The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2019-03-12

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2019Mar/0016.html
Topics
  1. Introductions and Reintroductions
  2. Annoucements and reminders
  3. Action Items
  4. RWOT8 Report Out
Organizer
Joe Andrieu, Kim Hamilton Duffy, Christopher Allen
Scribe
Dmitri Zagidulin
Present
Christopher Allen, Moses Ma, Jonathan Holt, Vaughan Emery, Dmitri Zagidulin, Dan Burnett, Will Abramson, Jeff Orgel, Bohdan Andriyiv, Ken Ebert, Dave Longley, Kim Hamilton Duffy, Lionel Wolberger, Lucas Parker, Markus Sabadello, Drummond Reed, Manu Sporny, Ganesh Annan, Joe Andrieu, Brent Shambaugh, Heather Vescent, Samantha Mathews Chase
Audio Log
Christopher Allen: @Manu The dialin gateway isn't working.
Moses Ma: I am in via dial in
Dial-in worked for me
Vaughan Emery: Present +
Dmitri Zagidulin is scribing.

Topic: Introductions and Reintroductions

Jonathan Holt: I'm jonathan holt, work closely with jonnycrunch
Kim Hamilton Duffy: [Editorial] previous statement is first recorded instance of double-occupancy paradox
Christopher Allen: Dan, you're next on the re-intro list
Dan Burnett: Ok, so, I am one of the co-chairs of the Verifiable Claims WG, which is working on the Verifiable /Credentials/ data model spec
Lionel Wolberger: Need a scribe?
… I love the idea of working on identity-related problems without identity, using credentials
… I had my own consulting co, and last year joined Consensys full time

Topic: Annoucements and reminders

… next coming up, IIW, Apr 30-May 2nd in Mountain View CA
… any other announcements for f2f or anything else?
Kim Hamilton Duffy: I'm not on irc yet. but I want to mention the Know Conference in Las Vegas

Topic: Action Items

… been a couple of weeks since we met last, so this may be out of date
… we use our github community repo to manage issues and plan for our events
… so that's the list of action items for review
… updating ABNF for DIDs. some of that discussion took place at Rebooting, but obv. did not involve the whole community, so any suggestions from there will definitely be discusses on here or on some other public forum
… or we'll schedule a dedicated meeting on it again
… Linked Data Key Format Registry administrivia - Kim?
Kim Hamilton Duffy: I think I ended up tagging manu on that?
Christopher Allen: Manu had commented 28 days ago that we /had/ a registry, but we need to extend it to mention the key format
Manu Sporny: Now is probably not the right time to have this discussion, but I'll take on that task. No eta to when I'll get around
Dmitri Zagidulin: I'm happy to take that item as well
Christopher Allen: Ok, I'm adding dmitri and manu to that item
Joe Andrieu: Regarding ABNF - there were some questions and comments brought up by mhermann about it,
… so I want to invite Drummond to comment
Drummond Reed: <Struggle with the mute button is real>
… I've shared several PMs with mhermann, I think there was a misunderstanding with regards to what we were trying to do there
… which was to have a discussion and brainstorm, and then bring it to the CCG
… nobody is trying to hide it or run around the CCG
… anyways, to complete an actual proposal / draft spec, we'll need several more calls dedicated to the topic
… so that's my report. we made a little bit of progress, but much discussion needs to still happen on calls
Mhermann: I think there was some poor communication; drummond and I have discussed it
… I'd like to advocate a process that starts with DID URL use cases, and use that to drive the ABNF grammar discussion
… whereas we're trying to do it the other way around
… I suggested a couple of initial DID URL use cases
Christopher Allen: I want to encourage you guys to take this to dedicated meetings.
… the chairs were a little concerned about dedicating more meetings of the main group to it
… we certainly would love to hear you report back, about the various challenges and solutions
Jonathan Holt: Just to distinguish between ABNF rules for the "naked did" vs the DID URL spec
… keeping the distinction separate might be helpful.
… plus there's the struggle with each DID method having its own specialized ABNF
Ken Ebert: One of the usecases was my own, which was the need for immutable data references
… so it is definitely usecase driven
Manu Sporny: Just to underscore the usecase driven thing that ken and michael mentioned,
… we did collect a number of usecases for the DID abnf from Rebooting 8
Joe Andrieu: +1 To use cases. Please get them to me either by PR or email for the use case document
Drummond Reed: I would be happy to help organize some dedicated DID spec meetings—I think we will need a few to close on the Community Final Draft of the DID spec. We've held them before on Thursdays. I'll send an email to the CCG list proposing a time.
… so if you go that link, there's a number of cases, and Ken and Drummond chased down a number of other people who had use cases with regards to service urls, etc
… so, we're definitely taking the use case driven approach even now
Mhermann: I'd like to ask people to look at issue 32 on the DID resolution spec
Christopher Allen: I'd like to encourage again to take this discussion to dedicated calls, and report back
… finally, we had the Security Model and Threats discussion, with Ryan and .. ?
… Ryan, are you here today? no, traveling. we'll skip this for now
… so that's it for the Review Next section this week
… we'll pick a different set next week
Christopher Allen: Next agenda item: New Work Item process
… because of Rebooting, and the new year, we have a variety fo potential new work items
… that we'll need to approve and process over the next year
… this is a rough draft, we're still working on final details to propose to everybody
… re manu's proposal on the verifiable credentials registry stuff
… manu (possibly matt?) made a proposal to the mailing list with regards to a registry repo
Christopher Allen: We've created a template in the repo for templates for new Work Items for the CCG
Manu Sporny: Proposal for registries from Dan Burnett ^^^
… so, if you want to create a new item, please use the template
… <some description of the template>
… it's automatically tagged as a work item (that template), which allows us to schedule a call automatically for it
… we'll have a discussion, then we send a notification to the list, and if there's no objection, it becomes an official Work Item
… this is involved, but necessary
… helps us keep track of who is responsible, whether there is critical mass, etc
Jonathan Holt: How does the idea of these registries scale?
… for example, semantic interop for Credentials for a Bachelors Degree
… how are the expansions going to be handled - just by the registry? the community, or what
Christopher Allen: I absolutely believe there's a role for Schemas, as a work item for the CG
… I'm not sure if that's exactly a registry
… but it's a good question
Joe Andrieu: Somewhere, we have a registry that can link to external work
… I share your concerns about scalability
… Also: we have far too many Work Items than we've been able to facilitate
… all these projects need leads, and we'll start holding the leads accountable (including myself)
… to make sure they're moving forward (or taking them off the list)
… our near-term focus is - chartering the DID Working Group
… I'm concerned about our workload. We need people to step up and help us with these
Dan Burnett: So, this is a bit of a surprise; I sent an email requesting the registry work. Do I also need to fill out this Work Item form?
Christopher Allen: Yes. it should be straightforward though, in your case
Dan Burnett: Ok, the other thing I wanted to say — you mentioned the focus on the DID WG. I want to point out that the VC WG was also spun out of this CG.
… and that's also a crucial component. And this CG needs that work completed /before/ the DID work
Manu Sporny: +1 - VC Registry is critical.
Drummond Reed: +1
… so I want to make sure we finish the existing WG work first
Justin_R: what does it mean to have a data item or a schema to /not/ be in the registry?
… does that mean the Universal Resolver will refuse to acknowledge it? Will there be name collisions?
… what does the registry actually get us? (in terms of formality, interop, community agreement)
… how much can I ignore it, as an implementer?
Manu Sporny: Just to answer that directly, Justin
… cause there are variations on that question that keep coming up, about the registries
… right now, they're meant to be human-readable only. A place that implementors can go to, to find out all the work that's happening in the area
… to go, "Oh, so this has been expanded in XYZ ways, etc"
… there are no penalties for not being in the registry. it's a voluntary thing
… there should not be any kind of fights over what goes into the registry. it's meant to be a low bar
… to speak to jonathan's question - with respect to the credentials registry
… if it's a market vertical specific thing, we expect that discussion to happen in the specific vertical group
Dan Burnett: Registry has same use as MIME type registry - avoid namespace collisions and encourage documentation of claimed registry values
… we expect that work to happen elsewhere. and if those communities want to put their stuff into the registry, we can do that
… anyways, these registries are lightweight, human readable, ignoreable.
Joe Andrieu: To build on that a little bit
… manu didn't mention namespacing, but they are there to deal with name collision issue
… who is taking lead for helping us find consensus on registry issues?
… for example, there are currently arguments about the HTTPS did method proposal
Dan Burnett: Thanks Joe
… who is going to help resolve that? (hopefully it doesn't end up in the CG)
… also, what's the scope? it's one Work Item for all of them, or 5 different items?
Christopher Allen: +1 To the above comments
… at some point, we may want to add a field to the registries, the Conformance Level
… anybody can do a DID method, just like with Verifiable Credentials, but when it comes to lists of conforming implementations, there should be a higher bar to entry
… so, right now, there is no conformance test for DID methods, everyone is preliminary. as the spec advances, we may add higher criteria, more restrictive
… but that's down the line, it'll evolve
Manu Sporny: Noting that the VC Registry (whatever we'll end up calling it) is critical for the WG's spec to make progress
Dan Burnett: Grrrr
… we need to do it asap. Dan, would you mind taking the lead? Dan: grrrr
… or somebody else needs to volunteer
Dan Burnett: My plan was to send an email to the VCWG list, to ask for a volunteer
Heather Vescent: Chris' line is really choppy

Topic: RWOT8 Report Out

Christopher Allen: Next agenda item, Discussion about Rebooting the Web of Trust
… there are 25 items that came out of that event. We're not saying that any of these need to advance in any way to this group
… I know there was some suggestion that - these items should move on to the CG, so I wanted to give people a chance to report out
Dan Burnett: Christopher, your line alternates between fine and choppy on about a one minute cycle
… so, I'd like that (preferably short) discussion to happen
Manu Sporny: There are two things that happened around Rebooting
… one of them is - the W3C Strong Authn and Identity Workshop report was published right before rebooting
… highly recommend it, it's useful. the most important item was
… the one around DIDs and VCs
… as all of you know, there's advanced notice for a charter, in process, for a DID WG
… a number of us got together at rebooting, and worked on a large list of items on the DID spec
… with /huge/ thanks to Amy Guy (rhiaro) who processed and closed 23 issues on the DID spec
… for those that want a summary of what we worked on, there is a report-out (link above)
Drummond Reed: MASSIVE KUDOS to Amy!
Drummond Reed: She was a superstar
… it explains what's going on at W3C, the items coming up, etc
… most of the issues were editorial / improvements to readability
… but we brought up some new discussion features
… so, go read the link.
Christopher Allen: Manu, are there any particular plans for follow-up side-group discussions on this?
… how do people continue participating?
Manu Sporny: Next steps are - Drummond and Ken are working on a paper (I'll let them speak to that)
… Amy and I are going to continue issue triage, we didn't have enough time at rebooting, so we'll keep going on the editorial stuff
… I don't think there are any separate calls scheduled? until we see a need
Drummond Reed: I agree with manu, I don't think we need a call on any of the editorial stuff
… I've been talking to Markus about the regular DID Resolution calls
… maybe we can have back-to-back calls with that, talking about ABNF and related topics
… and hopefully we can have it all join into the Final Community Group Report
Drummond Reed: "Final Community Group Report" <== that's our goal
Christopher Allen: Anybody else, with regards to rebooting?
… I'm going to briefly add one of my own
… not necessarily a proposal, but a larger question
… this community has the responsibility for a number of cryptographic specs (assigning Suites for VCs etc)
… as we advance in this, we'll need to attract more cryptographers, to help have more eyes on these
… for example, the decentralized key recovery work
… so there's an opportunity for the CCG to take on soc. key recovery (Shamir Secret sharing etc)
… and maybe it can go to the IETF, help prove the larger crypto community that we're very serious about this work
Drummond Reed: +1 I really like Christopher's plan
… I don't know if this is a viable direction for the CCG, but wanted to bring up the topic
Jonathan Holt: To get back to terminology, the type definition in the schemas
For example, the Cha-Cha (& someothers) — those specs are evolving, how do we keep them up to date? how do we specify which version of the algorithm we're referencing, etc
Will Abramson: * And me
Joe Andrieu: This is one of the projects I've worked on at Rebooting. we made this thing called Satyrn (based on the Jupytyr notebook)
… hopefully it'll be useful as an educational tool, to help people work with Javascript and some of these VC technologies
… anyway, it's a mix of Markdown and JS (which you can actually do in .md, but this is interactive)
… so people can try out the code, it prints results on the console box below
… hopefully the CCG will find this useful
Christopher Allen: Any other report-outs?
Manu Sporny: One thing around interop testing
… there were a number of orgs that were interested in the Credentials Handler API & interop testing. (For doing DID Auth and Credential Handling in the browser)
… for wallet interop and DID interop, over the next year
… we're currently trying to work with those orgs, bring them into the CCG, figure out what a viable roundtrip testing would look like
… as a heads-up, large orgs are starting to use the Credential Handler API (though they're not part of this community yet)
… so maybe this year, we can focus more on interop testing (between different DID methods, VCs issued by different stacks, etc)
Jonathan Holt: To echo the epiphany I mentioned on the VCWG call
… the IPLD method — you can serialize JSON-LD on top of IPLD, but there's no backwards compatibility
… the whole issue I've been raising about objects and links, and the IPLD "/" usage
… I've a number of issues open with the IPFS community
… about the cbor serialization, and an explicit IPLD mime type
… it'll take a while to go through the IETF. but in the DID spec, we need to ground ourselves in a serialization format
… but in the end, our type is actually CBOR (byte array, deterministic json, binary)
Drummond Reed: Two things. Christopher, when you asked earlier about our papers at Rebooting, I didn't talk about the paper we started there, called Understanding DIDs in Greater Depth
… we wanted something in between the Primer (high level) and the spec (too low-level). so that's the paper we started. it's very early stage
… I want to make sure folks knew that we want this to be a community doc
… the other thing: I've been txting with Markus, there's currently a call on DID Resolution every other week on Thurs, on 1-2pm Pacific time,
… what we're proposing is a 2 hour block instead
… one hour for DID spec related features (ABNF stuff), and the second hour for DID Resolution topics
Christopher Allen: There were quite a few other docs at rebooting
… in particular I want to point out some of the "softer" ones (I wish there was a better word for that),
… but I wanted to highlight them to this community
… for example, the Digital Citizen one
… and how SSI can survive Capitalism
… various failure modes and opportunities
… there was one by Elizabeth and ?, about the legal side of Verifiable Credentials
… looking forward to that one
… there was the Crypto Jurisdiction one. Sam did some interesting work on how to drive adoption of SSI
… through particular scenarios, like Safety and Security, a great usecase
… for why that's a good place to leverage / bootstrap the VC ecosystem
… On the technical side, there was some work on how to use OpenID Connect for DID Auth and VC Presentation
… as the VC WG finishes and has their final doc approved, it'll become more and more the responsibility of the CCG to advance forward things like protocols that use VCs
… so, at some point, a new VC Protocol WG will be chartered
… but until then, that stuff will be shepherded in this community
… there are a lot of paper (25). None of these have the weight of standards, that's not the point,
… the point is incubation
… and it's up to the authors whether to pass it to the W3C groups
Manu Sporny: To underscore one of the items
… we had a group that was working on Legal Things (tm)
… folks with an actual law background
… both constructing their view of what we're doing (which was super helpful). But even more exciting - Katrina and Elizabeth and their team
… was there to field questions. We had 2 new features we had been talking about for a while in the DID spec, and we were finally able to consult with them on them
… for example, what keys you use to issue VCs, and what keys you use to enter into legal agreements (think DocuSign and EverSign)
… and we were able to run over to their group and ask, to put it on their radar
… that we'd really like that we would love some legal opinion on these features
… so, that's definitely one of the times we absolutely needed legal direction, and there were lawyers right there, we could ask to start thinking about this in the next couple of months
… so, that was really nice to see, this group definitely needs more than just technologists
… The other thing that was great to see - Katie Gilligan (sp?) was doing illustrations of one of the papers
… and it was fantastic to see artists get involved, having somebody create artwork based on the papers
… so, happy to see more non-tech involvement
Christopher Allen: Ok, it's 9:57 and the q is empty, so, let's call it
Moses Ma: Thanks all!
Moses Ma: Bye
Jonathan Holt: Oops
Joe Andrieu: That link there is Carlotta, the graphic facilitator
Christopher Allen: If you have more Work Items for the group you'd like us to consider, open issues
… thanks everyone