [scribe 
  assist by Manu Sporny]
David Ezell:   We got some pushback about ongoing work in this 
  space, specifically specs in ISO.  I think 29191.  Some 
  colleagues involved in ISO and payments said that the 29000 work 
  is too general to be of use.  Problem for us payments folk, but 
  if we take the time to show its relevance it may help to get them 
  on our side.
Christopher Allen: Comment+
  ... while we do need to convince the W3C AC, there are other 
  payments pepole who may be happy about this work.
Christopher Allen:   Some of our initial uses are around ?? and 
  travel.  Funds need to be non-fungible.  How can we still share 
  credentials.  We like the credentials approach.  Wonder what ISO 
  folks are thinking in this space - do they need a central 
  authority, and if so, why?  Are concerns just history here?
Christopher Allen: ?? = Kyc = know your customer
Manu Sporny:   Some of these orgs have invested much in OpenID 
  and OpenConnect.
  ...Also they are working on a generalized way to do this, but 
  the documents are more legal requirements than technical 
  specifications.
  ... we are focused on the technical solution here.  We want 
  alignment with legal frameworks, but that's why we are getting 
  pushback.
Nate Otto: +1 Manu. The proposed work goes most of the way toward 
  complete solutions and is a good foundation for later work ut 
  doesn't solve all problems on its own.
Manu Sporny:  Regarding burn's question about reversal in 
  questionnaire results for question 3.  What we are proposing does 
  not propose any sort of protocol because we didn't want to get 
  into OpenId fight, so we are starting with syntax that anyone can 
  use.  If it becomes clear that we can't address the entire 
  problem statement we'll go further.
Christopher Allen: +1 (Our payment protocols can create 
  confidential channels)
  ... this is the smallest bite we can take at this point, 
  because including a protocol in the deliverables now will cause 
  formal objections.
  ... Our problem statement alludes to lack of protocol as a 
  problem, but since we don't propose work on it that's the issue.  
  Note that no one is objecting.  They are just commenting that it 
  may not solve the whole problem.
David Ezell:   Thanks to Chris for his post to the AC Forum.  
  There are two levels at W3C that matter.  One is purely 
  technical.
  ... It sometimes seems that existing companies at W3C don't 
  want some work to happen.  It may not be that there's anything 
  wrong with a proposal, just that companies don't want it to 
  happen for other (secret) reasons.
Christopher Allen:   I'm concerned there is no commitment around 
  selective disclosure.
  ... I understand this may be 2.0 work, but for our community 
  it's more important and isn't offered by other standards.  In EU, 
  I don't know how to meet their requirements without selective 
  disclosure .
Christopher Allen: It is a complicated topic.
Manu Sporny:   Lack of selective disclosure so far has not been a 
  non-starter.  Experts in this space know about selective 
  disclosure and understand its importance and value.  The current 
  design enables it without going into a protocol specifiying how 
  to do it.
Shane McCarron: I am open to putting the selective disclosure 
  requirement back into the use-cases.
Shane McCarron: It only got dropped out because we were winnowing 
  down the collection.
  ... we have a way to only show attributes that the credential 
  consumer is requesting.  We don't require cryptographic 
  complexity of other approaches, and we specifically don't mention 
  it.  If you want it, please propose specific text changes for the 
  charter.
Christopher Allen: Range proofs, heirarchical keys, etc. can also 
  do some limited selective disclosure.
Christopher Allen: But no objections so far?
  ... the more we put in, the greater the risk of objections.
  ... there haven't been objections yet for selective disclosure, 
  but we don't have solid proposals for it yet.
Christopher Allen: (Range proofs are part of open source Elements 
  project)
  ... we have a mechanism that does not require special crypto 
  primitives in order to achieve sel. dis., but that would be part 
  of the protocol which we are not doing now.
  ... No org so far has stated they would object because we did 
  not include selective disclosure.
Christopher Allen: (An aside in case people don't know what a 
  range proof is. They allow a prover to convince a verifier that a 
  digitally committed value is a member of a given public set. A 
  special case of this problem is when to show that the committed 
  value lies in a specified integer range.
Manu Sporny: We asked "My organizations verifiable claims 
  problems would be addressed if the use cases in the Use Cases 
  document were addressed"- 28% strongly agree, 48% mostly agree, 
  12% are neutral...
Shane McCarron: :/
Manu Sporny:  We asked for use case reviews but haven't received 
  many.  Please review!
Manu Sporny: We asked "My organization would participate in the 
  following way if a Verifiable Claims Working Group were to 
  materialize at W3C" - 28% saying "would participate and are W3C 
  members", 16% saying "not W3C members, but would join W3C", 16% 
  saying "not a member, but will do technical review, but not join 
  W3C", and 36% "other"
  ... the percentages aren't bad, but we don't have enough 
  organizations saying they would join and participate.  In 
  particular we don't have enough committed to implement whatever 
  we create.
  ... When we asked why people wouldn't participate, the answers 
  were about money/support, or only wanting it focused more just on 
  education.  But there were few of these responses.
Christopher Allen: Stagger days of week for pings.

Topic: Work Items

Christopher Allen: Do one on a friday night, for instance
  ... will keep this open for two more weeks.  Again, want 50 
  responses.  W3C minimum bar is 20 organizations saying they would 
  participate as members.
Manu Sporny: Charter Cleanup
  ... there are three items to focus on
  ... FAQ, use cases, charter.  Use cases doc is suffering from 
  lack of reviews.
Christopher Allen: (I have reached out to IBM and Intel's reps to 
  comment — will continue to prod)
  ... We could also create a spec to use as input to a WG.  
  Google and MSFT made comments on the public list saying they 
  would rather have the work incubated first.
  ... Mike Champion (MSFT) and Chris Wilson (Google).
  ... They want to see what the technical proposal would be.  But 
  they are the same orgs that made the same request when the 
  payments work was starting.  We could create a spec that is what 
  we have so far but removes the protocol pieces.
Dave Longley: They may also only be looking for that because they 
  are browser vendors -- and there's nothing for the browsers to 
  implement here.
Shane McCarron: +1 To splitting the document and putting the 
  limited version forward as a strawhorse
Dave Longley: It's a trap! -- Admiral Ackbar
Manu Sporny:  Shouldn't be too hard to pull together.  Thoughts?  
  Is this a trap for us, to have a doc that people can shoot down?
Christopher Allen: (I reached out to Wayne Carr of Intel, and 
  Arnaud Le Hors of IBM — both may have reasons to support verified 
  credentials because of their blockchain efforts)
Dave Longley:   Mainly just having fun with my General Ackbar 
  comment.
Shane McCarron: The goldilocks spec
Christopher Allen:  I'll include them in the ping for 
  questionnaire fill out [scribe assist by Manu Sporny]
David Ezell:   A catch-22 here, if you do nothing it gets shot 
  down, if you put details it can get shot down, but there is often 
  a happy medium that will work
Dave Longley:   One of the issues may be that there is nothing 
  for the browsers to implement, so Google and MSFT may not see 
  value.
Shane McCarron: +1 To make it clear there is nothing for browsers 
  to do.  and it would be good for implementors to speak up
Nate Otto: Don't know enough about the politics to evaluate risk 
  either way. It is hard to get the right level of low-fi 
  abstraction to not get dragged into the weeds on minutiae without 
  the ability to respond (because it's really the job of a working 
  group to sort out).
  ... a related question then is who would implement, which is 
  why Pearson and others need to respond.
Dave Longley: I think the best response would be: "Browsers don't 
  need to implement anything --- and these orgs X, Y, and Z will be 
  implementing and/or using."
Christopher Allen:   We may need to be more specific about why 
  new blockchain technologies are needing this.  Traditional 
  solutions are not working with block chains.
Dave Longley: That addresses both of their main concerns, IMO.
  ... Will try to articulate this better, that the demand is not 
  just for web browser web payments.
Manu Sporny:   I'm hearing weak support for putting together a 
  goldilocks spec that makes weak statements.
  ... wrt MSFT and Google, we can respond with much of what was 
  discussed today.
Christopher Allen:   Proof of publication/existence may also be 
  good to include.
Nate Otto: Will take an action to review use cases. Sorry I've 
  been very busy!
Shane McCarron: Let's have spec-ops do the simplification
Manu Sporny:   I am doing charter cleanup, Shane the use cases, 
  but we are stalled on the latter because not enough reviews.  
  Please review (again).  I will work with Dave L on the reduced 
  spec.
  ... if you know of anyone who could be an implementer, please 
  talk to them.
Christopher Allen: Thank you.
Shane McCarron:   SpecOps should do spec.

Received on Tuesday, 19 April 2016 17:12:36 UTC