The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-10-31

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0116.html
Topics
  1. Status of Action Items
  2. Credential Handler API
  3. W3C TPAC Planning
  4. Post RWoT DID Spec
Organizer
Kim Hamilton Duffy, Christopher Allen
Scribe
Mike Lodder
Present
Mike Lodder, Kim Hamilton Duffy, David Chadwick, Christopher Allen, Ryan Grant, Dave Longley, Joe Andrieu, Manu Sporny, Susan Bradford, David I. Lehn, Adrian Gropper
Audio Log
Mike Lodder is scribing.

Topic: Status of Action Items

Kim Hamilton Duffy: Will cover the DID PR
David Chadwick: Lifecycle document - haven't updated the document to Markdown yet.
Christopher Allen: Need more clarity on the webpage about what's been reviewed work items as opposed to what still needs to be reviewed
Christopher Allen: Also not sure about WoT items having been approved / voted
Ryan Grant: +1
Kim Hamilton Duffy: I will clarify work items that have been voted on vs approved
Dave Longley: +1
Kim Hamilton Duffy: Deadline passed last week for DID PR
Joe Andrieu: Can we get the PR url?
Manu Sporny: We just want to know if the new set of changes are a step in the right direction. We still need to fix some language things from RWOT
Christopher Allen: +1
Manu Sporny: Does everyone believe that the PR overall improves the spec?
Christopher Allen: No issues with PR but I haven't done a formal review
Ryan Grant: Believe the PR is ok with direction
Dave Longley: I recommend +1 for merging -- and outstanding problems get a new, specific github issue
Mike Lodder: +1 Dlongley
Ryan Grant: It doesn't have "//" that results in a location
Manu Sporny: DID are URL's, maybe introduce the concept of DID needs to be redone

Topic: Credential Handler API

Kim Hamilton Duffy: DavidC should take the lead on discussing API spec
Dave Longley: +1 Reword introduction, more focus on stable ID vs. "new" thing that isn't quite a URL (which it isn't)
Kim Hamilton Duffy: Credential API github issue: https://github.com/w3c-ccg/credential-handler-api/issues/1
David Chadwick: FIDO protocol was used and keys are stored not the smartphones and computers
David Chadwick: Presented to others from JOSE / Web Authentication and they say its now out of date
David Chadwick: To look at other specs at W3C
David Chadwick: The interface is easy to use and tested with hospital patients
David Chadwick: Hospital patients like it much better
David Chadwick: With his interface users didn't need to enter usernames or passwords
Dave Longley: Web authentication should be viewed as complementary vs alternative to credential handler api
Dave Longley: What are the reasons why your approach is easier
Dave Longley: How does this stuff work on the web?
David Chadwick: Credentials are on the device
David Chadwick: Its easier to use because there are less steps involved
David Chadwick: Manu's was cumbersome and complex
David Chadwick: The phone handles the logic and allows the user to choose consent
Dave Longley: Credentials handler can potentially live on the device or can live on the web in a secure location
Ryan Grant: That was/is my question: how are credentials reestablished in case the device is lost?
Dave Longley: The interface is dependent on the software implementer
Dave Longley: The point is to have the browser do the minimum amount of work
David Chadwick: The protocols need to be standardized to allow for mixing and matching
Ryan Grant: Where are the separation of concerns addressed?
David Chadwick: I would like the protocol between the inspector and holder to be standardized
Dave Longley: +1 For standardizing the "policy"/"query" and response
David Chadwick: Whatever approach we choose should be compatible with how browsers are today
Ryan Grant: I understand the focus and will consider lost devices a problem to be solved by implementaitons.
Manu Sporny: Agree that the way to get browser adoption is to make the browser vendors do as little as possible.
Mike Lodder: +1 Rgrant, that problem is up to the vendor To solve
Dave Longley: Credential handler api is lower than the layer that DavidC was talking about
Christopher Allen: Time check. TPAC review is critical path.
David Chadwick: Allowing multiple wallets adds lots of complexity
Dave Longley: Different wallets can provide different credentials
Kim Hamilton Duffy: Do we have any action items to close out this topic
Ryan Grant: Do we have consensus that it fits?
Ryan Grant: I think so
Manu Sporny: I don't think this is an item that gets closed out
Kim Hamilton Duffy: Manu will guide us through TPAC

Topic: W3C TPAC Planning

Manu Sporny: Give a heads up to W3C group about what we are trying to do
Joe Andrieu: +1 On slide deck, btw. That's my review. =)
Manu Sporny: This shows how to combine: credential handler, DIDs, and web payments
Manu Sporny: And addresses some use cases
Manu Sporny: Here's how we are doing it
Manu Sporny: How to refine the pitch for self sovereign web
Kim Hamilton Duffy: What time constraints are there for the chairs to review our proposals
Ryan Grant: Go Oma!
Kim Hamilton Duffy: To start a slide deck to address the action items
Ryan Grant: Very visual slides, loved it
Christopher Allen: I'm limited on time. I'm hoping that I don't have to spend all day Wednesday.
Ryan Grant: Meh
Christopher Allen: We said last week there will be no call next week.
David Chadwick: +1

Topic: Post RWoT DID Spec

Christopher Allen: We should first dive into post #RWOT spec first, then Post IIW DID spec.
Susan Bradford: Drummond is confirmed to attend
Kim Hamilton Duffy: No meeting next week but we will dive into DID spec stuff after that