The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2020-08-04

Justin Richer: Indeed it is [scribe assist by Wayne Chang]
Joe Andrieu is scribing.

Topic: Introductions and Reintroductions

Kim Hamilton Duffy: Ed_Eykholt irespond global (?)
Ed Eykholt: I'm with XXX service provider. We have a birth attestation project that will be generating identifiers & QR codes for credentials
Ed Eykholt: Yes, I'm with iRespond Global, a biometric service provider
I'll be happy to re-introduce - John Callahan Veridium CTO
Christopher Allen: Good morning. Last time I talked with you, I was a co-chair. Moving from an administrative talker to a doer.
... With Blockchain Commons
... Trying to create a basis under Wyoming law "what is identity" that is able to express SSI principles
... Also trustless, self-sovereign identity solutions
Kaliya Young: Wondering are you actually working with actual lawyers in the community? like Elizabeth R.
... BTCR was our baseline, but that hasn't kept up with BTC innovations, so we are puzzling through how to leverage that
... along with peer-to-peer and newer bitcoin techniques (meaning lightning and its kind)
... Putting head down to coding and working with coders. Blockchain Commons
John_Callahan: I got by Jack, CTO of XXX. We have a new CEO, who has recommited us to self-sovereign identity

Topic: Announcements & Reminders

Dan Burnett: +1 Jack yay for commitment to SSI
S/CTO of XXX/CTO of Veridium/
Kaliya Young: IIW is only 11 weeks away :)
Kim Hamilton Duffy: Identiverse is happening
... weekly calls such as the one we're on now
... plus two others
... Credentials for Education every other Monday
Orie Steele: Can't wait for IIW, highly recommend
... I run that group; email for an invite and you'll get the updates
... also DID Resolution, weekly on Monday 1PM PDT / 4 PM EDT
... lastly, the secure data storage callson Thursday
Kaliya Young: - registration has opened up for early bird registration October 20-22.
... jointly run with DIF 1 pm PDT / 4 pm EDT
... Adjustment to agenda. Manu will be doing a "nontechnical" introduction to CBOR. Then we'll be doing a jitsi meeting.
... Prior to that, we'll do a presentation on election integrity after action items and work items
... every week, chairs review the action items and try to see how we can help, remove blockers, etc.

Topic: Progress on Action Items

... two issues today
... Issue 97 is about hosting schemas
... For both 97 and 88 the conversation kind of snaked around a little bit
... the main lurking issue seems to be uncertainty for developers as they get exposed to JSON-LD
... Questions about how to construct contexts and where to host them
... Orie proposed a way forward: to ensure that editors of any CCG specs with JSON-LD are listed as contacts so when people have JSON-LD issues, there is a list to ask for help
... Without a focused working group, it's not clear how best to make progress, but listing contacts seems like a good start
Manu Sporny: +1 To the approach Orie is mentioning.
Orie Steele: We don't have lots of time, so let's do something simple
Kim Hamilton Duffy: The idea of designating some editors... this is something the chairs can take on to figure out where such information should go
... the only issue is whether or not there are strong objections. If you are an editor and don't want to be contacted, let us know. However, the better option is better documentations
Jonahtan_holt: I would welcome external experts to review. There are schemas in from inventing new things, or naming things that don't exist
Kim Hamilton Duffy: That's a good idea. Can you provide some links?
... Since these aren't formal work items (they are issues). We can just close these out with these resolutions.
... updating issue 97 now
... feel free to add comments
Kim Hamilton Duffy: Security vocab needs >1 codeowner
... There were a few work items that got grandfathered in, but they are missing code owners
Manu Sporny: +1 To Orie (Transmute) or Tobias (Mattr) being the other code owners for all security-related things that don't have two owners already.
... and only have one owner, which is not current process.
... so we'd like to get that fixed to current process
... Orie had proposed himself and Tobias
Manu Sporny: +1 To that proposal (Orie & Tobias)
Kim Hamilton Duffy: Ok, this should be closable once we get that noted
... next up, Heather to present
Heather Vescent: Deep Fakes, Digital Identity & Democracy (aka Hacking US elections using Maskirovka)

Topic: Deep Fakes, Digital Identity & Democracy (aka Hacking US elections using Maskirovka)

Heather Vescent: Please let me know if you can't access that presentation (it's a PDF)
... It might seem a bit random to present this information, but there are reasons I think it is important
... What you should be doing is just sit back and take it all in
... Many thanks to Anil John.
... He asked my team to look into securing election data
... Separatly an area of interest (for decades) has been misinformation
Heather Vescent: Maskirovka
... Maskarovka
... goes into some more detail
... My experience with crafting narratives comes from my art and culture jamming in the late 90s
... I organized a bunch of culture jamming that challenged peoples views of what reality is
... not necessarily lie, but challenge thinking
... on of the "pranks" that we would do would be protesting
... the group would split into two subgroups: one for and one against, to show the absurdity of the topic at hand
... That's my background and interest
... I've started to learn about the military use
... There is a currently a country really good at it and we are under attack. And that is Russia. That is Maskarovka
... This is not just a technical problem, it's a social problem
... That is why I think this presentation will be interesting
... Illinois Voter Data Hack (details in slide deck)
... This was Russian hackers.
... They didn't just hack Illinois. They targeted all 50 states.
... As a result, $14 million was spent improving the system
... but the fixes didn't make the news, rather the hack is seen as evidence our elections are out of control
... Identity in Elections (details in slide deck)
Juan Caballero: ^Direct link
... Based on polling place, you get different ballots. So we need to track personal information to support that
... Front End and Back End requirements for data use
... your name, personal information, can be bought and campaigns can use those for reaching voters (through voter files)
... Attack Surfaces (details in slide deck)
... Technical + Social attacks
... Technical attacks (chart in slide deck)
... You are probably already thinking about how technology can address technology attack surfaces
... the point of the report was not to use DIDs to solve these problems, but rather "these are the problems. this is the context"
... Technical attacks can lead to social attacks (chart in the slide deck)
... Familiarity with voting systems is important
... With dozens of different ballots, this can become a problem
... This is one reason vote-by-mail can be so useful: it gives people time to become familiar with the mechanism before finalizing voting decisions
... Social fears about election resulted in increasing technical security, but this doesn't directly shift public perception of election validity
... There is a lot of sabotage going on
... Earlier this year, I wrote a book on espionage
... During WWII both US and Britain had the SOC and OSS, both of which were created to sabotage the Nazis in Europe
... I had imagined that didn't happen any more. But in fact, I was able to learn to recognize contemporary sabotage all around
... "Sorry, it's going to take 2 hours to vote because we only have one voting machine"
... These are the ways our election system is vulnerable
... the primary attack here is social, not technical
... Maskirovka: to camouflage the truth (details in slide deck)
... While I'm talking about this in terms of Russia, both China and the US do this as well
... in 2020 we have unlocked "entrepreneur mode"
... there is no directions from the Kremlin, but rather lots of activities that may or may not have govt. involvement
Kim Hamilton Duffy: I'd be interested in having Heather come back to do the rest on a future call
... more like startups looking for VC funding
Orie Steele: Report On The Investigation Into Russian Interference In The 2016 Presidential Election - Volume I (redacted):
... Information operations in 8 steps (Bruce Schneier)
Manu Sporny: I'd also be interested in how we can apply some of these learnings to how we design the technical specs...
Manu Sporny: That is, is there anything we can do to combat 1-8
... This is not a short term agenda
... This is about changing beliefs and shifting power
... Skip forward to "what can we do"
... We need to have technical and social solutions that work together
... We need technical solutions on the platforms.
... Technical and Social suggestions in slide deck
... One thing I don't see talked about a lot is the need for increased emotional resilience.
... If triggered, chill
... Democracies *are* at a disadvantage. Authoritarian regimes don't have to follow data privacy rules.
... Realize you are a target. Yourself. Your company.
... that's it
Juan Caballero: An SSI-adjacent org working on the DeepFake detection problem is the DeepTrustAlliance:
Kim Hamilton Duffy: Handing over to Manu
Manu Sporny: That was super fascinating. thanks.

Topic: CBOR-LD

Juan Caballero: They've attended the last two IIWs, FWIW
... This is going to be a fairly simple, non-technical interview
... There is a PDF as well as the google presentation
... This is a new data format that is meant to apply to VCs and DIDs.
... CBOR = Concise Binary Object Representation
... the problem: documents are too big!
... For example, just presented a VC with your mobile phone, using something like a QR code
... If we take a typical credential, ~1200 bytes. That's hard to scan as a QR code
... In contrast, a 400 byte QR code is MUCH MUCH simpler and easier to read
... If we can get our data sizes down to ~400 bytes a bunch of offline use cases become possible
... The goal: figure out how to compress
... Slide 6 shows the compression magic of various approaches
... We were able to go from 1200 to 325 bytes. That gets us below that magic 400 number
... So, if we want interactions off the network (arguably more secure because of that), we have options
... we can get them to about 1/5 of the original size with CBOR-LD
... This also matters *at scale*
... The storage of credentials for millions or billions of people, every byte matters
... How does this work?
... This is dictionary compression.
... The dictionary lets you turn long strings into compact representations
... You can build a compression dictionary from repetitions within the document
... Turns out the @context for VCs works great as a compression dictionary
... That's basically what CBOR-LD does: it uses the context to create a compression dictionary and compress the documents
... This is typically far better than best-of-class binary compression
... We also get additional benefits like btye-level semantic processing, semantic processing over fixed data structures, hardware optimizations, etc.
.. With that we'll stop, and pick this up in after hours
Kim Hamilton Duffy: Thank you, Manu
Jonathon_holt: Where is this work being incubated?
Manu Sporny: Digital bazaar right now. probably the JSON-LD community group
Kim Hamilton Duffy: After hours!
Manu Sporny: New conference system
... you'll get a URL. We are going to disconnect everything from this bridge
... please do NOT reconnect to the bridge we are on now
... We'll send URL. Disconnect. Then everyone connect at the new URL
Kaliya Young: Good luck - I have another call :)
... This may be a disaster
Orie Steele: Smae
... We'll use IRC to track success while we try this out
... Everyone go ahead and disconnect.