Verifiable Claims Telecon Minutes for 2016-05-31

Thanks to Gregg Kellogg for scribing this week! The minutes
for this week's Verifiable Claims telecon are now available:

http://w3c.github.io/vctf/meetings/2016-05-31/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Verifiable Claims Telecon Minutes for 2016-05-31

Agenda:
  https://lists.w3.org/Archives/Public/public-webpayments-ig/2016May/0045.html
Topics:
  1. Introduction to New Participants
  2. Self-Sovereign Identity Architecture
  3. Decentralized Identifiers
  4. Verifiable Claims Use Cases Review
  5. Update on Work Items
Organizer:
  Manu Sporny
Scribe:
  Gregg Kellogg
Present:
  Gregg Kellogg, Kiara Robles, Adam Lake, Dave Crocker, Joe 
  Andrieu, Adam Madlin, Drummond Reed, Jason Law, Bob Bonomo, Manu 
  Sporny, Christopher Allen, Dave Longley, Les Chasen, Shane 
  McCarron, David Ezell, Rob Trainer, Nate Otto, Stuart Sutton, 
  Carla Casilli, David I. Lehn, Matt Stone, Bill DeLorenzo, Eric 
  Korb, Darrell Duane
Audio:
  http://w3c.github.io/vctf/meetings/2016-05-31/audio.ogg

Gregg Kellogg is scribing.

Topic: Introduction to New Participants

Kiara Robles:  I’m interning at BlockChain; I’ve been involved 
  with the design workshop and 2020; hoping to attened MIT 
  workshop.
Adam Lake:  Started with Digital Bazaar last week.
Dave Crocker:  I’ve been working on internet protocols and 
  architecture for a long time, mostly email. Went to New York and 
  found myself interested in your architecture and ways to improve 
  it.
Joe Andrieu:  I came because of IIW; I’m between startups but 
  writing a book on requirements modeling.
  … The UN summit made me think I might have something to 
  contribut here.
Adam Madlin:  I’m on the Accelerate team on the DHS SIR team on 
  blockchain-based identity. I’ve been working a long time in 
  government standards.
  … I spend most of my time working on cyber-security standards 
  for fed and state governments
Drummond Reed:  I’m founder of Respect Network; we were awarded a 
  DHS grant on blockchain identityh.
Jason Law:  Building a distributed legister dedicated to 
  distributed identity.
Bob Bonomo:  I’m an independent consultant focusing on Block 
  Chain and working on standards.

Topic: Self-Sovereign Identity Architecture

Manu Sporny:  For the past 4 years, starting in WPCG, we’ve been 
  talking about identity and exchanging claims (“attestations”)
  … These concepts have been around for a while, and been in the 
  “Identity Ecosystem” over the last 10-15 years. Mainly in IIW and 
  other forums.
  … Recently, it’s been called “self-soverign identity”. At the 
  ID2020 event and rebooting web-of-trust workship, the concept of 
  an architecture surfaced again.
  … During this, dcrocker and others took a look at our work. 
  We’re going to show the W3C members in a couple of months, so 
  we’re trying to get it in good shape. It’s not done, but it’s a 
  first cut.
  … We need to quickly come to conensus.
Dave Crocker:  I want to stress my own view of archiecture 
  diagrams is that they need to be simple and easy to understand.
  … Ballancing this, they need to be complete enough.
  … On average, diagrams are overly complicated. I was delighted 
  with the diagrams from this work.
Manu Sporny: This is the paper that we submitted to the ID2020 
  Design Workshop: 
  https://github.com/WebOfTrustInfo/ID2020DesignWorkshop/blob/master/topics-and-advance-readings/a-self-sovereign-identity-architecture.pdf
  … In the NY discussion, we looked at ways to enhance it (not 
  replace). We explored this over hours and Manu circulated some 
  diagrams based on these talks.
  … I realized that no where in the diagrams is there an 
  indication of the identiy itself. Maybe there shouldn’t be, but 
  we should think about that.
Manu Sporny: Here are the documents that we worked on at ID2020 - 
  again *VERY PRELIMINARY / JUST FOR DISCUSSION*
Drummond Reed: I would argue that this is exactly what 
  self-sovereign identity is about - there is NO BOX for a 
  self-sovereign identity because there is no conventional 
  "identity provider"
  … I also find it useful to have diagrams which work at 
  different levels. For example, public behavior vs private 
  behavior. In email, there’s the user agent and mail transfer 
  agent. Looking at RC 598, UA and MTA are still there, but there 
  is also quite a bit more.
Manu Sporny: Version 1.0 (this is more or less the Credentials 
  CG's architecture): 
  https://raw.githubusercontent.com/WebOfTrustInfo/ID2020DesignWorkshop/master/event-documents/graphic-recording/Day%202%2006%20Work%20Round%202%20Report%20Out/Day%202%2006%20WR2%20Self-Sovereign%20ID%20Arch%202%201o3.jpg
Manu Sporny: Version 2.0: 
  https://raw.githubusercontent.com/WebOfTrustInfo/ID2020DesignWorkshop/master/event-documents/graphic-recording/Day%202%2006%20Work%20Round%202%20Report%20Out/Day%202%2006%20WR2%20Self-Sovereign%20ID%20Arch%202%202o3.jpg
Manu Sporny: Version 2.0 Notes: 
  https://raw.githubusercontent.com/WebOfTrustInfo/ID2020DesignWorkshop/master/event-documents/graphic-recording/Day%202%2006%20Work%20Round%202%20Report%20Out/Day%202%2006%20WR2%20Self-Sovereign%20ID%20Arch%202%203o3.jpg
  … The fact the original is still valid is still useful.
  … For example, the repository is internal to the holder, so it 
  might not need to be shown in the basic architecture.
Manu Sporny:  For those who don’t know, Dave is one of the people 
  who created email standards.
Christopher Allen:  I was intregued by was that in the original 
  doc, we had DID in the center, and then it was moved over to be a 
  number of different oracles. Can you explain?
Dave Crocker:  I expect this to be controversial. A side point: 
  the diagram has DiD and similarly the other box had “ledger”. One 
  of the challenges is to distinguish between abstactions and 
  implementations. “Ledger” has taken on the notion of an 
  implementation approach. Similar with DiD.
Manu Sporny: We're looking at this diagram right now for those 
  wondering: 
  https://raw.githubusercontent.com/WebOfTrustInfo/ID2020DesignWorkshop/master/event-documents/graphic-recording/Day%202%2006%20Work%20Round%202%20Report%20Out/Day%202%2006%20WR2%20Self-Sovereign%20ID%20Arch%202%202o3.jpg
  … The other actors in the system need to query for information; 
  there are different types of queries. The identiy itself, history 
  of claims, other dynamic data. The ledger reference refers to a 
  growing journal, but has data static when created. One might want 
  to query dynamic data.
  … The idea is to merge all of these into a single abstraction, 
  which were listed in the box out of NY.
Manu Sporny:  The Oracle box includes ledgers, generators, 
  registry and file stores.
Christopher Allen:  I’m intregued by this change as it relates to 
  smart signatures and can make use of a variety of different 
  oracles. It’s an interesting new way to think about it.
Dave Longley: +1 For this path
Manu Sporny:  Good news is that there’s not screaming to keep 
  going down this path. In the coming weeks, we can refine these 
  diagrams with the goal of fanalizing in the 3rd week of june. 
  That’s when the WPIG would start reviewing, and see if we want to 
  take to an IG meeting on July 1st.
Dave Crocker:  I think that’s a realistic timeframe. Let me 
  encourage to contact me directly offline.

Topic: Decentralized Identifiers

Manu Sporny:  In this group we’ve known that the decentralized 
  identifier problem is very difficult to solve, but required for 
  user-centric/self-soverign identiy.
Christopher Allen: Link to 10 principles of Self-Sovereign 
  Identity 
  http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
  … The key think is the understanding that we need to have an 
  identifier that can’t be taken away from an individual through 
  force or coersion. We create the concept of a “WebDHT” (a hash 
  table with history), but that’s getting into implementation 
  details.
  … A higher level requirement is that we have an identifier that 
  can be instantiated and owned so that it can’t be taken away.
  … We’ve discussed block chain, journal, DHT a number of times, 
  but we should wind back and look at requirements.
Drummond Reed:  It was a very intense discussion on DiD 
  architecture. I have some notes freom that discussion. We got to 
  concensus on goals of the architecture. We came down to two key 
  goals: define the structure of an identifier that can serve as a 
  discoverable key for a value.
  … The value part is the “DiD object”: define the structure of 
  an object that can provide cryptographic proof of DiD ownership 
  and update permission.
  … Also, for the DiD Object to provide pointers to other sources 
  of claims and other peer DiDs. For purposes of privace 
  protection, a person (or principal) may need to have 
  multiple/many DiDs to keep different personas separate.
  … From the standpoint of claims-based ID, the concept of a 
  DiD-Tuple is a genesis claim, and is the starting point.
  … most discussion was over a “public DiD”, so that you can 
  refer to it to discover,lookup and verify a DiD. This corresponds 
  to an “omni-directional identifier”. However, from a privacy 
  consideration there are limitations. There are also cases for 
  private DiDs shared by a limited set of holders, thus a 
  “uni-directional identifier".
  … There was discussion around DiD discovery. Could use ledgers 
  or oracles as peers, which provides independence but not a known 
  starting point.
  … The second bucket was “addressable ledgers”, was to treat 
  them as part of the URI space (ledger of ledgers). This would 
  make the DiD itself addressable, but has questions of 
  portability.
  … The third option was meta-protocols to allow ledger 
  interaction.
  … The last option as the “index ledger”, the idea that by 
  concensus there is a single DiD registry, where the object may be 
  stored elsewhere, but there is a master index.
  … We’re interviewing individuals intersted in this area and 
  want to contribute; Anyone on this call is weclome to 
  participate.
Christopher Allen:  We’re punting on naming, which has caused 
  problems in the past. This should be reflected in the 
  archiecture. Names are credentials not identifiers. People want 
  the right to revoke credentials that are harmful, and this may 
  have not been thought of enough.
  … Secondly, on the meta-DiD discussion, we wanted to be able to 
  move the root identier from one chain to another. Self-soverign 
  users would have a choice of what chain to use, as well as the 
  ability to move it later. We think we have some good answers by 
  having every chain have it’s own DiD.
  … These things are hard, but we think we can say it’s possible 
  with this architecture, but don’t want to have to prove it first. 
  The intent is to have a design which allows for portability, but 
  this may be a 2.0 feature.
Manu Sporny:  The DiD stuff is a long-term need for verifiable 
  claims work. Today, in the current architecture, we’re just using 
  URLs. If you want to use it today, you must bind the claim to a 
  URL, which places the domain holder in control. We’d like the DiD 
  stuff to replace that.
Dave Longley: Notes that, technically, it's still a URL if the 
  scheme is "did" instead of "https"... this is still a URL: 
  "did:abcd1234..."
  … There is a system up already used in demos. The issue is that 
  it’s just backed by a regular DB, it needs to be distributed.
Dave Longley: It's just dereferenced in some other way (TBD)
  … We don’t need it to be ready by the time W3C membership 
  votes, but we should have a plan.
Drummond Reed:  One of the time-frames is based on the 6-month 
  DHS contract. Our job there is to perform as many interviews as 
  we can, trying to do 20-30 by the end of June and produce a 
  sample architecture and prototype.
  … We anticipate that a spec should/would come out of this. I’d 
  like to get through the heart of the work this summer and be able 
  to implement/test in the fall.
Christopher Allen:  Block Stack has implemented various aspects 
  of this in their own architecture. We’re working with them to 
  bring alignment; in effect, they offer DHT and could come into 
  alignment with the overall DiD and self-soverign architecture.
  … In oreder to do DiDs property you need a proof of existence, 
  which was also worked on at the design workship, that will make 
  the work easier to move forward.
  … There’s interest in a standard way to do this, possible using 
  linked data sigiatureas as a way to do this.

Topic: Verifiable Claims Use Cases Review

Les Chasen: In regards to the interviews that Drummond mentioned, 
  we are currently running a survey re "applicability of blockchain 
  tech" here 
  https://www.surveymonkey.com/r/Applicability_of_Blockchain_Technology_to_Privacy_Respecting_Identity_Management. 
  Feel free to take it and indicate whether you are interested in a 
  further in-depth interview.
Manu Sporny:  At ID2020 we also broke out to talk about use 
  cases. They looked at Shane’s document for potential W3C vote and 
  had some thoughts about it.
https://drive.google.com/folderview?id=0B1x0qWwnnOk5aGU5cWx6WlIta0k&usp=drive_web
  … I wanted to introduce Joe Andrieu to talk about this.
Drummond Reed: Also, this a reference to Kim Cameron's Laws of 
  Identity (with the law about omnidirectional and unidirectional 
  identifiers): 
  https://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf
Joe Andrieu:  I wanted to be sure that my writeup aligns with 
  Shane’s work.
  … Our first impressions was that we wished the human value was 
  more prominent. It should discuss how system addresses real human 
  problems.
Manu Sporny: We're looking at this document: 
  http://w3c.github.io/webpayments-ig/VCTF/use-cases/
  … For example, easily humanly recallable titles. I appriciate 
  that there is confusion over this. Things like “the lazy doctor” 
  in UC 4.3.1. We tried to come up with a short name capturing the 
  human value of each use case. A lazy doctor doesn’t maintain 
  credentials, but a bad university has credentials pulled.
  … I’d like to give some examples of requirements modeling (not 
  engineering).
  … I have some tools and techniques that can make these use 
  cases easier to absorb, to capture essential interactions.
  … One of the notes is that there is a lot to digest, and there 
  was tension between a rigorous specification/detail, but this is 
  at odds with the process.
  … This puts the focus on a really good architectural diagram.
Manu Sporny:  Speaking for myself, I think that would be 
  fantastic. You’re group was forced to do it in an hour, which is 
  really good. The W3C Membership may spend 5-10 minutes on it 
  before moving on. The UC doc ends up driving requirements for a 
  future WG.
  … People make two passes of UC, 5 minutes to vote to proceed, 
  and the second set is people actually doing the work, who will 
  look with a comb to determine if work is in scope.
Shane McCarron:  You said you had trouble getting your mind on 
  the difference between scenarios and use cases. Note that it was 
  structured as requirements, with supporting use cases.
Joe Andrieu:  Use Cases are overloaded to mean a lot of different 
  things. But sometimes UC is in the problem domain, or the 
  solution domain.

Topic: Update on Work Items

Manu Sporny:  There are a number of documents that still need to 
  be updated.
  … I’m going to send out another request on the survey.
  … Also, we’re hoping that Adam will work on AC or Architecture 
  summary.
Adam Lake:  I’m getting up to speed on working on both. We should 
  be on track for 3rd week of June.
Manu Sporny:  The W3C advisory committee needs a brief summary so 
  they know why they should vote for this.
Adam Lake: I also have feedback on the other documents, including 
  Use Cases.
Adam Lake: If the authors of those docs want it.
Christopher Allen:  There’s a blockchain workship coming up 2 
  days before the one at MIT
David Ezell:  Let’s work on getting a story infront of WPIG ASAP.
Joe Andrieu: Thanks, all. I need to run.  I've joined the email 
  list and will focus on something presentable to the group within 
  the week.
Manu Sporny:  Next week: heads down on getting voting package 
  together.

Received on Thursday, 2 June 2016 19:48:08 UTC