The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2021-05-25

Agenda
https://lists.w3.org/Archives/Public/public-credentials/2021May/0138.html
Topics
  1. Introductions & Reintroductions
  2. Progress on action items
  3. VC-HTTP-API
Organizer
Wayne Chang, Heather Vescent
Scribe
Joe Andrieu
Present
Mike Prorock, Heather Vescent, Kim Hamilton Duffy, Mahmoud Alkhraishi, Markus Sabadello, Manu Sporny, David Chadwick, Ted Thibodeau, Juan Caballero, Erica Connell, Adrian Gropper, Charles E. Lehner, Phil Long, Joe Andrieu, Ryan Grant, Kaliya Young, Taylor Kendall, Orie Steele, Anil John
Audio Log
<mahmoud_alkhraishi> present~
<mprorock> loud and clear
<juan_caballero> /me is sorry, he was stuck in some kind of lobby and confused !
Heather Vescent: Join the CCG: https://www.w3.org/community/credentials/join
Heather Vescent: Meeting minutes: https://w3c-ccg.github.io/meetings/
Joe Andrieu is scribing.

Topic: Introductions & Reintroductions

Unknown: I'm [] from UL labs. Underwriter's Laboratories
Juan Caballero: :D
<sanne_ketelaar> Sanne Ketelaar
David Chadwick: Self introduction
Heather Vescent: Announcements: https://w3c-ccg.github.io/announcements/
David Chadwick: We'd like to use the VC-HTTP-API, but it seems like the current version has lost features from a couple weeks ago.
Kaliya Young: Coming out of IIW, we are going to host two special topic summits, probably in July, one on UX for SSI the other on the business of SSI
Manu Sporny: Just a heads up. The Linked Data Signatures Working Group charter debate continues on the semantic web mailing list.
Phil Long: T3 Innovation Network's Network of Network's project has it's kickoff today https://www.uschamberfoundation.org/event/t3-innovation-network-networks-launch and registration at https://events.uschamberfoundation.org/T3NetworkLaunch. It's today at 1:00 pm to 3:30 pm EDT.
... a new set of challenges have come forward.
... a lively discussion is happening
... We are also still collecting DID implementations for the final push to standardize the DID Spec.
... We are going to be wrapping up this first call for implementations shortly. Probably decide when to do that, later today.
Heather Vescent: Can you give details on when the semantic web group meets?
<mprorock> @manu - that is an interest group right?
Manu Sporny: Linked Data Signatures WG Charter discussion -- https://lists.w3.org/Archives/Public/semantic-web/2021May/thread.html
Juan Caballero: There is a rapid prototyping work item happening at DID. Hopefully complementary to the VC-HTTP-API work.
... came out of IIW
... the WACI Presentation Exchange
Heather Vescent: Tell us more
Juan_Cabalero: that group is trying to describe ways to get credentials from one stack to another using existing tech. not so much developing new protocols, but rather how we can already do many of these things.
... This is analysing how existing implementations are different.
... You might want to follow the conversation.
Juan Caballero: :D
Adrian Gropper: Quick announcement. As many of you know, I'm the author of the health care use case in the DID spec work.
<juan_caballero> /me tries every time, and fails every time, to make announcements in under 60 seconds
... now refreshing the implementation based on the work that has gone on in the last four years
... if anyone is interested in contributing, please contact me
Mike Prorock: Manu, did semant web roll up into xyz group?
Manu Sporny: Good question. Might be the data activity, but that might be rebranded.

Topic: Progress on action items

Heather Vescent: #180: Https://github.com/w3c-ccg/community/issues/180
Heather Vescent: Two action items to bring up
... has to do with maintenance mode for inactive groups.
... can we close this?
Wayne_chang: yes. should be reciving an automated email for the group
Heather Vescent: #181: Https://github.com/w3c-ccg/community/issues/181
Heather Vescent: Does that mean we can close 181 too?
Wayne_chang: yes.
Heather Vescent: #175: Https://github.com/w3c-ccg/community/issues/175
Heather Vescent: Next, #175
...This issue came up when we were updating the ccg work item process
Mike Prorock: Semantic Web has been subsumed into the rdf-dev community group here: https://www.w3.org/community/rdf-dev/
... a few of the questions in that process address how the proposers are going to involve folks from different skillsets like design or anthropology and more diverse perspective.
... We, the chairs, realize that might be a heavy lift for the work proposers to find those folks on their own
... so maybe we could source that list as a group to help people find a more diverse group of people
... this work item is about bootstrapping that through the community
... to find folks interested in working on work items in a more diverse role
... might be the right time to start working on this
... Is this a good idea? Are folks interested in helping?
Manu Sporny: +1 To the activity
... we are doing a lot of stuff across a lot of fronts right now
... a number of editors, authors, etc. are overwhelmed. we need the help.
... One of the challenges is that current editors are so under water that teaching or training folks how to do things feels like an impossible task
... The need is there.
... But there's a gap. Maybe its fear; people unsure about how to help.
... While those who do know how to help are stretched thing
S/thing/thin/
... This is where we are. We want help, but don't know how to cross the bridge to getting more people contributing.
... CCG 101 is helping, but it seems like we need more
Heather Vescent: Agreed.
... CCG101 is a pipeline strategy
... my hope is that it will help drive folks to helping with specs, but of course there will be a delay
Wayne_chang: definitely a shortage of resources
... talked with W3C staff about resourcing
... this is a way we might be able to scale out; paying folks, perhaps interns, etc.
Heather Vescent: Thanks, Wayne.
... Re: Manu's comment about teaching the basics and level of comfort to participate
... One of the goals of CCG101 is to have a training session or brain dump with Manu or the spec editors
... Once we get that initial brain dump, we can productize that knowledge and information, teaching folks from there.
... So, yes, we need knowledge transfer; then we can send that out from there.
... If there are suggestions for CCG101, please let us know. We want to do more of this and want your input.
Juan Caballero: +1 To youtube/video archives as a rapid way to sharpen axes!

Topic: VC-HTTP-API

Manu Sporny: Today, co-presenting with me is Juan and Orie and Adrian
... not sure if Orie is here...
<mprorock> I don'tsee orie on, but happy to jump in on his stuff
<juan_caballero> and mahmoud is here too!
... Markus or Mike Prorock, if you could give a background, that would help.
... Thanks, Mike!
<mahmoud_alkhraishi> yup happy to pitch if needed
... Feel free to jump in at any point.
Scribe note: I won't be replicating slid content in notes
<mprorock> screen share up
Manu Sporny: As many of you know, there was a bit of a dust up recently.
... This has been a work item since last January
... but we haven't done a good job engaging the public.
... That came to a head and we decided to have more regular, public meetings so folks can get up to speed.
... I'm going to go through the problem statement.
... Mike will go over the origin story
... Juan will give a current status.
... Adrian will close with next steps
... "Mission statement": Provide an HTTP API to issue, exchange, and verify data used in the Verifiable Credentials Ecosystem.
... Focus is on HTTP
... Many of us are familiar with the "VC" ecosystem with Issuers, Holders, and Verifiers
... [showing the diagram from the VC data model spec]
... This is the mental model we've been operating under for 5+ years
... What we are trying to do with the VC-HTTP-API is to zoom in on each of the boxes in the diagram and describe how they might interact
... First box: The Issuer
... This is after five weeks. (only) This is experimental. Loose language. Not set in stone.
<orie> more like years.... of work.. and 5 weeks of actually having recorded calls.
Orie Steele: :)
... Just thinking about the VC-HTTP-API for the issuer.
<heathervescent> Juan - I'm gonna wait till we have a break to take questions.
... The issuer is going to be operating some sort of web service gateway that will expose some part of the API
... That system talks to an application-specific service inside the firewall, which executes business logic.
... For example, this is where the application makes decisions about when & why to issue VCs (and the content thereof)
... The application service relies on a database.
<anil_john> @mprorock Would you mind if I set up the VC HTTP API origin story for you?
... It also relies on a verifier service and issuer service
<mprorock> @anil that would be much appreciated
... That's the issuer.
... If we look at the verifier, this is the right side of the diagram
... (Some of these we already know we need to update the diagram)
<anil_john> +q to set up the VC HTTP API Origin Story
<heathervescent> copy Anil
... The verifier website using the VC-HTTP-API with its own application service (with its own business logic) and it uses a verifier service.
... Still teasing out the language, but this is an early draft
... If a digital wallet is being used, we expect that wallet to expose APIs for requesting proofs, etc.
... we know we need to talk about encrypted storage and how one is authorized to use these endpoints
... Those are the pictures of where we're at now
... Hand it over to Anil
Anil John: A little bit of background. I'm the technical director of the Silicon Valley Innovation Program.
... When we put the call out for digital credential work, including digital permanent residence card
... we made a conscious decision where we had been locked into vendors
... so the solicitation itself called out "any API facing the website must be open, royalty-free"
... When we had our first kickoff meeting, the first conversation was that we fully realize that each of these eight companies could implement an open API.
... but what we want to do is to go out under the umbrella of CCG and work out with the broader community what a standard API could be for anyone using VCs and DIDs, regardless of the underlying tech (DLT, etc.)
... If you can do this under the CCG, we can get feedback from the global community.
... Rather than telling what API vendors must use, we committed to using the open standard developed through collaboration
... You are now seeing the interim result that has come out of that
Mike Prorock: First, I want to give Markus credit for his initial issuer and verifier API, which has evolved into this work item.
... The real goal was to make sure there was a good way to handle this interchange over normal REST API rather than relying on polyfills or browser features.
... A lot of us are dealing with VCs in a system-to-system paradigm.
... That's where the test harness came from.
... Which led to a standard endpoint that people can use to test an implementation
... This meant that, e.g., Digital Bazaar was able to take the existing test infrastructure with at new vocabulary and see how the existing ecosystem already supports the use case
... So how do these system-system interchanges happen? This is what brought us into this VC-HTTP-API
... This is something real, that people are using.
Manu Sporny: Five weeks ago we started off with a list of challenges, over to Juan
Juan Caballero: There have been discussion about how to structure the spec itself
... and a lot of workshopping use cases
... the trickiest thing to contribute is that people don't naturally think in terms of generic APIs
... people think in specific use cases
... generalizing from that is hard.
.. The question that everyone brings when they first encounter the work is "Is this an internal API or does it cross trust boundaries"
... The point of the API is to imaging that each role is outsourced. The "worst" case.
... That's the hardest conceptual ah-hah for many
... Joe and Eric Schuh and I have been meeting once/week to iterate on use cases, in-between meetings to bring issues and questions back to the regular call
... Those diagrams Manu shared is something that is also iterating in parallel.
... Use cases are 1/3 of the process, Data flows are another third.
... So these flows could happen entirely on the same machine (without assumptions)
Manu Sporny: The other success is we do have a starting format
... what we don't have are lead editors
... we need to find that.
... next up, Adrian
Adrian Gropper: The next steps and challenges all have to do with human rights on a self-sovereign subject
... Everything about many of these diagrams are seen from the perspective of the issuers and verifiers
... To summarize: if the goal is to enable a self-sovereign subject, give them a capability that they can delegate as desired
Heather Vescent: +1 Adrian
... We have to bring the subject in the picture because they really are the point of all this SSI work
... We need use cases that center on the subject
... What protocols are essential in these diagrams
... the Data models are understood (mostly) but the protocols are new
<mprorock> I would counter that SSI is required for usefulness of the vc-http-api - e.g. it can be used outside of a self-soveriegn perspective
... One more challenges: revocation and audit have really not been discussed in the overall scheme
Manu Sporny: Thanks, Adrian.
... That's where we are today.
... Calls happen every Thursday afternoon (Eastern)
... Invites go out every week. Have a doodle poll finding a regular time.
... 3pm Eastern on Thursday