Credentials CG Telecon

Minutes for 2018-07-10

Ryan Grant is scribing.

Topic: Introductions

Kim Hamilton Duffy: On to reintroductions
Ted Thibodeau: I work for OpenLink software. active for several years. working in VC/credentials working group.
Kim Hamilton Duffy: Bulk of meeting to be about uPort proposal
Kim Hamilton Duffy: Reminders about using the queuing mechanism and strict timeboxing.

Topic: Announcements and Reminders

Kim Hamilton Duffy: Announcements:
Kim Hamilton Duffy: Summer BTCR virtual hackathon is next week. we have a zoom room and will have standup meetings MWThF, and Tu after this meeting.
... planning meeting tomorrow afternoon. invites to anyone interested.
... Helsinki MYDATA 2018 — August 29-31 Helsinki, Finland. #RebootingWebOfTrust VII — September 24-26th, Toronto. Also 27-28th DID/Verifiable Credential Hackathon (F2F). TPAC — October 23rd-26th, Lyon, France.
... IIW — October 23rd-25th, Mountain View
Kim Hamilton Duffy: Moses is organizing a conference. introduction forthcoming.
Moses Ma: Link posted. GMSI-web co-producing. share the link.
Moses Ma: Publishers want to see "traction", to test their resource allocation.
Moses Ma: Day2 is more public. more availability for speaking. email Moses for speaking options.
Moses Ma: Please support. thanks!
Samantha Mathews Chase: Where is the link for this?
Heather Vescent: Will the registration details be shared with the community?
Moses Ma: We get the entire signup list, but it will be held closely so as not to invite spam.
Heather Vescent: What's the transparency on that ownership?
Moses Ma: How about a governance group?
Heather Vescent: If our social capital is being used to build the community, then we should have a sense of ownership.
Moses Ma: Let's resolve this via a governance group
Heather Vescent: If we're co-creating this, then we should have a commons-based ownership model
Kim Hamilton Duffy: Jumping in: library of references that you're advocating looks useful to w3c-ccg as well
Moses Ma: Entire library will remain open source
Manu Sporny: I hear you Heather, and want to speak in support of Moses' efforts. it's working in concert with the multi-year efforts we've got going. we don't know of ways to build this without engaging with these business models. it's a balancing act.
Heather Vescent: It's just very inconsistent what gets funded... technology gets funded, but other things do not.
Manu Sporny: It's a good trade off.
Manu Sporny: Maybe there's a CRT that gets created that can manage that list and its best use. unfortunately, we need to make these decisions rather quickly. everyone's participation is based on their own acceptance.
Heather Vescent: It's a huge red flag. Moses is doing great work, but we need a way for people who don't fit this business model to see their work valued. i'm going to advocate for everyone in the community to get value out of the work they're putting in.
Moses Ma: Please share or blog about this virtual summit:
Kim Hamilton Duffy: Let's do further work to address these concerns. action item: <something>
ACTION: Chairs follow up on concerns about funding, recognition, contribution to commons
Manu Sporny: We're trying to get a WG charter proposal started
Manu Sporny: DID WG Charter -
Manu Sporny: W3C staff resources and members' own resource get allocated based on these charters.
Manu Sporny: The current charter is "done enough for review"
Manu Sporny: Review it. understand that we have to be "super-hyper focused"
Manu Sporny: It says that we're going to produce this document, and nothing more.
Manu Sporny: And test suite
Manu Sporny: And that's it. please read and raise issues in issue tracker.
Manu Sporny: See email for details.
Markus Sabadello: Q regarding DID resolution: would DID resolution be in scope for the WG charter? one spec or multiple?
Manu Sporny: We could add it. we need to have this conversation. it needs a spec that has been incubated. expanding the scope may risk objections. the first WG charter draft is narrowed to data model and DID spec.
Manu Sporny: If you and Dmitri can commit to the work to do the spec, then we can put it in there.
Manu Sporny: This is for community to decide.
Kim Hamilton Duffy: Let's open an issue.
ACTION: Open issue regarding DID resolution in WG charter
Manu Sporny: We do have two implementations -- Markus and Dmitri...
Christopher Allen: Reminder that we'll need a second implementation.
Dmitri Zagidulin: We have a Java and a Javascript implementation.
Kim Hamilton Duffy: DID Primer PR:
Kim Hamilton Duffy: On to the DID primer. is it ready to merge?
Andrew Hughes: Reporting progress, there were some distractions. recording regarding github repo and respec document has been posted.
Kim Hamilton Duffy: JWK crypto suite specifications.
Andrew Hughes: Will get back on the did-primer: respec format today
Kim Hamilton Duffy: Who should we assign this issue #18 to?
Dmitri Zagidulin: I'm definitely interested in participating in issue #18
Bohdan Andriyiv: Achuges (y)
Kim Hamilton Duffy: Create a spec that demonstrates how you express a JWK using a LD Cryptosuite. Create a spec that demonstrates how you express a Verifiable Credential as a JWT Implementations and test suites for those specs
Andrew Hughes: The raw recording for the tutorial session by manu on setting up a github repo and also a respec doc is here:
Christopher Allen: This is realted to uPort, so let's fold it into that.
Kim Hamilton Duffy: Last call for work items
Christian Lundkvist: One of the things that happened was that Mike Jones (JWT at MSFT) submitted some additions to secp256k1 to the JWT spec.
... did anyone else see that?
... i think that got through the IETF, but I don
Pelle Brændgaard: Yes it did
... don't know the details
Kim Hamilton Duffy: Thanks, we can look into that.
Kim Hamilton Duffy: On to work items.

Topic: uPort Ethereum DID Method

Kim Hamilton Duffy: Moving on to uport DID proposal
Pelle Brændgaard: I'm missing some mailing list context.
Christian Lundkvist: People are interested in recent changes and work on DID methods.
Pelle Brændgaard: Over the last few months, we've proposed an Ethereum contract
Pelle Brændgaard: That allows key revocation, using multiple keys, etc. we want some community to support it.
Pelle Brændgaard: The base is an Ethereum address.
Pelle Brændgaard: It also supports smart contracts (Ethereum small pieces of code)
Pelle Brændgaard: Does not support signing...
Pelle Brændgaard: You can add a signing key to it
Pelle Brændgaard: Goals were: Ethereum compatible, does identities, simple to add, edit, and resolve.
Pelle Brændgaard: This supports our did:uport method.
Christian Lundkvist: A philosophy that we've come to is that unlike previous requirements to create an (expensive) blockchain transaction, our new thinking is that the hash of a public key is the identity, so that the supporting smart contract can handle key revocations. thus to onboard, you do not need any blockchain transactions.
Christian Lundkvist: Further on in the lifecycle, you may beed to do a key revocation, and that is the point of the blockchain transaction
Markus Sabadello: I was workign with the author fo the ERC725 proposal. what is the difference between your new proposal and that one. i guess not needing to create a new smart contract to create an identity is a big one. plus <lossage>
Pelle Brændgaard: Yes, ERC725 requires posting a contract. and it doesn't rely on verifiable claims.
Pelle Brændgaard: ERC780 would allow you to make lossage claims.
Pelle Brændgaard: Service endpoints require the contract to be posted.
Manu Sporny: Having read through things at a high level, parts look familiar and parts don't.
Manu Sporny: DID spec outlines various steps to get something done. do you have a document with steps like that?
Manu Sporny: I'm also seeing a lot of JWTs and i don't know where those are used.
Pelle Brændgaard: We do have docs
Pelle Brændgaard: We can update
Pelle Brændgaard: We have a JWT library. it should be simple enough to plug into any other layer. we would encourage someone to do that.
Pelle Brændgaard: We don't have that need right now.
Christian Lundkvist: We have not crated a formal DID method spec for this.
Christian Lundkvist: It had been in flux, but we want to create the spec, to make sure we're compatible.
Christopher Allen: If i create an identity, and it's not on a blockchain, where is it?
Christopher Allen: Q2: someone has a uport id and a verifiable claim signed by another party (that is not necessarily a jwt <-- sounds like "jot")
Pelle Brændgaard: We use event logs
Pelle Brændgaard: Cheap way of storing things on the blockchain that is kept by the blockchain.
Pelle Brændgaard: There is no longer a need to go to ipfs for this.
Pelle Brændgaard: We are looking at ways of supporting more complex structured data as well
Pelle Brændgaard: But that's not finalized
Pelle Brændgaard: This will be for public users that want to post information about themselves, which we envision being for businesses.
Pelle Brændgaard: We have a javascript library.
Pelle Brændgaard: This will be good for BTCR support, and is a very simple method.
Pelle Brændgaard: Yes thats it kimhd
Christian Lundkvist: The way i see it is that the claims themselves are always stored offchain, using JWT (versus LDS) this DID method should be completely agnostic to that. you can imaging taking any form of data that references this and it should be able to be resolved (in an orthoganal manner)
Christopher Allen: Will you be at the post RWOT hackathon?
Pelle Brændgaard: We'll look at it.
Pelle Brændgaard: We can add other methods into our app as well.
Pelle Brændgaard: We're trying to bridge the various blockchains and formats.
Christian Lundkvist: We also have a plugin for Markus's universal resolver
Bohdan Andriyiv: Security of uPort DID not anchored in blockchain?
Bohdan Andriyiv: How do you resolve once anchored?
Bohdan Andriyiv: Will you be able to have the same DID as used in other blockchains? how will security of this be resolved?
Bohdan Andriyiv: Same DID on Ethereum and Bitcoin
Bohdan Andriyiv: Do users see the DIDs?
Bohdan Andriyiv: Can humans select the DIDs, and will they acquire vanity value?
Pelle Brændgaard: We do "a lookup that isn't actually really a lookup"
Pelle Brændgaard: First we check onchain for changes to the DID
Pelle Brændgaard: If there are no changes, then the (hashed) address is the public key
Pelle Brændgaard: This is the same trick that Ethereum uses for recoverable signatures -something- added height and recovery bytes.
Pelle Brændgaard: Recoverable signatures should be usable with Bitcoin as well.
Pelle Brændgaard: <Blee bloop>
Christian Lundkvist: If you anchor on two chains, that's not really supported. when you first create the identity, you need to go to a specific Ethereum contract as the refernece point, to look for updates.
Christian Lundkvist: If no updates, you generate a DID Document directly from the public key.
Christian Lundkvist: There's no way to senibly do this on multiple chains.
Christian Lundkvist: And to the later question about someone else registering your DID, it's not a security risk because to use it, you will need to be able to sign with the private key.
Markus Sabadello: When the DID document is created, will it contain public keys?
Markus Sabadello: Asking for clarification
Pelle Brændgaard: -Is back- we require an Ethereum address to resolve.
Markus Sabadello: Here's an open issue on whether to store Ethereum addresses vs public keys in DID document:
Ryan Grant: Rgrant: what languages are you asking for DID method resolver code in?
Christian Lundkvist: Our library is in Javascript.
Pelle Brændgaard: We're working on Java and Swift as well
Pelle Brændgaard: ... Incidents
Pelle Brændgaard: The first thing is to have a generic DID resolver for that language
Pelle Brændgaard: It should be in a way that makes sense for that language and platform
Eric Olszewski: Are you working on any integrations with LDAP?
Pelle Brændgaard: Short answer: no
Pelle Brændgaard: Markus I will update that PR to reflect our current format, which we came to through talks on the mailing list
Christian Lundkvist: We've had talks with MSFT about those things, but not anything that is really concrete. we have some ideas.
Manu Sporny: Are you talking about Ethereum DID method or DID in general?
Pelle Brændgaard: I will have to leave now. Thanks everyone
Eric Olszewski: In general
Manu Sporny: Very interesting.
Manu Sporny: Reach out if you want to collaborate on that
Christian Lundkvist: One of the more interesting things is connecting Kerberos to Active Directory and then using PKI capability of Kerberos to sign with your DID.
