The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2018-08-21

Dave Longley: Regrets+ Dave_Longley
Joe Andrieu: Howdy.
Dan Burnett: Regrets+
Joe Andrieu: I'm having troubles dialing in.
Manu Sporny: Preesnt+
Nathan George: Regrets+
Drummond Reed is scribing.
Joe Andrieu: We have four focus use cases to go over today.
Heather Vescent: Yes, that is correct, and I can be pithy.
...time may be tight, so we'll carry on other use cases with future calls.
Heather Vescent: Has been in the identity community for a long time. Is a translator person—thinks about identity from a human perspective.
...was in silicon valley for 10 years, then got her masters and became a trained futurist.
...has done many projects in the identity space. About 5 years ago, did a major project on the Digital Asset Grid with SWIFT. passionate about helping translate the "deep dark hole of identity" to the real world.
...has been spending the summer working with identitywoman and others in the space (including Markus - big help) and others on the CCG to write a report explaining SSI. explains why SSI can solve many of the longstanding problems in the area of identity. It goes into 10 areas of analyzing the space.
Heather Vescent:
...The report was written for a C-level audience to help them understand the space and also educate regulators and other influences.
...It is a 132 page report. Heather will provide a URL. If you are interested in buying a copy, contact heathervescent or identitywoman.
...They hope it will advance the work we are all doing.
...The price point actively funds the work that heathervescent and identitywoman are doing for the community.
Manu Sporny: +1 Awesome work!
Joe Andrieu: Announcements. MyData2018 is coming up Aug 29-31 in Helsinki.
Heather Vescent: Here's also my book, Cyber Attack Survival Manual, if you are interested:
...Aug 24 is the deadline for early bird pricing for Rebooting the Web of Trust.
...the topic paper deadline is Sept 8th
...please submit your topic papers prior to that date - that enables other people to read them.
...please do submit a short brief paper - 1-2 pages is sufficient.
...W3C TPAC is Oct 23-26
...Internet Identity Workshop is October 23-25 in Mountain View.
...unfortunately there is a conflict this year but nothing we can do about that.
Markus Sabadello: There is one slot open next week at MyData2018 for a speaker to replace Dimitri. If you are interested, get in touch with Markus.
...that comes with a free ticket, so let Markus know.
Markus Sabadello: Contact me at if you're interested to do a 10 min talk next Friday at MyData on a topic related to decentralization, interoperability, identity, protocols, standards.
Manu Sporny: About W3C TPAC: two notes. There will likely be a workshop on Decentralized Identifiers in December (date TBD). TPAC, Manu also anticipates a lot of meetings and socialization on DIDs.
...We have an early spec and a primer, but we still need use cases.
...We need to start to gather statements of support, ideally from very large organizations, for the new WG.
...The deadline for all this is two weeks before TPAC.
ACTION: Manu to draft survey in support of DIDs.
Drummond Reed: Service addressing/naming changes to spec... issues to spec. [scribe assist by Manu Sporny]
Drummond Reed: Several new PRs have been submitted on the DID spec, including service selection. He suggested that we will likely need a few special calls in September.
Mike Lodder: Is this IPFS?
Benjamin Young:
Manu Sporny: He has been working with the Protocol Labs team on the multihash IRC. They use cryptographic identifiers that are similar to those used by Sovrin and by Veres One.
Benjamin Young:
Ryan Grant: Those are not persistent identifiers...
...Protocol Labs raised $230M for FileCoin to build a decentralized storage system "for the galaxy".
...They use some of the same building blocks as other SSI ledgers.
...They use Ed25519 keys and other primitives, so if we can align this across the community and can work with Bitcoin and Ethereum in addition to Sovrin and Veres One and IPFS.
Bohdan Andriyiv: @Manu What is the difference between crypto identifiers and DIDs? Any source to read about it?
Joe Andrieu: Four use cases that need to reported out today. cwebber2 will report on one of them. Anil John has one but is still going through IPR checks.
Mike Lodder: @Drabiv DID's are a crypto identifier
...All of the ones submitted are candidates that are in the needs map for what can be done with DIDs.
...This needs to be boiled down to three.
Bohdan Andriyiv: My take is that the crypto identifiers are hashes of documents that can be linked to, but they are not usable if a document changes. [scribe assist by Ryan Grant]
Drummond Reed: This means DIDs have a different place for persistent identifiers. [scribe assist by Ryan Grant]
Heather Vescent: I can bring my editing knives to the table! Count me in!
...Asks if heathervescent will have time for helping with the use cases.
Ryan Grant: Drabiv sorry meant to tag you not drummond [scribe assist by Ryan Grant]
...We will probably have some separate calls to push through the first draft at least.
...He would like to have a third volunteer on that work as well.
...We will now dive into the use cases, starting with #16.
Heather Vescent: The use case is "Collective Identity".
...This is different that many others, as is doesn't involve individuals directly, but as a group working together on a project.
...These individuals are acting collaboratively, for example as organizers of an event like Barcamp or RWOT.
...the individuals may be acting in different roles, managing finances, producing documents, organizing events.
...different people have different capabilities to do things on behalf of the collective.
Joe Andrieu: As soon as a group enters into a partnership (formal or informal), they have collective liability. In terms of this use case, was Heather thinking about this?
Kaliya Young: One of the people in my network David (last name escaping me) is working on minimal viable governance to support this type of use case.
Heather Vescent: Yes, the legal organization and structure of the group entity is a great question.
Kaliya Young: HE is actually working on spinning up a journal about Governance and another one about trust.
...she is looking at this is to NOT address those specific legal structures, but a new lightweight legal entity that would be similar to an autonomous organization. is new, much like a B corp was new to corporate structures.
Kaliya Young: Yes Drummond AND you need to anchor it and he is specifically looking at how things come into being rapidly doing things and disband.
Christopher Allen: Is an advisor to new blockchain law creation.
...Due to the nature of LLCs, the ownership can be quite complex. There is no reason that a cryptographic identifier cannot mirror that complexity, such as a multi-sig scheme.
...LLCs were actually invented in Wyoming, with one goal of preserving the privacy of investors. this work is compatible and in the same spirit. So Wyoming is looking at how to adapt LLC law to blockchains.
Lionel Wolberger: Finds this approach exciting and wants to ask if this form of collective identity could be applied to proof-of-stake? it is a hot subject.
Heather Vescent: One of the major issues with blockchain tech early on was that it did not mesh well with the real world of people, so she's very interested in that.
Bohdan Andriyiv: See for more on ipfs CID idea. [scribe assist by Ryan Grant]
Joe Andrieu: The next use case is #17: Transaction Identification.
Heather Vescent: Inspired by a trip to Alaska.
...Every night had to stay in a new hotel; every night having to give her identity info; had it stored all over in many systems.
Christopher Allen: (Xlviii) "Network signature" means a string of alphanumeric characters that when broadcasted by a shareholder to the network address's corresponding distributed or other electronic network or database provides reasonable assurances to a corporation that the shareholder has knowledge or possession of the private key uniquely associated with the network address;
Ryan Grant: Thanks! [scribe assist by Bohdan Andriyiv]
...Wouldn't it be great if she did not have to give her PII at every location.
...AirBNB host she knows asks every guess to send a photo of their driver's license—very dangerous.
Mike Lodder: NSA Michael Hayden infamously stated, “We kill people based on meta- data”
...Is there a way that we can make it so that guest can have their data secured.
Christopher Allen: There seems to be a "weird alignment" with KYC here.
...The requirements are protecting the company offering the service vs. the individual.
...the idea of protecting the commercial interest of the corporation is more valid.
Heather Vescent: For a period, AirBNB offered Amex card holders a special deal, thus piggybacking off of the KYC that Amex had done.
...this was a creative triangulation of KYC (Know Your Customer).
Joe Andrieu: He's curious how much this data is used for law enforcement.
Heather Vescent: Having talked to a law enforcement official, she believes it would not interfere with that work.
Joe Andrieu: Is curious what the regulatory frameworks are in this area.
Christopher Allen: Has done a little analysis on the KYC area, and in general the laws are not explicit about the data. They are interpreted by lawyers very conservatively.
...There are very few explicit requirements.
Joe Andrieu: Next use case is #18
Heather Vescent: 2012 She worked for SWIFT and did several future scenarios on the future of transactions. The work was centered around a platform for the banks that was essentially a digital safe deposit box.
...she revisited the use cases there since the are closely aligned to those of the CCG.
...the motorcycle sale example from SWIFT could be adapted to a gun purchase or anything bought/sold with a lot of regulatory oversight.
...It was not meant to take a position on regulation, just to address how regulations could be met with the technology.
...the use case covered both buying from a dealer and from a private party.
...she thinks this is one of the "juiciest" use cases.
Ryan Grant: Agree that it's juicy! could solve the problem of "the wrong people getting guns in their hands".
Joe Andrieu: Wants to see Heather supported in terms of this process with a team helping on these. put these use cases through W3C to publish a note from the CCG.
...He invites Heather to bounce off ideas about what such a note would look like.
Heather Vescent: Wants to serve the community and help build the standards and what can be built on top.
...One next step is prioritizing these use cases. She also has ideas on how to collaborate on these, including what is needed to support the DID WG formation process.
Joe Andrieu: Hopes to get all 20 use cases in the overall document.
...3 of those would be chosen as "DID focal use cases". will be sad that we can't go deep on all of them.
...if someone wants to go much deeper on these, that's still work Joe would like to support.
Heather Vescent: Needs at least 2 other people who would be equal partners to move it forward.
Christopher Allen: I'm interested in the collective use case, not only from a DID perspective, but also the cryptographic possibilities
Bohdan Andriyiv: Wanted to add his two cents to the group identity use case. He believes it's quite important.
Christopher Allen: …Maybe RWOT?
...He was thinking about this use case as he was designing ValidBook.
...Multiple people working together can have individual accounts compromised, so this should be addressed.
Joe Andrieu: Likes group identity as potentially a focus use case, and this may be a good candidate.
Heather Vescent: Are we meeting next week/
Joe Andrieu: Thanks to Heather for leading us through these use cases.
Heather Vescent: ?
...We are meeting next week, but we are NOT meeting the day after Labor Day.
Heather Vescent: Thanks everyone for your comments.