The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2018-08-14

Chris Boscolo: Could we add a topic of switching to a more reliable audio solution for this call?
Markus Sabadello is scribing.
Cat: meow
Dan Burnett: VCWG has sent request for review
Introductions and re-introductions?
Matt stone: co-chair of VCWG, had hiatus from CCG, maybe a year

Topic: introductions and re-introductions

Alberto Elias: Hi

Topic: announcements and reminders

Alberto Elias: I am trying to connect to sip:ccg@ without success, is that the correct address?
Kim Hamilton Duffy: This Friday is Scribe training, will be scribed and recorded; join if you're interested to learn how to scribe, or view recording later
Kim Hamilton Duffy: MyData in Helsinki end of August, RWoT end of September
Heather Vescent: RWOT Tickets:
Kim Hamilton Duffy:
Kim Hamilton Duffy: TPAC in Lyon Oct 23-26, same time as IIW Oct 23-25 in Mountain View
Christopher Allen: (Note: #rwot topic papers due this month for early bird pricing)

Topic: Progress on Current Action Items

Topic: Progress on current action items

Manu Sporny: Do you or someone want to talk about multihash in action items [scribe assist by Kim Hamilton Duffy]
Dan Burnett: VCWG is producing VC data model spec. on july 20th request for review was sent, particularly groups listed in charter for liasion
Alberto Elias: I am trying to connect to sip:ccg@ without success, is that the correct address?
Kim Hamilton Duffy: Can someone assist?
Dan Burnett: Asking for one or more people from CCG to review VC data model spec, preferably people who are not yet very familiar with it
Alberto Elias: The page closes on its own
Kim Hamilton Duffy: Anything to report for current action items?

Topic: Work items

Kim Hamilton Duffy: DID engagement spreadsheet is done
Christopher Allen: Regarding the Work items; leads for all of these should let the CCG know status.
Christopher Allen: When work is done on one of those, they can be published as a W3C "report" of the CCG
Kim Hamilton Duffy: What's the current status of the DID work item?
Christopher Allen: One of the things that happened was that a team from Sovrin did a PR on the DID spec
Christopher Allen: One problem was that that was a very large PR addressing many issues, some very small, some very significant; makes it hard to review
Christopher Allen: Encourage people who make PRs to break them up into small pieces
Mike Lodder: ChristopherA are you meaning the Verifiable Credentials PR?
ACTION: review Sovrin's PR
Kim Hamilton Duffy: Should take time for Sovrin team to explain reasons for the PR
Markus Sabadello: It's on the VC spec not DID spec [scribe assist by Kim Hamilton Duffy]
I believe ChristopherA was referring to this PR:

Topic: Jolocom

Mike Lodder: But there are multiple PRs for the DID spec that have sat there for a few weeks including one of mine
(Trying to fix Eugeniu Rusu's connection problems)
Will try now. Sorry for the spam in the chat.
Kim Hamilton Duffy: Alberto are you on the line?
Mike Lodder: There are multiple PRs on the DID spec, put in requests for reviews, waiting for those reviews
Mike Lodder: What is the best way to push those forward?
Kim Hamilton Duffy: If you're tagged as reviewer, please review; if you don't have time, ask someone else to review in your stead. We can also remind people on the list.
Mike Lodder: Should i send emails to the list, or comment on Github
Kim Hamilton Duffy: If you get no reaction on Github, feel free to get broader participation by sending to the list
Christopher Allen: If it lags too long, do a CG action item, as it will be brought up each week
Lucas Parker: Yep
Kim Hamilton Duffy: Alberto will talk about Coconut, a threshold issuance selective disclosure scheme
Alberto Elias: Are people familiar with Coconut? should we start with general introduction?
Kim Hamilton Duffy: People are familiar with the concept of selective disclosure, but let's do intro do Coconut
Alberto Elias: Anonymous credentials: Blindness means user goes to authorities, provide blinded attributes on which they would like to have credential on
Alberto Elias: Authority would operate on the blinded attribute, would learn only what the user would like to reveal
Alberto Elias: 2Nd aspect of Anoncreds: Linkability
Alberto Elias: When you show credentials, or statement based on it, you can do it in a way that makes it not possible to link multiple showings
Alberto Elias: Novelty of Coconut: Not just one single issuer, but threshold number of authorities
Alberto Elias: Get credential from multiple authorities, then locally consolidate to single credential
Alberto Elias: Authorities don't need to communicate with each other when issuing
Alberto Elias: Big difference with other scheme is this threshold number of authorities without communicating
Alberto Elias: Efficiency properties: Credentials are short, and they don't increase with number of attributes, or with number of authorities
Alberto Elias: Size = only 2 elliptic curve points
Alberto Elias: Coconut is built on top of [?]
Alberto Elias: Pointcheval and Sanders and BLS Signatures
Alberto Elias: If you have a single issuance authority, it could be malicious. Support for threshold authorites addresses this problem.
Mike Lodder: @Alberto can this be used with any ledger/blockchain?
Alberto Elias: Imagine a permissioned system, every node on the system can be one of the Coconut authorities.
Alberto Elias: Applications enabled by Coconut. Example 1: E-Petitions
Alberto Elias: E.g. many regions in a country can be an authority. Citizen gets credentials from that authority, locally aggregates it, and uses it with a smart contract to sign petition.
Alberto Elias: Smart contract verifies the credential and allows the petition to be signed.
Alberto Elias: Example application 2: Privacy [?]
Alberto Elias: Pay coins, get credential in exchange for payment.
Alberto Elias: Implemented and tested by EU project Decode.
Alberto Elias: Verification time is very competitive with other credential types.
Christopher Allen: Very important to talk about this tech. We make assumptions that while we like decentrized technology, we often issue centrally.
Christopher Allen: With this, issuance can be done in a group. Could have impact on what we're working on.
Christopher Allen: Would love to see this team comment on the Data Minimization work item.
Christopher Allen: Got some comments from CL signature community, would like to get more feedback.
Christopher Allen:
Christopher Allen: This can have consequences for VC data model, JSON-LD canonicalization, signature schemes.
Christopher Allen: This is pairing crypto? Are you using any other special cryptography requirements?
Alberto Elias: We need pairings.
Alberto Elias: This is a "pairing-friendly" curve, nothins special.
Kim Hamilton Duffy: In the pilot program, I was curious are the selective presentations being used in practice? What sort of tooling exists for this?
Christopher Allen: (This presentation is also interesting in combination with last week's "Proof of Personhood")
Kim Hamilton Duffy: How will receipients end up using this? Mobile wallet? What does the interaction look like? What challenges do you have in the pilot?
Alberto Elias: Decode project works with city council of Barcelona, they are implementing an E-Petition platform. There will be a JavaScript open-source implementation.
Alberto Elias: There will be a JS client, app, possibly a browser. Backend (authority signing) will also be in JS.
Alberto Elias: Will proably be published in Decode repo.
Chris Webber: Seems like you thought a lot about workflows. Gov may issue prescription drugs?
Alberto Elias: If you want to give doctor ability to sign prescription, then the doctor is the issuer.
Chris Webber: What are your thoughts related to government use of this? E.g. gov issues right to issue prescriptions. Do you have a mechanism for revocation?
Alberto Elias: Every doctor would act as a single authority, there is no need for group authority.
Alberto Elias: You can include expiration date in credentials.
(Jolocom still having trouble connecting)
Joe Andrieu: Prescription shopping
Kim Hamilton Duffy: Patient may try to get prescriptions from multiple doctors.
Alberto Elias: Not sure if this is a use case for group authority.
Chris Webber: That's the idea, but it also seems that there's also the credential for the doctor itself to issue a prescription
Alberto Elias: This is about unlinkability in the issuance process.
Chris Webber: And what if the doctor is abusing that power
Chris Webber: It's not important, was just curious
Chris Webber: Have thought about a workflows where one issuer is malicious
Chris Webber: Have you thought about a workflow where one issuer is malicious
Alberto Elias: Will think about it and get back to you
Mike Lodder: At Sovrin we've been experimenting with something like this.
Mike Lodder: You said this will work with any pairing-friendly curve?
Alberto Elias: Pairing type 3
Mike Lodder: License is BSD3, could this be changed to Apache2 so we could use it?
Alberto Elias: Absolutely, can change it right away
Mike Lodder: When you do the blind signature, do you do 2-party computation?
Alberto Elias: No, this would imply communication between authorities. We only do communication between authorities during issuance of keys, but not later during issuance process.
Christopher Allen: We invite you (Alberto) to join this group as a member.
Christopher Allen: Let's explore how proof-of-personhood could be combined with this.
Adrian Gropper: What is Alberto's email?
Christopher Allen: E.g. proof-of-personhood could be very relevant for e-petitions in the Barcelona project.
Christopher Allen: Would be good to discuss at RWoT
Chris_boscolo: For blockchain integration, what does this require?
Joe Andrieu: Note to all: next week, we'll be reviewing the submitted use cases we haven't yet taken time for. If you have a use case you'd like considered, please share with the group by email.
Alberto Elias: Each blockchain node would be a Coconut authority.
Alberto Elias: This can also work with a sharded system.
Christopher Allen: (It sounds like they are doing sybil resistance by using a permissioned blockchain — is that true? There may be other ways.)
Alberto Elias: With permissionless system, this is harder. Each time the number of nodes changes, you would have to re-generate keys.
Adrian Gropper: Can you apply the e-petition architecture to a reputation system?
Alberto Elias: This sounds like a valid use case, we may be able to apply these credentials to reputation. Not sure if this is covered in literature.
Christopher Allen: (How to do an anonymous reputation system that is sybil resistant is a big use case)
Kim Hamilton Duffy: Drabiv
Bohdan Andriyiv: Is this applicable only to blockchain? Why would authorities in the real world need to agree on what they issue?
Alberto Elias: Yes this uses zero-knowledge proofs.
Alberto Elias: Partial credential has the same structure as full credential. This also works in cases where there is only one authority. This is not limited to blockchain.
Christopher Allen: Thank you!
Joe Andrieu: Cheers!