The Verifiable Claims Task Force

A Task Force of the Web Payments Interest Group


Verifiable Claims Telecon

Minutes for 2016-01-26

Brian Sletten is scribing.
Manu Sporny: This is an official VCTF call. It is being recorded and minuted.
Manu Sporny: We'll talk about the individual interviews from the experts we are speaking to. We are hearing about their experiences so we can avoid some of the problems they have encountered. We need to discuss how to respond to their feedback and we need to discuss the draft charter we have.

Topic: Interview Narratives So Far

Manu Sporny: Brad Hill's input - http://w3c.github.io/vctf/meetings/2016-01-08/
Manu Sporny: We have had input from Brad Hill.
Manu Sporny: These people are providing input in their personal capacity. Brad works for Facebook, but he's not speaking for them.
Manu Sporny: Same thing with Jeff Hodges who is with PayPal, but his input is his own.
Manu Sporny: Jeff has been involved in a variety of identity standards.
Manu Sporny: Harry Halpin is providing input based on his personal experiences, not official W3C input.
Manu Sporny: The latest one is from David Singer.
Manu Sporny: We have a number of other interviews to have.
Manu Sporny: The input we have gotten back is starting to form a narrative. David Singer's summary is the best one so far.
Manu Sporny: One of the things that is frustrating is that we are getting feedback from people involved in the space who are too busy to look into what we are working on but are providing high level thoughts.
Manu Sporny: As an example, "We've been down this path before, why are we doing it again?"
Manu Sporny: We outline clearly what the differences are here: http://w3c.github.io/vctf/#design-approaches
Manu Sporny: The VCTF page makes it clear what is different about this approach (e.g. User-Centric vs Service-Centric approaches). We outline clearly what the differences are.

Topic: Responding to Identified Narratives

Manu Sporny: Some of the people who are providing input didn't understand this distinction. David Singer also stressed that we shouldn't just focus on payments (also include education, health care, etc.)
Manu Sporny: We've been encouraged to study what has been done before even though we have already done this research. The feedback is coming from folks who are too busy to realize what we have already done on this front or why.
Dave Longley: We need to still do the write up of why the existing technologies don't solve all of the problems.
Shane McCarron: We need more talking points to expose all of the good data you've collected over the last year.
Manu Sporny: People are saying that the technology already exists and we should just use it (OAuth, Open ID Connect, JOSE/JWT). While we have done the analysis and found them lacking, we haven't written those up.
Manu Sporny: One of the output of the VCTF must be a gap analysis of why these technologies are insufficient.
Henry Story: There is a huge war in this space. Asking you to differentiate yourself from existing technologies puts you in opposition (and makes you enemies) of the existing technology communities. How can we point out the differences without making enemies.
Manu Sporny: That is an excellent point. We need to be careful about that. We know what doesn't work. Coming up with a list of why they are deficient goes nowhere. You end up arguing on generalities. We have some very specifics Use Cases and things we'd like to express and sign. We can talk about those specific Use Cases and what the end result is if we pull in existing technology and show how they don't meet the needs.
Manu Sporny: Therefore we narrow it down to the problem we are trying to solve vs an "Our community vs other community". We end up talking about actual requirements.
Manu Sporny: If we frame things like that, we should have a better outcome.
Eric Korb: Still no audio
Greg Kidd: I'm intimidated by the push back from all of the experts, but we have the governance of this group to help us manage the problem requirements and work on a reference implementation.
Manu Sporny: This is one of the strengths of the W3C process. You have always have experts arguing over the right way to do things but the process usually produces good results in the end.
Manu Sporny: The question is whether the people in this group are patient enough to work through the process or act somewhere else.
Greg Kidd: We have a development team and a set of use cases that we think could work under this group.
Manu Sporny: The cases where we see the most progress is when we have a solid use case and can compare different technologies for that specific problem.
Greg Kidd: I am most interested in the endorsement of a governance process rather than technical purity.
Manu Sporny: That's the goal of the W3C's process. We need to do a technical gap analysis to compare the suitability of existing technologies for our user's needs and not reinvent the wheel.
Manu Sporny: One of the outputs of this group will be a report of all of these things as an input to the working group.
Henry Story: This new group is mostly about producing Use Cases. You can't actually say "This is better than this." Are these Use Cases new so that they can't be solved by existing technologies.
Manu Sporny: Some of the feedback is from people jumping ahead to the technologies rather focusing on the Use Cases we've produced. The feedback overall isn't as good as it could have been if they'd had the time to engage more deeply to produce more specific feedback on the problem statement.
Manu Sporny: We might need to put a Charter in front of them. When you are working on a charter document, people in the W3C process usually get engaged in the content of the text.
Manu Sporny: This group needs to produce documents to stop going around and around on these points.
Dave Longley: We got better input from Brad through the interview process rather than the summary emails. We expect the new interviews to produce better results. The ones who we only got email feedback from didn't have time and are unlikely to have time to review any new documents.
Manu Sporny: We've gotten feedback from members of this group who are experts in their own field in this space who don't understand why these experts get to come in and control the narrative.
Manu Sporny: We are trying to find people who disagree with our analysis.
Manu Sporny: This doesn't mean we aren't going to do the work, we just need to address that communication gap in some way.
Shane McCarron: +1 To dlongley
Dave Longley: Some of the experts in our group can also provide feedback through email and interviews. It might be good to have that input on equal footing as well.
Henry Story: +1 Makes sense
Manu Sporny: Some of the experts don't see other people asking for these approaches, use cases, etc. Richard Varn and John T. could jump in and provide that kind of feedback from the education industry.
Richard Varn: Tell me who to talk to.
John Tibbetts: I've been hesitant to speak up. One of the problems I've had is that it seems like a political issue, not a technical issue.
John Tibbetts: There are already sensitivities about specific terms and technologies. Perhaps I can speak on the problems and needs.
John Tibbetts: There is an asymmetry in the responses. We are taking an abstract approach to describing the problems but the feedback we are getting are jumping straight to specific technologies.
Dave Longley: I think you should go ahead and talk about the technologies when you are providing feedback. We as a group need to avoid a technical bias, but as an expert you can provide a free response.
Dave Longley: +1 To Dan!
Daniel C. Burnett: I agree with what Longley said. Within the W3C process, the asymmetry is always going to happen. You will always get random comments from people who have no idea what you've done. But you still need to address them. Our goal is to get started, however. We should respond to the feedback that might block the specific problem might block getting started.
Manu Sporny: Excellent comment, burn.
Manu Sporny: Harry Halpin said: "Another option is to scope down and aim at a particular problem domain, for example a uniform vocabulary for educational credentials. Throwing out privacy and security concerns for high value use-cases like banking is a non-starter, as should be obvious."
Manu Sporny: Harry doesn't know that the Lumina foundation exists that there has been a $5 million initiative to establish these standards, Open Badges, etc. There are people already defining vocabularies outside using JSON-LD and it is happening outside of W3C.
Manu Sporny: That's the kind of thing the education industry experts need to push back on to address the feedback.
Manu Sporny: W3C management are seeing these assertions but not seeing the pushback from the education industry.
Henry Story: And this should be done by replying to the mailing list I suppose?
Manu Sporny: Maybe we should put those comments in a final report and get specific statements from representatives in the education industry.
Eric Korb: +1
John Tibbetts: +1
Richard Varn: I will do that when the feedback is done and address the specifics related to education needs and interests in this initiative.
Henry Story: Certainly not.
Dave Longley: I'd also like to point out that there a presumption that people want to throw out privacy and security. I don't think that is true and it would be good for the experts to clarify that point.
Henry Story: I mean we certainly don't want to throw privacy and security out.
ACTION: Manu to create a VCTF Final Report with input from interviewees and then request feedback from VCTF/Credential CG members.
John Tibbetts: + 1 .. I'll respond
Richard Varn: Sounds good
Eric Korb: +1 Ack, need also input from Heatlhcare experts
Daniel C. Burnett: I know we're supposed to be working on use cases, it's not obvious where they are. Can we point us to where they are.

Topic: Draft Charter Proposal

Manu Sporny: Yes, that is the last agenda item after the Draft Charter Proposal.
Manu Sporny: I took a stab at a draft charter proposal. It's broken into two phases.
Manu Sporny: The goal of Phase I is to produce a data model and format for credentials and verifiable claims. The timeframe is very aggressive. But the hope is that the Working Group would start in five months (we'd vote in May-July timeframe) and the only thing it would work on is data model, data format and signature mechanism.
Manu Sporny: After Phase I is done, we will have a way of expressing verifiable credentials with consensus. Then Phase II is to produce workflows and protocols to create, store and share credentials.
Manu Sporny: Does this make sense?
Manu Sporny: Are there any concerns?
Shane McCarron: The timeline feels aggressive given what we know about the W3C.
Manu Sporny: Well, the proposal is very minimal - just data data model, format, signature mechanism.
Dave Longley: Perhaps say different types of APIs (browser API, http API)
Manu Sporny: We could be doing the gap analysis document starting now so that it is ready when the WG starts. That will help compress the timeline. Does that address your concerns ShaneM? [scribe assist by Shane McCarron]
Henry Story: There are lots of different ways of doing things (e.g. LDP as a protocol for managing these technologies).
Dave Longley: Scope for Phase I should probably include that Phase II is a goal so it is intentionally considered in the designs for Phase I even if there's no Phase II output.
Gregg Kellogg: These things always take longer. We might try to account for that and suggest 24 months and just try to do it more quickly.
Manu Sporny: That's good feedback. This whole process was way longer than anyone expected.
Jim Goodell: The data model, data format and signature mechanism seems doable in the timeframe, esp. given the group is not starting from scratch.
Manu Sporny: Please look into the charter draft and text. It's based upon the Web Payments template which was heavily reviewed by W3C Membership and this is what came out of it. We're trying to use a template that has made it through the process.
Henry Story: So LDP already offers an answer to read-write over HTTP, which is why this feels nearly like a couple of different WGs 1. A group to show how that fits into LDP 2) a group for developing a new DHT system. Both of them are actually compatible because RDF is based on URIs so one can link both.
Dave Longley: I think the Phase I goals should consider that there is a Phase II on the horizon. Our scope might say, our output is only the format, model, etc. but they are compatible with the browser APIs we might need to work with in Phase II.
Manu Sporny: If we get Phase I done, people can move forward with various approaches (to bblfish's comments about LDP) for defining various protocols.

Topic: Use Cases Document

Manu Sporny: There is a Google Doc that has the latest language in it.
Manu Sporny: There is also a GitHub link.
Shane McCarron: And we want it to look like this: https://www.w3.org/TR/web-payments-use-cases/
Manu Sporny: Move the stuff in the Google doc over to the Respec doc.
Shane McCarron: I am trying to create sections to have the various contributors can collaborate (ShaneM, gkellogg, bsletten and burn)
Henry Story: Perhaps I'd just add also that one of the use cases has to be that this can work across protocols, so that one can tie into ipfs, etc... This is one way to make it tie into the Web architecture, and allow it to be very general, which I guess most other protocols don't satisfy, but tying themselves to specific syntaxes or protocols.
Shane McCarron: Use the opencreds repository so that we are not under more onerous IPR restrictions.
Manu Sporny: We'll do it in the OpenCred repo because the CG IPR policy will clear faster than the IG IPR policy.
Shane McCarron: Let's meet on #vctf-editors on this server
Manu Sporny: I will have a discussion with them about whether they want to pull it into the IG. We've already had this discussion with the WebPayments IG and the goal was to do as much in the CG before pulling it into the IG.
Manu Sporny: Gkellogg asked about the one repo per spec. This is being done elsewhere and it working. W3C is moving over to GitHub doing one spec per repo. The issues and the specs are tightly coupled. You can hand the repo over to a WG.
Manu Sporny: We do a GH repository reassign to preserve history, autonomy, etc.
Gregg Kellogg: How do you deal with shared definitions, automated tools to keep self-referencing is consistent.
Manu Sporny: ShaneM has done a fantastic addition to respec to pull in documents (glossaries in separate repositories). We're doing that in the WebPayments. You modify the glossary and all the other specs reflect the changes.
Gregg Kellogg: When we did the CSV stuff we'd make a decision that affected multiple specs where we could branch and make sure all affected documents are managed together. I am happy to adapt to what the group wants to do.
Daniel C. Burnett: I can adapt too. It depends on the groups and specs. We've found it less common to do the same edits to multiple specs rather than being concerned about making updates that affect other specs.
Shane McCarron: I'm not familiar with what you said I've done. How do we bring in common terms from a different repository?
Manu Sporny: Latest glossary from the Web Payments IG. We pull that into the Web Payments browser API document.
Manu Sporny: The entire terminology section is pulled into that document at runtime.
Manu Sporny: You added that functionality, so thanks.
Shane McCarron: The extension I did was not intended for this. I'm shocked.
Shane McCarron: Neat!
Manu Sporny: Are the editors good with the approach? Shane is going to create sections and the editors can collaborate without stepping on each other.
Brian Sletten: I'm good with it.