The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-09-03

Kim Hamilton Duffy: Scribe list:
Manu Sporny is scribing.

Topic: Agenda Review

Kim Hamilton Duffy: Action item status, then update on ActivityPub and Mastadon, then DID spec issues updates/reviews.
Christopher Allen: This month we're leading up to RWoT... so we're going to be concentrating the next couple of meetings on items that are under development/consideration at RWoT... particularly, DIDs.
Christopher Allen: If there is anything else that folks would like to cover, please let us know.

Topic: Introductions / Re-introductions

Kim Hamilton Duffy: Andrew Hughes, please reintroduce yourself
Andrew Hughes: Hi, Andrew - do a lot of work in Kantara Initiative, looking at new ways of using things like Deccentralized Identifiers as a way of general purpose identification on the Internet.

Topic: Action Item Review

Kim Hamilton Duffy: Round robin to let us know how things are going...
Kim Hamilton Duffy: We'll skip Joe and DavidC because they're not on the call. We'll get on to DIDs later in this call.
Kim Hamilton Duffy: Data minimization?
Lionel Wolberger: No progress on my side...
Christopher Allen: I'll send information that I sent to Kim on Friday... pairs of things to talk about things - pairs perspective.
Lionel Wolberger: Let's use RWoT as an anchor so we can build inventory and run a session at RWoT on this topic.
Kim Hamilton Duffy: Finish propagating new name and mission statement - mission is out, people are being notified at W3C. Asking for feedback from W3C-types - mission s tatement is on CCG web page... good after final email notifications go out.
Manu Sporny: I think it was to contact NYTimes,etc. and I failed to do that, but it's on my TODO list, I'll get to it at some point. [scribe assist by Dave Longley]
Kim Hamilton Duffy: TPAC - any updates there?
Christopher Allen: It's an agenda item coming up real fast - they need to know if we're interested in speaking soon.
Christopher Allen: We can talk in VCWG - we could talk to entire community.
Moses Ma: Manu, can you send out Fake News email to get folks involved.
Kim Hamilton Duffy: Kim scribing for Manu
Manu Sporny: 3 Opportunities for TPAC [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...1. Weds entire community gets together. 10 minutes to say what you're trying to do. Be careful. Need to coordinate with VC group to make sure unified message. 300-400 pppl in room. no time for details
Kim Hamilton Duffy: ...2. Run a breakout session. ~1 hour. more thorough update on where things are
Kim Hamilton Duffy: ...Used in the past to convince other members of approach
Kim Hamilton Duffy: ...Longer forum; 20-50 ppl in general
Kim Hamilton Duffy: 3. Thurs/Fri many will be in VCWG. Talk to chairs to stake out time to talk about next steps.
Kim Hamilton Duffy: ...Indicate where we're heading
Kim Hamilton Duffy: ...If we can do all 3 that's best
Dave Longley: Quick update on credential handler API - it's coming along - polyfill implementation coming on nicely. Demo seems to be working on Edge, Firefox, Chrome, etc. It probably doens't work in Safari - looking for feedback - link to Credential Handler API repo is here:
Dave Longley: Looking for feedback on shape of API
Kim Hamilton Duffy: The Chairs will talk about TPAC.

Topic: ActivityPub and Mastadon

Chris Webber: ActivityPub is a standard that W3C has been working on for a while - SocialWG is working on it - federated social networking system. I fyou want to build alternative to YouTube, Flickr, Twitter, etc., you can use these APIs to build stuff out - it includes a client/server protocol to build mobile and desktop applications to talk to server.
Chris Webber: For this group, the server-to-server model is more interesting. It uses a Linked Data model - it's passing around JSON-LD using ActivityStreams as the vocabulary for the system. It's been building off of other systems doing stuff in this space - oStatus, pubsubhubbub, etc. It's a new protocol - it's currently at Candidate Rec at W3C.
Chris Webber: What's exciting at the moment is that Mastadon is rolling this out as their main federation protocol.
Chris Webber: What's neat about Mastadon is that you can see that both of us have been speaking to each other, even though we're on completely different servers. What's exciting about them is...
Chris Webber: Mastadon has nearly one million registered users - they are using Linked Data, JSON-LD, etc. It ties in ideologically with this group, more decentralized alignment...
Chris Webber: I wrote a paper for Rebooting Web of Trust, in that paper I go through a few different ways how we can integrate the work this group is doing and what that group is doing. At present, ActivityPub isn't very self-sovereign... it's hard to move to new nodes...
Chris Webber: ActivityPub doesn't specify why you should use Linked Data Signatures, but there is a good reason to adopt, so in the paper I describe how ActivityPub and this group align. Adding public keys and linked data signatures to ensure messages that pass through network are from who they say they are.
Chris Webber: ActivityPub does still rely on DNS and SSL certs, so there is still a core bit of centralization there - but it may be exciting with the work on DIDs, if we could open up those possibilities to more decentralized mechanisms.
Chris Webber: It would enable users to be more self-sovereign and move between different instances - we could transition from a federated model to a more decentralized, more peer-to-peer model. If public keys are on every actors profile, you're building a web of trust into the system w/o users realizing it - follow confirm connections, could be building a loose web of trust.
Chris Webber: I think that's exciting.
Chris Webber: The very day after writing the paper, Eugene wrote a PR for Linked Data Signatures support - which is great.
Christopher Allen: More specific to the Mastadon community, what would it take to get them to participate in RWoT?
Christopher Allen: With the goal of moving toward a DPKI - where is the low hanging fruit? Is it JSON-LD, is it Verifiable Claims? Is it Bitcoin, Ethereum?
Chris Webber: One thing I've noticed with Mastadon is that it's very practical. The move from oStatus to a more Linked Data system using JSON-LD was for a practical purpose... they wanted to do private messages. The adoption of HTTP SIgnatures and Linked data signatures was for practical purposes (message forwarding with integrity)
Chris Webber: I posted this paper to the Mastadon network - folks said they're interested, can get folks to add to RWoT
Chris Webber: One of the pain points is moving to different providers. Right now, you have to destroy history to move... but we could potentially help people move more easily with use of more decentralized identifiers.
Kim Hamilton Duffy: In terms of decentralized identifiers - are there any approaches that you've been leaning toward already? What is the lowest hanging fruit DID providers?
Chris Webber: There are some people that are aware of DIDs... but people seem to want to avoid too much computational burn. That is a lot of computation burn in Bitcoin... I've talked w/ Manu about more fit-for-purpose solutions, where that concern isn't as strong, maybe build DIDs on top of DHTs (even though I know some aren't excited about that route).
Chris Webber: We are going to have to prototype and build those types of systems before we can say for sure. If we end up having Mastadon adopting DIDs, we'd have a lot of smaller nodes generating identifiers. We'd have to assume that smaller nodes can participate in the system - where lots of identifiers wouldn't bog down the system too badly. That's the gut feeling I've gotten from bringing these spaces together.
Christopher Allen: To comment on the computational load - that load is only on creation of identity and identifiers - validating is very quick. The first time they're creating an identity, there may be a delay - a guardian relationship may be with first node, but you can move to self-sovereign when you move the first time.
Christopher Allen: More specific to some short term goals, if there are some people that are influential - could be persuaded to check out RWoT, I'd be glad to send them a personal invite to get them invovled. Just need to know who those people are.
Chris Webber: To be clear, I wasn't trying to downplay Bitcoin, just letting folks know the feedback I've gotten back.
Christopher Allen: With many of these systems, you can't have instant gratification, can't login instantly, etc. We may not want 1 million DIDs, only 200K need to be decentralized - so it may be a scaling thing - you only need a DID when you need to go completely self-sovereign or need to transfer.
Nathan George: DIDs make it possible to isolate your identity, so separation of work life and political life. Can context of identity be changed based on DIDs? Are you interested in collaboration there?
Chris Webber: I think you're talking about people being able to have multiple identities - is that correct?
Nathan George: Multiple identities is one way to think about it, private conversations w/ some groups is another potential. Current social networks don't give you much choice between fully private or fully public.
Chris Webber: One of the things that Diaspora innovated on was "social groups" - Google+ adopted that with Circles... don't know if that had as much success as folks though... but the way ActivityPub addresses it is - email style addressing - you can to, cc, bcc to send messages - give an array of participants, but you can also give a collection as a recipient. So you can have groups that you or someone else curate.
Chris Webber: You can have a "just friends" collection
Chris Webber: When you submit a post to your followers, every user has a followers collection which is an activity streams collection - so, one way you can tie in DIDs is to make one of those collections controlled by a DID. There are two different ways you can look at this...
Chris Webber: You can have DIDs for each aspect of your life, or you can have DIDs in each collection of actors.
Nathan George: Yes, great intro, thank you.
Manu Sporny: Thanks you, Chris. We know of and are big fans of the socialWG work. From a corp standpoint, we look at DIDs and the social Web protocols as the foundational layer for a number of interesting products in the future. Products where people own their data and identity. [scribe assist by Dave Longley]
Manu Sporny: They are freely able to exchange in legal economic activity. A lot of the work with the SocialWG helps with messaging with machine-to-machine and person-to-person. DIDs make the data more portable and people know about the Web Payments work going on. These technologies work well together and we expect them to converge. [scribe assist by Dave Longley]
Manu Sporny: Chris mentioned Mastodon being one potential adopter of this tech, our company is already building the social messaging stuff into our core platform. Dave can talk more about that if desired. It's not theoretical, it's practical, strong for profit reasons for implementing these decentralized techs. [scribe assist by Dave Longley]
Kim Hamilton Duffy: Great, thanks for the overview

Topic: DID Specification

Kim Hamilton Duffy: We are tracking a lot of issues now for the DID spec - Christopher, do you want to walk through Entity Profile discussion?
Christopher Allen: In the spec, there is an implied concept of entity information that is a composite of all of the Linked Data and many signatures that all combine into a large JSON-LD object that is an individuals representation of what they know about an entity.
Christopher Allen: This has been implied by the spec, but few implementations demonstrate this in a way that make people realize that there is a structure here. Also, how do you keep all of this in memory when you have many different types of signatures signed by other entities. There can be many things signed in parts.
Christopher Allen: How can we being to make this more prominent - you have it in memory, not in Javascript... how do you look at this entity and get people to understand one person's entity may be different from another person's identity? Because of different disclosures.
Christopher Allen: You may not have a complete description of the entity.
Christopher Allen: How do we start talking about this next level higher object - summary of a DID, DDO, Verifiable Claims associated with those objects... and DIDs/DDOs about those claims.
Kim Hamilton Duffy: As I moved BTCR more toward what was outlined in Veres One... in this DID spec, what is the role of whether it is addressing the Verifiable Claims ecosystem?
Kim Hamilton Duffy: In the previous thread, there is a discussion about Minimum Viable DID spec, I had some questions about DID spec V1 is meant to just cover authenticating as a DID and updating the DDO, or do we want to walk through some broader verifiable claims scenarios
Kim Hamilton Duffy: It seems like we want to talk about broader interaction of DIDs in that ecosystem. Just comment/question.
Manu Sporny: I'll attempt to outline the current thinking. It's really easy to get wrapped around the axle when talking big picture, especially when talking the technical implementation of the big picture. [scribe assist by Dave Longley]
Kim Hamilton Duffy: Ach manu
Lionel Wolberger: Add me to q pls?
Manu Sporny: DID spec should do minimum viable [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Auth as DID, update DDO
Manu Sporny: What we've found in our org, to get clarity, is to break the problem down into bite size chunks. The chunks we have right now are basically: the DID spec, which at least from our standpoint should do the minimal viable thing. How do you authenticate as a DID and how do you update the DDO. [scribe assist by Dave Longley]
Manu Sporny: Taking a first pass at that. In parallel in the VC work we are talking about making assertions and composing them together and so on. That work should be independent of the identifier used. However, when you put the DID stuff together with the VC stuff you get additional really interesting properties. [scribe assist by Dave Longley]
Manu Sporny: Like fully portable claims, moving from one wallet to another. Guardianship over identities, etc. The ability to compose all these decentralized things together. Christopher's questions revolve around what the ecosystem looks like when all the pieces come together. [scribe assist by Dave Longley]
Manu Sporny: And I think he's saying that we should think about how all these things fit together in the ecosystem we want to create. The concern is that, until we've really created a solid foundation for these other specs we can get wrapped up having the higher level discussion for quite a while. [scribe assist by Dave Longley]
Manu Sporny: This isn't a proposal that one way is better than the other, I think we'll have to iterate and bounce back and forth between the two. [scribe assist by Dave Longley]
Manu Sporny: I think in next 6-9 months we'll be doing iterations on DID and VC specs and then we see if it works. If it doesn't work we'll use that info to feed it back in and address the higher level problems. All that said, we've been doing that for 4 years. We feel that the general architecture we have now is valid. And that's why we're trying to nail things down a bit more. [scribe assist by Dave Longley]
Manu Sporny: So we can do implementations in code across multiple ledgers and validate it working in production. [scribe assist by Dave Longley]
Manu Sporny: Digital Bazaar's thinking is to nail these things down for testing in pilots or in production to make sure use cases are met. [scribe assist by Dave Longley]
Lionel Wolberger: That was a good lead in to what I wanted to ask - to achieve interop, the standards will have to guide people with how to format identifiers.
Lionel Wolberger: Can we point to a standard for location? GPS? How do we point to standards for expressing that?
Lionel Wolberger: Have we figured out all of the data serialization issues?
Dave Longley: IMO, URI is spec for the "identifier" ... more specific data can be a vocabulary discussion
Christopher Allen: Yes, JSON-LD is built to deal w/ serialization and canonicalization - we do have ways to do that.
Christopher Allen: How do you have a unique identifier? Legitimately claim ownership on - uniqueness - self-sovereign, etc. Right to update. Identifier that you control.
Christopher Allen: That is mostly a DID - it can point to DDO, which can contain additional information about an identifier. Self-sovereign verifiable claim - I call myself ChristopherA - unique to me as a root... I call myself christopherA - who I call kimhd is Kim. If people want to put in Verifiable Claims from different authorities that have more "realness", they're welcome to - participation only thing - prove that you're at a location, various standards to prove how to do that. I think we've met all of your base requirements, Lionel.
Christopher Allen: In the DID v1.0 draft that was posted, we predefined proofs to update, proofs to control, we had some language there - but were arbitrarily saying "these categories", in the new DDO thing, we're doing more capabilities based... but will have world expert on capabilities... here are what those proofs can do, etc. We're discussing how to do that right now.
Lionel Wolberger: Linked data enables you to create, share, reuse vocabularies at Web scale -- they define the semantics for whatever it is you want to express ... that includes "location" or whatever else, there are various linked data vocabs people are or have created, for example [scribe assist by Dave Longley]
Christopher Allen: Thing I'm wondering - last rev of this, we still don't have an issuer version of this...
Dave Longley: But regarding identifiers specifically, all we need is "URI" ... and a DID is a URI.
Lionel Wolberger: Thanks, I followed what you said - a claim that you're Christopher - when do we say that's Unicode. Do we have definitions for how name/location are represented?
Christopher Allen: There are representations - - can be unicode, that's relatively solid.
Christopher Allen: Internationalization is covered, variety of signature formats - we're adding more to them, but there is a whole discussion around more kinds of signature formats than we do right now, not a problem, working on it.
Christopher Allen: When you come to WoT vs. "Real Name", that's a credential - that's naturally centralized... I claim I'm ChristopherA - and you accept that or not... or you accept DMV.
Dave Longley: <--spec for expressing linked data as JSON-LD
Christopher Allen: That is a claim, it's doable with our system...
Christopher Allen: I want to understand why Longley and Manu removed issuer key...
Kim Hamilton Duffy: We have a hard stop in a few minutes, we have a full DID conversation next week.
Ryan Grant: I put a link to Veres One DID Method spec - I think the names "writeAuthorization" and "authenticatoinCredential" are great... had a bit of discussion w/ Manu about naming ...
Kim Hamilton Duffy: Have to go. bye
Mike Lodder: +1
Ryan Grant: The good thing that I see is to generealize guardianship, the bad thing is mixing what goes into a DDO and trying to turn that into a Verifiable Claims database... are we talking about putting a Verifiable Claim into a DDO? That doesn't seem like the purpose of the DDO.
Christopher Allen: You have to have some kind of pointer at a minimum
Ryan Grant: In the language of the DID spec, that is services...
Dave Longley: The data model (if you're using JSON-LD/RDF) supports doing that, but ledgers do not *have* to support it.
Manu Sporny: We're going to have to close out the conversation, this is the core part of the discussion that the group needs to have and to come to grips with. The Veres One issue that was raised identified what we believe to be a logical conflation in the DID spec that everyone has been making (including us). The feedback from BTCR made it even more clear that we need to shift things around. [scribe assist by Dave Longley]
Manu Sporny: It's not just a naming thing, it's about moving to a more capabilities based model, separating concerns so we don't tightly bind things that we need to. Christopher, there is no "issuer thing" because we haven't focused on it, doesn't mean it wont' be there in the future. We tried to focus and synthesize current feedback into the core issue people are having. [scribe assist by Dave Longley]
Manu Sporny: Wanted to focus on getting the foundation right so the rest of us can build on top of it. There's a certain order that we think we can discuss these things so the conversation doesn't go off into the weeds where lower level decisions impact higher level. Where we all want to be at the end is to cover all the use cases. [scribe assist by Dave Longley]
Manu Sporny: We think we've boiled this down to its essence but we need to discuss with the community -- next week's call. [scribe assist by Dave Longley]
Ryan Grant: I've read the links that I've been able to find and I'm unable to understand the logic there and I should be able to see a concrete example. [scribe assist by Dave Longley]
Ryan Grant: Haven't been able to see it. [scribe assist by Dave Longley]
Manu Sporny: Confused deputy problem, will bring to the conversation next week. [scribe assist by Dave Longley]
Ryan Grant: I saw an urge to generalize guardianship but I was unable to find other issues. [scribe assist by Dave Longley]
Manu Sporny: Not necessarily -- I'll try to put that in the issue before next week. [scribe assist by Dave Longley]
Ryan Grant: Thanks. [scribe assist by Dave Longley]
Christopher Allen: For the purpose of being able to issue Web of Trust VCs it doesn't meet my requirements for October. [scribe assist by Dave Longley]
Manu Sporny: I think the solution to your problem is to have an issuer credential in your DDO. The problem we had before is that we were using a single key to do multiple different things. Need to very tightly couple key purpose ... number of issues bundled together. [scribe assist by Dave Longley]
Manu Sporny: I'll try to explain that a bit more. [scribe assist by Dave Longley]
Ryan Grant: Definitely need a clearer read on that. [scribe assist by Dave Longley]
Ryan Grant: My reading of guardianship was clear. That the guardian had the capability to update. The error did not exist in other cases. [scribe assist by Dave Longley]
Manu Sporny: I will type something out. [scribe assist by Dave Longley]
Manu Sporny: Christopher, your concern is easy to address and it's an issuerCredential ... it's not in there right now but it's an easier thing to do. [scribe assist by Dave Longley]
Christopher Allen: Thanks. [scribe assist by Dave Longley]
Christopher Allen: Kim had to logout, to recap we'll have a discussion next week we'll have ethereum and blockstack (hopefully), BTCR, ... talking about what requirements we're missing in the latest discussion on DIDs. [scribe assist by Dave Longley]
Ryan Grant: My reading of guardianship was that its permissions were clear
Christopher Allen: In following weeks, we need to make sure bootstrapping and rebooting web of trust work well at RWoT, so we'll be prepping for it until then.