The W3C Credentials Community Group

Verifiable Claims and Digital Verification

Go Back

Credentials CG Telecon

Minutes for 2021-06-01

Manu Sporny is scribing.
Heather Vescent: Welcome to the call today -- going to step away from more serious aspects of work here... focus a bit on the fun things folks have put together.
Heather Vescent: Some creative / neat ways of applying work we're doing to Internet culture, memes, roosters, and cryptocurrencies.
Heather Vescent: How are they applying DIDs/VCs out of the box.
Heather Vescent: Join the CCG:
Heather reads through the IP Note -- substantive contributions must be made by CCG Members.
<mprorock> manu, the auto present thing is awesome
Heather Vescent: You need to have a W3C CCG account, need to agree to IP agreement.
Heather Vescent: Minutes:
Heather Vescent: Minutes:
Heather Vescent: You no longer need to present+ -- there have been some updates to the CCG Bot that auto-presents people.
Heather Vescent: Use q+ if you want to queue and speak.
Heather Vescent: Meeting is held by voice not IRC, non-voice comments subject to deletion.
mahmoud alkhraishi is scribing.
<mahmoud_alkhraishi> heather: intros -> Do we have any new folks?

Topic: Introductions

Heather Vescent: Any Reintros? [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Moving on then: Announcements and Reminders, Would like to call on Manu to talk about CCG bot [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Happy to Let me find a link to the email. I sent a quick update to the mailing list on updates to the CCG Bot. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Just had a couple of clarifying points: first of all Thanks so much for your work. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: If thats ok we can also add it to the beginning of the call but files wont populate till end of the call. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Only people who see it are people in IRC, so fi you aren't logged into IRC you wont see those links. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Most people don't need to see these links but the IRC people need to have them so this will help [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: What i'll do is capture this info as tribal knowledge and put it somewhere on CCG [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Would it help to add links to start of meeting? [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: I think its fine the way it is and theres enough people on the call. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: Other question on people.json how do you find people to add to that find? how does it work rn because we usually find the linkedin manually. Do we need to add those how does this work right now?
<wayne_chang> what a great community
<wayne_chang> thx mike
<heathervescent> amazing mike!
Mike Schwartz: Just a quick note i spent a few years building autotranscriptions, reach out to me and i can help wire that up. I did that as part of integrations of WEBEX etc, so pretty familiar with quirks of auto scribing. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Fantastic will definitely need some help with that. [scribe assist by Mahmoud Alkhraishi]
Mike Schwartz: Most patents are locked by one company and would definitely be happy to help out with that. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Again no ETA this is just volunteer time stuff. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: To answer heather's question, you can keep doing what you're doing with people.json. The reason it exists so that in the minutes you can click on the person and find that persons home page, thats the whole reason it exists. So if you're not in it it'll just take you to CCG homepage. Later on if we see someone show up a lot on a call we can manually clean that up. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: Or for w.e reason they change names in jitsi/irc and we can alias them. My expectation is people will forget about it. Not sure how popular people.json is. So we don't need to update it every week. Meant to reduce amount of work for people finalizing minutes not increase it.
<juan_caballero_(dif/spruce)> /me is excited for my first automatic present+ !
Heather Vescent: We'll definitely need to update minutes instructions so people understand it. Ill do a slight update and we can just update that file once a quarter or something similar [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Any other questions? [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: I'll be hosting a minutes 101 at 10:30 pacific, will record and send out link on mailing list soon. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: I create it using github's browser interface. and if you don't have to update the people file it takes about 10 minutes to do it.
Mahmoud Alkhraishi: ...: The goal is to have a recording where people can watch to work on the minutes. Thanks to Manu and Kim for their contributions on this. We want it to be turnkey because we have 5 taskforces/meetings a week and we want to make it easy to record and use
Heather Vescent: Work items:
Heather Vescent: Last week we talked about a couple of them. i didn't want to really talk about any of them, most of the stuff is already covered. We are pretty busy, so if anyone is working on the work items and you have concerns and need help from chairs you can always add issue here. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: But things are getting accomplished. Right now the CCG is running on 2/3 chairs. Kim has officially completed her chair time, so its a bit tight to run the CCG with just two people. We would love a third chair. In the past the chair timeframe was just 3 years, we've discussed and we may be able to accomodate 1 or 2 years. We automated many chair works. [scribe assist by Mahmoud Alkhraishi]
Manu Sporny: Totally forgot on the announcements part: VC-http-api work item call moved to Tuesday 4PM eastern 1 PM Pacific, starting today. [scribe assist by Mahmoud Alkhraishi]
Orie Steele: I think you'r the only one who cant fill that time, is that temporary or permanent? [scribe assist by Mahmoud Alkhraishi]
Orie Steele: I think its probably fine, ill find out if its a problem and follow up. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Thanks manu will update google calendar. LMK if any changes [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: Unfortunately you need to be a chair to make any changes to meeting notes so shoot me and wayne and email. [scribe assist by Mahmoud Alkhraishi]
<manu> Thank you for adding it to CCG calendar, Heather!
Heather Vescent: I think that is all, on to the main event! [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: This topic came up on CCG 101 and then when everyone that showed up just chatted about interesting things and orie and mike showed some fun applications of DIDs and VCs, so we're sharing some of those fun stuff! so we're hearing from Orie/Mike/Wayne. and you each can have 10 mins so we can have some discussion afterwords [scribe assist by Mahmoud Alkhraishi]

Topic: DID Meme

<mprorock> are we the baddies?
Orie Steele: DID:Meme! Will start with example and link to Source Code so you can fork it and make your own version of it. Briefly its a did:method that turns different memes into dids. it does that by using a covert channel. which is a channel you use to store info that you don't use normally to store info. Usually used by the baddies, but sometimes its use d for fun too. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: It uses steganography and images
<heathervescent> steganography
Mahmoud Alkhraishi: ..: If you look it up you'll find a great way of hiding information on images, when you do that you'll see that did:meme is hijaking DID:key. DID:key represents public key materials and it has some properties that are annoying like unique PK per DID:key and thats a strong correlation identifier. DID:meme uses Image to identify did. DID:meme you can have hundreds of different memes that map to the same did. this useful when you want to reduce correlation but use a stable identifier. IPFS stores image and embeds PK identifier into image. on the other side it dereferences the image back into the PK. It has all thes e cool features from did:key and supports a bunch of different key times like BLS+ so you can embed in a meme selective disclosure, so now you can embed ZKP
Mike Prorock: +1 Actual practical applications for this stuff
Adrian Hope-Bailie: Thats hilarious! I think i would love to talk to whoever is interested because theres a relationship between what you're describing and what we're aligned the biometric health card where there is a QR that can be a VC or pointer to DID that also has a Photo whose hash can be reliable included in the credential [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ...: Sounds like did:meme could be a factor , could be useful in this context as well.
<orie> This is the stego library I used
Manu Sporny: +1 Big fan of did:meme! Couple of questions: [scribe assist by Mahmoud Alkhraishi]
<wayne_chang> omg can someone make a lib called stegosaurus?
<wayne_chang> what a great name for that
<heathervescent> yesss!!
<mprorock> lol, seriously
Adrian Gropper: Biometric Health cards also use a hash of the image
Orie Steele: Its a hash of the image. with a normal IPFS identifier thats a multihash of a binary thats always prefixed depending on the encoding. In this case what we did was use the encoding of the content of the multihash. theres a set of conversions you can do that get you to the binary and inside that binary file you'll find the embedded idd:key [scribe assist by Mahmoud Alkhraishi]
<tallted> s/1. the/... 1. the/
Manu Sporny: So you inject the Key into the image before it goes onto IPFS. [scribe assist by Mahmoud Alkhraishi]
<mprorock> well....
<agropper> The Biometric Health card is also self verifying without using IPFS
Orie Steele: Yes. if you inject into a binary it will affect the binary so it'll detectable, so you can notice. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: Which can make you ask why these changes occurs.
Mike Schwartz: This is why using memes is great. Memes imply editing the image which by nature you're expecting bitflips with the original image which obfuscates embeding of crypto. [scribe assist by Mahmoud Alkhraishi]
Wayne Chang: Wanted to add that memes are competitive! The most viral memes are the strongest competitors, so i think how that may affect the propagation of the did method as the memes are spread. [scribe assist by Mahmoud Alkhraishi]
Orie Steele: Stego ftw! :)
Heather Vescent: Thanks Orie! I think you talked about IIW on steganography and i researched quite a bit of it. Some of the tech is over my head but im definitely interested in what you do with this and about practical applications [scribe assist by Mahmoud Alkhraishi]
Orie Steele: Currently its primary use is to troll SDOs :)

Topic: VC Rooster

Heather Vescent: Onto the next one: Mike is presenting embedded VCs into an image to prove that the sound coming from the Conference call background is what he says he is. [scribe assist by Mahmoud Alkhraishi]
Mike Schwartz: For context i live on a small farm, and we do quite a bit of poultry, as a result we get periodic rooster crowing and so i was on a call with a customer and it came up that its possible was using background noise and imagery artificially to promote our deep roots in our agriculture. [scribe assist by Mahmoud Alkhraishi]
<orie> I see a barred rock rooster
<wayne_chang> next stop, blockchain!! where can you buy $ROOST
Mahmoud Alkhraishi: ...: So i issued a VC for that. again this is simply using stego and instead of embedding did we're embedding a VC. This is Jack whos creates great backgroudn noise. Issued an AGProduct VC, my wife who own s the farm, is in the VC. The natural next step is how do i exchange that with folks, which gets to adrain's point about QR codes. QR codes shows with stego embedded VCs inside the image itself
<orie> yo dawg, I heard you like NFTs, so i put a meme in an NFT in a VC on a blockchain.
<orie> watermarking is a another form of image embedding used for provenance tracing.
Mahmoud Alkhraishi: ...: As opposed to the QR referencing the VC, its actually embedded in the PNG itself. this lets your machine be able to look at the digital data associated with it. We took that a step further and embedded VC int the image of Jack itself. This is done using Python theres a number of them out there. stuff we play with now can let us use sensors to embed signatures into that data even if its in a low connectivity environment.
Mahmoud Alkhraishi: ...:This lets us verify sensor stream properly and lets us have fun with roosters.
<mprorock> bingo!
Ted O'Connor: I just want to make sure people understand and its very easy to get sloppy about. The thing you're verified that only the issuer has issued this thing, so you're saying that the chickens are the source, not that they actually ARE in the background. [scribe assist by Mahmoud Alkhraishi]
Mike Schwartz: Normally with images i strip metadata etc but i left them in the image. this is where we talk about the veracity of whats stored in the VC and even then you're making some leap of faith even if thats as small as saying this hardware is trustworthy. but theres always a leap when theres a digital twin. [scribe assist by Mahmoud Alkhraishi]
Adrian Hope-Bailie: I put a link in the chat to an issue that i raised that is actually quite important use cases for dids and possibly VCs which i naimed ambient authentication where the QR is scanned as part of the facial recognition or other kinds of ambient non-consented authentication. the service endpoint of that did is in fact the subject statement of how the identification is to be used or not used. [scribe assist by Mahmoud Alkhraishi]
Mahmoud Alkhraishi: ..: To use a did as a way of forcing watermarking the process of authentication when it would otherwise be done without consent. anyone interested can read the thread in the link on this major privacy issue.
Orie Steele: Another cool set of image softwares: and
<orie> for hiding QR codes in textures
Mike Schwartz: Absolutely an important issue. when you look at streams of sensors or data broadly, theres many signatures whether in VC or not its still super important. I think the ability to capture that info from a verified device and we're going to see more and more of that. [scribe assist by Mahmoud Alkhraishi]
<mahmoud_alkhraishi> the importance of that ability will help increase our trust
<wayne_chang> interesting result from cryptography is that the ciphertext often should be indistinguishable from uniform random sampling, which has a strong relation w/gaussian noise aka blur effects
Mike Prorock: +1 Orie - wave function stuff is cool
<orie> its a good idea to encrypt before embedding
<orie> compress > encrypt > embed
Heather Vescent: Liked ted's question about verifying some piece of data from supply chain thing. Also done some research on IoT Sensors and zero trust and you can triangulate sensor data about your environment, for example you can show hte rooster noise with the hawk or a nearby sensor on the yard to prove that you have true free range chickens that you have the credential and you can combine those info into a VC, to prove that it wasn't only free range but also to prove that it that noise actually came from that real rooster [scribe assist by Mahmoud Alkhraishi]
<orie> deep learning adds another layer... watermarking deep fakes, etc...
Mike Schwartz: Its a really cool space and as we deal with lots of agriculture in my day job, you look at lots of sat imagery and other data, you can get super granular and theres a few pain points like knowing what to trust and when you link it together you can see if its real or not real and why. [scribe assist by Mahmoud Alkhraishi]
Heather Vescent: You may think its just for fun but its fascinating when you get creative how you find solutions to existing problems. [scribe assist by Mahmoud Alkhraishi]

Topic: DID Doge

Wayne Chang: Love to share about did:doge! the method for the dogecoin BC. I'll pull up the spec. The dogecoin BC is a fork of the bitcoin BC where the seg witness debacle did not happen and all the signing is in the main blocks. its very similar to Bitcoin and you'll see that very big chunks of bitcoin source code are there. [scribe assist by Mahmoud Alkhraishi]
<orie> `publicKey` is deprecated... use `verificationMethod` instead
<mprorock> coming up on a hard stop for me in 3mins. in advance wanted to say thanks all!
Mahmoud Alkhraishi: ...: Interestingly enough is its #7 in marketcap so security is pretty important. The ante has been raised in terms of its security property with new itnerest and holders. The goal of did:method depends on the individual. did:key gives control over identifiers similar to cryptocurrencies. Wedding the two you can achieve something like that where you wed a blockchain and a did:method. It's useful for two ways: you're getting a lot of dogecoin holders who may be interested in more digital ownership. Secondly good to inform what happens to did:btcr. Big difference between did:doge and did:btcr, is did:doge allows you to post the public key hash as the method specific identifier part so anyone can generate a pvt key to use similar to did:key. This helps with scale and theres potential for privacy improvements by supporting rotation similar to did:btcr and support adding a service endpoint. so how do we search for an address on chain? we introduced a genesis tx to tell the world this is my did for this pk. in this aspect privacy is worse than did:btcr because in did:btcr you can hide your tx as a regular btc tx. For public use dids you retain the same privacy as MIts pgpserver this creates what some philosophers call Common Knowledge.
<heathervescent> Thanks Mike!
<mprorock> rofl!!!!!
<heathervescent> LOL
<orie> buy GME?
<mprorock> HOFL
Mahmoud Alkhraishi: ...: We picked an arbitrary string that lets you know what this string resolves to. In BTC spirit it decodes.
<mprorock> *HODL
Mahmoud Alkhraishi: ...: We have rust implementation of major parts including detecting genesis tx including matchup of script optcodes. there could be interest due to increase of dogecoin. This is primarily used to inform future did:btcr.
Heather Vescent: Thanks wayne, this is so fun! [scribe assist by Mahmoud Alkhraishi]
<mprorock> why is doge coin best coin?
<juan_caballero_(dif/spruce)> much value so moon wow
Wayne Chang: With that grammar it s true [scribe assist by Mahmoud Alkhraishi]
<mahmoud_alkhraishi> 1 doge = 1 doge
<mahmoud_alkhraishi> thats why
<mprorock> such awesome
Orie Steele: Not sure if i interpreted this correctly theres many did:methods that have an initial unregistered PK so theres probably a use of unregistered PKs by having did:meme key btcr and doge may have the same initial start. [scribe assist by Mahmoud Alkhraishi]
Wayne Chang: We came up with did:pkh. pkh being public key hash, with super generic or specific network. Most generic work is what if we can define a stack based language to describe the pkh in operation across different operations. looking forward to proposing the work item. [scribe assist by Mahmoud Alkhraishi]
Mike Prorock: Thanks again all! i really wish was a thing
<orie> how much power does dogecoin waste?
<orie> ; p
Heather Vescent: Thanks everyone for your creativity and work. [scribe assist by Mahmoud Alkhraishi]
<juan_caballero_(dif/spruce)> thx mahmoud!