The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2017-12-12

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2017Dec/0019.html
Topics
  1. Introductions / Reintroductions
  2. Announcements
  3. Status of Work Items
  4. DID Spec Change Requests
  5. Other Topics
Action Items
  1. Chairs to suggest adding Object Capabilities, registry, process, etc. as potential work items on main w3c-ccg page
  2. Kim provide feedback on VC Browser API and polyfill re BTCR
  3. DavidC review spec to see if privacy and security reqs language is in spec and provide changes if not
Organizer
Kim Hamilton Duffy, Christopher Allen
Scribe
David Chadwick
Present
David Chadwick, David I. Lehn, Kim Hamilton Duffy, Christopher Allen, Manu Sporny, Joe Andrieu, Drummond Reed, Dave Longley, Ryan Grant, Ted Thibodeau, Moses Ma, Kyle Hartog, Zachary Larson, Christian Lundkvist, Markus Sabadello
Audio Log
David Chadwick is scribing.

Topic: Introductions / Reintroductions

David I. Lehn: Hi, my name is Dave Lehn, I work for Digital Bazaar with Dave and Manu working on technologies related to payments, identity, and blockchain.

Topic: Announcements

Kim Hamilton Duffy: Next week's agenda will be spent mostly on planning next year's work
... No meeting on Dec 26 or Jan 2
... First meeting in 2018 will be Jan 9th
... Virtual Hackathon will take place in week January 15th-19th
Christopher Allen: +1
Manu Sporny: Are group happy to pull in change request for editorial changes?
Manu Sporny: For abstract and overview section
ACTION: Chairs to suggest adding Object Capabilities, registry, process, etc. as potential work items on main w3c-ccg page
Manu Sporny: No action on Veres One DID Method spec
Joe Andrieu: Sounds great, Manu. any participation will help.

Topic: Status of Work Items

Kim Hamilton Duffy: No update on W3C-CCG to discuss reconciliation of #RebootingWebOfTrust & Hardening changes
Manu Sporny: Joe rewording changes to abstract
Manu Sporny: 2 PRs can be accepted
Manu Sporny: Next big change is pulling authz stuff out
Drummond Reed: OCAP = object capabilities
Manu Sporny: Ocap and hardening changes are next ones for the spec
David Chadwick: Want people to read the doc; pass comments. [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Bigger than doc a few months ago. Topics such as holder != subject, objections to VC. Needs people to review and comment
David Chadwick: Scope is looking at how people collect attributes, wove in feedback from TPAC [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Would be happy for anyone to join and give feedback
Christopher Allen: Some feel like issues and/or pull requests.
David Chadwick: Would be happy for document to be reused in other areas [scribe assist by Kim Hamilton Duffy]
Manu Sporny: +1 For documents as group work items, shuffling text to where it should go across all work items.
Next topic: engagement model
Joe Andrieu: Hope to have next draft by January.
Next topic: browser api and polyfill
ACTION: Kim provide feedback on VC Browser API and polyfill re BTCR
Dave Longley: Looking for people to write code to test against our code
Dave Longley: Hoping to talk to google next year
Kim Hamilton Duffy: "Privacy & Security Requirements for Credentials Ecosystem"
Next topic: privacy and security requirements
Kim Hamilton Duffy: Is this a work item or should it be rolled into data model spec
David Chadwick: Has been superceded by answers to a set of questions on privacy issues in the context of WG [scribe assist by Kim Hamilton Duffy]
Dave Longley: W3c has a sort of "standard" questionnaire that i've linked to above^
David Chadwick: Perhaps we can fold text into docs [scribe assist by Kim Hamilton Duffy]

Topic: DID Spec Change Requests

#36 Change "identity" language to "identifier".
Joe Andrieu: Change subject entity to subject
Drummond Reed: +1 For just using "subject"
ACTION: DavidC review spec to see if privacy and security reqs language is in spec and provide changes if not
Manu Sporny: +1 To go to subject. [scribe assist by Manu Sporny]
Dave Longley: +1 That's what a DID doc is post RWoT.
Joe Andrieu: Thinks his current summary is OK, any one objects?
Drummond Reed: Authz are message specific, so need to be more concise in the spec
Dave Longley: S/message/DID method/
Drummond Reed: Open issue are the documents for key management or only for specific types of keys
Manu Sporny: There is a new tool for repository has a preview link and a diff link
Manu Sporny: Diff shows word for word changes
Joe Andrieu: We are talking about modification rather than authz
Christopher Allen: How about add text "plus method specific information to support proof and key management"
Drummond Reed: +1 To "modify" or "update" ("update" being one of the CRUD terms)
Kim Hamilton Duffy: Also +1 to "modify" or "update"
Christopher Allen: Method needed for updating the document
Drummond Reed: Key management isn't always method-specific. Methods MAY have method-specific key management, but there's also key management that's not method-specific.
Manu Sporny: DID doc is not only about key management.
Dave Longley: +1 DID doc is not just about key management
Manu Sporny: Is it about update and modification or general authz
Drummond Reed: I would never say it's "just" about key management. But I think key management is a key part (sic) of what DID documents are about.
Joe Andrieu: +1 To more than key management
Dave Longley: I think a DID doc is about establishing an independent entity and being able to authenticate that certain activities/actions were performed by that entity -- and to interact with that entity via services.
Manu Sporny: We cannot control what people will put in DID docs
Manu Sporny: But we have to say how keys, authn and authz are dealt with
Joe Andrieu: Keys are technology specific. there will be other mechanisms in the future. "Authentication" is an attempt to embrace other potential means for vetting actors
Manu Sporny: This discussion will continue in the DID hardening meetings
Manu Sporny: Comment thread here - https://github.com/w3c-ccg/did-spec/pull/36
Joe Andrieu: Please put your comments in the PR
Drummond Reed: Agree with Manu about his comments of the focus of the DID spec hardening meetings
Kim Hamilton Duffy: +1
#34 Move standard key descriptions to separate specification.
Drummond Reed: I agree with Manu that we need to close on the DID spec hardening discussions before we know what the structure of a key description registry will look like.
Manu Sporny: We are less certain about this PR than the other ones
#33 Split DID Method Registry out of specification.
Ryan Grant: +1 For splitting out registry, and this pull request
Drummond Reed: +1 To the overall idea of having a separate key description registry. It's an alternative to the super-structured and heavyweight approach of https://tools.ietf.org/html/rfc7517.
Manu Sporny: This is straightforward PR. Should not be any objections to it
Drummond Reed: No objection to splitting out the DID method registry.

Topic: Other Topics

Ryan Grant: Manu can you point us to tools for creating html docs with gif images
Manu Sporny: Htmldif is a tool you can run on the command line
Ryan Grant: Respec: stuff for our work
Manu Sporny: I will find a link for respec
Christopher Allen: Is there a good doc on creating/modifying respect docs?
Manu Sporny: Do we keep on with DID hardening or move onto another topic
Drummond Reed: Goal of DID hardening meetings is to close the issues
Drummond Reed: Still have 4 or 5 more issues on the list
Christopher Allen: Can we get some of the people that are not active in CCG, but coming hardening, at virtual hackathon?
Kim Hamilton Duffy: The hackathon would be a good place to work on DID hardening
Dave Longley: +1 To take care of easier points first :)
Drummond Reed: Ok, what I could volunteer to do is do a refresh on the DID spec hardening Google doc to prioritize issues by (what appear to be) easiest to hardest, and then work from easiest to hardest if that will work best.
Christopher Allen: Can we separate issues into easy topics, ones that need more discussion in January etc.
Dave Longley: +1 For easiest to hardest
Manu Sporny: +1 To Drummond's proposal... feels like that has the best morale outcome :P
Christopher Allen: We need to move DID hardening back to CCG calls
Dave Longley: That also gives more time for the harder items to stew and be discussed in other channels
Drummond Reed: Yes, I'm thinking we may want to start moving some of the DID spec hardening issues over to github so we can have dedicated discussion threads about them.
Drummond Reed: I can do PRs on the ones we've resolved, if you'd like... [scribe assist by Manu Sporny]
Dave Longley: +1 To using github
Christopher Allen: Work items should be chosen by group, and if no discussions within a week, then they should be accepted in the following week
Manu Sporny: Drummond, I also setup David Chadwick w/ his Github editor stuff, so we could do the same w/ you when you have the time.
Kim Hamilton Duffy: +1
Christopher Allen: We are not approving the content, but that it should become a work item
Manu Sporny: +1 To doing PRs on the issues we've resolved [scribe assist by Drummond Reed]
Christopher Allen: The work items should then be visible on the group's home page
Ryan Grant: +1 To make things actually work items
Christopher Allen: The registry doc should be an official work item
Manu Sporny: The DID registry and the process document are two further work items
Manu Sporny: There are two registries: DID and revocation
PROPOSAL: Adopt Credentials CG Registry process and Linked Data Keys Registry and DID Method Registry as Work Items.
Christopher Allen: +1
Manu Sporny: +1
Ted Thibodeau: +1
Dave Longley: +1
Christopher Allen: +1
Kim Hamilton Duffy: +1