Dave Longley: Regrets+ Manu_Sporny ✪

Joe Andrieu: Reviewed the agenda ✪

Joe Andrieu: Nobody new on the call ✪

Joe Andrieu: Summer Hackathon - originally was a DID-focused one ✪

Joe Andrieu: Want to push DID hackathon to end-Septemer now - new developments coming ✪

Dan Burnett: Can someone drop a link to MyData conf in the chat? ✪

Markus Sabadello: Kim will have presentation on DIDs - also an Unconference, expected to have lots of did/verifiable credentials talks ✪

Dave Longley: https://mydata2018.org/ ✪

Joe Andrieu: There will not be a ‘salon’ on the saturday following myData conference - logistics don’t work out ✪

Christopher Allen: July hackathon - the idea of a broader outreach hackathon is too early given the status of projects ✪

Christopher Allen: ✪

Christopher Allen: The BTCR project wants to do something in July ✪

Christopher Allen: The idea is 9am Pacific, a standup call to give fast status, then a slack channel is used to communicate over the day. Monday-Friday ✪

Christopher Allen: Still want to do the DID outreach hackathon - all methods projects - try to attract new players, walk them through - exact timing TBD - probably late September/early October ✪

Kim Hamilton Duffy: BTCR - want to coordinate to do a planning session. Ryan and Dan Pape have been working on tx-ref (?) encoding, C++ implementation - decide on some good outcomes for the hackathon & start assigning tasks ✪

Ryan Grant: +1 On sync-up. ✪

Christopher Allen: BTCR needs help on JSON-LD 1.1 ✪

Christopher Allen: Need to know what libraries are being updated to v1.1 and other details ✪

Joe Andrieu: Discussion about moving the whole hackathon to September 29/30 ✪

Joe Andrieu: Microsoft wants to be involved. Also want to have all the other projects participate in-person ✪

Joe Andrieu: Rebooting Web of Trust looking for venue the week of September 24 in Toronto ✪

Markus Sabadello: Can RWOT be combined with IIW? would help with travel ✪

Markus Sabadello: Or back-to-back weeks? ✪

Joe Andrieu: IIW fall 2018 is the same week as W3C TPAC ✪

Dan Burnett: TPAC is Oct 22-26 ✪

Christopher Allen: TPAC is https://www.w3.org/2018/10/TPAC/ ✪

Christopher Allen: https://www.iiw2018.com/ ✪

Christopher Allen: Both start October 22nd. ✪

Christopher Allen: #RebootingWebOfTrust is week of September 24th, likely in Toronto ✪

Adrian Hope-Bailie: So we have Microsoft listed in the spreadsheet? ✪

Christopher Allen: Agenda: work items report https://github.com/w3c-ccg/community/blob/master/work_items.md ✪

Adrian Hope-Bailie: *Do ✪

Joe Andrieu: Need info from Manu about DID WG proposal startup items ✪

Ryan Grant: Working on (BTCR) DID document validation - looking for existing test cases and collections of compliant and non-compliant DID documents ✪

Christopher Allen: We can make a repo if an abstract is sent and work item approved. ✪

Ryan Grant: Yes, i'll send email ✪

Christopher Allen: https://opencreds.org/minutes/ ✪

Christopher Allen: Need to do something with opencreds ✪

Christopher Allen: It was started by this community a while back - github and web site - stale ✪

Christopher Allen: Need to move or redirect or delete content ✪

Dave Longley: Digital bazaar has people that worked on it - they will do some cleanup and redirecting ✪

Benjamin Young: (Benjamin Young) ✪

Christopher Allen: Did you really mean: https://www.iiw2018.com/ ? [scribe assist by Chris Boscolo] ✪

Joe Andrieu: Work item: DID Document Examples? ✪

Benjamin Young: Want to have DID documents to be in a repo that everyone can contribute to - central repo ✪

Chris Boscolo: That link doesn't look correct ✪

Dave Longley: https://github.com/digitalbazaar/did-io/tree/v0.7.0/tests ✪

Dave Longley: Did-resolvers might be listed somewhere? that might be a good place to put test suites as well ✪

Markus Sabadello: DIF Universal Resolver also has examples: https://uniresolver.io/ ✪

Benjamin Young: The DID spec should have illustrative examples ✪

Markus Sabadello: The universal resolver at DIF has some examples - link above ✪

Markus Sabadello: https://github.com/w3c-ccg/did-resolution ✪

Markus Sabadello: Another possibility for examples at did-resolution github - link above ✪

Christopher Allen: We need verifiable claims (test repo); need signed verifiable claims (reference versions - signed in various ways); various examples of DID documents ✪

Christopher Allen: If a DID WG is started then it may have a repo that will contain the example materials ✪

Joe Andrieu: The verifiable claims stuff should be in the Verifiable Claims WG ✪

Joe Andrieu: Action item: add a web page to CCG wiki with links to DID document examples ✪

Joe Andrieu: We need a formal statement of what is required to be declared a ‘did method’ ✪

Joe Andrieu: Revocation is not fully consensus (does it actually need revocation?) ✪

Joe Andrieu: Revocation - should be about key compromise ✪

Joe Andrieu: Rotation is also undecided - generally updating transactional keys ✪

Markus Sabadello: See discussion here about DIDs that cannot be revoked/rotated: https://github.com/w3c-ccg/did-spec/pull/55 ✪

Christopher Allen: Some did methods want to have a single key with no concept of revocation or rotation - should these be accepted as did methods? ✪

Christopher Allen: Need to set a minimum requirement to avoid quality issues or security issues ✪

Christopher Allen: Revocation/rotation is a new/interesting thing that DID methods offer ✪

Drummond Reed: Pelle from uPort has made a case for these "single key single use" DIDs. I was initially opposed but he convinced me that it was okay because these types of DIDs would have their own DID method that explain that they are single use with no rotation. ✪

Joe Andrieu: Planting the seed - there are probably other open issues and undecided topics - features that are supported/not ✪

Christopher Allen: But are those DIDs revocable? ✪

Chris Boscolo: +1 For that ✪

Joe Andrieu: Action Item: invite comment on DID method requirements on mailing list ✪

Joe Andrieu: Fq? ✪

Christopher Allen: There may be a risk that if we have non-rotatable DIDs, the legacy identity community points to them and says "but DIDs are worse then what we already offer" ✪

Joe Andrieu: https://docs.google.com/document/d/1wz8sakevXzO2OSMP341w7M2LjAMZfEQaTQEm_AOs3_Q/edit?usp=sharing ✪

Joe Andrieu: Use Case #10 ✪

Drummond Reed: FYI, the Sovrin community does not currently have any use for these single-use DIDs, but uPort does. ✪

Joe Andrieu: Ryan Grant is speaker ✪

Ryan Grant: References are made to the DID-Auth draft at RWOT ✪

Kim Hamilton Duffy: Interesting, if they are single-use only (how is this enforced?) then maybe revocation is less important? But maybe some timebox is needed? I.e. if it's created and then "immediately" used (for some definition of immediate), the window for key theft is reduced ✪

Ryan Grant: Did-auth has a few different mechanisms described for web logon - need some additional details there, probably ✪

Ryan Grant: Sticky wicket - don’t try to store a password - just ask for proof of control of the did (presumably did-auth?) ✪

Joe Andrieu: I like the point that DIDs separate proof from the identifier ✪

Andrew Hughes: Yes, Did Auth. example here: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/did_auth_draft.md#did-auth-architecture-6-web-page-and-web-browser [scribe assist by Ryan Grant] ✪

Kim Hamilton Duffy: Would like more info about how “single key single use” works re revocation - is the window of threat small enough to not need it ✪

Joe Andrieu: Use case came from verifiable credentials use case discussion ✪

Joe Andrieu: Better use case for dids than for verifiable credentials ✪

Chris Boscolo: Where is the appropriate place to have this DID method discussion? (here/mailing list/some other chat chanel...) ✪

Joe Andrieu: University students have access to other university library - typical approach is to whitelist based on attributes provided from home university ✪

Joe Andrieu: What would this look like using dids? ✪

Kim Hamilton Duffy: I liked Christopher's point that Tzviya's use case is a great one for DIDs + OCAP ✪

Joe Andrieu: Or object capabilities? ✪

Dan Burnett: Sounds like a special case of Single Sign On ✪

Chris Webber: Ocap-ld - need to have some cryptographic material that has been authorized to do something - this might be student’s did or derived from their student id ✪

Chris Webber: The ocap way - a university would get a capability to access the library - then assign it to your did ✪

Kim Hamilton Duffy: Curious for more context from Tziya or someone else at Wiley on the call. Seems like they'd have domain knowledge there :) ✪

Joe Andrieu: Yes, it’s probably that we are missing the point from the use case ✪

Chris Webber: Note - there is a way to deal with prohibiting delegation (split contract) ✪

Benjamin Young: Tzviya is Ben’s boss - ra21.org is looking at this problem - one thing is the ‘access by vpn’ - restrictions are IP filters so hard to do individual control of access ✪

Benjamin Young: Would like to be able to do individual-based access control with verifiable credentials ✪

Dave Longley: Lots of options for this use case ... ocap, credential handler API, so on ... all related to DIDs. ✪

Joe Andrieu: Defer prescription use case to next call ✪

Dave Longley: Dcc: one reason to use a DID is so that when you're with UNC and you leave and go to NC your DID is not tied to either ✪