The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2019-05-14

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2019May/0037.html
Topics
  1. Introductions and Reintroductions
  2. Announcements & Reminders
  3. Action Items
  4. Decentralized Identifier Rubrics
Organizer
Christopher Allen, Joe Andrieu, Kim Hamilton Duffy
Scribe
Ryan Grant
Present
Joe Andrieu, Yancy Ribbens, Lucas Parker, Brent Zundel, Bill Barnhill, Ted Thibodeau, Kim Hamilton Duffy, Markus Sabadello, Ryan Grant, Manu Sporny, Kaliya Young, Ganesh Annan, Moses Ma, Jeff Orgel, Dmitri Zagidulin, Samantha Mathews Chase, Jonathan Holt, Ken Ebert
Audio Log
Kim Hamilton Duffy: I think a lot of people are at blockchain week
Kim Hamilton Duffy: Or the other ID thing
Joe Andrieu: Introductions [scribe assist by Ryan Grant]
Bill Barnhill: Bill ... DoD .. autonomous agents ... standards bodies (?which) ...started a company in identity standards ... now with a new employer and getting back into standards development [scribe assist by Ryan Grant]
Ryan Grant is scribing.

Topic: Introductions and Reintroductions

Bill Barnhill
... has created software for over 25 years, 18 of them with the U.S. Department of Defense.
... primarily designs and develops solutions in the areas of messaging, semantic technologies, and autonomous agents
... served as OASIS Technical Advisory Board member for two terms
... served as co-chair of the XDI technical committee
... started developing Communitivity ten years ago, a company whose mission was to enable high-communitivity digital communities via sofware and standards in the areas of vendor relationship management, distributed ledgers, and distributed autonomous organizations. We saw Community as a verb, and Communitivity as how much an individual or organization is doing Community. Unfortunately the effort had to be shelved due to employment requirements by my employer at that time.
Joachim Lohkahp ... from Berlin, getting involved
Bill Barnhill: Waves to Markus, Manu, and Kaliya..familiar names from my time with XDI!
Joe Andrieu: Reintroductions?
Moses Ma: Future Labs Consulting ... cheerleaders for DID space ... writing up a proposal for Universal Postal Union ... 180 post offices and 600k retail postal offices ... apologies for not volunteering as a scribe due to typing skillz

Topic: Announcements & Reminders

Kim Hamilton Duffy: Reminder that we're posting future meetings on the announcements page: https://w3c-ccg.github.io/announcements/
Joe Andrieu: Dedicated DID calls on Thursdays. #RebootingWebOfTrust IX Prague — September 3-6th. 5/28 - Updated CCG Process.
Kim Hamilton Duffy: Let us know if you have proposals for next week. we are trying to announce meeting agendas as far as possible in advance

Topic: Action Items

Kim Hamilton Duffy: Lots of support for OpenPGP suite. making it an informal work item.
Kim Hamilton Duffy: Finding no objections, moving forward with that.
Kim Hamilton Duffy: DID WG charter had some editorial-in-nature issues
Kim Hamilton Duffy: See email, but also see this #66
Kim Hamilton Duffy: Send feedback to github thread or mailing list.
Kim Hamilton Duffy: Still working though survey items from last week
Kim Hamilton Duffy: Regarding Discuss knowledge transfer / onboarding opportunities, we could use help corralling various charter issues floating around. Kim can help anyone interested getting up to speed.
Kim Hamilton Duffy: Sure, sounds good
Joe Andrieu: Not sure if informal work item appropriate on that one.
Joe Andrieu: We'll discuss that
Joe Andrieu: DID spec meeting report
Joe Andrieu: Paging markus_sabadello
Kim Hamilton Duffy: Reminder to reach out to me if you want to be mentored on DID WG Charter issue shepherding. It's a good way to get involved, and doesn't require technical knowledge (just writing!)

Topic: Decentralized Identifier Rubrics

Joe Andrieu: Rubrics: idea of a decentralized DID method. Do we have a position on whether centralization disqualifies a DID method? The idea of a set of rubrics was discussed. Rubric means a way of evaluating.
"A guide listing specific criteria for grading or scoring academic papers, projects, or tests"
Joe Andrieu: Am I missing something that should be added to (all?) DID method specs?
Joe Andrieu: (Via the document) The following rubrics are to be applied to specific DID Methods to evaluate how well they support different goals of decentralization.
Joe Andrieu: Using two different styles: pick the best, and list of questions.
Joe Andrieu: IIW results for deciding blockchain permissions were that this depends on governance aspect.
Joe Andrieu: For instance, section 1.1 describes a spectrum of openness.
Joe Andrieu: Section 2. Financial accountability descibes another spectrum.
Joe Andrieu: Section 3. Code Base. Are there other obvious major sections to consider?
Joe Andrieu: 4. Interoperability
Manu Sporny: Are you looking for input right now
Manu Sporny: What's the definition of a wallet?
Manu Sporny: The ecosystem, at scale, has various components that each may interoperate or not. Something to keep in mind.
Manu Sporny: One approach may be to address the interoperability of each key component in the ecosystem.
Joe Andrieu: To acknowledge that, it's hard. We don't have any methods that are multi-registry.
Chrisboscolo: Can you expand on registry methods?
Joe Andrieu: Your method may reside on Bitcoin and Ethereum at the same time, or alternatively on either. My DID could be registered on two chains.
Q from Ken: are you considering agents differently?
Bill Barnhill: I’d imagine an autonomous agent to be a combination of one or more of resolver, wallet, and personal registry
Joe Andrieu: I'm open to suggestions that we should break that down
Joe Andrieu: What is a wallet?
Moses Ma: Agents are autonomous, so they need to be verified by a claim from the user, right?
Joe Andrieu: So we need to note what a wallet is.
Joe Andrieu: You saw wallet as storage, as opposed to the interaction part.
Joe Andrieu: And the wallet is not conceptualized as something doing things on behalf of the user, although it could.
Samantha Mathews Chase: We don't yet have a credential (such as a Veres One) that fits in a competitor wallet (such as Sovrin).
Moses Ma: I wrote this for the ACM 20 years ago about autonomous agents: https://dl.acm.org/citation.cfm?id=295708
Joe Andrieu: What we're missing is that some methods do have restrictions about credentials.
Joe Andrieu: And that does lead to questions about how interoperable they are.
Bill Barnhill: Mean to lurk, but regarding autonomous agents, an agent using DIDs would contain resolvers, wallet, and "personal registry".
Bill Barnhill: Let's say I have contacts that I know as "Bob". My personal registry would map that to a DID.
Joe Andrieu: Several papers from RWOT have addressed this. Look for "local names".
Jonathan Holt: +1 To Keymaster
Joe Andrieu: 5.0.4. Do DID Controllers have cryptographically provable control over DID Documents?
Moses Ma: +1 To Keymaster, also can't we call something a Multipass? https://www.youtube.com/watch?v=9jWGbvemTag
Manu Sporny: Didn't see forking. "Does the DID mechanism prevent forking?"
Manu Sporny: Taking a key method that exists. You could be susceptible to forking.
Joe Andrieu: See 13.02
Joe Andrieu: 13.0.2. Is the method resilient against registry forks?
Joe Andrieu: I'm not sure what it means to be resilient against a fork. There are small and big forks.
Joe Andrieu: 6. Fiduciary Commitments
Joe Andrieu: The fiduciary agent has a dusty to put the interests of the principle above their own interests.
Joe Andrieu: I don't know anyone who's doing this. But I would like to see it.
Manu Sporny: Examples please
Joe Andrieu: A patent attorney has a responsibility to not steal my patent. These are beyond contract law.
Manu Sporny: I get it as a matter of principle. What could a node or a wallet provider do?
Manu Sporny: Would money be on the line?
Joe Andrieu: How you monitor and enforce the responsibility is a little different.
Jonathan Holt: Would lose their professional license as in medicine
Scribe error, previous was JoeAndrieu
Ryan Grant: No scribe error
Moses Ma: It might be that a "power of attorney" claim may include a fiduciary requirement, but this needs to be included via smart contract that has automated penalties, right?
Moses Ma: Ie, Proof of Stake in fiduciary relationship, haha.
... May be a useful characteristic of DIDs.
Bill Barnhill: Cornell has a good page about fiduciary responsibility, breaking it down into individual duties: https://www.law.cornell.edu/wex/fiduciary_duty
Joe Andrieu: The rubrics are a part of how we can capture the things we are really looking for, when we say "decentralizaed". And I think the things we are really looking for is whether we can trust this system. So a fiduciary obligation helps the agent invest in taking care of the obligation.
Manu Sporny: I agree that this is something interesting that needs to be explored more... agree with kimhd that it's a difficult fit for DID Rubrics.
Jonathan Holt: As a physician your medical license is on the line, and you use documentation and an audit trail.
Manu Sporny: I like that description by jonathan_holt - it grounds the discussion
Error: (IRC nickname 'justin_r' not recognized)[2019-05-14T16:47:15.055Z] <Justin_R> From the OIDF HEART working group: http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?modeAsFormat=html/ascii&url=https://bitbucket.org/openid/heart/raw/master/openid-heart-fhir-oauth2.xml#rfc.section.4
If they have access to your private key, "would be a dilemma".
Manu Sporny: That's my only concern, is that it wasn't grounded in a way that I could understand wrt. DID Methods.
Joe Andrieu: The point of this is that we are not 100% aligned. Let's get everything on the table to look for a subset to agree on.
Kim Hamilton Duffy: +1 Great work Joe and those who contributed
Markus Sabadello: This looks like great work and I'm grateful to the chairs for bringing it to this point.
Joe Andrieu: *Nod* to passionate comments.
Markus Sabadello: Apologies for strong comments
Markus Sabadello: A few weeks ago, it seemed like anything could be a DID method. the fake FB page helped trigger a lot of thinking on the subject.
Manu Sporny: +1 Great work all around... I think we have a better mechanism to think about the topic of "decentralization".
Markus Sabadello: This still should affect the charter
Markus Sabadello: Soemtimes we don't want to say anything ideological, but the topic is inherently ideological. This set of rubrics helps clarify what it is we're talking about.
Joe Andrieu: 7. Reliable Recovery
Joe Andrieu: 8. Substitutability
Joe Andrieu: 9. Revocation
Joe Andrieu: 10. Resolution
Joe Andrieu: 11. Costs
Joe Andrieu: 12. Censorship Resistance
Joe Andrieu: 13. Uncategorized
Joe Andrieu: Email directly. over to Manu
Manu Sporny: Thanks to JoeAndrieu and everyone at IIW. This was started from pull requests on the DID spec. Pull #179.
Manu Sporny: I'm trying to come up with something concrete to make a decision on this pull request.
Manu Sporny: Proposal: make a link to the Google Doc.
Manu Sporny: To decide what a good DID method is, look at this document.
Manu Sporny: Would anyone object to pulling in the DID:web and DID:FB methods? Or does someone want to make a new pull request?
Manu Sporny: Thoughts?
Manu Sporny: Doesn't think there would be objections to a pointer to Rubrics doc in the spec.
Manu Sporny: Checking with group... ?
Joe Andrieu: If we're going to cite it, then it should be an output of the group.
Kim Hamilton Duffy: I was hearing Manu saying that pulling in #197 brings in those examples. Is that correct?
Manu Sporny: Yes.
Manu Sporny: ^^^ That's the change.
Manu Sporny: We're going to come out with a rubric-based clear description of what a "good DID method" is, to counteract term dilution.
Manu Sporny: Before it used to say specific things about "independent of a centralized registry" (and other things).
Manu Sporny: We are loosening the requirement a bit.
Moses Ma: +1 Joe for rubric initiative, bye everyone, have a good week
Manu Sporny: If we did that change and also add the rubrics to explain the group's intent, then that would be <Manu's easing of #179>
Kim Hamilton Duffy: Brilliant work and leadership Joe!
Joe Andrieu: Thanks everyone!