Verifiable Claims Telecon Minutes for 2016-08-16

Thanks to Dave Longley for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-08-16/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-08-16

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Aug/0013.html
Topics:
  1. Introduction to Bob Burke, Koupon Media
  2. Introduction to Adrian Gropper, HealthURL
  3. Verifiable Claims Face-to-Face at IIW
  4. Verifiable Claims RC-2 Draft Charter
  5. IPFS and Verifiable Claims
Organizer:
  Manu Sporny
Scribe:
  Dave Longley
Present:
  Dave Longley, Manu Sporny, Adrian Gropper, Bob Burke, Richard 
  Varn, Gregg Kellogg, Dan Burnett, Tim Holborn, Dave Crocker, 
  Kerri Lemoie, Matt Stone, Shane McCarron, David Chadwick, David 
  Ezell, David I. Lehn, Mark Cherbaka, Adam Lake, Colleen Kennedy, 
  Matthew Larson, Les Chasen, Eric Korb
Audio:
  http://w3c.github.io/vctf/meetings/2016-08-16/audio.ogg

Dave Longley is scribing.
Manu goes over agenda.
Manu Sporny:  We have a new participant in the group joining for 
  the first time today from KouponMedia.
Manu Sporny:  We had a nice meeting with Bob in San Jose last 
  week.
Manu Sporny:  We'll do an intro to him at the beginning of the 
  call. Any other additions to the agenda?
Adrian Gropper:  I've joined the call as well.
Manu Sporny:  Ok, great, we'd like an intro to you as well after 
  Bob.

Topic: Introduction to Bob Burke, Koupon Media

Bob Burke:  Hello everyone, pleasure to be here, I appreciate all 
  the work done here. I'm CTO of KouponMedia, been doing digital 
  offers space for over 5 years now. Interest in VC is an 
  opportunity for digital offers. We find a lot of clients are 
  interested in apps and the mobile web experience and VC help 
  there.

Topic: Introduction to Adrian Gropper, HealthURL

Adrian Gropper:  I am a full time volunteer CTO of a non-profit 
  called Patient Privacy Rights for the past 4 years or so. My 
  focus is on self-sovereign tech for managing private info.
Adrian Gropper:  I'm a long time contributed to user management 
  authorization work out of the pantara group and the helped start 
  UMA under OpenID foundation.
Adrian Gropper:  All based on OpenID Connect and OAuth, I'm 
  trying to put together a demo on all these things and how they 
  fit together under the W3C community model.

Topic: Verifiable Claims Face-to-Face at IIW

Manu Sporny:  Welcome Bob and Adrian to the group. We're hoping 
  this will be very useful for what you're trying to do.
Manu Sporny:  We reached out to the folks that run II workshop 
  and had a good conversation with them to co-locate or getting 
  space around those days at IIW ... maybe before or after.
Manu Sporny: http://www.internetidentityworkshop.com/
Manu Sporny:  Those discussions are still on-going but it's 
  looking like we're going to meet in October and have our first 
  F2F then.
Manu Sporny:  Loosely, just to recap, there's a meeting of the 
  rebooting Web of Trust Workshop the previous week to IIW. We 
  think that it's going to be RWoTW and then VC F2F and then IIW.
Manu Sporny:  That would sandwich us in the middle or we might 
  move it to the end of IIW and co-locate with them, we're still 
  working through the details but this is our only chance to meet 
  this year and co-locate.
Richard Varn:  Dates please? :)
Kerri Lemoie: 
  https://www.eventbrite.com/e/internet-identity-workshop-xxiii-23-2016b-tickets-25853411249
Dave Longley:  It would be 25-27 October for IIW.
Manu Sporny:  We're trying to do RWoT 18-20
Manu Sporny:  So around 21-22 or 27-28 (roughly).
Manu Sporny:  If we go later we lose a couple of folks, Nate, 
  Dan, etc.
Dave Longley:  I'll be missing regardless, maybe remote access, I 
  don't know.
Manu Sporny:  So those are the dates we're playing with.
Gregg Kellogg: +1 For end of IIW
Manu Sporny:  20-21, 21-22, Or 27-28.
Manu Sporny:  Of October.
Manu Sporny:  Regardless if we don't co-locate with IIW then 
  we'll have a big session there.
Dan Burnett: +1 Before IIW
Tim Holborn:  Apart from the more centralized versions, the 
  alternatives appear to be blockchain or biometrics, protecting 
  self-sovereignty by computational horsepower ... other things, 
  like IPFS look like a social mechanism for protection. I'm 
  wondering if pointing out that distinction is a good idea.
Manu Sporny:  That's the third agenda topic today.
Manu Sporny:  We'll definitely get to it in the agenda today.
Gregg Kellogg:  People are probably coming from out of town for 
  both RWoT and IIW but probably more for IIW and taking onto IIW 
  may get more participation. That might encourage more adoption. 
  Myself I'm not available at all during RWoT week.
Manu Sporny:  Unfortunately, it's always the case we're going to 
  lose key people with any dates we pick.
Manu Sporny:  Anything else on IIW/F2F?

Topic: Verifiable Claims RC-2 Draft Charter

Manu Sporny:  One more thing -- we're looking for folks to put in 
  some money to help sponsor food and stuff like that for people. 
  We may need money for a venue, my hope is that SpecOps may put 
  some in and we want other orgs to help out. We're co-locating so 
  not that expensive, a couple thousand dollars. Please contribute 
  if you have the means to do so.
Manu Sporny: 
  https://lists.w3.org/Archives/Public/public-credentials/2016Aug/0019.html
Manu Sporny:  Wendy Seltzer from W3C management team got back to 
  us with a list of changes she wanted. We responded to everything 
  and made some concessions in the charter without hopefully 
  violating what we're trying to accomplish here.
Manu Sporny:  We sent that out a little more than a week ago, 
  havne't heard back yet, in a holding pattern waiting to hear from 
  W3CM and Microsoft.
Manu Sporny:  Hopefully, Shane, when you talk with Google you can 
  pass this by them as well.
Manu Sporny: 
  http://w3c.github.io/webpayments-ig/VCTF/charter/rc-2-diff.html
Manu Sporny:  Here's a diff marked copy in IRC.
Manu Sporny:  It contains the changes that we've made.
Manu Sporny:  The main feedback she had was around scope; wanted 
  to keep it under control. We were talking about transacting 
  claims in the charter but we weren't planning on standardizing 
  anything for that in the WG.
Manu Sporny:  In the worst case the group might believe it was 
  chartered to work on a protocol when it's not. We changed words 
  like "transact" with "express" etc.
Manu Sporny:  We're not proposing to do a protocol in this WG.
Manu Sporny: 
  http://w3c.github.io/webpayments-ig/VCTF/charter/rc-2-diff.html#problem
Manu Sporny:  She said we can't promise that what we do will be 
  widely used so we struck that. In the problem statement is the 
  biggest change to the charter.
Manu Sporny:  There are two conflicting things we're trying to 
  reconcile: ... there's a general desire from the CCG and the VCTF 
  to identify a fairly broad problem. We've gone to great lengths 
  to get consensus on the problem statement. THe problem with this 
  is that Wendy and MS found issue with it because it sounds like 
  we're going to try and solve the *entire* problem statement in 
  the first cut. The yellow text clarifies that the problem 
  statement provides motivation for the work but the WG scope is 
  more narrow. So then we list all the things that are out of 
  scope.
Manu Sporny:  For example, protocol is out of scope. A creation 
  of a self-sovereign ecosystem requires more work than what's in 
  the charter ... and that's out of scope. Then they said they 
  wanted us to focus on use cases that had participants in the 
  group. If we work on something for the automotive industry and we 
  have no one in the group from that sector we don't focus there. 
  Instead, we focus on cases for people in the group, like retail, 
  education, etc.
Manu Sporny:  We can't insist that what we're coming up with will 
  work for industries that aren't in the group.
Manu Sporny:  The final thing we say there is that, while the 
  scope is narrow, the group should not prevent the broader problem 
  from being solved (keeping the broader problem in mind, 
  basically).
Manu Sporny:  Are people ok with this, does it go too far, etc.?
Tim Holborn:  What happens if, through the dev of the work, and 
  new stakeholders become interested ... are we able to amend?
Tim Holborn:  Pending some trigger, if X parties join, etc.?
Manu Sporny:  Absolutely, I understand what you're saying. The 
  third bullet point says will focus on WG participants, it doesn't 
  say anything about when they join.
Manu Sporny:  If we get 5 companies joining from some industry 
  half way through, that should be in scope.
Tim Holborn:  Do we need to add something about onboarding, so 
  that opportunity is made clear?
Manu Sporny:  Let's hear from the group.
Adrian Gropper:  We're not saying enough about what 
  self-sovereignty means relative to the participants and the 
  scope. For example, when you say education and payments, when you 
  narrow it to that as opposed to healthcare for example, we're 
  losing the concept that professional societies that represent ... 
  like doctors, lawyers, representing both of these groups are much 
  more interested in self-sovereignty than industrial participants. 
  I think we can't just focus on industrial contributors out of 
  say, institutional contributors, like educaitonal, automotive, 
  that have to deal with that issue.
Dan Burnett: We need to do whatever gets the group created for 
  now.  As long as we participants maintain our understanding of 
  what is meant by the charter we can do the work we need to do.  
  Let's modify the charter as little as we can get away with for 
  now.
Dave Longley:  The obvious danger of working on changing the 
  targets when someone new shows up is that it can destabilize the 
  process. It can be a non-terminating process as well. The usual 
  way of dealing with new people joining is to educate them offline 
  so they don't interrupt the flow. To the extent that people join 
  with new goals that aren't addressed it makes sense to stop and 
  think about changing and expanding goals vs. reorienting goals. 
  If there's a sense that the current goals have a reasonable 
  degree of core benefit ... then when someone new comes in will 
  just be adding not asking for changes.
Dave Crocker:  Usually, and hopefully and in this case, you can 
  defer adding things and what this does is to build up a wish list 
  for V2.
Manu Sporny:  Right.
Manu Sporny:  Usually the way this happens is that large industry 
  participants drive the work at W3C. There's a disconnect ... at 
  least I have observed a disconnect from what is good for society 
  and what the industry participants want to accomplish and when 
  they collide it's the organizations that are doing 
  implementations that have massive numbers of people using their 
  systems that tend to work out. There's a great example of this 
  happening in the Web Payments WG right now. The WPCG did a lot of 
  work to put specs into place, design an ecosystem, etc. and that 
  ecosystem is definitely not being implemented in a way that CG 
  wanted to have happen. And the people in this group and in the 
  VCTF could potentially be in that same position. If we say that 
  self-sovereign is really important to us and we care about 
  identifier portability and we want to onboard new work as new 
  participants come on ... and we'll have two or three very large 
  technology companies join that disagree with the general 
  direction.
Manu Sporny:  There's very little that can be written into a 
  charter that can prevent that from happening at W3C.
Manu Sporny:  So ... you can recharter the group with new, 
  expanded scope, but typically they are done once the charter is 
  written.
Manu Sporny:  We don't many healthcare companies or NGOs talking 
  about citizen rights, etc. so that's where we are.
Tim Holborn:  The charter goes out to 2018 and the Web develops 
  so quickly ... when large companies push the world in a 
  particular direction and things change very rapidly. A large 
  number of opinions have been expressed on this call. I think 
  setting some boundaries on engaging people effectively to bring 
  them to the table would be good.
Manu Sporny:  If you can think of a sentence to put in th 
  echarter to address that, that would be helpful, but my 
  experience is that it's really hard to control that.
Manu Sporny:  We need to be able to convey people are welcome.
Tim Holborn:  There are a variety of stakeholders that can be 
  positively impacted by this work over time. Between October and 
  2018 ... is a fair chunk of time and a lot can happen. Locking in 
  the stakeholders now ... it's less than ideal.
Tim Holborn:  Without the means to be able to scale is 
  unfortunate.
Tim Holborn:  Lastly, with regard to self-sovereign identifiers. 
  VC is very much about what an org says about you. The idea of 
  having an identity on the Web is different ... and some of the 
  WebDHT like work addressed some of those works. I understand the 
  merits and I'm a believer of the human-centric Web but I do have 
  concerns about the terminology of self-sovereign as opposed to 
  what may become a digital magna carta, etc. I see that as a 
  separate issue. WIthin that I think there's an opportunity for 
  the CG to collaborate with other groups and incubate within CGs.
Tim Holborn:  That's a very separate thing from how orgs may 
  engage in the WG charter. Does that make sense?
Kerri Lemoie: Agree that verifiable claims could be considered 
  separate from identity yet verifiable claims are dependent on 
  verifiable identity.
Manu Sporny:  I think so. Let's take the definition discussion 
  and move that to later in the agenda and focus this on the 
  charter.
Manu Sporny:  I'm hearing the charter is too limiting with 
  respect to the use cases that we're outlining.
Manu Sporny:  I think I'm hearing that correctly, is that right?
Adrian Gropper:  Yes.
Tim Holborn:  I would say, for the status quo, it's quite 
  reasonable, but if it continues to get more momentum it may get 
  out of date.
Manu Sporny:  What Dave Crocker said is important to note, the 
  orgs want the scope locked in when it goes out. If the scope 
  changes the orgs may have to withdraw from the WG and this has to 
  do with patent requirements and other legal things wrt W3C. A 
  change in scope while the WG is operating and that's a big red 
  flag for orgs. They tend to vote against WGs with those problems.
Manu Sporny:  Hinting that the scope could change will invite 
  formal objections -- that's my expectation. That would change MS 
  from being ok to objecting because they don't know what they are 
  signing up to.
Tim Holborn:  I think that's a very fair concern. Maybe some 
  mechanism for scope to be locked in and onboarding language.
Manu Sporny:  That mechanism is a rechartering.
Manu Sporny:  If 20 companies join the group from other industry 
  then that's a good reason to recharter or as Dave Crocker said, 
  it's good for version 2.
Manu Sporny:  We can say the current work can't prevent version 2 
  wish list from happening. But very valid points from you and 
  Adrian.
Manu Sporny:  Would be good to see some language to summarize 
  this discussion and address it.
Manu Sporny:  Any other questions on the problem statement or 
  what's been changed there? That's the biggest change.
Manu Sporny: 
  http://w3c.github.io/webpayments-ig/VCTF/charter/rc-2-diff.html#goals
Manu Sporny:  We say we're going to focus on claims wrt the use 
  cases document. We now say we're going to say this work has to 
  cut across at least two industries, previously we said "several", 
  was too broad.
Manu Sporny:  It's fine if we have even more participating.
Manu Sporny:  Rest of the changes play with language mostly, 
  "broad" to "broader", for instance
Adrian Gropper:  When we do this with respect to industries -- 
  there are two kinds, regulated through licensed professionals and 
  regulated at the corporate level. I don't know if we can capture 
  this aspect in the charter because it's fundamental. The entire 
  reason for VC is to deal with regulatory practice and if we don't 
  recognize that some industries ... 99% of money spent in 
  healthcare is spent by licensed professional not corporation then 
  I think we'll get lost. It might look like it works for payments. 
  My experience with [] if you use education that way you don't 
  make a lot of progress because education is very squishy. 
  Payments are narrow and not privacy and regulatory intensive. I 
  just want to point out that point about industrial perspective 
  vs. licensed professional as a regulatory foundation.
Manu Sporny:  So I think we make that distinction in our use 
  cases which we point to in our charter.
Manu Sporny:  We have a number of medical use cases in here.
Manu Sporny: 
  http://w3c.github.io/webpayments-ig/VCTF/use-cases/#professional-credentials
Matt Stone: We use "regulatory credentials" as a term to describe 
  the credentials that serve non-commercial/governmental needs.
Tim Holborn: +Q
Manu Sporny:  It's certainly not out of scope and we point to 
  medical use cases in the use cases document. You used a phrase 
  that sounds like we could easily put it into charter. Corporate 
  creds vs. licensing professionals ... if you could think of some 
  language to put into the charter for that that would be good. If 
  we expand from payments and education to payments, education, and 
  healthcare ... the problem is we will only have two healthcare 
  orgs saying they'll participate in the WG. Other W3C members will 
  want to see more like 5.
Manu Sporny:  I think the vast majority of people in the group 
  agree with you. This tech will be used across many industries of 
  different types and we have to think about that to ensure it 
  works.
Manu Sporny:  Can you think of some language to use in the 
  charter to address those concerns?
Adrian Gropper:  Yes, absolutely.
Tim Holborn:  Medical creds are fairly high-stakes. I'd love to 
  see a world where signatures are send across the Web ... for 
  tissue samples, etc. That's particular high-stakes data. Another 
  possible alternatives is civics. Is there's a use case where you 
  are looking at the sorts of things that you need in medicine but 
  not such high-stakes data. You want to see the tech proven out 
  fairly well.
Manu Sporny: 
  http://w3c.github.io/webpayments-ig/VCTF/use-cases/#legal-identity
Manu Sporny:  As far as use cases are concerned, we talk about 
  legal identity.
Manu Sporny:  And we talk about things like refugee crisis use 
  cases, digital driving licenses, we do have some lower-stakes use 
  cases in there.
Manu Sporny:  Don't know if that addresses it.
Tim Holborn:  Healthcare is pretty serious. To be able to go into 
  that industry you really need all ducks in a row. Technically, to 
  be able to example it in an industry where it is working ... less 
  direct, some of the refugee things ... other areas where you have 
  similar businesses but isn't as life threatening.
Tim Holborn:  I'm wondering if we can achieve the same outcome 
  for healthcare using a related industry with lower stakes.
Manu Sporny:  I think with all of these use cases there are cases 
  that aren't as high-stakes. Like prefilling a medical form with a 
  proof of residence/address credential, that's lower stakes. Or an 
  educational credential that says you've done a weekend course. I 
  think we have those. If you look at the use cases that drive the 
  large orgs to want to use it are the high stakes. Lots of 
  money/risk on the line. Clearly those orgs are going to go 
  through a multi-year process vetting this technolgoy and while 
  they are doing it we can still test it out in more low stakes 
  settings. The strategy is aligned with what you're suggesting.
Tim Holborn:  Identifying whether or not an Uber driver had 
  appropriate credentials was another one.
Manu Sporny:  Ok, we've gotten through the charter. Any strong 
  feelings/objections to the changes made, etc.?
Manu Sporny:  Does anyone feel this is unworkable or they 
  wouldn't join the work?
Shane McCarron:  It's not that I wouldn't join the work, you're 
  jumping through a bunch of hoops here that someone held for you, 
  what are the odds that the people that held up the hoops will let 
  things happen?
Manu Sporny:  That's an important question. All we can do is do 
  proper due diligence and act in good faith.
Manu Sporny:  At some point it will become apparent that the 
  people were holding the hoops up had real concerns or it was for 
  entertainment.
Manu Sporny:  I don't think it's just for entertainment, I think 
  these orgs are intrigued enough to engage with us.
Manu Sporny:  If it turns out we made all these concessions and 
  the answer is still no, then we can roll those concessions back 
  and go through another standards body.
Manu Sporny:  We've done everything we can to act in good faith 
  and it's up to W3M and MS to respond to that.
David Chadwick:  To remind the group and enhancing privacy and 
  what that meant and it was to be added to that section.
Manu Sporny:  That's on me, I forgot. We will make those changes 
  and Dan Burnett raised some typos to fix.
Manu Sporny:  David, please ping me again and make sure I get 
  that in there.
David Chadwick:  Will do.
Adrian Gropper: +Q
David Ezell:  It's a bit stronger than the people in the room -- 
  we gave two week period for people to object and we didn't get 
  any objectiosn even from the companies expressing doubts. You 
  have IG support.
Manu Sporny:  Thank you David.
Adrian Gropper:  The comment about the privacy enhancing 
  terminology makes me want to pile on, but is a much bigger topic. 
  I spent 2+ years on Identity Ecosystem Steering group ... I don't 
  want to go into what that is, but it was a missed attempt to 
  introduce privacy enhancing practices on a very large scale. The 
  companies that we have here at W3C did not show up ... and the 
  general problem for dealing with cyber security issues in all 
  industries is an unsolved problem that MS and Google and a lot of 
  other organizations have not found a home for how to approach 
  that. All I'm saying is that the experience we're having ... I 
  worked for a consultant for the postal service looking at 
  connect.gov and postal service relative to cyber security ... we 
  don't have five years to do this work. To start slowly here and 
  see what happens 2 years after that. Becaus ewe are failing, not 
  just in the US, but globally, at doing the work we try to do.
Tim Holborn: +1
Manu Sporny:  Hopefully it makes you feel good that privacy is 
  throughout the charter and we've got a specific section on it.
Manu Sporny:  Scroll down to 3.2 in the charter, we have a full 
  section on privacy and security considerations, we call it out 
  specifically.
Manu Sporny:  We're trying to improve upon it. That's the most we 
  can do in a charter and say we're going to design towards a 
  privacy preserving tech.
Manu Sporny:  And that we're going to collaborate with other 
  groups on that.
Adrian Gropper:  I'm trying to talk aobut how to sell our charter 
  to MS and Google.
Manu Sporny:  Are you saying that would make it more compelling 
  to them?
Adrian Gropper:  If we approach it from cyber security 
  perspective. NIST 5 years ago saw the link between privacy 
  enhancing and cyber security ... was the reason for the whole 
  project. Only orgs with narrow interest in identity management 
  showed up and Google and MS weren't there. We don't know enough 
  about their interest in the cyber security aspect and how that 
  relates to privacy policies, etc. It's a governance problem we're 
  in a position to solve that isn't being solved elsewhere.
Richard Varn: We cannot wade into cyber security in the VCTF 
  space without a lot of qualifiers
Manu Sporny:  I don't nkow how to modify the charter to capture 
  what you just said. Could you write a strategy email for how the 
  group could react to what you just said or similar that woudl be 
  helpful.

Topic: IPFS and Verifiable Claims

Manu Sporny:  We don't have enough time left to talk about IPFS 
  and VC discussion -- will have to wait until the next call.
Manu Sporny:  Tim has raised some great questions about IPFS. The 
  group knows quite a bit about IPFS and we've worked with Juan 
  Benet closely. But we don't think IPFS is a solution for WebDHT 
  or blockchain decentralized identifiers, etc. IPFS doesn't have 
  mirroring guarantees ... you can lose information on IPFS if 
  nodes don't keep it, not a good fit.
Tim Holborn: Vint cerf said to me today: "I am in contact with 
  the IPFS folks with regard to digital archiving and 
  preservation."
Kerri Lemoie: Badgechain is exploring IPFS for some aspects of 
  open badges data.
Manu Sporny:  Group is looking at other techs ... flex ledger, 
  sovrin, badge chain, etc.
Manu Sporny:  We're aware of IPFS, we don't think it's a solution 
  for some of the things here, but you can store some data in IPFS, 
  but can't give guarantees. For DID it's not a good solution, for 
  pseudo-anonymous badge info, it's good.
Manu Sporny:  Just like badge data you can store data in any 
  location, hash in a blockchain, store data itself in a flex 
  ledger (as long as no PII), can store in IPFS -- a variety of 
  other storage mechanisms.
Manu Sporny:  IPFS is complementary, but we don't think 
  replacement/implementation for the DID stuff.
Tim Holborn:  I talked to Vint Cerf and he said he's in contact 
  with IPFS for interplanetary filesystem, etc.
Kerri Lemoie: Something to look into: https://ipdb.foundation/  
  It's based Bigchain db.
Kerri Lemoie: https://www.bigchaindb.com/
Tim Holborn:  I'd like to see a new blockchain (current 
  computationally flawed), with LDP we're looking at how to create 
  human centric identifiers. WebDHT did a lot of that and that's 
  been put to one side and there's a resourcing issue. Given that 
  Vint Cerf is looking at it for preservation, maybe we should be 
  following that up, directly or indirectly via CG, etc.
Manu Sporny:  Sounds like we need to have a discussion in the 
  group and how VC fits into these new techs.
Manu Sporny:  We'll put that on the agenda for next time, sorry 
  for 2 minutes over, out of time.
Manu Sporny:  We may not have the call next week, because we're 
  in a holding pattern w/W3M, but expect a call the week after 
  that.
Kerri Lemoie: Thanks everyone.

Received on Tuesday, 16 August 2016 16:38:13 UTC