The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-06-06

Topic: Introductions

Manu Sporny is scribing.
Frederico Sportini: Hi, co-founder of BigChainDB - self-sovereign distributed identity system, we've been participating in Rebooting Web of Trust. I'm interested in Verifiable Claims.
Drummond Reed: +1 To "reintroductions"
Drummond Reed: Thanks Dave. Man, I need a cheat sheet to W3C IRC commands. Do you know of one?
Sean Bohan: Hi, Sean Bohan, product manager for consumer platforms at Evernym, also running Community at Sovrin, also migrating code base to Hyperledger Indy. Working on Project VRM, attendee at IIW over the years. I'm helping to define consumer products based on technology that Evernym is creating.

Topic: Agenda Review

Kim Hamilton Duffy: We're going to cover the agenda here -
Kim Hamilton Duffy: We're going to be mostly covering Decentralized Identifiers, RDF dataset canonicalization, and Reputation Systems - Best Practices & Evaluation

Topic: Action Items

Kim is working on Poll for priorities on work items, ~3 weeks snapshot poll results for prioritization - [IN PROGRESS]
Kim working on naming goals, constraints, pitfalls first draft [DONE] -
Kim Hamilton Duffy: We don't have a lot to discuss on this item this week, still discussion is ongoing on mailing list.
Manu Sporny: Yes, still in progress, failed miserably on making progress ... Dan and I just need to get on a call and find the magic button. [scribe assist by Dave Longley]
Manu to get new chairs privileges on the W3C site and remove old chairs... failing miserably at making progress on that one.
Christopher Allen: First draft of CG Mission Statement for review - DUE JUNE 13th [ON HOLD Re: NAME & MISSION] -
Christopher Allen: Trying to recruit more cryptographers and security reviewers - very valuable contributors, we should ask them about the merger of the two groups. We'll see how that goes.
Action item for everyone - Approve New Name and Mission Statement - DUE JUNE 27th

Topic: Current Polls

Lifecycle of Verifiable claims is front-runner right now...
All Verifiable Claims related topics are bubbling to the top... browser API and polyfill is floating to the top...
Kim Hamilton Duffy: Linked Data Signatures topic is up high, specific signature suites are spread out at bottom... smattering of votes here and there... Manu had mentioned that we can address those on an as-needed basis.
Kim Hamilton Duffy: Does that argue for a separate group? We don't need to discuss today - other thing that stood out, other than Verifiable Claims - data minimization and selective disclosure.
Manu Sporny: Where's the link to the poll? [scribe assist by Dave Longley]
Manu Sporny: We haven't weighed in yet on the poll -- can it be put on IRC? [scribe assist by Dave Longley]
Manu Sporny: Just if we make it more than one vote per organization then it will be very easy for some of us to really tilt the poll, strongly suggest one vote per org. [scribe assist by Dave Longley]
Drummond Reed: While I don't disagree, that adds a lot of coordination on each orgs part

Topic: Decentralized Identifiers

Drummond Reed: Can we use WebEx for presentations? [scribe assist by Dave Longley]
Manu Sporny: Costs money, someone would have to fund it. [scribe assist by Dave Longley]
Drummond Reed: Zoom? [scribe assist by Dave Longley]
Sean Bohan: Can we send all the deck and Drummond ZOOMs it for showing slides and keeps the voice here on the call
Manu Sporny: We've tried to not rely on screen sharing or use presentation materials that have accessibility components to allow easier access. [scribe assist by Dave Longley]
Dan Burnett: Yes, even in the WG we don't rely on the screenshare functionality
Drummond Reed: Being able to see something in real time as long as you send a copy to the main list and do whatever is necessary is useful. [scribe assist by Dave Longley]
Drummond Reed: is also good
Christopher Allen: I have no problem with one of the presentation viewers as an additional link. Makes it easier for someone to walk through. Don't want to see that for general group purposes though, prefer to stay with the tools/IRC/logs, getting a lot of benefits out of being able to massage logs, great recordings, various tools, etc. [scribe assist by Dave Longley]
Christopher Allen: We'll just follow along if you give us a link for the slides. [scribe assist by Dave Longley]
Drummond Reed: This is a presentation I give when folks need to come up to speed w/ DIDs and DDOs.
Drummond Reed: A shout out to Anil John and DHS S&T Directorate - excellent work they're doing in promoting identity/data privacy, they've contributed substantially to DID and DDO work.
Drummond Reed: What is a DID?
Manu Sporny: This group created that term "DID", it percolated from the Web Payments Community Group and when it came into this group, 2-3 years ago it got a name and explanation. [scribe assist by Dave Longley]
Drummond Reed: Very cool, first time I saw it was in a CG spec. [scribe assist by Dave Longley]
Christopher Allen: The blockchain aspects where at #RebootingWebOfTrust
Manu Sporny: The WebDHT spec, yes. [scribe assist by Dave Longley]
Manu Sporny: We're finding that blockchains are a better solution than WebDHT at this point. [scribe assist by Dave Longley]
Christopher Allen: Original DIDs were a unique identifier, but not Blockchain-based... worked on it a bit at Oasis.
Drummond Reed: We proposed to DHS that DIDs were the key thing - Blockchain were key to distributed identity.
Drummond Reed: Why DLTs for decentralization? I probably don't need to go into this much here...
Drummond Reed: To make the point clear, for digital identity, a distributed ledger can solve the "root of trust" problem - a global source of identity that everyone trusts, but isn't owned or controlled by any one company or government.
Drummond Reed: Slide 5 - different types of blockchains - doesn't matter what the model is, DIDs can work with every type.
Drummond Reed: Slide 7 - structure of URNs is the pattern for DIDs....
Drummond Reed: ChristopherA helped us move toward this concept - DID syntax - slide 8 - we use the same syntax...
Drummond Reed: This is a technically valid DID scheme name - slide 8 - did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
Dan Burnett: Catching up now -- what is meant by the Permissionless/Permissioned distinction on slide 3?
Christopher Allen: We're still trying to define this in practice, what the Bitcoin method is.
Drummond Reed: Key point is that the DID spec talks about data model.... DID Method spec defines how to work with DIDs on each ledger.
Drummond Reed: Initial DID Method specs - these are the four that I'm aware of right now...
Christopher Allen: There has been discussion about PGP DIDs, presumably a PEM-version of that - won't completely conform to requirements of DID spec, but useful for cross-compatability.
Christopher Allen: You can also do this for public keys, just doesn't let you rotate on a public key.
Drummond Reed: There are more under discussion.
Drummond Reed: The point being that you can create a method for whatever decentralized network that you want, as long as you can define the CRUD operations for DIDs and DDOs.
Drummond Reed: 3 Purposes of DID methods - you have to specify the syntax, the method-specific elements of the DDO, adn then the CRUD operations on DIDs and DDOs.
Dan Burnett: What is the DDO?
Drummond Reed: Where "D" in CRUD is "Revoke"... CRUR being hard to specify.
Drummond Reed: DID - DDOs are globally resolvable - want to talk about DID resolvers - DID is the key, tells resolver code which ledger to go and look it up at...
Drummond Reed: Slide 13 - six primary elements of DDO - list of service endpoints, public key blocks, timestamp and signature blocks, etc.
Christopher Allen: You may want to specify key rotation AND key recovery - important from a security point of view - key rotation is an important practice - short term keys are better than long term keys.
Christopher Allen: Fully conforming DID has to allow for key rotation, even if it doesn't support key recovery. Some of this stuff is also defined by the method - may not have to do with DID object...
Dave Longley: Anyone interested in some history ... Web Payments CG talking about DIDs in 2014: (
Drummond Reed: Slide 15-17 - sample DDO object, split across 3 screens... folks can take a look at the slides, just an illustration of these points.
Drummond Reed: We need to talk about ultimate context declaration - where is the DID spec going to live in the longer term...
Drummond Reed: Owner is the block - owner block is for public keys - key descriptions begin w/ ID - if you look at that field - it is the DID that represents the DDO, plus a fragment.
Drummond Reed: The DID spec is very specific on fragments - the fragment MUST identify an element within the DDO. If you have a path, that can identify any end resource.
Drummond Reed: Fragment directly on DID can uniquely identify each key in owner block - one purpose of DID spec is to establish widely supported key descriptions.
Dan Burnett: There is a distinction between permissioned and permissionless
Dan Burnett: What is that distinction?
Kim Hamilton Duffy: For reference, the current DID work item in our doc is "Further develop the specification into a W3C formatted Community Group specification."
Dave Longley: It has to do with how authorization is performed on a blockchain
Christopher Allen: There are public blockchains, and permissioned blockchains. it's a blockchain specific term.
Christopher Allen: If you think of Hyperledger, it's private and permissioned - only parties control it. Private one.
Dave Longley: A permissionless blockchain may use a proof-of-work to authorize writes to the blockchain
Christopher Allen: In case of Sovrin - information is public, but people that maintain the chain is private.
Dave Longley: A permissioned one may use, for example, a list of entities that may write to the chain that can be authenticated via digital signature
Christopher Allen: Hyperledger Sawtooth is private, but permissionless - people can add themselves if they know abou tit.
Christopher Allen: Bitcoin and Ethereum are both permissionless and public.
Dave Longley: Voip-vctf: connections?
Dave Longley: Voip-vctf: mute 95
Kim Hamilton Duffy: The current work item for DID is to develop spec to W3C formatted CG spec... one topic that has come up is that DIF has said it's taking up the work... how does that work with the CG.
Drummond Reed: I'm wondering if there are any other folks from DIF on the call?
Christopher Allen: I've invited a number of DIF folks to the call, but Drummond, you're the only one that's here.
Dave Longley: Voip-vctf: a0 is Drummond Reed
Christopher Allen: I'd like to know more about what's going on with the DIF - I thought they were focused on implementation, but now I'm hearing that they want to tackle DIDs as a spec - I want to figure out how to coordinate.
Christopher Allen: There are other people here that want to move DIDs forward in this group, so that's the question.
Christopher Allen: No other DIF folks here that I know of.
Drummond Reed: Yes, that's what I was trying to figure out - what other DIF folks are here - Manu asked the question - where are the specs going to live?
Drummond Reed: I'm on the DIF steering committee - ironically, I'm both torn and neutral on the topic. I don't want to see them as any fiefdom, that includes DIF - the work that DHS has been sponsoring is to get the work done - I'm not bringing any particular prejudice here - most of my work has been done at Oasis. I suggested in the email thread that this group and DIF sit down and have a discussion and come to a conclusion.
Drummond Reed: With the CG, there is a low bar to participation... W3C WGs there is a higher bar - IETF has a higher bar... I'm open to whatever can work best as long as the work can move foward and get implemented.
Dave Longley: +1 For moving spec forward via W3C CG
Christopher Allen: One of the advantages of a CG is that a spec that is nurtured here is not actually a formal official international standard - that's what WGs do, there is no lock in to have that spec worked on. But, it does have advantages - it's a bully pulpit - these were incubated at RWoT - we're reaching a point where we want more peer review from just Rebooting. I think this CG would be great to move CG to next level. It doesn't have that lock in, but it has rigor.
Christopher Allen: I don't want an implementation oriented group solely working on the spec - big believer in working code, so that side of it I want to respect, but I watn to make sure it's not purely an implementation thing.
Kim Hamilton Duffy: I know we have a lot to talk about wrt. DIF - let's think through action items and continue this next week.

Topic: Reputation Systems

Angus Champion de Crespigny: I'm going to review what we discussed at Rebooting Web of Trust - lot of questions on reputation and the impact of what can be developed - what we can do in decentralized context - looked at reputation - tried to define design considerations for any reputation system.
Angus Champion de Crespigny: We thought about differing instances - thought of N considerations of reputation systems - we did not take a stand on best practices - but some of these are more clear than others.
Angus Champion de Crespigny: We wanted to lay out what these were - how they operated - something that can be used in any decentralized reputation system.
Kim Hamilton Duffy: Dlongley -- will you be able to attend/present next week or the following? I want to make sure we give you enough time
Angus Champion de Crespigny: We start higher-level and then step through...
Angus Champion de Crespigny: Context: what is the reputation value applicable to? What can be understood about an entity by seeing their reputation value(s)?
Angus Champion de Crespigny: For example, good rating on Trip Advisor doesn't mean that the food is good - people that are at that restaurant like the food, what's being measured needs to be designed.
Angus Champion de Crespigny: Participation: how is it defined who can and can’t participate, and who can and can’t have a reputation value assigned?
Angus Champion de Crespigny: Consent: Is consent required by a user to issue claims or a reputation value against the user? Is consent required to reveal claims or a reputation value of a user?
Angus Champion de Crespigny: Is consent required to reveal these claims - can you be in the system - once you're in the system, what can be done?
Angus Champion de Crespigny: Confidentiality, once you're in the system, can you be discovere?
Angus Champion de Crespigny: Obfuscation: To meet consent requirements, how is data that calculates a reputation value obfuscated? Can it be derived or is it perfectly information concealing?
Angus Champion de Crespigny: Value: How is the reputation value calculated? How are claims contributing to the reputation value normalized?
Angus Champion de Crespigny: How it's generated.
Angus Champion de Crespigny: Performance: How does the system manage the performance and behavior of the users? How does it manage the performance of the network for speed, reliability, and data integrity? How do users have confidence in this?
Angus Champion de Crespigny: Sustainability: How does the system stay relevant over time?
Angus Champion de Crespigny: Claim lifecycle: How are claims valued over time? Can they be revoked, and under what conditions?
Angus Champion de Crespigny: Resilience: How does the system protect against attacks that reduce the integrity of the reputation value?
Angus Champion de Crespigny: Legal: What is the legal environment in which the system sits? Are there potential violations of ‘natural’ law?
Angus Champion de Crespigny: We want to develop this further into best practices...
Christopher Allen: A little context here - one of the key things here - why this is valuable...
Christopher Allen: I wrote about the problems with various kinds of rating systems - link to article there - rating systems are hard, reputation systems are even harder.
Christopher Allen: For very first RWoT - asked expert on reputation systems - wanted him to participate - he submitted the paper above.
Christopher Allen: Reputation in the real world... why they're so hard and difficult to work on. Every RWoT has attempted to do work on reputation systems... a number of them haven't been able to ship their work product, it's difficult - five star rating system... other people will say "it needs to do X instead"
Christopher Allen: What I like about Angus' group - it lists a set of things where you can evaluate one reputation system against another.
Christopher Allen: In any of these systems, folks want to publish reputation, and I have some real concerns about quality of that - we'll finish publishing first draft in RWoT - we want to wait, share to broader community - look through 10 things, make sure description of 10 things - we can look at these other things to compare.
Kim Hamilton Duffy: We'll hear about RDF Dataset Canonicalization next week.
Kim Hamilton Duffy: We're carrying a lot of items over to next week...

Topic: Next Meeting

Christopher Allen: What work item reviews should we do after Dave's next week? How do we get other people to join us to help make priorities?
Kim Hamilton Duffy: We need to discuss DID spec w/ DIF, that's a continued topic of discussion.