The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back


Credentials CG Telecon

Minutes for 2021-01-27

<dlongley> scribe+
Dave Longley is scribing.

Topic: Introductions

Wayne Chang: Is there anyone new on the call that would like to introduce?
Leo: I work at Work Day. I'm here in a supporting role.
Kasey: I'm on the same Workday team. Here to see Gabe's presentation and the discussion that follows.
Tim Holborn: I'm not usually on this call, I'm here from Microsoft to listen to Gabe.
Daniel Buchner: Also from Workday, here to support Gabe and looking forward to his presentation.
Gabe Cohen: I'm here to support myself. I used to be at Workday but now I'm not.
Wayne Chang: Thanks for being here, we're happy to support your contributions.
Kaliya Young: I'm now at the Covid Credentials Initiative. Along with John Walker and Lucy Wang. Anyone interested in VCs we're interested too. I'll be posting a link for subscribing to a newsletter around this and this community.
Wayne Chang: The only announcement coming is the Thoughtful Biometrics Workshop, link...
Kaliya Young: It's moved to March 8th, 10th, and 12th.
Wayne Chang: Any other announcements?
Wayne Chang: The DIF F2F happened last Tuesday, it would be great to get someone to report out on a future call. If anyone is interested in doing that please email the list, the chairs would be very interested.
Juan Caballero: ^DIF F2F highlights :D
Wayne Chang: We're not going to spend too much time on issue discussion, but there are a few things to spend time on, elections, infrastructure task force kick off, charter amendments.
Wayne Chang: Link in IRC for these issues. Because there are so many issues, one of the issues we decided we can handle so many issues is because some are related to outstanding PRs.
Wayne Chang: We can start with the ones related to the work item process, we have made recent updates to those. Heather, could you talk about some of those issues? Best practices, work items, code of conduct, etc.?

Topic: Work Item Process

Heather Vescent: Yeah, I don't think we need to go over each of them individually because we've reviewed them multiple times in the past. I did update the work item process and I will put the link in the jitsi chat.
Heather Vescent: Right now it says edits for review, because I wanted a visual notification that these edits were happening. After this meeting if there are no...
Heather Vescent: Objections then I'll change the title.
Heather Vescent: All of these issues are related. I can go over what these edits are. Under section 2, terminology task force, there was no task force category. We added that as a category/work item.
Heather Vescent: To 212, this is additional CCG requirements, these are requirements that this CG has for work items.
Heather Vescent: Going 212, additional requirements, we added a link to the W3C code of ethics. That addresses the concerns that were in 169.
Heather Vescent: We also added "address the work item questions below". We put them here. For item 215 we added work item best practices, that's also 174. Other questions are 173. The best practices for running a work item ... if anyone has good best practices they want to share about managing or running a work item that would be good to put that here to help everyone.
Heather Vescent: After 212 I put the work item category and in the third category I added text about the task force requirements. It's supposed to have the charter in here too but I'm not sure what happened. A previous edit that had a request for the charter.
Heather Vescent: Which addresses 172 that somehow got deleted during the PR. I thought I had that. Anyway, under the task force requirements they must have a leader and a charter.
Heather Vescent: For the task force to remain active it must provide a status update.
Heather Vescent: The initial idea was that task forces need to give updates to the chairs on an ongoing basis, but we don't want to make it overly burdensome on either the chairs or the task force.
Heather Vescent: We wanted to have a way that that task forces -- where they aren't active that we can close them out.
Heather Vescent: I think everything else is pretty much the same.
Juan Caballero: +1
Manu Sporny: Just to say thank you, this is really awesome to see everything documented so well. It's been something we've been needing to do as a community for a long time, so thanks to Heather, Wayne, and Kim.
Wayne Chang: Credit where it's due, Kim did the prototype document, Heather contributed, so did TallTed and others, thank yuo.
S/yuo/you/
Heather Vescent: I'll close out these action items except the one and we'll touch base on that next time we talk.
Wayne Chang: Anyone can comment on a closed issue if you think it should be reopened.
Wayne Chang: Next time is proposed infrastructure task force item -- it looks like there are no objections here and we can move forward. We're going to start with low stakes items.
Wayne Chang: If you want the history there you can read that, it's been approved by the chairs, you can expect an email if you are interested in participating in the kick off, about 2 weeks out, then it will pick up steam from there.
Wayne Chang: 158 -- CCG work item templates as github templates. With the closing out of the other issues we can use these templates to make things more convenient for everyone. Status update on the recommended CCG license, we need to ensure that all the repos have the updated licenses for IPR reasons. We've been working with Wendy Seltzer from W3C management on this.
Wayne Chang: We are just waiting on a few repos that haven't updated the license on that.
Heather Vescent: I manually changed all these. If you look at the issue. I would love, since we're on the call, I'd like to look at this. Three comments from the top -- I have a list of links, these are the 5 repos that currently do not adhere to the CCG license. My question is, do we need to have them adhere to the CCG license and are there any objections to changing them to the CCG license?
Heather Vescent: These are called out because they listed a different license.
Heather Vescent: If you know about these, please advise.
Manu Sporny: I know of at least 4 of them. The DID test suite should be shutdown, redirected, and can change to the CCG license. I think switching to the CCG license applies to everything except the sovrin one.
Manu Sporny: So DID test suite, LD merkleproof, other LD ones, only the sovrin one I don't know about.
Manu Sporny: Can all have the new license.
Ted Thibodeau: I think this is the "20 days ago" comment? https://github.com/w3c-ccg/community/issues/142#issuecomment-756380871
<tallted> (direct links to comments hide under their timestamp)
Manu Sporny: Orie is the official keeper of the DID test suite. It's in the official W3C DID WG at this point and we need to say it's in an official WG now and we just link to it and then close it.
Heather Vescent: And then we switch to the CCG license?
Manu Sporny: Yes, just switch to the new CCG, then say it's moved to the DID WG, then archive the repo, in that order.
Wayne Chang: Ok, great.
<heathervescent> Thank Manu
Wayne Chang: We can continue the discussion over there and we can check with Wendy on doing that.
Wayne Chang: The Sovrin repo we can actually archive, I got confirmation from the contributors that it can be archived, it's way out dated.
Wayne Chang: Long discussion, we wanted membership criteria and a lot of people decided it might be too onerous to have membership requirements for voting. To summarize some of the issues we had in the first election -- we're trying to improve the process. A link was shared with the changes and I emailed the mailing list and called for strong objections.
Wayne Chang: The only outstanding discussion point is that the membership requirements may be too constraining. The other issue was about using ranked choice voting (we are using it in the new charter and no objections thus far).
Wayne Chang: It seems that the discussion between Joe and Kim is leaning toward just being a member of the community group and signing the contributor agreement.
Heather Vescent: My concern here is that the comments that were initially documented by Christopher Allen are like anonymous and then the rest of the comments on here are not anonymous and those go against those comments. I don't think I have a good understanding of what the community wants. I'm not sure what people want because the comments are in conflict. I don't know who those anonymous comments were from.
Heather Vescent: We made the changes based on those anonymous comments and now we've gotten push back on it and I haven't heard from those anonymous people with their concerns not being addressed.
Wayne Chang: Joe, if you're able to discuss -- we're considering your recommendation of removing the membership requirements.
Manu Sporny: I didn't quite understand what question is being asked. I'm not sure are you saying -- open debate on the topic?
Manu Sporny: I think we should just trust the community, I don't think anyone has abused the voting process. If you agree to the contributer agreement you can vote.
Manu Sporny: When it comes to process and taking anonymous input into account is super dangerous. I don't think we should take anonymous input into account unless it's fairly benign.
Wayne Chang: That's a fair point. The question is -- does anyone want to talk to this?
Joe Andrieu: The idea here is that the chairs propose something and that's adopted if no objections it's accepted OR if there are objections we discuss and see if those are easily resolved or we can go to the larger community if not.
Joe Andrieu: I don't think we can consider anonymous comments as a principled objection.
Wayne Chang: Those are fair points. They weren't only just anonymous comments, for example, Dan Burnett for example was a large supporter of meeting attendance for membership, or that was my interpretation.
Ryan Grant: +1 Asking for pointer to anon comments.
Heather Vescent: Thank you everyone for this conversation, my question was "do we ignore the anonymous comments?" and the answer is "yes". I say we explicitly say that and then we move forward.
Joe Andrieu: +1
Heather Vescent: I wasn't comfortable without a resolution on how to handle the anonymous comments and we have one now.
Wayne Chang: Yes, and I'm on the side of trusting the community here as well, so no extra requirements.
Heather Vescent: So does that mean you'll make an edit of this and once you send this to the list we'll start the 2 weeks?
Wayne Chang: No, I think if we get rid of the objections it should be fine.
Heather Vescent: Prior to the 2 weeks?
Wayne Chang: Yeah.
Heather Vescent: Once resolved I'll put together the election timeline.
Wayne Chang: I think 2021 will be a big year for the CG, expecting even more growth.
Wayne Chang: It's important that we have a good fundamental process for elections, work items, task forces, etc. So anyone can step up and take on the chair role.

Topic: Discussion on VC Interactions & Data Models

Wayne Chang: Moving on, we have a bunch of people from the mailing list discussing extensions to the VC spec. That was kicked off by Gabe who worked at Workday at the time, has since transitioned. We are happy to have him and others here to talk about verifiable requests.
Wayne Chang: Gabe, you started off the thread here, could you take 2-5 minutes to set the context here.
Wayne Chang: About why you sent the email to the list, summarize, recommendations.
Gabe Cohen: The VC data model defines claims, presentations; I was thinking about why there was no opposite for presentations, nothing for requests. You're often responding to a request, maybe not always.
Gabe Cohen: If the VC spec is the right place to define the presentation, it could also define the request without too many changes.
Gabe Cohen: The VC doesn't need to or want to define a protocol, that's understood. What I'm most interested in is a common data model to request VCs in a common manner. It will be created in numerous places and different ways if there is no standard.
Gabe Cohen: Defining what the request looks like is not necessary, but the wrapping for a request could be worth while.
Gabe Cohen: I'd like to create a VerifiableRequest and standardize that. The idea is that there is some meta data about the request(s) and the proofs from the requester to authenticate the request.
Gabe Cohen: I modified the example in the spec to show what it would be like.
Gabe Cohen: Brief Pros and Cons, probably didn't cover the Cons as well as I could have. I want to avoid multiple formats for requests. Adding a data model would add value for the community. I think it's important to verify the authenticity of the request to be able to confidently respond.
Gabe Cohen: The cons could be that the spec is hinting a protocol without declaring one. We could be really clear about indicating there's no protocol, just a data model.
Gabe Cohen: Daniel Hardman mentioned that authenticity of a request is normally not needed or handled in other ways.
Gabe Cohen: You'll notice in this example that there's no standard for a request.
Gabe Cohen: There are options I've enumerated, I think it's a good idea, it should belong in this spec, or it's a bad idea.
Gabe Cohen: Or if you think maybe we should remove VerifiablePresentations from the spec.
Wayne Chang: This is a really good candidate for a work item and take your examples and verbiage around VRs and see how it would work. See if there are other work items where it could be put as well. Once more refined as a work item, we could decided as a group whether it should be in the spec or not.
Manu Sporny: +1 To Gabe, this is great. Absolutely we need a request format. We probably need more than 1 unfortunately. Let me go back to what was in the VC WG's mind when we put the spec into shape it was in. We were getting pretty big objections to working on a protocol. So we worked on a data model only because of that pressure.
Manu Sporny: Large W3C member companies saying don't do a protocol yet. So that's why.
Manu Sporny: We know that we will need to a protocol at some point, we don't know what the query mechanism will be yet, we wanted to give time for multiple options to form in the market. One of those options is CHAPI (Credential Handler API), it has a query-by-example model. There's another that the Aries community uses. Your proposing one now as well.
Manu Sporny: That's all good, we predicted that there would be multiple different query mechanisms and it would be ideal to have just 1 but it's not yet clear how to combine everything and keep it simple.
Manu Sporny: There's the ZKP mechanism, OIDC/SIOP, query by example.
Manu Sporny: Totally agree with you, we need to define this, there is interoperability work going on in the DHS SVIP program and also people implementing things in Aries and we should make sure things are aligned.
Manu Sporny: We're going to need to have one or more work items and figure this out or we won't get to interop.
Gabe Cohen: I agree with you, Manu. There need to be a number of these different options. I'm thinking about it from the perspective, I'm using VPs for my responses, what should I use for my requests? For Aries they use VPs to respond, but for the request they have nothing.
Gabe Cohen: So someone wanting to use VPs -- there should be a VR.
Adrian Gropper: I have almost 10 years of experience and implementation experience around request and authorization protocols. As they are used in the real world. I have moved my attention to the GNAP work that's in IETF. I don't represent a huge economic interest here but represent the community. I think we should align the data model work around the GNAP protocols going forward.
Adrian Gropper: It makes the level of sophistication is unmatched in this particular domain -- and we'll be reinventing a number of wheels over 5 years or more if we don't consider that work.
<dmitriz> @manu - have we brought up the vp-request-spec spec?
<liam_mccarty> Audio isn't working sorry
Dave Longley: Doing requests on CHAPI -- CHAPI accepts ay data format that can use JSON. We have a work item around defining a number of these formats. [scribe assist by Manu Sporny]
Dave Longley: You can ask for different credential types, properties claims inside of VCs that you are interested in receiving. In addiiton you can specifiy types of issuers you trust, types of credentials that issuers would hold. It's a powerful mechanism for composing a request around the type of thing you would like to see. [scribe assist by Manu Sporny]
Dave Longley: There is already a work item that Digital Bazaar and Secure Key have been working on where this work might land. [scribe assist by Manu Sporny]
Gabe Cohen: So I was thinking about requests more as a noun than a verb. How do you know that what's being requested is actually correct? More like you're signing a request "what credentials are being asked for"? That, to me is independent of protocol. The goal is more is about ensuring that what's being requested for is cryptographically verifiable.
Manu Sporny: There are classes of requests where you want them to be signed and others where it doesn't matter or not. The query-by-example mechanism could be digitally signed, for example. I'm not sure where the signature is needed, but there are mechanisms for it, there are often other trust signals.
<dmitriz> ^ data model spec of the 'query-by-example' method manu is talking about
Manu Sporny: Thinking about as a data model vs. a protocol is a good thing to do. These are data model things that can travel over different protocols, but how you ask for information is a data model solution, not a protocol, that's a good way to think about it.
Dmitri Zagidulin: I wanted to +1 Adrian's comments about GNAP, that is an excellent protocol. In the SDS group we'd also investigating using GNAP for authorization.
Dmitri Zagidulin: But, specifically, GNAP is very much data model agnostic, so I would highly encourage considering GNAP as a protocol in conjunction with data models from the VP request spec work item and the proposal from Workday/Gabe.
Dmitri Zagidulin: GNAP is a pretty decent protocol, we need a data model to use it.
Gabe Cohen: Now that we have this agreement that the data model is important, where is the best place to add it? Here or somewhere else? Who can assist in that process?
Manu Sporny: Absolutely, the CCG is the right place to work on it. Primarily, you'd expect it to go into a W3C WG and it's aligned with the VC spec. It's a separate work item, it's its own world and has a lot of things to consider that are different from what's in the VC spec. There's more leeway that way. If it becomes clear that it should be part of the core spec we can do that, but don't do it too early, could create artificial boundaries.
Liam Broza: I would love to hear from you, Manu about the asymmetry. Presentations may contain data that's derived from VCs, not the VCs themselves. What's the history? What was the motivation for including VPs?
Manu Sporny: Two pressures: Large companies telling us not to a protocol and the other reason for no VRs in the spec is different ways of doing it. Not alignment yet, no single way to do it (premature). Those are the two reasons, pressure to not do a protocol and no single way to do it yet.
Manu Sporny: There's a desire to work on it, so we should work on it.
Wayne Chang: CCG has a relationship with the VC Maintenance WG, because it's in maintenance mode it might be a hurdle to add breaking changes to a spec, that's one thing to consider. But a work item is a great way to consider the ecosystem wants to move forward.
Joe Andrieu: In addition to the notes Manu suggested, part of where VP came from, lacking a protocol, we didn't have a way to prove a VC is under control of the person presenting it. So when you, for example, give your driver's license to someone we also have the assertion "this is mine" in the presentation.
Wayne Chang: Whether we sign something or not has to do with non-repudiation. A digital signature plays a piece in that overall puzzle, there's an opportunity to talk about how non-repudiation effects things here.
Liam Broza: Thanks both of you, that's very helpful. Things like phishing, is a very important concern.
Liam Broza: Some of the privacy concerns that are highlighted in the spec, the use cases people are focused on ... are less important to our work we're concerned about security more than correlation.
Adrian Gropper: There's an update to the NIST specification processes and so on that's quite valuable in this context. The commentary is over on Monday, I haven't figured out what I'll comment on yet, if anything, but quite worthwhile, state of the art.
<wayne> scribe+
Dave Longley: Regarding the phishing concerns, some of that might fall under the protocol layer. For example, if you're using CHAPI to ship your credentials, then you're getting signals directly from the browser around which party you're talking with. There might be a place for this kind of authentication in the data model _or_ the protocol, which allows user familiarity. [scribe assist by Wayne Chang]
Dave Longley: It may be tricky to figure out when we should be using authentication in the request, and when the protocol should handle that. If we introduce the option in both places, we need some guardrails to advise the user when to use which. [scribe assist by Wayne Chang]
Gabe Cohen: I just opened up an issue for the work item.
Wayne Chang: Thanks to all and to the scribe! See everyone next week.
<wayne_chang> kicking everyone soon to shut down the bot. please don't take it personally :)
Heather Vescent: +1