The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back


Credentials CG Telecon

Minutes for 2018-03-13

Dave Longley is scribing.
Kim Hamilton Duffy: Markus mentioned adding DID Auth to work items.
Kim Hamilton Duffy: So introductions, who is it that spoke up earlier?
Kim Hamilton Duffy: Could you introduce yourself?

Topic: Introductions

Andrew Hughes: Good to meet many of you at RWoT. I did a bunch of stuff with Markus and the crew there.
Andrew Hughes: I'm interested in federated identity and identity assurance. And identity relationship management. All complementary topics to the work here.
Andrew Hughes: I do much work with KantaraInitiative.org - we are starting to think about how to engage and bring in the new concepts that are developing here and at RWOT. [scribe assist by Andrew Hughes]
Kim Hamilton Duffy: Thanks Andrew.

Topic: Announcements

Kim Hamilton Duffy: Post DID reconciliation, implementers stand up -- anyone want to report from that and we can remove from announcements?
Manu Sporny: Based on all the discussions we had around the DID spec last week, we have proposed resolutions for almost every issue. A few issues came in end of week we'll have to discuss. PRs are starting to flow in, like 9.
Manu Sporny: Hopefully more will come in over time, maybe 27 PRs in waiting total.
Markus Sabadello: I joined the call at 17:07 same time as i joined on IRC, but don't know my voip id
Manu Sporny: Only about 9 are done. Many more to write up. All things said, we believe that all of the major implementer issues have been addressed in the spec now. There were a couple of people that raised a couple of issues last week and we're dealing with those.
Christopher Allen: Are you still meeting separately as a task force?
Manu Sporny: No significant implementer push back on the DID spec right now. We know the portions that are well worn are implementable. Per, at least the Veres One implementation, we're using the spec and it's going well.
Manu Sporny: Anything in a Google doc is now being pulled into the spec or will have PRs shortly.
Kim Hamilton Duffy: Thanks, Manu.
Mike Xu: Can someone post a link where these DID reconciliation PRs are at?
Manu Sporny: I haven't heard any mention of follow meetings so I think the task force might be done.
Manu Sporny: Drummond will need to weigh in.
Christopher Allen: Ok, would like to take the item off if finished.
Kim Hamilton Duffy: Right after IIW there will be a Verifiable Credentials F2F.

Topic: Report from Rebooting the Web of Trust 6

Joe Andrieu: Yes, so some of this is process related. Also DID Auth as a new action item. As requested, Markus put together a work item. Notably, we could do something at My Data 2018, presenting DIDs in the interop track.
Joe Andrieu: We should entertain that work item and see if there's enough support to do that as part of the group.
Christopher Allen: Url for proposal?
Kim Hamilton Duffy: Any follow up we need at the moment? Do we need to initiate the proposal process?
Joe Andrieu: So this is the start of the proposal process, I don't know if Markus is on the call.
Markus Sabadello: Yes.
Joe Andrieu: What support would you need to present DIDs in the interop track?
Joe Andrieu: How could we support you?
Drummond Reed: Note: I can't dial in; getting "all circuits are busy"
Markus Sabadello: I could present it myself, one idea would be to have maybe a panel and a number of implementers talk about that and present what they're doing. People presenting different DID methods or resolvers, registration, etc. DIDs are a rare example where interop seems to work in this space and My Data is looking for.
Markus Sabadello: If we had enough people presenting different DID code bases doing a panel is one idea. Getting experiences, what is everyone doing that. Working on this proposal would be as simple as who would be willing to come.
Joe Andrieu: For us in the CG, do we want to help Markus pull together this panel, is that correct?
Markus Sabadello: Yes.
Joe Andrieu: Let me note as one of the RWoT guys, we want to do something -- let's talk offline.
Joe Andrieu: Regarding this work item, I'm suggesting to Kim as chair that we put this up to see if we have enough support to make this happen.
Christopher Allen: Do we have at least 2 people?
Christopher Allen: Anyone else going?
Joe Andrieu: Only question is -- is there enough support to adopt this as a work item?
Nate Otto: Would love to see it happen -- cannot make the trip myself to https://mydata2018.org/ August 29-31 in Helsinki.
Manu Sporny: Drummond and I talked about having follow up DID Spec Closure calls and agree that we won't have further calls until we've worked the issues/PR list. If we have any remaining issues after that, we'll start the calls back up.
Kim Hamilton Duffy: Markus would you mind sending an email to the group and stage reaction there and follow up next week? What we're looking for is for people to sign up to support it.
Joe Andrieu: And to find folks to be on the panel.
Christopher Allen: Our key point is to gauge support — who else might be there, wish to help, etc.
Kim Hamilton Duffy: Any volunteers for action item workers?
Kim Hamilton Duffy: (For status reports)
Joe Andrieu: I just wanted to speak to spec-text training. I know we've all been traveling and we may not get to this before IIW. The co-chairs -- we don't know how to manage the spec text stuff.
Manu Sporny: Happy to do it.
Manu Sporny: Happy to have anyone else who wants to modify spec text, do PRs, etc.
Christopher Allen: I'd prefer next week.
Manu Sporny: I'm traveling solid until IIW. Maybe this Friday, let's take that offline and try and set up a call.
Joe Andrieu: Thanks, Manu.
Christopher Allen: I'd love a copy of that.
David Chadwick: Over the Christmas vacation period Manu spent quite a long time with me and I've got a Word document that I could share.
David Chadwick: So we might be able to use this to avoid further training.
Kim Hamilton Duffy: Excellent, could you forward that to the group please?
Christopher Allen: (Wow, davidc was choppy, then clear, then choppy, etc.)
Dave Longley: +1 To paste it into a Google doc
Dave Longley: And let people edit and update it.
Kim Hamilton Duffy: If you need help with getting into a Google doc, send it to me and I'll forward it.
Nate Otto: I can hear perfectly, connected via onsip. Probably not worth me speaking up for just a "canyouhearmenow?"
Kim Hamilton Duffy: We're trying to get alignment with Verifiable Credentials and Open Badges. We have a paper where we're wrapped up on that. Following up with some implementations. We've broken out peer claims questions.
Kim Hamilton Duffy: We want to see more examples of Verifiable Credentials coming from the education space specifically. That will be a separate paper coming a little bit later.
David Chadwick: Like achughes I could not get linphone to work on my mac, which is why I switched to onsip
Kim Hamilton Duffy: We will kick off the on going task force group meetings shortly.
Kim Hamilton Duffy: More details to come.
Christopher Allen: The draft results
Christopher Allen: Last week for three days we met at Santa Barbara. Joe hosted and did a great job. I put a URL in IRC on the drafts that were collaborated on there. Two categories - Primary papers, people spent the most time. As a new experiment we did "mandatory minor papers" with variety/odd ball topics.
Nate Otto: Kulpreet Singh submitted a mandatory minor paper on passive storage networks. The mandatory minor was a nice element of the event.
Christopher Allen: In summary, there were 13 drafts are there. Will continue meeting and get to final drafts. A number are candidates for potential work items. Not everything will be coming to the CCG, but the CCG might be interested in what's going on. That's my intro.
Kim Hamilton Duffy: I worked with Nate Otto on the educational/occupational VC topic. Nate took the charge on getting several options for VC/Open Badge alignment. There were two primary options for the proposed data model. We are interested in feedback from VC folks.
Kim Hamilton Duffy: The next one was BTCR. What we're doing there, during Rebooting, we spent a lot of time with minor questions, things that are method-spec specific. We're trying to figure out the right assumptions and defaults for the BTCR spec.
Christopher Allen: BTCR is a DID method
Kim Hamilton Duffy: We decided to turn the RWoT paper into a general paper with technical details. The motivation is to get on the same page with all the remaining decisions and then that we'll copy and paste into our method spec. We're hoping to get a two for one out of that.
Nate Otto: https://bit.ly/openbadges-rwot6 - we'll be submitting this via GitHub pull request tomorrow into the rwot6 drafts folder, but then it'll be open for feedback on "is this a method that you expect to be successful within both Open Badges-focused and Verifiable Credentials-focused tools?")
Kim Hamilton Duffy: I also really liked the mandatory minor idea. I worked with Christian and Ryan Grant and Drummond and Heather. We were talking about revocation. It started as a poorly formed idea like most mandatory minor papers. We were doing a light survey on approaches that were tried.
Kim Hamilton Duffy: And ones that may be successful in different contexts. It was surprising/interesting for me. The biggest highlight, when we talk about social recovery. You ask brother/mom ... 3 of 5 people to help you recover your identity. Drummond showed a work cloud and looked at key recovery. And huge front and center was Google. Family members small. That indicates to me that people are making a convenience trade off.
Kim Hamilton Duffy: It may be a lot of effort for me to dig up my mother and get them to do that. If there's an institution I mostly trust that could be available online and that's more convenient and an option. There were cultural bits that came into play.
Kim Hamilton Duffy: I am curious to turn that into something more complete, a larger survey, even social aspects interesting.
Ted Thibodeau: Blink's direct-connect to digitalbazaar fails for me through GoogleHome Wifi, works fine through Airport. Bridging through sip2sip works for both.
Ted Thibodeau: None of these are awesome, because workstation processors get bogged down in other tasks (that's a lot of the voice jitter that happens). Same is true of WebEx, Skype, and all the other voice chat tools.
Christian Lundkvist: I also worked on the key recovery topic. One of the things I want to do, I did a survey on facebook/recovery feature. I want to share that. I can add that, we have a Google doc for the key management session. It's basically a walkthrough with screenshots of facebook's social recovery.
Christian Lundkvist: Interesting to see how they are doing that there.
David Chadwick: Because of availability concerns, most people prefer m of n key recovery.
Manu Sporny: A couple of high level observations. Community learning how to work together and crank out content. It did raise a question in my mind with how to transition from RWoT to CCG. In previous RWoT, DID spec was front and center and lots of people on it. Now we had a transition.
Manu Sporny: Not a lot of people working on it, just Drummond and I working on issues, which is fine. We're seeing where the edges of RWoT are. Creating new ideas, discussing them, formalizing them, kicking out a doc and maybe refining a bit. But per RWoT the DID spec isn't something to be worked on in that community.
Manu Sporny: And it's this group's job to carry it on and get implementer feedback.
Kim Hamilton Duffy: For the remaining topics, we can use this for structure: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/draft-documents
Manu Sporny: Once we get more editorial passes then that spec will be ready to move on from this group as well. I'm concerned about that. We as the group that is transitioning that spec to the next stage like a W3C group. We need to do some prep work to transition it. Use cases doc, general proposal, charter for the DID spec working group.
Manu Sporny: Those are items I haven't heard anyone talking about. Without those things the spec stops and it won't transition.
Manu Sporny: The thing that is most interesting was the process of how we get things through. If we stopped right now, lots of great ideas percolating at RWoT and refinement here, then we're stuck.
Manu Sporny: I'd like this group to understand getting things onto W3C standards track and recruiting the right companies.
Manu Sporny: We really need to spend some time working that particular process problem or the work will stall at the next stage.
Kim Hamilton Duffy: That's a good action item for the chairs.
ACTION: Chairs to ensure that work items are sticky and have the right company support
Kim Hamilton Duffy: We'll need to bounce some ideas off of you, Manu, to make sure we're tracking this.
Joe Andrieu: I think we also need to get DID Auth as a proposed work item.
Joe Andrieu: We probably still need ... we still need to do DID Auth within the CG and would that go over to the DID working group?
Manu Sporny: Not any time soon. And we're playing with fire there. The worst thing we could do is propose a DID Auth WG and the browser vendors could get really excited and take over and then DID Auth will be purely through the browser and with browser vendor wallets. We don't want that.
Manu Sporny: We have to be very careful there.
Manu Sporny: We do have one DID Auth spec right now which is the Credential Handler API and I talked about that a bit. The general approach is to try and standardize the messages that go back and forth.
Manu Sporny: We're too far way from that to propose any working group.
Markus Sabadello: +Q about DID Auth
Joe Andrieu: We should get DID Auth as a separate work item.
Manu Sporny: I think DID Auth is talking about messages not the protocols they travel over.
Christopher Allen: Besides the actual spec, what of those is the most time?
Dave Longley: Comment about did auth and protocols [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ....Most important is to get implementations out, interop, functional code
Kim Hamilton Duffy: ...Need that before taking to w3c
Christopher Allen: Which method specs should go into the WG, or would the "how to write a method spec spec" be the only thing to move to a WG?
Dave Longley: We need to get some implementation built and interworking tests done [scribe assist by David Chadwick]
Nate Otto: Badgr would love to work with a DID Auth provider or develop open source who could expose a OAuth2 identity provider
Markus Sabadello: We had a group of seven people working on DID Auth. It is just browser-based login tool like with the Credential Handler API, is it scanning a QR code with challenge+response like uPort is doing, does it include service-to-service protected secure channels? A lot of flows and protocols and different scenarios that could fit under DID Auth.
Markus Sabadello: Then discussions about the formats and challenge/response, etc.
Markus Sabadello: The way Manu said it -- designing the message format independently from transports or bindings is good. It's not just browser based.
Christian Lundkvist: That's also how we're approaching it at uPort. What we've been doing now is ... we've defined some formats of the messages. We have several ways to get those to the user. QR code or push notification or click on a link, etc. but the messages are the same.
Markus Sabadello: Besides that, I also have the opportunity with British Columbia guys and I need to have some DID Auth stuff done there by the end of the month and could present some of that here and ask for feedback.
Kim Hamilton Duffy: Excellent.
Kim Hamilton Duffy: I'd be interested in that.
Manu Sporny: To respond to Christopher's questions. What do we need for the DID WG, what will take the most time? -- The answer is that use cases will take the most time unless we have someone like Joe working on them. Not fair to ask him to do all that.
Joe Andrieu: Still takes time :)
Manu Sporny: It can take a year and a half to do, we need to pick 3-4 very important use cases and hold it to that. Charter is required. They are easier. Especially newer charters and they want you to be very focused. Like, you are creating a WG to do one spec.
Manu Sporny: Verifiable Credentials is an example of this, we have a use cases doc and the VC data model spec and that's it. The DID WG would probably have to generate something similar.
Manu Sporny: If someone could do use cases for DIDs that would be helpful, some of us know how to put a charter together in a few weeks.
Manu Sporny: And a core spec. We also want an operational test suite. And we want two implementers minimum that step up. Like Veres One, BTCR, Sovrin and show passing tests.
Manu Sporny: The other thing that takes significant time, from a calendar perspective, from an effort it's not super involved, and that's drumming up support.
Manu Sporny: Making sure that we get for example, IBM, MS joining the WG. We have to get all that support a good six months before proposing the group. We are hoping to present at this year's TPAC. Which means we are 6 months out NOW. We need to start this work. If we miss TPAC it gets much harder. And 6 months go fast.
ACTION: Chairs to find people to produce DID use cases.
ACTION: Chairs to find people to produce DID charter.
Manu Sporny: If we had to put down a number of things we need to do, we need to do use cases in parallel with the charter. If we have a rough cut of those in two months, we start hitting every company that would benefit from the company and show use cases, spec, ask them to vote.
Manu Sporny: Or join the work or both.
ACTION: Chairs to drum up W3C Member company support for DID WG.
Manu Sporny: End of summer some time.
ACTION: Chairs to find people to work on DID test suite.
Manu Sporny: This is making me very nervous because we don't have a lot of time and don't have people assigned.
Manu Sporny: I suggest we don't put DID method specs into the WG. Any spec you say you are going to standardize you need two implementers and a test suite.
Christopher Allen: It is quite likely there will be two implementations of BTCR
Manu Sporny: We need two companies doing the uPort protocol for example, and I think that would be very difficult.
Christopher Allen: (Though in some ways slower as not being backed commercially)
Manu Sporny: I think we go in with the DID spec as is. Make it short and sweet and just do that.
Manu Sporny: And say the DID method specs are outside and refer to them non-normatively.
Kim Hamilton Duffy: Ok, I made some action items. I'm not sure what's involved with drumming up company support but it sounds like we need to get started right away on all of these.
Joe Andrieu: Feedback for manu .... people thought we'd have DID landia, but we ended up having a lot of two people papers. I don't think that was indicative of community support for the DID spec.
Christopher Allen: I'm not sure how to plan this, but I feel like we need to be careful at IIW ... with some preplanned *messages* like DID use cases and the various other things. The point of doing RWoT early was to give us time between it and IIW where we can influence. We should think about how to take these documents that are appropriate for the CCG to work on and leverage that momentum to drive conferences talking about things in the fall.
Manu Sporny: There are no IPR concerns with directly adding a DID method to the registry, Markus.
Christopher Allen: (I'd prefer PRs)
Manu Sporny: I won't speak to the community process, from an IPR perspective, what the registry is trying to do is track the various DID method specs that are out there. CG process is up to the chairs. The other response is to something Joe said.
Manu Sporny: We shouldn't read too much into what happened at RWoT. I didn't intend to insinuate anything, we've seen this with lots of other work. Community doesn't know about the process and thinks something is solved. It's the most dangerous thing to happen in a standards setting org -- because that's how things die. This is the point where it actually gets hard. Everything up to this point is actually easy. We haven't dealt with the politics or the grind or
Dave Longley: Explaining it to someone new from a large company that's new for the 50th time, etc.
Manu Sporny: That's the part of the stage we're getting ready to move into and because everyone kind of scattered and let the editors "deal with the rest" or "there are others in the community that will run with it" ... it doesn't leave us with resources.
Manu Sporny: To push the spec forward [at a critical time].
Manu Sporny: I'm trying to wave the flag and say we're not done yet! We need a ton of help!
Manu Sporny: And we need orgs that depend on this to push it through the standards group.
Kim Hamilton Duffy: I don't think Nathan is here, wanted to hear a report on ABCs. I'd like to hear from Chris Webber as well, on pet names, but also not here. If anyone else is here, please queue yourself.
Chris Webber: Shoot
Chris Webber: I accidentally hung up with my ear
Moses Ma: Dan and I are going to work on the roadmap group and we'll prepare some notes and share them next week.
Moses Ma: Our topic was creating a roadmap for adoption and ... companies need for this group to do certain things and to get approval to move forward. We have to publish a schedule and express some other things and they'll sell internally.
Moses Ma: Product roadmaps are needed internally by some companies and expressing the things getting done and when. Also need some materials. When people go to the site they aren't seeing what a commercial site would offer in terms of an API, etc. We just need some reorganization. Explaining exactly what's needed -- there's a paper we uploaded with a list of deliverables.
Moses Ma: That would be good for getting larger companies to support us.
Kim Hamilton Duffy: Yes, that came up several times wrt getting sponsorship from larger companies.
Chris Webber: I just wanted to say that we were lucky to have Mark Miller again this year and one of the concerns I had this year was how people will be able to use these decentralized, globally unique, but non-human readable identifiers. With petnames we got a good sense for how to deal with that and build UIs for it.
Chris Webber: We're getting the paper together and we're pretty close.
Moses Ma: Christopher, sorry.
Joe Andrieu: I just wanted to make some notes about the need for us to be clear in our separation between RWoT and CCG and VCWG/other WG. Different process requirements and consensus drivers and IP regimes, etc. As chairs we haven't been clear about it. There's a good pipeline here.
Joe Andrieu: RWoT - CCG - WGs
Joe Kaplan: Yes, we need to figure that out! [scribe assist by Moses Ma]
Joe Andrieu: Some of what you're doing Moses and figuring out ... that's RWoT work and figuring out how to feed it into CCG is good just don't want to be too early with it.
Kim Hamilton Duffy: Thanks everyone!
Moses Ma: Bye all