The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back


Credentials CG Telecon

Minutes for 2017-05-23

Dave Longley is scribing.

Topic: Introductions

Kim Hamilton Duffy: I'm one of your new Chairs in this group. I work with the Blockcerts project and am a part of Learning Machine.
Harlan Wood: I worked on the Koblitz JavaScript signatures and I was noticing and appreciating their use in block certs. Also working on TrustGraph using VC in the future, released a prototype that uses a different kind of signed claims on ethereum blockchain and I hope to integrate all of these techs into in the future.
Dave Longley is scribing.
Kim Hamilton Duffy: Changing the agenda a bit, we have a google doc tracking the work items and Christopher started breaking that down into items the digital verification group would work on and I thought it would out more naturally if we discuss the work items first and that would inform the digital verification question more. Then leave a bit more time for reviewing the mission statement. Sound ok?

Topic: Action Item Review

Kim Hamilton Duffy: Let's review current items. First was creating a preliminary list of items and that's done.
Manu Sporny: Nothing to add, that's done.
Kim Hamilton Duffy: Christopher to create a rough draft of credentials mission, that's to be discussed last today.
Kim Hamilton Duffy: Christopher to create a new proposal for how the digital verification group integrates, also tracked by the discussion today.
Christopher Allen: Still a pending item, we'll have to save for next week or the week following.
Kim Hamilton Duffy: Let's dive into the work items for the CCG.

Topic: Future Work Items Discussion

Kim Hamilton Duffy: Could everyone take a second to look through those items.
Kim Hamilton Duffy: Starting with a proposal for how we go through this, talk through ambiguities, scope, etc. then next steps. This isn't a concrete proposal yet but one way to do it is to say if a topic has no champions we scratch it or someone gets the urgency to then champion it. Proposals for how to move forward and then maybe closing it down.
Kim Hamilton Duffy: Any questions on scope or anything you've seen on the work items?
Christopher Allen: One of the key things that I was really hoping for was clarifying more on champion vs. supporters. People haven't articulated the difference so I want to make sure we're there. It's been my experience that in WG people will do it whether others will or not, that's a champion. They want input and to do the group process but they have energy, time, and commitment to so it. Supporters instead want to see it done but it isn't their top priority as other things might get in the way and slow it down. We have a lot of items and we may push things up but having a champion is an important part of the criteria.
Kim Hamilton Duffy: One thing that we should take from that is that if you are listed as a champion but you don't have intent to work on it, don't have time, etc. switch to supporter.
Manu Sporny: Right so, I wanted to clarify some thoughts on the work items in the document. Having reviewed them. Question was raised in the VCWG call today ... would these be better done by that WG instead of this one with potential input from this group. Terminology is one of those things. That's a critical item for the WG. I'm trying to say that the WG will do that with input from this group. I'm making a note on terminology that this is a WG potential item.
Christopher Allen: Terminology includes DIDs and such
Manu Sporny: Lifecycle of a VC, I think I understand that, the more than just claims one and direct vs. indirect claims, I'm not quite sure what that work is about. I understand ... it feels like it's a fairly large vision. As far as work items are concerned they tend to get done when narrowly scoped. These seem important but scope is large and so they may hang out forever. Wondering if we can narrow those.
Manu Sporny: The other thing I noticed is that it feels like there are core specifications and supporting documentation. There might be a tension in the group with wanting to dive into the core specs because a number of us have commercial interests, vs. supporting documentation which we need to convince W3C to pick up the work with a WG. Both are important, but I foresee some tension on those because some want to dive into core specs without supporting docs and others wanting to do supporting docs. Wondering if chairs or others have put into how we deal with the tension.
Manu Sporny: We can't really prevent anything from happening if people want to work on different things.
Manu Sporny: The other question has more to do with the DVCG. If we want to rebrand the CCG, it feels like a lot of what we're doing is actually about digital verification. And the Digital Verification group is more about signature formats, it's about signing data. I'm wondering if the group has thought about that. Maybe this group becomes the Digital Verification Community Group and then we rebrand the current one as a signatures group.
Manu Sporny: Just a bunch of thoughts.
Christopher Allen: I spent a bit of time organizing this, etc. I do feel like there is a tension between the fundamentals as supporting docs. It falls into a difference of credential work items and digital verification CG to me. Terminology, one of the things I was thinking of here is that there's a lot of things we want to be consistent with the WG. There are things like DIDs, trust anchors, etc. Part of the reason I like DV is that it includes timestamps which aren't signatures, etc. I feel like there's a role, it should be closely aligned maybe 80% in VC and 20% that isn't. The lifecycle of a VC is somewhat of a response to not being able to talk about protocols easily in the VCWG because of charter and as that WG can start accepting we can move over there.
Christopher Allen: I wanted Noah and Harlan at this meeting because they directly faced a problem ... R3 introduced self-sovereign identity and they separated evidences and assertions from the claims. We need to be careful that we're... if I've heard once before that you can express these other things as claims as well and if that's true I want to make sure that it works for some of these other people who have taken an independent look at it and split things off. It's an important issue and it feels appropriate ... also applies to direct vs. indirect claims. I can see the browser API and polyfill is more of a spec and it's deeper down. Maybe that can be fit into the verification work items and the Web of Trust schema and could directly go to the VCWG. That's my quick overview.
Joe Andrieu: I think the more than claims/direct vs. indirect claims may be part of the terminology section. Some of that is semantics, what do you mean by these things and how they fit in. I like Manu's assertion that the terminology is part of WG. What happens when we run into terminology that's out of scope for that WG? How do we talk about the terms that can't be addressed by that group. I wanted to talk about this tension, which I agree, supporting vs core. It's an inevitable thing. Since I'm a requirements engineer I like this upfront work. It's not so much about documenting but figuring out what you really need. I think we're really missing what would drive terms of use, scope or expiration of a claim. Or how to present selected claims for different but multiple credentials. Part of that is a rush is given the mental model of a productive I'm developing that's what I think.
Kim Hamilton Duffy: Developing some more nodes in our decision tree... there may be some topics more properly owned by the WG but there are some where that might make sense we also want to be actively contributing, where we encounter use cases that differ. I am curious to ask, do we have anyone on the call right now who sees themselves more as part of the DVCG ... and do they think should they be separate groups or join, etc.?
Christopher Allen: It does feel like there are as many as four different categories now. We have a number of items that are clearly fit into the VCWG, things like defining requirements, foundational docs. Things more spec oriented, two categories, one of which is the DV, DIDs also. We kind of need it, no one else is doing it, it's here for now, but it's a separate group of people potentially. And we have items, I know Kim expressed deep interest in getting down ... reference implementations of things to see if it works.
Kim Hamilton Duffy: So we're sliding into DVCG integration and maybe that's better to just let that happen. One thing I was wondering ... does anyone have any thoughts on where to go from here on making these decisions. I know there are certain areas I've very interested in and the ones I can champion and would gladly sign up for and will do no matter what I know what that is, maybe we can have people who are interested in Championing and put forward what those are and maybe use the voting system that Manu or Christopher described ... where should we go/approach this?
Christopher Allen: I wanted to come back to ... now that we've opened this up to the bigger thing of DV, I've been reaching out to a variety of parties that haven't been as active or active at all in the credentials community, cryptographers, security professionals, blockchain space, like block stack should be technically using this family of stuff but not participating in the WG or VC task force, etc. Something in my gut says that because we aren't doing spec level things or have specs for people to review is maybe why they aren't participating as much. There is maybe a need for separating the DV out as more spec oriented. I've got one cryptographer in mind ... I really like his work at hyperledger and will see if I can't get him in here because he is a person that can look at these specs and say "wait you haven't addressed this etc" maybe even willing to be a co-chair that could attract more like him. So I'm inclined to keep the groups separate. We can change the name for things that are at the spec stage in that group somehow...
Christopher Allen: As an operational thing.
Nathan George: +1 On having fewer groups if possible
Matt Stone: +1 On fewer calls per week :)
Kim Hamilton Duffy: :)
Matt Stone: +1 On moving away from the term "credential" based on historical friction.
Manu Sporny: I'm wondering, during last week's call that we want to be careful with merging groups because we just separated them out. I may be reverse that hearing this discussion. We don't want to lose momentum in groups. Splitting out for the survival of the group because of too much momentum makes sense but it sounds like the vast majority of items that we want to do have to do with DV and that's incredibly broad which is good for a CG. We could shove all of these items into a DV CG and no one would question whether the spec or supporting material belonged. If you did the same with the CCG, people could argue against it. I think this is an argument to rebrand all the work under the DVCG and go forth... and only split work off when it feels like we have critical mass.
Manu Sporny: The only issue is if people object to doing that.
Manu Sporny: Renaming and concerns we'll have to talk with W3C systems team and they might just say we can't rename the group and we'll have move everyone over and we'll lose 60 members who aren't paying attention to the mailing list on a weekly basis. Rebranding everything under DVCG would be the proposal, move all the specs there.
Manu Sporny: People work on the things they really want to work on, telling us priorities.
Kim Hamilton Duffy: I think that makes a lot of sense. I think the renaming alone describes more clearly what we're working on. Depending on who's interested in a topic, what you will get out of it. I think one thing we could do is combine champions and supporters in a way, so that if I'm working on a prototype that would lead into a specification but I don't have as much experience there others could help out. So I think because of that I'm liking the idea that we're under an umbrella group. If we have a concrete deliverable we're working on and have people with different strengths that could work really well.
Harlan Wood: Scrum I think ;)
Kim Hamilton Duffy: Let the record state strongbad ;)
Matt Stone: I think having two groups sort of forces us to have discussions like "we can't have that discussion here". That's challenging if you don't have the right parties in the call. Based on our discussions over the last few years, the term "credential" has turned into a land mine that would be nice if we could just move away from. DV is a pretty good fit for what we're trying to do. That may be a better feeder from big ideas to implementable standards without having a land mind of credentials thrown into it all the time.
Harlan Wood: Everyone will want to be on that team!
Manu Sporny: +1 To what Matt said
Christopher Allen: I'll concede to merging the two. I don't want to get lost in the specs too deeply without also considering some of these higher level things. I have some real concerns and we keep talking about data minimization and selective disclosure but we don't say what they are and best practices, crypto techniques, reasonable, possible, etc. We could put a lot of work into a spec that doesn't focus on a privacy and data minimization property and have to throw the spec away. If I look at the list on the bottom, the redaction signature suite which has some challenges but it's one of the closest that allows for data minimization and it could be a requirement for some of these types of things. The intent of every node ... that is separate and you can just include a hash of the node or something of that nature when sending it on to another party. The current one doesn't quite work because it doesn't have nonces from a security perspective. But you've got the way to have a large signed claim and just give a small piece of it and it's still valid. Data minimization way of addressing privacy. It's not in this list but there's also CL signatures which is a true cryptographer selective disclosure method, there's u-prove, etc.
Christopher Allen: There's some high level work that needs to be done and that's one of the reasons why RWoT has done reasonably well is that I always try to make sure that we're spending sufficient time where we can include people like Joe who has brought diversity and great knowledge, etc. You don't want to forget those.
Manu Sporny: We don't want people working on specs where the specs don't necessarily meet requirements the group has, but at the same time the group doesn't have control over what people work on or what they believe the correct requirements are etc. But spec writers will get hints from the community as to whether they are going in the right direction. In Christopher's point, if the spec doesn't have the right privacy features, implementers will say it's not meeting needs. Community Groups tend to work in a pro "fork the spec" or "submit PRs" or writing emails to the group to convince people to move another way. I don't think we should spend too much time wringing hands over people picking up and writing a spec. That's the core thing that gets things done, or people doing implementations and then writing specs after the fact. IF we're doing that we're successful, everything else is fine tuning.
Manu Sporny: We can't control people doing things we don't want them to do, if someone goes off doing something people don't want and the spec will be forked and you'll have two competing specs, which is reasonable in a CG. Dumping all these specs into a group isn't a bad thing, the things people want to work on will get worked on and everything else will fall by the way side.
Manu Sporny: Having a single group won't have a negative impact in that respect.
Christopher Allen: I don't want to repeat the bad patterns of FOAF
Joe Andrieu: Had a question about umbrella group with community conversation vs. spec driven work. Community place to explore bigger issues without slowing down spec. The assumption at the heart of your argument, Manu, privacy is poorly understood and companies get it wrong all the time, the notion that if we get it wrong we'll fix it later, I'm weary of that. Spec work has to go hand in hand you have to get requirements, etc together.
Manu Sporny: +1 To working in parallel :)
Dave Longley: +1 ... And a lot of spec discussion happens in github
Manu Sporny: ChristopherA, it would be good to understand what those "bad patterns" were?
Kim Hamilton Duffy: Not sure what we need to do with W3C staff to move membership over, etc.
Kim Hamilton Duffy: Over the mailing list if there are further thoughts we can iterate, but maybe next week let's make a decision about going forward.
Kim Hamilton Duffy: Next we need to decide finalizing work items, I don't mean commitments, etc. and timeline. If we have some kind of thoughts or prioritization, urgency, any thoughts?
Christopher Allen: I justed to also ... it's good for some people to talk about what their highest priorities are. This week is a lot of people I thought I could draft into this meeting are at the consensys conference.
Christopher Allen: Blockstack team, MS, Drummond. Next Tuesday will be day after memorial day, so lots of people taking that off. I'd like to say the one after that we decide then.
Harlan Wood: Looking over the work items, I'm especially interested in the RWoT schema at the end. We've been working with codying ratings in a JSON schema. We've been developing a similar format for schema.org ratings and I'm interested in integrating that with signed claims, that's my core interest.
Kim Hamilton Duffy: We don't have an item tracking that could you add that?
Christopher Allen: Reputation systems have issues — we
Harlan Wood: Yes, the RWoT schema, the last one.
Kim Hamilton Duffy: Got it.
Christopher Allen: I think that reputations and ratings and whatever are going to come up more and there known ... talked about RWoT, issues and challenges on catching people up on what makes rating and reputation systems hard. Lots of half-assed things -- we've known for years flawed 5 star rating systems. We could at least try to address some best practices and point people where they can discover more. Coming up in credentials more and more.
Christopher Allen: I agree with manu if we add 1 week.
Manu Sporny: This whole "what is the group going to do next" discussion ... we kind of staged it in a way that let everyone write down their ideas in the document and it's settling, quite a bit over the last week or so. Maybe give it till the end of the week and then convert it to a poll. You get points to allocate however you want, if you feel really strongly about one item you can put more of your points there. That gives us a lose idea of what people want to work on and the importance. We just leave that poll open and as new people come into the community they put their ideas down on what they want to work on and the chairs just keep an eye on it and see if what people want to work on shifts. Could rerun the poll every 6 months, etc.
Harlan Wood: Link to Reputon spec I mentioned: https://tools.ietf.org/html/rfc7071
Manu Sporny: Good way to get people's input, not everyone will talk on the phone, not how they like to communicate.
Manu Sporny: Concrete proposal is to wait another week to add items to this google doc and one of us can convert it into a google forms poll and keep it open for a month and get consensys people and newcomers.
Manu Sporny: Then chairs make determination "this is what people said they'd work on" and let people do their thing.
Manu Sporny: That's my concrete proposal.
Manu Sporny: Agree or better way forward?
Harlan Wood: Link to Work.nation architecture doc, which uses "Reputons" as "signed claims" via Ethereum + IPFS + uPort: https://github.com/worknation/work.nation
Dan Burnett: +1 To poll
Christopher Allen: I'm fine with a poll if we can add a week, I just think people ought to be able to have two weeks to put things onto the poll.
Harlan Wood: I have to drop off for another meeting. Last note: 9am Pacific is better than 8am if we are choosing one of those call times.
Christopher Allen: I think making sure we have all the work items that people want to do when we don't necessarily have ... some of the people who have moved on will come back if we have work items that are related to the work they are doing.
Dan Burnett: I was just going to say ... the poll idea is a good one you've seen me use that in other contexts as well. I like it from an administrative perspective as well because you can rerun it. I'd say, don't worry too much, allow an extra week but it doesn't have to be the last time you ever do it. Just a snapshot for a point in time to gauge interest.
Kostas Karasavvas: Hi all! I couldn't join you from the beginning but just wanted to introduce myself and maybe take part in the next meeting. My name is Kostas Karasavvas and I am working on the blockchain academic certificates project from the University of Nicosia. I have also briefly contributed on blockcerts and had a great collaboratation with Kim on that (hi Kim!). I look forward to get involved with the TF.
Christopher Allen: We have this very long credentials statement from the existing one which manu said was based on circumstances at the time. We put together a briefer one. The main comment someone had was that they wanted to have "what is a credential" a bit more. So, we've also had discussions here about digital verification and whether or not that should be the new name of the group. But we risk losing some our less active members who could come back and can't find us because we've moved.
Christopher Allen: I'm open on do we focus on the name change first, or do we try to revise this mission statement for the new name, etc.
Manu Sporny: Hi Kostas, great to see you here! Please join us next time... would love to have you in the group!
Kim Hamilton Duffy: Recapping... we finished two action items, we are going to continue to get feedback over the week, at the end of this week I can create a poll to let people allocate their points on what they want to work on. Per Christopher's feedback we won't have all the people here for deciding branding, names, separate groups, etc.
Kim Hamilton Duffy: So we're going to set a deadline on that decision for three Tuesdays from now.
Kim Hamilton Duffy: What I do propose is that if there's an area you are passionate about don't wait for that.
Kim Hamilton Duffy: In terms of next steps for the mission statement. Christopher do you have thoughts on that?
ACTION: Kim create poll for priorities
Christopher Allen: Both things are kind of stymied on ... branding, naming things. Has to do more with whether or not we can preserve any of our existing thing if we have to go new... what are the protocol ramifications. I kind of like that credentials has been accepted by the W3C. It's pretty broad. For whatever reason I could easily see us adding to our revised mission statement, some of the text from the digital verification into the description if we want to merge the two groups. Conversely we could focus on digital verification and even if we lose a lot of people we might get more DV people who are active.
ACTION: Chairs close poll after ~3 weeks, decide separate group, naming
Christopher Allen: Risks for that ... their requirements become challenging for some of our goals, self sovereignty, etc. Have to be careful. I haven't been part of the larger process for this, Manu and others dealing with VCTF, CCG, Web Payments CG, may have better answers.
Kim Hamilton Duffy: We'll revisit finalizing the mission statement after naming.
Christopher Allen: Post to group for last call of putting possible items into poll
Dave Longley: +1
Manu Sporny: +1
Christopher Allen: We need to post to the group a call for more work items if any. If people can talk to others in other groups who want credentials/DV if they want to participate to come over.
ACTION: Chairs finalize missions statement after after decision of group naming
Christopher Allen: I'd like more open badges, blockstack, others who have shown up for meetings in the past, etc.
Christopher Allen: Are you part of the DI group, manu?
Manu Sporny: Nope.
Christopher Allen: We should try to get them to come, all those people want to use VC and credentials. R3 also talking about self sovereign identity recently with different requirements. I'd like to get that clarity and get those people in.
Kim Hamilton Duffy: We're at time :)