The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2019-08-20

Bill Barnhill: I’ll volunteer as scribe.
Bill Barnhill: Only done it once before, so may need pointers/corrections
William Claxton: Voip 877 is wmclaxton
William Claxton: Me hooray!
Heather Vescent: Fantastic! Congrats!!
Bill Barnhill: * I think it’s topic
Bill Barnhill: Trackbot, start telcon
Bill Barnhill: I’ll volunteer to be scribe
Bill Barnhill is scribing.
Manu Sporny: Welcome wmclaxton ... looking forward to seeing you at RWoT! :)

Topic: Introductions and Reintroductions

William Claxton: Bill Claxton, I’m an American living in Singapore. My company has developed an application using Verifiable Credentials. I’ll be at RWOT in Prague, and looking forward to meeting people there.
Dmitri Zagidulin: I’m Dmitri, currently working with Digital Bazaar. I’m an implementer of some resolver databases. My background is in secure data hubs and agents, getting everyone to interoperate, and distributed data bases. Example: SOLID.

Topic: Announcements and Reminders

Markus Sabadello: We had a call last week. Probably not have a call for task force during RWOT week, on the 5th.
Christopher Allen: <
Christopher Allen:
Manu Sporny: More information about Activity Pub Conference:
Manu Sporny: (Speakers, topics, etc.)
Christopher Allen: So sounds like we will cancel the call for the 5th. There will be a digitial identity meetup prior to RWOT, with a train ride to Prague. RWOT is happening Sept. 5th, The weekend after RWOT is the R2 Hackathon/Conference on ActivityPub, the W3C standard that Mastodon and some other distributed twitter clients use. Some work is planned that will move forward with moving these from distributed to decentralized. There is another group meetin[CUT]
Meeting after, the HoloChain community is having a hackathon in the same space RWOT is. HoloChain is very interested in digital identity.
Christopher Allen:
Joe Andrieu: Fukuoka
Christopher Allen: Also, TPAC will be in Fukuoka, Japan will be happening Sept 16-20th. MyData will be 25th -27th.
Kim Hamilton Duffy: We keep the announcements updated here as well:
Christopher Allen: We use the GitHub repository issues for tracking action items. We’re going to skip over them for now in the interest of time.
Heather Vescent: Can you post a link for the public comment?
Manu Sporny: Last week there was a link in the minutes for Wayoo (sp?) requesting public feedback.

Topic: Decentralized Topics at #RWOT9

Manu Sporny: Vote closes on group creation at end of the month, and then W3C will make determination if there is enough interest to form the group.
Manu Sporny: DID WG Charter -- W3C Member Confidential (yes, I know, not the link this group wants, but tell W3C AC Reps to go there and vote):
Manu Sporny: CCG folks -- if you are a company that is not a W3C Member... please send in public support for the DID WG here -- you can click "respond to this message" below --
ChistopherA: RWOT is a snapshot of what people are interested in within the Digital Identity space. Many papers submitted this year. Thought to give a little time today to think about this in aggregate. Are there papers members of this community want to point to? Are we missing things? What is missing from this topic list.
Christopher Allen: One missing topic is incentivizing involvement via side-chanel, not on block chain.
Manu Sporny: Data Hub stuff will be a big topic this time. Wondering about some of the other stuff, like VC stuff, DID stuff. Of the people that are going what are you hoping to see happening at RWOT, maybe at ActivityPub conference? Interested in seeing what’s happening.
Bill Barnhill: The link that was posted was that for non-members? [scribe assist by Manu Sporny]
Manu Sporny: Yes [scribe assist by Manu Sporny]
Bill Barnhill: Clarifying public support is open to non members?
Manu Sporny: Yes, click the link above and anyone can send in public support.
Kim Hamilton Duffy: Some of the "things I'd like to see happen" are covered in the BTCR report out
Kim Hamilton Duffy: So I'll save until then
Manu Sporny: +1 To authentication protocols...
Dmitri Zagidulin: Now that we have the data model the focus is shifting to how do we do authentication protocols with VCs and DIDs.
Jonathan Holt: Topic on my mind is the other work coming out of Hyperledger Aries. I think we need to have a thing for authentication and exchanging.
Christopher Allen: I’ve been working on some new wallet proposals for AirGap specification. We found really good results using QR codes that animate about 1-2 seconds per animation. Good results with camera with small size and display. Right now there is now official standard for how to rotate/animate QR codes. Maybe something like that is in our interest as well.
Dave Longley: I wanted to mention we are working on a emerging standard for animated QR codes and efficient transmission of same, called QRAM. We are interested in collaboration on that, and have working code already.
Dave Longley: QRAM: QR Animation Method
Manu Sporny: So many things that I want to participate in! :)
Kim Hamilton Duffy: We may have a couple of people from the Decentralized Identity Foundation. There is a interop effort going on there proving interop with BTCR wallets and credentials and other things like credential exchange protocols. If anyone is interested in working on those kind of prototypes while at rebooting I’d be interested as well.
Manu Sporny: So little time... :(
Kaliya Young: +Q
Manu Sporny: +1 To Kaliya "what's the landscape and what's the plan to get interop between different systems"
Kaliya Young: I wanted to speak to what I was hoping to get out of RWOT. A much better understanding of the agent, wallet, hub landscape. Also, a plan in the coming six months for how we get interoperability with these things. Also, I have a kids digital identity project, and am interested to see if anyone else at RWOT is focused on kid’s SSI.
Dmitri Zagidulin: So SOLID community is definitely becoming aware of this community’s work and the wider identity community. The SOLID manager attended the last RWOT and will be attending this RWOT. SOLID has started an outreach WG, including an invite to RWOT, ARIES, Secure Data Hubs, VC and DIDs.
Markus Sabadello: One of the RWoT topic papers is about Solid + VCs:
Christopher Allen: I noticed there were 8 or 9 papers for RWOT on Web of Trust, which is more Peer to Peer. I hope we can have more experimentation there. I ran into one of our members, and their implementation did not allow for peers. There was not the original intent, which I thought we were really clear on, that anyone can have any of the roles. Everybody ought to be an issuer or a peer. They may not be central to some of the business models, but I’d [CUT]
See that there.
Christopher Allen: IPFS is another community I’m concerned is underrepresented around the storage.
Dmitri Zagidulin: There are a number of other storage related blockchain efforts: FileCoin, KeepBase, others. There are other fragmented communities out there that are doing decentralized storage.
Christopher Allen: Hopefully we can eliminate future difficulties as we grow the broader agenda.
Dmitri Zagidulin: The one I mentioned was MaidSAFE / SAFE network -
Kaliya Young: +Q
Manu Sporny: Two communities we haven’t mentioned are the secure scuttlebutt community, and the DAT community. We spoke with DAT a while ago and it didn’t really go anywhere. We haven’t had a conversation with the secure scuttlebut community. We could invite them to meet at RWOT, perhaps. Is there any folks that went to DWEB that think we should be talking and maybe should?
Kaliya Young: I met the secure scuttlebut folks at DWEB. They were subject to a very hard sell, and were turned off. I managed to turn that around I think. Avoiding a hard sell should be something we keep in mind, and approaching other communities with sensitivity.
Christopher Allen: I know one person from Barcelona, and I’ll reach out to him about secure scuttlebut.
Heather Vescent: +1 To having a conscious strategy to engage these other groups.
Manu Sporny: WRT these other communities, it should not be ‘join us, use what we have’ but rather ‘Let’s see what we can do together’.
Kaliya Young: +1
Kaliya Young: +Q
Manu Sporny: The idea is that we spend more time listening in these other communities than about what we can bring into the mix. As we try to reach into those communities maybe we can do something that looks more like a field trip, rather than inviting them to come to us.
Christopher Allen: I was at a meeting recently and a DID member said RWOT was a W3C thing. I think they got that because there are a number of W3C people there, but RWOT is not a Standards Organization. There are many things there that shouldn’t go into W3C, and many that should. I like the phrase field trips to other communities.
Kaliya Young: There is a difference, my perception is much of the work is how do you support people getting on planes with all the decentralized credentials you need. That is a different use case than Scuttlebutt or Wireline. So what do wallets look like for a fully decentralized network.
Kim Hamilton Duffy: +1 To Kaliya's point
Manu Sporny: BGP (Border Gateway Protocol) is protocol that manages how packets are routed across the internet through the exchange of routing and reachability information between edge routers.
Kaliya Young: I think this would be a great question to answer at RWoT - who has an easy to implement wallet for these decentralized networks. I am on contract with - the are open to implementing but I'm not clear what they should pick up and use. The same wallets could/should be used for Holochain and Scuttlebut and others.
Christopher Allen: BGP, Border Gateway Protocol, central to networking. Current standards are not being adopted because networks are peers and they don’t want a centralized authority defining that a peer must do, so I am reaching out to them and showing them interesting cryptographic approaches that might solve their problem. Wondering how many communities are out there that want this but don’t know they want it.
Christopher Allen: What kinds of things do we want to bring into the W3C? Not everything needs a 4 year process to become a W3C standard. Where is it appropriate for a 2 year CCG document or a 4 year WG document.
Jonathan Holt: For an Apple developer when you submit your cryptographic library you actually have to register. So its more of a struggle to get acceptance, and that might be a major barrier to adoption.
Kaliya Young: Someone of the companies who actually are rumored to be working with Apple should get them more publicly involved in this community conversation - they are "here" we just can't see them.
Jonathan Holt: The new cryptoKit ed25519 is supported.
Christopher Allen: So I agree. A lot of groups rely on the IETF. Ed25519 which was a struggle. Nothing that used SECP is allowed for use in a standard in IETF. How do we get over problems like that, where a big company says it has to be a government standard algorithm, and can we help?
Christopher Allen: Here is a talk I did at IIDS (see link), on SECP.
Dave Longley: ED25519 will be in the next FIPs standard that comes out.
Christopher Allen: In multisig situations there are interesting situations with multi-sig curves, there are other libraries such as Liberetto. We should be aware that ED25519 has its limitations.

Topic: BTCR hackathon

Kim Hamilton Duffy: See above for the final report, with more information on what we were trying to solve. I’ll talk about the accomplishments and then talk about the struggles we see. As usual we do clarifications of expected behavior. We noticed we weren’t granting verified credential signing as a default capability. Also BIP 136 allowed ambiguous forms we didn’t want to allow in BTCR. So we made sure we documented such expectations.
Dave Longley: We had a method, and we eliminated a special case..using one method over another other.
Kim Hamilton Duffy: Electron demo of a BTCR wallet was updated.
Kim Hamilton Duffy: A BTCR GoLang service running on Linode was worked on, and the steps documented.
Kim Hamilton Duffy: We consolidated the BTCR references and we now have a single place for that. Also, the BTCR DID method is being used in the DID Foundation Hackathon. See link.
Christopher Allen: We did take some of the observations about satoshi audit trail to the last DID task force meeting last Thursday - see transcript there.
Kim Hamilton Duffy: Joe added a BTCR tutorial on Saturn, inspired by Jimmy Song’s Bitcoin tutorials. We found we were having problems with basic claims (e.g., I know this person and vouch their DID is this). We found it was more of a struggle to do basic things that we expected. Also, what belongs to DID Metadata and what belongs to DID Resolution Metadata. That’s still an open issue. Naming - we need to be more concise in our naming. There’s also a lot of va[CUT]
Having a server-side service rather than a client side thing users have to stand up. Those are the highlights that will follow up on after RWOT.
Joe Andrieu: Also, The Satoshi Audit tral topic had some good discussions has week. I encourage people that as they are thinking about using the proofs that your blockchain represent that some of that architecture doesnt go into the DID Document but into something different.
Christopher Allen: We will be meeting next week, but not on Sep3 due to RWOT.