The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2020-08-11

Joe Andrieu: Are we still on the ONSIP channel?
Rouven Heck: Is there a Jitsi option to dial in? :)
Joe Andrieu: SIP I should say
Orie Steele: JoeAndrieu i am, its working
Joe Andrieu: Ok. Thanks!
Dave Longley: Regrets+
Orie Steele: Scribe+

Topic: Announcements and Reminders

Orie Steele is scribing.
Heather Vescent: Identiverse:
Heather Vescent: Identiverse... check it out!

Topic: Progress on Action Items

Heather Vescent: RSA signature suite updates.... #3
Heather Vescent: RSA Signature Suite #3:
Kim Hamilton Duffy: We keep revisiting this... item... discussion happened in did topic call
... we proposed closing and tracking the concern in a separate issue.
... manu updates?
Orie Steele: Had special topic call in JWS2020 which supports RSA and others [scribe assist by Kim Hamilton Duffy]
Kim Hamilton Duffy: ...Suggest we close and follow up on any related as separate issues

Topic: NIST Comments:

Heather Vescent: NIST Digital Identity Community Comments...
Wayne Chang: NIST creates guidelines that governments rely on.... many folks rely on them....
... they recently requested comments of draft 800-63
... they are discussing enrollment, authentication, federation...
... other community members are contributing to ^
... we have attempted to aggregate comments to supports DIDs and VCs
... we are working to demonstrate applicability of our standards.
... they are listing SAML, and OIDC Claims... and we are interested in seeing VCs and DIDs also mentioned.
... we are collecting feedback, please open issues / PRs.
... its important to engage here, if we want people to use these standards.
Wayne Chang: Thanks for contributions... we were able to get this out in 2 weeks... evidence we can move quickly
Juan Caballero: +1
Kim Hamilton Duffy: More kudos... like that this may be a good pattern for speaking on behalf of the community
... good model for future request for feedback
Heather Vescent: Next up, sam chase, part of the community for a few years... she is gonna introduce her work
Heather Vescent: Sam's presentation was sent to the list.

Topic: LOCI + Germ Scene Investigations

Samantha Mathews Chase: Inspired by this community, i enjoy building things, dogfooding... after discovering OrgBook....
... we have been building a way for information sharing regarding spaces
... we focused on evacuation maps and fire safety
... we are creating a way for orgs that are liable, for capturing occupants, in safety training
... as we were rolling out our pilot, Covid hit, and we started looking at how we could modify our work
... a fire and a virus are similar... they both need to be stopped from spreading by people working together.
... we found that misinformation we spreading in a way that was alarming, because of the way the CDC gave instruction.
... it lacked the "why"... in a way that adults like to learn.
... we focused on creating critical safety content for adults...
... by the end of our course, adults have answered the questions that become the safety protocol.
... we realized that the businesses lacked the tools to create safety guidelines
... there were inconsistently applied safety warnings
... lots of "signing wavers" to enter shared space...
... we made a game, where any business can create their own safety protocols, for example, symptom tracking or contact tracing.
... any business can do this for free, it helps business define a code of conduct, and avoids debates on masks
... we were eager to use the OrgBook, because we had previously designed a credential for fire safety
... we are using the OrgBook as a search feature... so we can issue credentials to the org book itself
... the way that buildings are designed is for fire zones... they are signed off on by inspectors... they are held as public information managed by the building owner...
... unfortunatly, they exist only as PDFs... the fire department knows which zone a fire is in however.
... this is valuable information (zones in a building / entrances and exits)
... we want to use the existing zones and inspection information, and rather than rely on admins to manage this, we want associate addresses with that location.
... wondering what stops us from attaching property to organizations
... if we can attach property to organizations, we can start to address human use cases.
... its helpful to be able to see who is responsibility for the fire evacuation map
... credentials are maintained because people are present...
... would love to see how to use OrgBook to attach proof to organization via the property they manage.
... questions?
Adrian Gropper: Thanks! what part of what you are doing in private and what part is public and what is accessible only to first responders...
Samantha Mathews Chase: Its all public info, but its all owner managed... there is no central repository for this public info
... anyone who asks for this, must be given the information
Adrian Gropper: Are you describing an oracle vs a credential... in other words, there is no reason for a holder, other than the issuer itself.
Samantha Mathews Chase: Yes, the organization can hold all these credentials.
Adrian Gropper: If the data is all public legally binding, and there is no holder... the oracle could rely on VCs or not.
... the number of oracles in industries is limited...
... if its an oracle?
Samantha Mathews Chase: Not sure, looking for guidance
... we are trying to use the OrgBook in a way that might be more widely used... figuring out what other public information can be attached to businesses
... how can i advocate for attaching public information to OrgBook entries
Adrian Gropper: There are some issues raised around resource requests.... there are 3 components
... scope, purpose and credentials of the requestor
... for protected resources, the scope depends on what the resource server is willing to honor
... in general resource servers should publish the scopes they are willing to support.
... that sounds like what OrgBook is doing.
... the organization may choose to protect some information, but before we can ask for that info, the OrgBook must publish what it supports.
Heather Vescent: 2 Interesting parts.... info about the building identity.... and gamification of safety learning
... games to get credentials... the second part.... seems very generic
Samantha Mathews Chase: Yes, we use it to discover valid businesses, that could be used elsewhere...
... the way it works is maintaining reported occupancy / training ratio
Adrian Gropper: Dun & Bradstreet is a common oracle for business uses.
... proof of learning... we are keen to see in a non org book location, how we can turn these "proof of training" credentials into passports of sort.
... or leverage them in other scenarios
... not sure how exactly to use the credentials we are creating.
Juan Caballero: Where would the credentials live?
... i heard in the netherlands, they have an a centralized building registry... wondering who owns the locker...
Samantha Mathews Chase: We are looking at how other institutions could take over issuance
... firemarshalls are the issuers of the training game.
... in covid scenario, we are wondering who the issuer would be?
... we talked with solid about lockers for employee / contractor credentials
... safety training leads to stickers for hard hats....
... investigating Solid technology that could be used a wallet.
... questions about credential expiration
... i know solid is looking at finance and banking... im interested in solving this for places that have contractors and unions
... were trust issues are not going away... for example confined spaces in ships
... we order temperature checking vests for staff, and the union squashed it because they had no place to store personal data.
... interested in scaling up safety related credentials that facilitate cooperation between unions and organizations.
Juan Caballero: Insurance seems very related on the employer side.
Samantha Mathews Chase: You don't want them to see the stuff, you want them to know its being tracked.
... I see a lot of opportunity for this where lots of unions exist
... how workers prove things about themselves, is a problem that needs to be solved.
Heather Vescent: Thanks, very interesting project.
Juan Caballero: GLEIF, you mean?
Adrian Gropper: Asking the group: should public oracles be a use case for VCs, and where / how would we do that?
... consider FHIR (healthcare rest api)
... the data model exists... but the problem is how to relate FHIR to VC data model for public oracle use cases.
... when an institution has a resource server using FHIR, how can VCs be integrated?
Christopher Allen: Suggestion where we might want to deploy this... wyoming
... sec state has approved corporate registration and good standing...
... most likely it will use VCs
Kaliya Young: HI I got on the IRC really late (but was listening) can someone please share the link to what SamanthaMatthewsChase presented.
Samantha Mathews Chase:
Heather Vescent: @Identitywoman Sam sent it to the CCG email list
Heather Vescent: +1 SamanthaMatthewsChase
... large mining /oil / resource companies... interested to see how this safety work would relate to those industries
... they are building something like OrgBook
... they want to be a leader in digital identity
Samantha Mathews Chase: Really great information thanks Christopher, would love an introduction
... nobody has connected this to the powerful minins/g commitee
Samantha Mathews Chase: Awesome, thanks.. to adgroppers point, unsure of how those data sources would be connected...
... we are the issuer of our credential today, but the goal would be to have 3rd parties become the issuer
... migth be easier to prove you control a property than other things...
Adrian Gropper: We have made the assumption that when a board issues a credential it needs to go into a wallet... seems like small number of use cases... public oracles seems larger use case
... as VC folks, we should recognize the opportunity to meet the 90% op
... for example, drivers license registry should not be in a public oracle... though revocation information might
... your use cases seem like VCs that don't belong in wallets.
Samantha Mathews Chase: +1 Adrian, great thoughts
Kaliya Young: Yes I understand she sent them to the list. I went to my inbox to search for them and can't find them. A subject line or an e-mail address they are from would be helpful.
Heather Vescent: @Identitywoman @SamanthaMatthewsChase posted it here:
Christopher Allen: This raises issues, Wyoming funded land registries to add data related to blockchain... in some counties
Samantha Mathews Chase: Forwarded it to you @kaliya
Kaliya Young: Thanks! appreciate it.
... i was able to see an example of a ranch, location, property attributes... but they guy noted there were privacy concerns... over public information.
... the fact that people feel privacy issues related to public info.... indicated some kind of issue
... scary what public information can be used to do
Samantha Mathews Chase: This is why a focus on reporting safety information feels like a way in
... concerns over terrorism related to public oracles
... maybe terrorists will use public oracles
Samantha Mathews Chase: It's interesting to me that people find this information dangerous, we have google earth lol
Heather Vescent: Yes, open source intelligence is a concern... people fear how public information might be used
... its not just privacy / security... its usability issue
Samantha Mathews Chase: @Orie, as in who can use it? or what do you mena
Adrian Gropper: Credentials don't all need to go in wallets
SamanthaMatthewsChase not sure what you mean?
Samantha Mathews Chase: Thanks everyone!!!! I so appreciate all your brains.
Juan Caballero: :D
By all :)
Heather Vescent: @Orie_ thank you for scribing!!