The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-10-31

Mike Lodder is scribing.

Topic: Status of Action Items

Kim Hamilton Duffy: Will cover the DID PR
David Chadwick: Lifecycle document - haven't updated the document to Markdown yet.
Christopher Allen: Need more clarity on the webpage about what's been reviewed work items as opposed to what still needs to be reviewed
Christopher Allen: Also not sure about WoT items having been approved / voted
Ryan Grant: +1
Kim Hamilton Duffy: I will clarify work items that have been voted on vs approved
Dave Longley: +1
Kim Hamilton Duffy: Deadline passed last week for DID PR
Joe Andrieu: Can we get the PR url?
Manu Sporny: We just want to know if the new set of changes are a step in the right direction. We still need to fix some language things from RWOT
Christopher Allen: +1
Manu Sporny: Does everyone believe that the PR overall improves the spec?
Christopher Allen: No issues with PR but I haven't done a formal review
Ryan Grant: Believe the PR is ok with direction
Dave Longley: I recommend +1 for merging -- and outstanding problems get a new, specific github issue
Mike Lodder: +1 Dlongley
Ryan Grant: It doesn't have "//" that results in a location
Manu Sporny: DID are URL's, maybe introduce the concept of DID needs to be redone

Topic: Credential Handler API

Kim Hamilton Duffy: DavidC should take the lead on discussing API spec
Dave Longley: +1 Reword introduction, more focus on stable ID vs. "new" thing that isn't quite a URL (which it isn't)
Kim Hamilton Duffy: Credential API github issue:
David Chadwick: FIDO protocol was used and keys are stored not the smartphones and computers
David Chadwick: Presented to others from JOSE / Web Authentication and they say its now out of date
David Chadwick: To look at other specs at W3C
David Chadwick: The interface is easy to use and tested with hospital patients
David Chadwick: Hospital patients like it much better
David Chadwick: With his interface users didn't need to enter usernames or passwords
Dave Longley: Web authentication should be viewed as complementary vs alternative to credential handler api
Dave Longley: What are the reasons why your approach is easier
Dave Longley: How does this stuff work on the web?
David Chadwick: Credentials are on the device
David Chadwick: Its easier to use because there are less steps involved
David Chadwick: Manu's was cumbersome and complex
David Chadwick: The phone handles the logic and allows the user to choose consent
Dave Longley: Credentials handler can potentially live on the device or can live on the web in a secure location
Ryan Grant: That was/is my question: how are credentials reestablished in case the device is lost?
Dave Longley: The interface is dependent on the software implementer
Dave Longley: The point is to have the browser do the minimum amount of work
David Chadwick: The protocols need to be standardized to allow for mixing and matching
Ryan Grant: Where are the separation of concerns addressed?
David Chadwick: I would like the protocol between the inspector and holder to be standardized
Dave Longley: +1 For standardizing the "policy"/"query" and response
David Chadwick: Whatever approach we choose should be compatible with how browsers are today
Ryan Grant: I understand the focus and will consider lost devices a problem to be solved by implementaitons.
Manu Sporny: Agree that the way to get browser adoption is to make the browser vendors do as little as possible.
Mike Lodder: +1 Rgrant, that problem is up to the vendor To solve
Dave Longley: Credential handler api is lower than the layer that DavidC was talking about
Christopher Allen: Time check. TPAC review is critical path.
David Chadwick: Allowing multiple wallets adds lots of complexity
Dave Longley: Different wallets can provide different credentials
Kim Hamilton Duffy: Do we have any action items to close out this topic
Ryan Grant: Do we have consensus that it fits?
Ryan Grant: I think so
Manu Sporny: I don't think this is an item that gets closed out
Kim Hamilton Duffy: Manu will guide us through TPAC

Topic: W3C TPAC Planning

Manu Sporny: Give a heads up to W3C group about what we are trying to do
Joe Andrieu: +1 On slide deck, btw. That's my review. =)
Manu Sporny: This shows how to combine: credential handler, DIDs, and web payments
Manu Sporny: And addresses some use cases
Manu Sporny: Here's how we are doing it
Manu Sporny: How to refine the pitch for self sovereign web
Kim Hamilton Duffy: What time constraints are there for the chairs to review our proposals
Ryan Grant: Go Oma!
Kim Hamilton Duffy: To start a slide deck to address the action items
Ryan Grant: Very visual slides, loved it
Christopher Allen: I'm limited on time. I'm hoping that I don't have to spend all day Wednesday.
Ryan Grant: Meh
Christopher Allen: We said last week there will be no call next week.
David Chadwick: +1

Topic: Post RWoT DID Spec

Christopher Allen: We should first dive into post #RWOT spec first, then Post IIW DID spec.
Susan Bradford: Drummond is confirmed to attend
Kim Hamilton Duffy: No meeting next week but we will dive into DID spec stuff after that