The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2018-10-02

Samantha Mathews Chase is scribing.
Samantha Mathews Chase: Can someone link me to the scribe notes again
Samantha Mathews Chase: I can't find the link
Heather Vescent: Yay Sam for scribing!

Topic: Introductions and Reintroductions

Christopher Allen: Introductions & re-intros
... Bob Dolan? You on? Christian Lundquist?
Lionel Wolberger: Walberger involved for a while, under many hats, focused on verifiable claims, base our insights on university research, excited to bring muscle to the space
...working with standards created here
...looking forward to attending tpac

Topic: Announcements

Christopher Allen: Agenda item: announcemments
Christopher Allen: 2 Big things, tpac in a couple of weeks, a few of us are going to Lyon, big annual meeting of w3c members.
... we are scheduled with our own time and the verifiable claims working group has a couple of days and will be visiting other working group meetings to talk about DIDs
Christopher Allen: Ideally by the end of the year we have a vote on a DID charter
Manu Sporny: W3C TPAC Schedule:
Manu Sporny: On this schedule credentials group is two hours from 1:30-2:30 on Tuesday, need to figure out what we want to say
....Wednesday breakout sessions, this is our big push! we are making buttons and the whole purpose is to try and get as many memberships on board
...ccg is also having a joint meeting with web commerce meeting as well, then verifiable credentials after that
... do not have to be a CCG member to attend.
Christopher Allen:
Chris Webber: Iiw at the same time, link above
Nate Otto: Folks who are in Lyon, you may want to check out ePIC in Paris on the way back Oct 24-26: general topics related to open recognition -- a little less technical and more about developing the metaphors and practices that result in decentralizing credentials. About 125 very interesting people tend to attend.
Lionel Wolberger: Would be interested in having a call with Digital Bazaar crew, would like to coordinate on TPAC further, how do we do that? How do I get my button?
Christopher Allen: Can't speak for schedules on Monday, I plan to be there Monday but will be on weird sleeping hours.
Heather Vescent: +1 For Manu's suggestion
Manu Sporny: We need to spend time leading up to coordinate and put 20 min per call dedicated to tpac, must have a unified message.
Dan Burnett: +1 To coordinating in advance. A number of us are insanely busy during TPAC, and agreeing in advance is critical.
Lionel Wolberger: We haven't been doing crypto Tuesdays
Christopher Allen: We haven't had the cryptographers for Crypto Tuesday,
Samantha Mathews Chase: Wondering for those not going to W3C TPAC - want to help more. Helpful for me to reach out to other companies that will be using DIDs? Interest? [scribe assist by Manu Sporny]
Samantha Mathews Chase: Are people going for tpac. wants to help more. Is it helpful to reach out to companies who are using DIDs. And get a list of them going [scribe assist by Heather Vescent]
... we need to coordinate IP legalities so we can get more groups here
Samantha Mathews Chase: How can we get more companies on board, is it helpful to collect support
Manu Sporny: Yes super helpful, need to be very targeted, need to prove that this work is worth doing
...they find companies that are implementing and deploying products, they weigh big companies vs. tiny companies
... we want companies with a strong commitment to identity
...if sam or anyone else on the call can target the larger companies
... they have to be committed, w3c wants to see that these companies will be joining and membership will go up
Lionel Wolberger: Former effort of collecting which companies are engaging with DIDs:
Manu Sporny: Specific google form is here:
Manu Sporny: Please distribute among your readership, everything helps
Manu Sporny: +1 To what heathervescent just said... that would be the most effective.
Heather Vescent: A bunch of people that are friendly in the community, really effective to send a direct email to someone
....are we coordinating with DIF at all?
.... already put some stuff on the slack channel, it reminds people they should do it.
Manu Sporny: Need to give this more time and underscore what heather said, direct emails to companies that have direct plans to use DIDs
... apologize for the short nature of this, not ideal but we ran out of time and we're at the point if we don't get it out by next week it won't get circulated. I'm hoping to have the first wave of feedback by next Friday, so we have time to get it circulated
Christopher Allen: Any questions on how to evangelize?
Ryan Grant: Sometimes I get confused about where companies are putting their energy on these things
Kaliya Young: They fit together in a round about way.
Ryan Grant: Question was regarding DIF
Christopher Allen: Dif is it's own organization at this point, there was a particular IP issue that was raised at rebooting
Manu Sporny: Did have a series of conversations with them, they fit together sort of, for now all incubation of ideas happen at IIW, RWoT, etc, the output goes to these groups where they are further defined
Ryan Grant: It sounds like DIF is a coalition of corporations that would like to bless certain technologies, "when they're ready"
Dan Burnett: Industry certification
...dif works across all those channels but the standards we work on are made and then go out in the wild. After the standards space, how are people deploying this in the world? We still need the orgs to clarify
Christopher Allen:
... they are more focused on uses not standards
Christopher Allen: Trying to get HTC
Manu Sporny: Let the large companies know, this is not a commitment, its a notice of interest
... it's not that they aren't committing to the working group, they aren't interested in this group happening

Topic: Review Action Items

Christopher Allen: At the bottom of the training there was an open item, there's a series of updates, manu any GA on those?
Manu Sporny: Not yet unfortunately, just waiting for video to be cleaned up
Christopher Allen: There is a security vulnerability we keep getting messages about, I don't have an assignee for crypto suite, do we have anyone from uport or consensys
Christopher Allen: Is there someone adept with the crypto suite action item?
Samantha Mathews Chase: I didn't catch what burn said

Topic: Work Items

Dan Burnett: Best for you to contact Oliver Terbu directly. He has been accepting such requests on behalf of uPort. I cannot volunteer him myself. [scribe assist by Dan Burnett]
Lionel Wolberger: We finished the data minimization paper a while back, joe has mentioned making a report
...moving forward
Christopher Allen: Will be a doc from RWoT, already on track for community group to accept as a report
... would like more cryptographic people to review, someone from Microsoft would like to give it a quick pass
....hopefully be a report in the next month or so if group approves it
... or can move it as an unpublished draft to RWoT drafts
Lionel Wolberger: Sounds good, we want consensus, it all sounds good
Manu Sporny: Last RWoT mike lodder and ? get together and talk about VC data model
Manu Sporny: Here's the CL Signature issue on VC Data Model --
... these are the data structures we are using but means we have to make a new cypto suite to cover those things
... don't know when I'll have the time to do it, would be great if someone else can step in, need a cryptographic suite for signatures make sure its compatible with DID
Christopher Allen: Spoke with several people at Microsoft
Joe Andrieu: The u-prove license is under the "open specification promise"
... need someone from Microsoft community that has been working with u-prove this cryptographic sig

Topic: New Business

Kaliya Young: According to what I know u-prove patents are expired. Kim (At MSFT) bought the company that held them just before they expired.
Manu Sporny: That's super helpful to know Kaliya, thank you!
Kaliya Young: The other major library for ZKP is IDMixer from IBM Zurich.

Topic: RWoT7

Christopher Allen: RWoT was awesome, great topic papers, and 15 draft documents written collaboratively
... those are at draft docs, in particular there was discussion around guidance and standards around interop. of DID systems
... a group of about 15 ppl workng on different approaches of DID
Manu Sporny: Guidance and Standards for Interoperability of Decentralized Identity Systems --
Manu Sporny: Some of the results, its a massive paper, will require help. WE got to go over a ton of guiding principles, the hope is that it will document the requirements and the standards we need to fill in to achieve the vision we have in rebooting
.... we have a good start, general call for help, please make suggestions and notes and edits
... we need all the help we can get
... it's such a long paper I don't want it to die before it's finished
Christopher Allen: Other great papers ...DID's for homeless, convincing DAD about DIDs
... in particular use cases for pitching DIDs some of these might be relevant for how we pitch them
Samantha Mathews Chase: Our paper was on Verifiable Offline Credentials... [scribe assist by Manu Sporny]
Samantha Mathews Chase: We found a massive lack of security in container ships and were able to put together some interesting solutions [scribe assist by Manu Sporny]
Samantha Mathews Chase: We've talked about this w/ some of the largest container ship company in the world. [scribe assist by Manu Sporny]
Samantha Mathews Chase: Ideally, we'd do something specific to ship security/identity at some time in the new year. [scribe assist by Manu Sporny]
Samantha Mathews Chase: Seaspan interested in hosting a hackathon or exploring security through DIDs and verifiable credentials
Kim Hamilton Duffy: Did Ganesh talk about RIPs yet?
Manu Sporny: Key recovery using navigating a path in a WebVR world
Manu Sporny: Describes two cool outcomes from RWOT7: offline use cases, and fun game demo for memorizing a private key by walking through a 3d environment.
Dave Longley: That's how "memory palaces" work
Manu Sporny: Using memory palaces in immersive space to hide keys, walk through an environment and pick things to remember instead of remembering a long string of characters.
Dan Burnett: Yes dlongley you are right. that example came up
Samantha Mathews Chase: Yes, shout out for offline cryptography - Mike Lodder covered LC4 crypto method. [scribe assist by Manu Sporny]
Samantha Mathews Chase: In that same two days, Wolf made it into an app that teaches you the muscle memory to encrypt messages easily. [scribe assist by Manu Sporny]
Samantha Mathews Chase: So you can encrypt using a deck of cards... would be neat to see the first app pushed out at rebooting. I didn't think I'd be doing that in a million years and I loved it. [scribe assist by Manu Sporny]
Joe Andrieu: Mental models of identities.. interesting directions, security mental model and continuity mental models
.... triggered a conversation with nathan george, topology of identity 1,2,3 actors and more and fit that into an interesting frame work
Kim Hamilton Duffy: Resource integrity proofs, ganesh's paper, my main interest was verifiable displays, realized the problem could be solved with resource integrity proofs, RIPs not focused on displays but perhaps could be used together, solving for linked data that points to an immutable store, checking for tamper detection. If in your credential it points to a human readable display... paper is mostly done and would like some feedback
Heather Vescent: <3 Kim
Christopher Allen: If u wont be at tpac, go to IIW
Samantha Mathews Chase: Thanks guys, I'll get better thanks for your patience
Heather Vescent: Thanks all, bye.
Christopher Allen: Thanks~