The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2018-08-07

Agenda
undefined
Topics
  1. Introductions
  2. Review announcements
  3. Action items
  4. Work Items
  5. proof of personhood
Organizer
Joe Andrieu, Kim Hamilton Duffy, Christopher Allen
Scribe
Lionel Wolberger
Present
Moses Ma, Christopher Allen, Mike Lodder, Andrew Hughes, Heather Vescent, Manu Sporny, Dave Longley, Linus Gasser, Lionel Wolberger, Kim Hamilton Duffy, Lucas Parker, Yancy Ribbens, Bryan Ford, Joe Andrieu, Ted Thibodeau, Robert Mitwicki, Jeff Orgel, Kayode Ezike, Bohdan Andriyiv, Dan Burnett, Markus Sabadello, Kulpreet Singh, Benjamin Young, Adrian Gropper, Chris Webber, David Challener, Drummond Reed, Dmitri Zagidulin, Jarlath O'Carroll, Anthony Ronning
Audio Log
Moses Ma: Good morning everyone!
Lionel Wolberger: ChrisA: Standard IP warnings. Standard IRC reminder-- use the IRC to queue up (q+).
Linus Gasser: Does sip work? Mine tries to connect but then gives up...
Linus Gasser: First time I use linphone.
Lionel Wolberger: ... The scribes are Lionel W and ...
Lionel Wolberger is scribing.
Heather Vescent: Heathervescent is co-scribe
Linus Gasser: What works best on mac?
Kim Hamilton Duffy: Type present+ to help associate
Kayode Ezike: I have found Jitsi to work well on Mac
ChrisA: For IRC Chris uses "IRC Cloud", there are many other apps or use the web link in the invitation
... Today's focus: Proof of Personhood.
... Turning to a re-introduction. Today's victim is.... <scribe joke>

Topic: Introductions

Udi: Udi Shapiro Weitzmann Institutue currently at W___ Siwtzerland
... was an internet pioneer, for a while did Biology
... now turning to distributed identities
Robert Mitwicki: Introducing himself. Robert, from Poland, representing ___
... community building self-sovereign identity solution and a new blockchain that seeks to combine identity issues that this W3C working group deals with
Markus Sabadello: Robert from Poland, representing Lab10 collective in Austria
BryanFord: Introduction. professor Comp Sci at EPFL, decentralized and distrib. systems security and privacy focus of many years
... proposed pseudonym parties a while ago.
... working on makeing this vision real
... very interested in democracy, voting, cdeveloping technology to support democracy in secure interaction, and increase the reliability of these technological solutions
ChrisA: Reintroductions
Dan Burnett: Recently joined Consensus, on a standards team there.
Linus Gasser: Linus Gasser joining via skype to UK...
... this after a focus on Web RTC
... is a co-chair on the verifiable claims working group
... standardizing the data model being discussed here
... Joined originally due to personal interest. The approaches to identity taken in this group, I feel, will lead to a better world for individuals and their agendas in the real world.

Topic: Review announcements

ChrisA: Github webpage, review announcements
... MyData conference end of August will have some members
... RWoT is Sept 26, Toronto
Christopher Allen: Rwot7.eventbrite.com
... TPAC this October. The DID incubated proposal is reaching a point where it can become a working group (as we did with Verifiable Claims)
... DID will need evangelization, this will happen at Lyons France
... IIW is also that week in October
Kim Hamilton Duffy: Announcing the scribe training
... August 17th noon Pacific
... the scribe training will be scribed
ChrisA: Reminder, all our meetings are public, open, and recorded by an automated service.
AndrewH: Sovrin Foundation is having a Face to face Aug 27-28 prior to the conference, in Helsinki

Topic: Action items

Joe Andrieu: Where are we on the video ??
Heather Vescent: Unedited video link: https://youtu.be/vcL3ffgGEJM
Answer: The unedited video is on YouTube
... in the process of editing it
Heather Vescent: Andrew, Screenflow is a great video editor.
ChrisA: Reminder, our docs use a github friendly format called, Respec. This gives us header and other formatting consistent with W3C
... also makes it easier to use in github, allows for easier commenting, etc.
Manu Sporny: DID Spec update.
... the editors have been really busy, so we are delayed on the use cases, delayed on companies wanting to see DIDs become a working group.
... Good news, the charter seems to be ready (no arguments against)
... Primer, Seems ready
Andrew Hughes: Yes, the DID-primer is into basic ReSpec format now
Joe Andrieu: FWIW, I added creating Amira repo as action item
.... would help to prioritize this work

Topic: Work Items

ChrisWebber: There was a period when OCAP had some implementation work done.
... recently some more spec work
... Reworked things so that the target itself is the capability
... this means that the capability can invoke itself. This is very amenable to blockchain usage
ChrisA: Real potential in this OCAP work. This is a new architecture that is potentially powerful.
Manu Sporny: Just shipped OCAP implementations to customers this past week. Feedback so far is really good
... learning quite a bit about using OCAPs to do authorization over HTTP
... the signatures, OCAP signatures, DID__ over http, all coming together nicely
... real code on real customer systems. looking good. not perfect, but looking good
ChrisA: Internet Archive hosted a well received event, about 120 people mostly developers and engineers
... to try to envision the future of decentralized internet
... followed by an event at the SF Mint, more people (c. 400)
Dan Burnett: Can someone add me to the queue?
... many demos of decentralized web; about 25%-33% were talking about DIDs, lots of other activity as well
Dan Burnett: Implemented a form of DID Auth
... doesn't have repudiation, but uses DID Auth
... mandate is to square this away with Sovrin stuff
... and plan to open source it after code review
... this should be a standardized way that we will share
Heather Vescent: This is a fantastic paper! Thanks all.
ChrisA: DID Auth document from RWoT, which was a survey of AuthZ and AuthN uses, was released as a final draft, link above
Kim Hamilton Duffy: More comments on decentralized web
... panel by Markus, panel by Kaliya
... Markus's panel covered 6 different DID methods
... Audience ranged from very technical to use-case focused
... a lot of attention to trust. Which DID methods are reputable?
... Another question, should we be building this? Answer, we point to security and VC specification
... pointing to best practices really helps answer these questions
... great sounding board there
Markus Sabadello: Ditto ditto
... Fantastic event. Identity was only part of it, but an important part.
... More than 4 identity sessions
... DID Auth paper: thanks for publishing it, shout out to everyone particularly Shannon
... it's NOT A SPEC (reminding everyone again). More a survey of thoughts on what DID Auths can look like.
Dan Burnett: DWeb more comments
... During browser vendor talk, noticed
... google and firefox see this as low level components
... google particularly seem to be taking a dim view. Their rep is an outright oponent
... sat with Sir Tim BL
... talked about the data stores and why they matter.
... Microsoft, Sovrin, if they can align further, that is a worthy goal
... During Markus session: This issue: For W3C we see open registry a place where anyone can put a DID doc that is compatible
... we are looking beyond that, if we had subjective industry quality standards that could help
... e.g. would it be appropriate if a non-W3C group came along and did things, is that a good idea.
ChrisA: If it can be tested, W3C is a good place. For more subjective scenarios, other places are better.
... The DWeb did help move DID towards WG status.

Topic: proof of personhood

Bryan Ford: Proof of personhood was born a few years ago
... a lot of the internet is broken due to Sybil attack vulnerability
Heather Vescent: Brian Ford/Brynosaurus: POP comes from a few years ago, problem comes from Sybil attacks.
Heather Vescent: ... The internet doesn't have a way to distinguish btwn real and fake ppl.
Heather Vescent: Thanks for scribe takeover! :->
Heather Vescent: ... Manifests in many forms: online ballets, attempts at undermine democracy
Heather Vescent: ... Up/down votes, fake reviews, etc.
Heather Vescent: ... Soft puppetry, re: wikipedia, create fake personas to support own causes,
Heather Vescent: ... Bots with fake news.
Heather Vescent: ... Nation state funded
Heather Vescent: ... I have been a privacy/anony for a long time. The right to participate online, vs the vulnerability (wack-a-mole problems) e.g. service can ban then, but they can come back under another name.
Heather Vescent: ... This is a fundamental problem. Read the Sybil attack, paper... (link forthcoming)
Heather Vescent: ... Many solutions have been attempted, multiple ways (e.g. bitcoin/cryptocurrencies, POW (proof of work) tries to solve, but fails.)
Heather Vescent: ... Conclusion of the broad spectrum of the problem
Heather Vescent: ... Solution space: obvious solutions - use real names... (there are up/downsides)
Heather Vescent: ... But you can use other approaches.
Heather Vescent: ... E.g. biometrics
Heather Vescent: ... Alternately, you can introduce a barrier to entry
Heather Vescent: ... Graph analysis
Heather Vescent: ... Ppt goes through strengths/weakness for each potential solution
Heather Vescent: ... Real names - already in use for banks,
Heather Vescent: ... Cons, not really secure (and other in the ppt)
Heather Vescent: ... Biometrics: rely on devices, pros: efficient & biometrically secure, & people always have them (good for undocumented people). Used with Aadhar. Big Downsides: worse privacy issues, surveillance, delicious centralized attack surface, to prevent sybil attacks - both false positives & negatives
Heather Vescent: ... Fake biometrics can be created through one hacked scanner... and near impossible to detect. Big cost.
Heather Vescent: ... Graph analysis ... two papers - good to read if you're interested.
Heather Vescent: Promiscuous friending... love that term!
Heather Vescent: ... Propose pseudonym parties. Goal: want sybil resistance
Heather Vescent: ... A personhood attribute
Heather Vescent: ... Independent of physical person attributes. Want it to be a secure token attesting that the holder of the token represents one real person.
Heather Vescent: (Reminds me of what David Birch talks about a lot.)
Heather Vescent: ... Verify personhood w/out biometrics, ID...
Heather Vescent: ... There are downsides to this idea: it requires organization in the physical world. It requires people to show up in person to an event.
Heather Vescent: ... IR world, people show up to events, would like to piggyback on this kind of event.
Heather Vescent: ... A physical world cost.
Heather Vescent: ... How to do this? Still figuring it out.
Bryan Ford: Some references:
Bryan Ford: Original Pseudonym Parties paper (2008): http://bford.info/pub/net/sybil.pdf
Heather Vescent: Linus Gasser: want one token per person
Bryan Ford: Blog post contrasting to "Real Names" policies: https://bford.github.io/2015/10/07/names.html
Heather Vescent: ... Identify a person, but not *who* they are
Bryan Ford: Application to "Proof-of-personhood" cryptocurrencies: http://bford.info/pub/dec/pop-abs
Heather Vescent: ... Example, individual send a request, any service can ask you to sign.
Heather Vescent: ... With your token
Heather Vescent: ... Q+ (correlation through this token)
Robert Mitwicki: Project which deals with "Real names" https://www.yoti.com/ - they mange to automate it and make it really cheap.
Ted Thibodeau: One token per person means supposed "anonymity" fails, certainly in long term, probably in short term. Think Star Wars --"anonymous" token is held by human who attends both Rebel meeting *and* Imperial Guard meeting? MAJOR problem here.
Mike Lodder: Token is similar to one time use DID
Christopher Allen: Thanks, wanted to share these presentations with the community, because some of us do work in similar space: e.g. Amira. [scribe assist by Heather Vescent]
Mike Lodder: Interesting concept
Ted Thibodeau: The expected normal mode of operation is that each attendee generates a new public/private keypair for each pseudonym party, so pseudonyms are not linkable over time unless and only to the extent the holder wants to link them explicitly. [scribe assist by Bryan Ford]
Heather Vescent: ... Would love to plan/implement ideas at RWOT in Toronto. Maybe we can do some Amira class POP at RWOT, IIW and Lyon.
Heather Vescent: Drabiv/Bogden: graph analysis: do not agree it is cheap. it depends on the network. From my practice/experiments: 200-300 friends, only 5-7 added new fake identities to their friends. So real people on FB from my experience do not add unfamiliar people to their friends.
Heather Vescent: ... Another point: current friending, the edges is not clear. What does it mean to be a friend or connection in Linked In.
Heather Vescent: ... If you know and vouch for this person IRL, and it is not true, you will have a reputation cost. And people will be more strict with creating these edges.
Heather Vescent: There is noise on the line...
Heather Vescent: Brian Ford: those are good points. Don't discount the possibility of creating an adequate trust network.
Heather Vescent: ... Getting the required security tends to work against the usability.
Heather Vescent: ... Solving the security with usability is hard.
Kim Hamilton Duffy: I think enough people do that other people end up getting pulled in
Heather Vescent: ... You are right that not everyone does promiscuously friend, but many do. There don't need to be that many people who do it. As long as there are a few, a sybil attacker can get a lot of edges that way.
Christopher Allen: I presume these Proofs of Personhood are solely in a context, you'd use a different DID for Empire vs Rebel
Christopher Allen: I suspest that is no "universal" Proof of Personhood
Heather Vescent: Brian Ford: This is a periodic process. Each of the pseudonym tokens has a limited lifetime. Usable for a certain period.
Heather Vescent: ... Doesn't have any information that could tie you to past public keys or instances.
Heather Vescent: ... You might choose to correlate them, but the generation of them, doesn't inherently create linkable information over time.
Bohdan Andriyiv: Small percentage of people (imo <1%) that would friend "promiscuously" especially even in prohibitive environment - will be easylly uncovered/seen
Christopher Allen: Is it unlikely there is a universal proof of personhood [scribe assist by Heather Vescent]
Heather Vescent: Brian Ford: you always want a context. You want the use (of the token) to be in a certain context.
Heather Vescent: ... This is a self sovereignty aspect.
Christopher Allen: Closing queue
Heather Vescent: ... Allow you to start over and to link (or not) to your own history.
Moses Ma: Bye folks
Heather Vescent: Ken: group formation: DID you have a single group participating at a single time. How to do this for different groups.
Linus Gasser: Slide 32 [scribe assist by Heather Vescent]
Bryan Ford: Some of our other earlier work related to unlinkable forums supporting anonymous reputation: https://www.usenix.org/node/194975
Heather Vescent: Brian Ford: this is one solution we are looking at.
Ted Thibodeau: "Anonymous" branding is fraught with so much peril... human error is the only thing guaranteed to come up over time.
Christopher Allen: Thank you. [scribe assist by Heather Vescent]
Joe Andrieu: Cheers, all.