The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2018-02-13

Mike Lodder is scribing.
Joe Andrieu: Give Marcus 5 minutes to talk about DID-AUTH
Joe Andrieu: Bulk of the call will focus on Object Capabilities
Manu Sporny: Need time to discuss DID-Spec
Kim Hamilton Duffy: Please cover verifiable credentials
Christopher Allen: Need to cover verifiable credentials/claims especially before the next RWoT

Topic: Announcements

Joe Andrieu: Disc golf tournament with RWoT
Joe Andrieu: Going to update the functional identity primer
Joe Andrieu: Want a 5 minute presentation on the primers
Joe Andrieu: Announcement - reconciliation draft for DID-Spec before RWoT
Christopher Allen: Some of us are trying to align ourselves on manu's code changes, will that week long stand up work for everyone else
Joe Andrieu: IIW is coming up, will send out discount code
Joe Andrieu: Verifiable claims meet up that same week
Kim Hamilton Duffy: Updates have been made to various work items
Kim Hamilton Duffy: @Mike-lodder -- I'll do that
Manu Sporny: DID Spec we are in post hardening phase
Manu Sporny: Digital Bazaar is actively coding against the latest version
Manu Sporny: I have processed many of the last issues either as things to do and will not do
Manu Sporny: Only closing issues that were consensus exists
Kim Hamilton Duffy: Update on action items [scribe assist by Kim Hamilton Duffy]
Manu Sporny: And why its being closed
Kim Hamilton Duffy: Kim finished these action items - Chairs to add potential works items section to main W3C-CCG page (educational, object capabilities, etc.) (Kim) - Add updated Credentials Community Group 2018 WBS graphic onto landing page (Kim) - Add link to WBS on home page (Kim) - Chairs to create VC examples repo
Manu Sporny: For two more weeks will try to close as many of those as possible so implementers can be sure of their implementations
Kim Hamilton Duffy: Kim finished these action items: Chairs to add potential works items section to main W3C-CCG page (educational, object capabilities, etc.) (Kim); Add updated Credentials Community Group 2018 WBS graphic onto landing page (Kim); Add link to WBS on home page (Kim); Chairs to create VC examples repo
Christopher Allen: Manu - when can we tag features as finalized and have confidence in them
Manu Sporny: Still in pre 1.0 phase of the DID Spec
Manu Sporny: Using semantic versioning on the DID Spec
Kim Hamilton Duffy: Kimhd is also closing these action items: Chairs to assign Joe as owner of CCG process, Chairs to assign Manu as Registry Process owner [scribe assist by Kim Hamilton Duffy]
Manu Sporny: We have not been categorizing issues in the prerelease phase
Christopher Allen: When do categorize versions as finished like 0.9 or 0.10
Manu Sporny: Usually done by signaling the community that a version is done or for a specific version is still being worked on
Kim Hamilton Duffy: Kimhd closing action item: W3C-CCG to complete reconciliation of #RebootingWebOfTrust & Hardening changes (All, due end of January _ *COMPLETE* [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: Kimhd closing action item Sending out additional details about RWoT in Santa Barbara (Joe)*COMPLETE* [scribe assist by Kim Hamilton Duffy]
Manu Sporny: No real hard and fast rule to communicate this
Manu Sporny: These are living specs, stable are versions that have been approved by W3C
Joe Andrieu: Would like this more formalized, where are we and how do we do living standards
Joe Andrieu: We can take the discussion offline
Drummond Reed: Will have one more DID Spec closure call this Thursday
Drummond Reed: Just covering issues management until all can be resolved online
Drummond Reed: We should have many implementations of DID Method Specs at RWoT
Drummond Reed: I would like to see coming out of RWoT multiple V1 specs
Kim Hamilton Duffy: Looking for feedback on Edu/Occ VC - as described in
PROPOSAL: Create an Education and Occupational Credentials Task Force
Manu Sporny: +1 To Occedu VC Task Force
Dave Longley: +1
Kim Hamilton Duffy: Ready to finish that
Ryan Grant: +1
Kim Hamilton Duffy: Will link final proposal
Nate Otto: +1 To occupational/educational task force (will participate)
Kim Hamilton Duffy: Still need to shape the remaining work items with the task force
Manu Sporny: +1
Kim Hamilton Duffy: Some short term and others long term, to meet once a week similar to DID Spec hardening
Dave Longley: +1
Nate Otto: There are specific work items for this task force, but likely to do more discovery around work items that are not yet fully defined. We'll start with an Open Badges/Verifiable Credentials unification proof of concept. (Asserting an Open Badge in a VC envelope)
Joe Andrieu: Call for consensus for the task force
Adrian Gropper: +1
Ted Thibodeau: +1
Drummond Reed: +1
Mike Lodder: +1
Jarlath O'Carroll: +1
Chris Webber: +1
Kim Hamilton Duffy: +1
Joe Andrieu: +1
Greg Linklater: +1
Christopher Allen: +1
RESOLUTION: Create an Education and Occupational Credentials Task Force as described in
Joe Andrieu: Formally approved to create the task force
Christopher Allen: @Joe May be a good example of exploration work item
Markus Sabadello: Selected by British Colombia government to implement a working version for DID-AUTH

Topic: DID Authentication

Markus Sabadello: BC Gov has many scenarios where DID-AUTH is applicable
Markus Sabadello: DID-AUTH is basically proving control over a DID-Doc
Markus Sabadello: DID-AUTH is proof of control and endpoints over TLS
Markus Sabadello: Applies to browsers, QR codes
Dave Longley: Credential handler provides a DID-AUTH mechanism via the browser
Markus Sabadello: Service-to-service endpoints, and as log in mechanisms
Markus Sabadello: Idea is to implement everything in an open way and DID Method agnostic
Markus Sabadello: Looking for any feedback on this
Joe Andrieu: Is there a DID-AUTH spec work item
Markus Sabadello: Not yet but I am working some documentation that could become the basis for a spec
Manu Sporny: We have done some work in this area also in the credential-handler which is DID-AUTH in the browser and verifiable credentials
Manu Sporny: The core messages themselves can be reused in the BCGov implementation
Dave Longley: And the original design was to create messages that could flow over different mediums, not just the browser.
Manu Sporny: The messages are medium independent
Manu Sporny: Demo to credential handler:
Dave Longley: A "Verifiable Credential" can simply be a "PublicKeyCredential" which is just an assertion that you have a certain public key ... which can be checked by going to a DID ledger.
Manu Sporny: And technically, this is already a work item for the group --
Joe Andrieu: We will be creating a work item for DID-Auth
Dave Longley: And the credential handler API supports any Verifiable Credential -- so it covers that simple "DID AUTH" case as well as others.

Topic: Object Capabilities

Joe Andrieu: Cwebber and mark miller have been working Object Capabilities and use cases
Chris Webber: Object Capabilities are a way to security through a flow rather than a typical access control list (all)
Chris Webber: Acl
Chris Webber: Object capabilities using a linked data system
Dave Longley: Ocap: "just use a key to get in" vs. acls: "a list that says who can do things"
Chris Webber: The newer specification has some minor changes made since the previous RWoT
Dave Longley: Note: ocaps vs. acls .... using a key (ocap) is better because it only fits into a particular lock -- using a list with names on it (acl) makes it too easy to trick those people into doing things for others that weren't intended.
Chris Webber: Attenuated keys are used for restricted capabilities
Chris Webber: Ccg wants to take this spec on now that more details have been written
Chris Webber: Close to first working implementation
Joe Andrieu: Will do a formal consensus call to adopt ocap as a work item
Manu Sporny: Ocap for decentralized permissions with DID's and verifiable credentials/claims
Manu Sporny: Verse one will use ocap and no acls
Dave Longley: Very simple version of a DID that uses ocap:
Manu Sporny: We believe we've figured out a way to integrate this into linked data signatures
Dave Longley: The gist shows how this fits really nicely with the approach taken with the DID spec so far.
Ryan Grant: What about this should be method specific
Ryan Grant: What is the recommendation for someone who wants to integrate this
Manu Sporny: At RWoT there was hesitation to integrate this at the general DID Spec level
Manu Sporny: This is still experimental
Joe Andrieu: Lost my voip
Joe Andrieu: I'm surprised IRC is still responsive.
Joe Andrieu: Chris or Kim? Could you take over moderating?
Manu Sporny: We don't feel comfortable recommending yet at the general level yet because each method will have specifics that are different
Christopher Allen: Ocap architecture is not new, but has not been successful because the need has not been sufficient, acl has been adequet
Manu Sporny: Yes, I didn't mean to imply that that ocap is a "new concept"... it definitely isn't and a LOT of thought/implementation has gone into it.
Christopher Allen: We're finally reaching a point where the weight of the acl system is hurting us
Drummond Reed: I think we need to differentiate between using the OCAP model with a particular Sovrin method and using it as a general pattern of authorization between DID subjects. Both are important.
Manu Sporny: I was just saying that it's new to this group and new to "blockchains", which are new themselves... so... LOTS of NEW stuff going on, which makes some organizations very nervous about deployment.
Adrian Gropper: How much of this is interacting with DIF
Drummond Reed: DIF is pursuing a hub model are trying to solve the same problem that ocap solves but their thinking isn't far enough along yet
Ryan Grant: If veres one is doing anything with ocap outside of DID updates and if other method specs should consider it with their own
Drummond Reed: Verifiable credentials is a general pattern to do ocap
Manu Sporny: Chris has a great part of the spec that he wrote that goes into how all this fits together:
Drummond Reed: Sovrin is planning to use it
PROPOSAL: Adopt the Linked Data Object Capabilities specification as a work item.
Kim Hamilton Duffy: +1
Ryan Grant: +1!
Chris Webber: +1
Drummond Reed: +1
Christopher Allen: +1 As a work item
Dave Longley: +1
Mike Lodder: +1
Ted Thibodeau: +1
Adrian Gropper: +1
Benjamin Young: +1
Joe Andrieu: +1
RESOLUTION: Adopt the Linked Data Object Capabilities specification as a work item.
Joe Andrieu: For the record, these +1s were for adopting the LD-OCAP specification as a work item of CCG
Moses Ma: Question for Manu: How does LD-OCAP work with or compete against SOLID?
Manu Sporny: Moses, its complementary
Manu Sporny: Open questions are should ocap be the required way to do this?
Ryan Grant: Thanks manu! so far, i hear a layer of abstraction.
Moses Ma: See you all in Santa Barbara!