The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-05-30

Drummond Reed is scribing.
Manu Sporny: Clarified that we are going to be talking about both Federal Task Force and other topics
Ryan Grant: Hi, I've been participating in the Rebooting Web of Trust Workshops. Focused on DID spec and DID method specifications
Maria Dubovitskaya: Works with IBM research and Jan Camenisch on privacy-preserving credentials
Markus Sabadello: Markus Sabadello is with DanubeTech in Vienna Austria. Working on Sovrin, verifiable claims, Sovrin, and XDI
Adam Lake: Works with Digital Bazaar, very interested in self-sovereign identity and independence on the Web
Kim Hamilton Duffy: Bariska: Works with IBM research and Jan Camenisch on privacy-preserving credentials
Christopher Allen: Reviews action items
Kim Hamilton Duffy: Send last call for additional CG work items before poll DUE FRIDAY MAY 26th [DONE] [scribe assist by Manu Sporny]
Kim Hamilton Duffy: Create poll for priorities on work items, ~3 weeks snapshot poll results for prioritization - DUE TUESDAY MAY 30th [IN-PROGRESS] [scribe assist by Manu Sporny]
Christopher Allen: First draft of CG Mission Statement for review - DUE JUNE 6th [ON HOLD Re: NAME & MISSION] [scribe assist by Manu Sporny]
Christopher Allen: Create a new proposal for how Digital Verification CG integrates DUE JUNE 6th [ON HOLD re: NAME & MISSION] [scribe assist by Manu Sporny]
Manu Sporny: ALL: Approve New Name and Mission Statement - DUE JUNE 27th
Manu Sporny: Clarifies that only W3C chairs can update community docs

Topic: Community Group Scope and Naming

Christopher Allen: At the last meeting, there was a motion to unite the two community groups
Christopher Allen: The open issue is the name of the unified group. "Credentials" is overused
Manu Sporny: Needs to appear before the US Fed Secure Payments Task Force next week and give them a formal name of this group
Manu Sporny: Proposes "Digital Verification Community Group"
Manu Sporny: Favors that name because it's a "big tent"
Manu Sporny: Wants to avoid the term "Identity" since it is so overloaded
David Chadwick: The term "credential" is more accurate
Ryan Grant: Asks about the term "identity" - why is it overloaded?
Manu Sporny: The W3C has said that it is not a topic they want to tackle
Manu Sporny: The security community got upset about the use of the term "credential" because in their view a credential is strictly a username/password
Manu Sporny: "Decentralized Verification" is another option, but that's also vague.
David Chadwick: "Credential" is broader than username/password
David Chadwick: It would be correct to use "credentials" in the meaning of the term we all understand
Manu Sporny: Agrees, but our opinions on the suitability of the term really don't matter to some of the major players at W3C. They can then block the work behind the scenes.
Manu Sporny: The words "identity" and "credential" are trigger words for that reaction
David Chadwick: The word "verification" is too vague
Joe Andrieu: His concern about "verification" is only about the signature of the issuer, not whether the claim is true. So he'd like to be able to retain that,
Ryan Grant: Proven control of keys
David Chadwick: What about "digital cards"?
Ryan Grant: "Proof of key control"
Christopher Allen: That term also has challenges
Joe Andrieu: Digital Assertions?
Ryan Grant: "Control assertions"
Joe Andrieu: Digital Attestations?
Christopher Allen: Would like to find a term that also attracts digital cryptographers
Kim Hamilton Duffy: +1 Digital Attestations
Christopher Allen: Appreciates why Manu needs to move the process forward to establish a name for the U.S. Fed presentation
Ryan Grant: +1 Digital Attestations
Joe Andrieu: Likes "digital" as a prefix, but looking for a term that is larger than "claims"
Adam Lake: +1 Digital Attestations
Joe Andrieu: Secure attestations?
Drummond Reed: The challenge with "Digital Attestations" is that it sounds just like Verifiable Claims
Manu Sporny: We are trying to establish that this community group has a larger scope than Verifiable Claims
Christopher Allen: Wants to make sure that the scope includes reputation systems that describe claims and proofs. Used the example of R3. Also E&Y.
Manu Sporny: Self-Sovereign Technology Community Group?
Christopher Allen: This also came up at Rebooting the Web of Trust in Paris. The term "attestation" was used for a subtype of verifiable claim
Kim Hamilton Duffy: The term "attestation" is also pretty loaded
Manu Sporny: +1 To what KimHD is saying... we should get some of these ideas down....
Ryan Grant: +1 For crowsourced sense of specific<-->general, and which words in/out
Drummond Reed: "Self- Sovereign Technology Community Group" is not bad
Harlan Wood: Our Portable Reputation Toolkit work that Christoper A was referring to:
Adam Lake: Self-Sovereign Technology is not much longer than "verifiable claims" I think Self-Sovereign sums up the collective effort of the group
Joe Andrieu: There's also a notion of "decentralized" at the core of our approach.
Sean Bohan: Manu, is there a date you need a name by?
Christopher Allen: We're running out of time for this agenda item, but recognize that it needs to be resolved
Manu Sporny: Sean - by Thursday :P
Manu Sporny: That's when the slides are due
Christopher Allen: Attribute-based credentials
Christopher Allen: Attribute certifications
Adam Lake: Decentralization is a strategy to achieve Self-Sovereignty--Self-Sovereignty is the goal it seems to me.
Harlan Wood: +1 For "Self-Sovereign Technology Community Group". Inspiring to us, and likely sounds irrelevant to those who might block other names...
Adam Lake: Interesting shift from trying to name the specs to using the name of the goal [scribe assist by Ryan Grant]
Christopher Allen: I love the SS idea (obviously) but it may alienate some, as you can use this tech with centralized as well.
Maria Dubovitskaya: Worked on ABC for Trust, which was all about privacy-preserving credentials and authentication. This was published by Microsoft and IBM.
Manu Sporny: That's true, ChristopherA - SS may alienate large corporates/governments.
Adam Lake: If SS can be centralized then why does it alienate?
Harlan Wood: Sovereign is a loaded word ;)
Joe Andrieu: Have we seen any evidence that SS alienates corporates/governments? That seems apocryphal so far.
Drummond Reed: I am finding that the term "self-sovereign" is getting more traction in the market as a specific term of the industry.
Joe Andrieu: +1 To avoid the name conversation, Manu
Ryan Grant: Maybe manu could call it X... working towards Self Sovereign Identity.
Manu Sporny: Perhaps he should just try to avoid the name in this presentation
Drummond Reed: I am okay with Digital Verification WG
Adam Lake: It seems like GDPR that SS would be appealing to the EU
Harlan Wood: I'm finding SS a great descriptive word. Experts and muggles alike immediately get it, and love it.
Adam Lake: "Governments"
Drummond Reed: SS tech is *definitely* appealing to GDPR

Topic: Verifiable Claims Browser API and Browser Polyfill

Kim Hamilton Duffy: Also +1 on SS
Dave Longley: Assumes he and Manu would be the main champions for this
Dan Burnett: DIgital Self-Sovereign tEChnology Track (DISSECT)
Harlan Wood: LOL
Dave Longley: A polyfill provides a Web API that is not yet natively supported in a browser
Dave Longley: A Web API polyfill will let people register a "wallet" to store verifiable claims and share them with other sites
Manu Sporny: We're on slide 5
Dave Longley: A Web API for verifiable claims will work like other Web APIs like the Payments API. In fact those other APIs are designed to be extended for functions like these.
Ryan Grant: Slide 8's did would be legal as: did:nop:1324
Dave Longley: Doing this in a polyfill lays the groundwork for browsers to natively implement the API and those APIs will take over from the polyfill
Dave Longley: Digital Bazaar has an implementation of a polyfill that works now. It lets you register a DID, receive a claim, and then share it with another site.
Manu Sporny: Dave's referring to slide 6 - the one with the links
Dave Longley: There are a number of ways we can go with this. The preso includes links to source code of the demo. The last few slides show what the Javascript code looks like.
Dave Longley: The Web API abstracts the digital wallet so that the developer does not need to care where or how the credentials are stored

Topic: Lifecycle of a Verifiable Claim

Harlan Wood: Thanks Dave, great stuff!
Christopher Allen: Suggests that people add notes about a Web API to the Work Items document
David Chadwick: Volunteered as a champion for the Lifecycle of a Verifiable Claim work
Christopher Allen: Another example of a use-case in this style (not mature) is the Web Of Trust Use Case at
Joe Andrieu: The work is a prose description of the 15 steps of a user interacting with the system—in this case a Syrian refugee arriving in Greece
Joe Andrieu: Talks through the 15 steps as shown in the use case document
Joe Andrieu: The goal is to present what the user experience would be throughout the lifecycle of the technology without the technical details so one can focus on the actual use and benefits

Topic: Data Minimization and Selective Disclosure Report

Christopher Allen: We have a number of topics around data minimization and selective disclosure, including CL signatures
Christopher Allen: Other approaches do simpler forms of data minimization and selective disclosure, but these have not been expressed in detail, so we need a document that explains and explores the options.
Christopher Allen: Right now he is the lead on this item, and is seeking other champions
Drummond Reed: I can talk about current DID spec on next call [scribe assist by Manu Sporny]

Topic: Decentralized Identifier Spec

Drummond Reed: This is work that started here with the VCTF and DIDs for Verifiable Claims... we moved it forward under DHS S&T... and Rebooting Web of Trust last year. [scribe assist by Manu Sporny]
Drummond Reed: It's an identifier format that can work with any ledger or decentralized identifier technology. It doesn't rquire centralized registration authority, standardized JSON-LD object/DDO, associated w/ public keys, key rotation control block, service endpoints. [scribe assist by Manu Sporny]
Christopher Allen: Asks that if you know others who are interested in this work, send them email and make sure they know that this is a new Community Group with a big tent. Encourage them to participate in the next few calls.
Kim Hamilton Duffy: A poll is going to come out this afternoon
Sean Bohan: Thanks Christopher and Kim!
Christopher Allen: Thanks everyone for participating and looks forward to next week