The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back


W3C CCG Weekly Teleconference

Transcript for 2022-09-27

<kimberly_wilson_linson> kimberly.linson@randasolutions.com
Our Robot Overlords are scribing.
Kimberly Linson: Let me say.
Kimberly Linson: Recording is on.
Kimberly Linson: Awesome thank you Harrison.
Kimberly Linson: All right well welcome everybody will take a few minutes to you know move through our the beginning or housekeeping stuff and then this is going to be a pretty open forum and as I said in my email yesterday you know one of the things we started doing earlier in the year is taking this last Tuesday of the quarter to kind of just regroup and make sure.
Kimberly Linson: On track with the work items that we want to be on track with that were we have new things that we want to talk about we're talking about them and just give everybody kind of an opportunity for that and then of course with TPAC happening just a couple of weeks ago we want to give an opportunity for us to kind of share some of the takeaways and lessons and learnings from that so that's kind of the theme for today and we'll get through the initial part and then and then we can kind of see where where where.
Kimberly Linson: We go just a reminder that.
Kimberly Linson: Is a professional community and so keep in mind the the ethics and professional conduct if you would like to take a look at that specifically the link is in the agenda anybody can participate in these calls and it's very open for that however if you're going to make substantial contributions then we certainly would invite you to become a full member of the ccg with your assigned IP are.
<mprorock> @markus - you are good to transfer that repo
Kimberly Linson: For those can be found in the agenda we do keep minutes of an an audio recording of everything that's said in the call and that is also the link to that archive is in in the agenda and we will be queuing as Mike mentioned before will be queuing using Q Plus so if you want to get on the Queue have something you want to add Then I then please I invite you to to add yourself to the.
Kimberly Linson: And that's my job too.
Kimberly Linson: To moderate that and make sure that we're hearing from everyone so do keep in mind that you know we won't we have a large group and we want to be able to get everyone's input I think that brings me to introductions and reintroductions so if you would like to introduce yourself if you're new to the community or you'd like to reintroduce yourself after being away for a little while and give us a little bit of an update on what you've been doing.
Kimberly Linson: You to put yourself on the Q now.
Kimberly Linson: Jack I was hoping that you would introduce yourself.
Kimberly Linson: Great we're glad you're here thank you anybody else like to introduce themselves or reintroduce themselves.
Kimberly Linson: Right how about any announcements or reminders.
Kimberly Linson: Mike go ahead.
Mike Prorock: Yeah I don't see Kalia on so I will speak possibly a little bit out of turn but I know Clea and some of the iiw folks been running some great sessions with Spruce on the mdl and verifiable credential potentials for interoperability Etc do see the mailing list if you need more info on that but it was definitely good.
Mike Prorock: A kickoff meeting all that.
Mike Prorock: So and I know info is floating around all the mailing list on that so feel free to just search for mdl on the mailing list and you'll get a pile of stuff so.
Kimberly Linson: Great anybody else wanted to jump in with an announcement or minor Marcus.
Mike Prorock: Yeah Marcus I did comment on the issue of them did resolution just go ahead and transfer that repo and I'll accept it so we're ready to go there and then I might need to add a few files so you'd be on the lookout for a PR after you do that so if so just be on the lookout for that on the final report I am good for that do you mind opening in a new on the community that and making sure that that repo is already titled Community you know like final community.
Mike Prorock: Draft Etc.
Mike Prorock: DID resolution to make sure that that rolls through so.
Kimberly Linson: Great thank you anybody else got something they want to bring to the group.
Kimberly Linson: Okay let's jump into our main conversation for the day and that is to really have an open conversation about TPAC and work item updates work working group updates so Mike do you mind if I sort of pick on you to start with a tea pack.
Mike Prorock: Oh sure why not um yeah TPAC was interesting certainly as far as this group goes I think the two biggest items of kind of key relevance.
Mike Prorock: I can get into that I would say even in kind of the main can open a SI sessions and things like that there was a lot of discussion of verifiable credentials and dids and a lot of interest we certainly saw some folks you know like Intel for example really engaging openly which I thought was great right sign of things to come but in fact there was a panel that I was on specifically related to kind of future web very focused all dids and VCS Manu.
Mike Prorock: Had a pretty good call out around actual Opera.
Mike Prorock: Not getting stuffy to operations right an actual public deployments of VCS as well so during one of the main sessions so I think that's a good sense there was a lot of very active but I think productive discussion in both the did and the VC beatings I know Marcus is on he may want to comment specifically on the data items I was following on IRC Chris Abernathy on her team was more engaged on that meeting I know or he was probably.
Mike Prorock: Pretty engaged in that and for sure several others all to BCC.
Mike Prorock: As well so that's probably just more than enough of just a blur you know here's my 30 seconds of tpack I think was good I think we see where some challenges are going to come with VCS in particular and I think we've got some natural next steps and potential challenges to work through with dids one of the more interesting items that I thought came out of the did working group discussions at tpack was the notion of maybe focusing.
Mike Prorock: A lot more testing around things like resolution as.
Mike Prorock: Specifically focusing on standardizing specific did methods and that was an area that was brought up that I think is worth and you know maybe having some conversation around so I don't know Marcus are you open to being picked on for some commentary around the did working group in particular.
Orie Steele: Did:jwk should be standardized :) ... but maybe at IETF instead of W3C.
Mike Prorock: +1 Orie
Kimberly Linson: So Ori can I ask you to say a little bit more about your thoughts.
Orie Steele: Sure I mean I was there there was discussion about standardizing specific did methods if I were to summarize the objections to that I think there was concern that the did methods chosen to be standardized at the w3c would have w3c values sort of embedded in them and that that might not actually be the right sort of signal to send regarding did.
Orie Steele: It's at.
Orie Steele: That is that it was pretty clear that if we don't attempt to talk about mandatory to implement did methods we probably would expect to see some objections to the work the next time around and agree with Marcus you know what he said about standardizing did did resolution I think in general folks wanted to see better interoperability testing in the did specification we had tasks for the core data.
Orie Steele: Model butt.
Orie Steele: Those tests didn't help us cover interoperability around resolution and dereferencing to the degree that we really needed it in order to be confident when you're verifying something you fully understand how you obtain the key that's verifying it so I think did resolution is the thing that we ought to be focused on I think that focusing on specific did methods is community fracturing attack.
Kimberly Linson: That's really helpful does anybody else want to add to that or have thoughts about that.
Kimberly Linson: All right what are some other takeaways from TPAC to we want to keep going my core or move off of tea pack and talk about other stuff.
Kimberly Linson: I've lost Mike so.
Mike Prorock: No I'm just sitting here you did yeah apologies ya know I you know I I think you know there were other there were other things that might even be worth diving into especially from verifiable credential side of things I think something that's become very clear.
Mike Prorock: Especially now that we have some pretty broad usage of VCS both in test environments as well as kind of a big public and in the wild we're seeing different ways of using verifiable credentials right that you know there's large parties using verifiable credentials with more of a private claims kind of approach that because the way I like to think of it anyways where you use at vocab in order to Define what are the core properties of a verifiable.
Mike Prorock: Shal and what the meanings of those things are.
Mike Prorock: The actual contents maybe you know pre-assigned separately right through a business Arrangement or something else some of the way we tend to see jwk as used in practice and that definitely is got a lot of wide usage and contrasts though with the way that others in the community might use vocabularies to define semantic meaning for every single you know key value pair and a set of claims right.
Mike Prorock: And I think it's something.
Mike Prorock: You know we're at a point where we do need to be thinking about okay how do we make sure the tent is is open as possible and not closed off other use cases just because they might not be the way that we you know you something or end of the you something or whatever else right because it it's one of those things where that's always a danger right if you start to establish and say no this is the way something must be done to a degree for sure that that is the nature of standardization right but but we also do have to be mindful of how are things.
Mike Prorock: Actually being used in the law.
Mike Prorock: And I don't know others may or may not have thoughts on that or that you know things that might cause problems for large-scale deployments in other areas I mean I think definitely call on some names of various folks on this call for I wanted to but I know other folks feel strongly about this and I hopefully maybe some folks will cute at talk out that or talk about you know getting into practice with VCS and what's working and what's not would love to hear you know you have.
Mike Prorock: Thoughts from the broader Community all that.
Kimberly Linson: Anybody want to add themselves to the queue.
<mprorock> /me glares at orie and shawn
Kimberly Linson: All right so Jack does this tie in to to what you wanted to talk to us about or is now a good time for you to maybe jump in and share.
Kimberly Linson: Well I'm happy for you to take some time now to talk with us about what you what you yeah before it.
Mike Prorock: Yep you're coming through.
<tallted> Is it too late, or may I suggest changing from "W3C Verifiable Conditions" to "W3C Conditional Verifiability", to avoid (further) overloading "VC" (he asked, hoping "CV" is less overloaded, or at least used by a different community)
<orie> bottom example is wrong....Ed25519Siganture2018 uses detached JWS... thats an attached jws in the example.
<mprorock> I wish manu was on this call - this would be worth discussing on data-integrity in the VC WG https://github.com/w3c/vc-data-integrity
<orie> thats a link to stack overflow... not an RFC for multisignature JWS.
Mike Prorock: +1 Orie
<orie> AFAIK, there is no RFC for multiple signature JWS.
<orie> but exciting idea!
Kimberly Linson: Thanks Jack can I ask you before I turn it over to the queue there's there I've got some folks I'm going to call on in just a second but I'm wondering if you could give me just a really quick like how is this going to be used in the wild like how would somebody use this.
<markus_sabadello> JWS supports multiple signatures. Just not in compact serialization, but thefe are other serializations if JWS.
Kimberly Linson: Okay thank you I should ask to you that to start Ted.
Kimberly Linson: All right at Ted let me let you start because I think you had a question at the very beginning about the the name and.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Yeah I'm I'm hoping it's not too late to suggest changing that name from verifiable conditions to conditional verifiability or something like that DC's with v seeds is is not going to work out well.
<mprorock> @or13 rfc7515 "The JWS JSON Serialization represents JWSs as JSON objects and enables multiple signatures and/or MACs to be applied to the same content. Both share the same cryptographic underpinnings."
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): I suggested conditional verifiability.
TallTed_//_Ted_Thibodeau_(he/him)_(OpenLinkSw.com): Obviously just off the top of my head.
Kimberly Linson: All right and or you've had a lot of comments and in and I'm hoping you will expand on those for us.
Orie Steele: I'm trying to find the links to all of the issues in the VC data model that are relevant to this there's several issues that have to do with multiplicity of the issuer or the holder or the subject Fields all of which would be relevant to this so I'll try and find them and share them with chat.
Orie Steele: To some degree I mean essentially there's been discussion about credentials with multiple issuers credentials with multiple subjects and you know it's related to the structures that you're showing here it's also I think related to some of the comments from Sam Smith on a CEC I interpret Your solution to be implementing the VC.
Orie Steele: Compatible with that standard directly but relying on.
Orie Steele: Of this sort of conditioning components and tpack you know one of the things that was discussed was maybe we focus on widening the tent for these security formats for the VC core data model I think what you are proposing here fits into that kind of bigger tent opportunity for the securing formats.
Kimberly Linson: Marcus did you want to share some thoughts.
<orie> Cool to see that no changes are needed to DID Core.
<orie> A spec for data integrity or vc-jwt would be needed for VC Data Model v2 though... I think.
Kimberly Linson: Tomislav did you want to add some thoughts.
Tomislav_Markovski: Yes I had a question I'm wondering how does the typo the verification map to the proof that's required in the condition so one key can be used to produce different signature types different proofs is there a way to express which specific is required as part of it.
<orie> Yep... the `type` of the nested verificationMethod
Tomislav_Markovski: Yes it does so for specifically for example if I were to have a Json web key in this which I can use to produce a BLS signature or BLS group signature or maybe a BBS signature does that mean that I would have to Define three specific sweets in order to express that.
Tomislav_Markovski: Right yeah sorry I just when I when I understand I'm communicating that the question correctly a single key can be used for three different proof types How would how would that be expressed.
Kimberly Linson: Great or are you go ahead.
Orie Steele: So you should not use a single key for three different proof types you might be able to do that and you might be allowed to express an intention to do that in certain key representations but I don't think you should do that the thing I think that's missing to make this example clear as a jwk example because in the jwk format you can specify the algorithm you're intending to use.
Orie Steele: Use so just.
Orie Steele: For example if we're looking at a set of P 256 K 1 public key that's a Bitcoin or aetherium public key now you might say the algorithm will Bes 256k that's going to be well understood because that's a registered algorithm type you might say well I want to use that same public key but with snore signatures and then you would put in that different out value there it would be SS 256k or something else just to be clear.
Orie Steele: Clear there isn't any registered algorithm type for snore signatures over.
Orie Steele: Exactly 26 K 1 at this time and likewise there is no register algorithm type for PLS maybe s+ signatures in jwk out registry at this time but you can imagine that if those were registered and the key was bound to a specific algorithm that new be very clear how you're supposed to sort of use them I think adding some jwk examples here would be helpful to sort of explain.
Orie Steele: In that at that idea.
Orie Steele: The thing to remember is like public key based 58 that's Community draft key representation of this point whereas public key jwk relies on an existing RFC that's it.
Tomislav_Markovski: Right so you're seeing that the GW that's what you described is a feature of the JW k key which can express what the underlying signature schemes should be used with it.
Orie Steele: Yeah and I think it's a best practice when you generate a key to generate it for a single purpose to include that purpose in the key representation it's much as possible JW K supports that by adding The Outfield and the keops parameters to the jvk I would recommend you make use of those.
Tomislav_Markovski: Okay sounds good thanks.
Orie Steele: It applies to both in the case where you're expressing a key you should express your intended algorithm that that key is meant to be used with you should be explicit regarding the algorithm the key was intended to be used with.
<orie> note the `alg` and `key_ops`
Kimberly Linson: I was going to ask if you would as we talked about a little bit ago put this slide deck on the list and I think folks will contribute and give you their opinions on on which one might be the best Avenue there and I think it'll make for a really interesting dialogue and if that's if that's all right with you I think that's great great.
Kimberly Linson: All right we.
Kimberly Linson: And I want to make sure we talk about what the working groups have been up to VC edu I know that you have been very busy and you've shared with us a little bit about what's going on but do you want to take just a quick minute maybe carry to kind of give a couple of high-level bullets of what you've been up to the last three months or so.
<tomislav_markovski> Can `alg` take multiple values or does it require separate entries for the same key to express multiple sig schemes?
Kerri Lemoie: Hey there sure no problem.
<kerri_lemoie> VC-EDU Site: https://w3c-ccg.github.io/vc-ed/
<kerri_lemoie> VC-EDU Charter: https://w3c-ccg.github.io/vc-ed/charter/
Kerri Lemoie: Probably most of you have heard about the plugfest to you so I'm not going to start there I'll just start briefly with what whereabouts were Community it's focusing on supporting and increasing the adoption of verifiable could have chosen education and employment put a bunch of links in the chat for you this is our website where we put information about what's going on in b.c. edu this next link is our Charter and then.
Kerri Lemoie: I'll do first tell you I went into work items that we have we have two main work.
<kerri_lemoie> VC-EDU Use Cases: https://w3c-ccg.github.io/vc-ed-use-cases/
Kerri Lemoie: And Beyond everything else going on in our group one is to develop a use cases document and another one is to produce a model recommendation we're currently working on the model recommendation based on the use cases in this document and this document is published but also I require some editing still so we're finishing up some editing and then we're going to send it out to the community to make any sort of further edits and suggestions I'm in the GitHub repo but we.
Kerri Lemoie: Recently just published it.
Kerri Lemoie: Mark into this document.
<kerri_lemoie> Plugfest 2 site: https://w3c-ccg.github.io/vc-ed/plugfest-2-2022/
Kerri Lemoie: So what we've another big initiative that we've been sort of co-working on or collaborating with on its with the jobs for the future which is jmf which is the plugfest to and this is the website for that.
Kerri Lemoie: Find all the information there we are well into this now we have over 40 participants and what they're working on plugfest to do plugfest one was about displaying a VC in a credential we've been following the open badges 3.0 specification which recently has aligned with PCS and then plugfest to is about protocols it's about connecting issuers to wallets and we are using the three primary protocols.
Kerri Lemoie: API oid.
Kerri Lemoie: See and did come and they'll be a demo event on November 14th at the IW the computer of I was Museum computer history that what it is Kimberly the day before I had W on November 14th.
<kerri_lemoie> Open Badges 3.0 Candidate Release: https://imsglobal.github.io/openbadges-specification/ob_v3p0.html
Kerri Lemoie: And then also just give you a link to the open badges 3.0 candidate release there is a corresponding this is a when edtech org release previously they were called IMS Global I'm there is a corresponding data model called CLR I don't have a link to see lrv to maybe somebody on the call has that and these are shared data models and they are aligning have allied with verifiable credentials.
Kerri Lemoie: And then lastly.
<marty_reed> V2 is not candidate final public as of yet
<marty_reed> for CLR
Kerri Lemoie: I really interesting and Rich call topics so we did a call on dids V1 once the recommendation past we talked about which is our why it matters for Education and Training and achievement credentials we also did an introduction to the get coin passport which is an interesting bridge between you know web 3 and also VC's we had a call about soulbound tokens which is sort of a discussion about you know what is this mean between VCS.
Kerri Lemoie: And a Nifty is and what does this mean in education and.
Kerri Lemoie: Excellent call on eme BSI which is a European model for issue Registries so and all of these links to these meetings can be usually have the minutes published on the the vcg site and then l so you can join our mailing list and find more information there.
Kerri Lemoie: Cat but I wanted to leave room for other people.
<orie> sbts -- > NT-NFTs
<nate_otto_(he/him)> I don't think 1EdTech has quite yet published a Comprehensive Learner Record 2.0 (CLR) document in parallel to the OB 3.0 work yet (it's on a slightly different less-public track, but it will be published as a "candidate final public" soon after a 1EdTech internal review phase that is taking a few weeks longer than originally hoped.
<kerri_lemoie> Mailing list archive: https://lists.w3.org/Archives/Public/public-vc-edu/
Kimberly Linson: No thanks Carrie that was that was great and and I'm so glad you mentioned all of the great great topics you've had recently I know I get so much out of everyone I attend so if you aren't a regular attender of BCE to you I would definitely Echo you know checking out the minutes of those calls does anybody have any questions for VC edu or comments they want to make please put yourself on the queue.
<kerri_lemoie> Thanks @nate
Kimberly Linson: Okay well let's move to do I have somebody who wants to give us an update on V Capi working group.
<kerri_lemoie> Thanks @marty
Kimberly Linson: I don't think Mike is on the call anymore for me to put on the spot so I don't know who to put on the spot to ask about be Capi so somebody please.
Kimberly Linson: Help me out.
Kerri Lemoie: I think many of the participants are at reboot this week and really.
Orie Steele: I can give an update if Mike isn't here.
Kimberly Linson: Yeah all right well we will have to we will have to live without an update on on BC API and maybe we've got somebody from traceability yeah no he had to he had to drop off thanks or.
Orie Steele: So I'm yeah there's been a lot of activity so I'll just pull up the latest history quick right essentially we've continued to emerge pull requests around vocabulary and credential shapes for supply chain credentials so if you're looking at the latest poll requests in the traceability vocabulary you'll see there's some.
Orie Steele: Around you know CT pack credential subject type of bugs on 3461 and packing lists if that's if that's not exciting I don't know what is these have to do with the shapes of verifiable credentials that meet compliance requirements for critical trade data associated with cross-border shipments so the vocabulary item in the traceability calls is focused on defining those book A book.
Orie Steele: Cab you Larry terms and explaining the different credentials.
Orie Steele: Sir to support cross-border trade scenarios and then the interoperability repository and see there's a lot of activity on that one as well this one has to do with the apis that we use to test conformance around these vocabulary credential types so what we do there is we have a couple companies that have stood up interoperable infrastructure and every night.
Orie Steele: He is run and our interoperability test report is generated here's a quick link to that interoperability test report and you can see you know some of us you know sometimes we have good days sometimes we have bad days interoperability is a moving Target but we measure it daily and if you're interested in passing these interoperability test there's instructions in the traceability interoperability repo for how to get started.
Orie Steele: David and essentially you.
Orie Steele: Web server that implements these open apis and you register and then you show up in the interoperability report happy to answer any questions you might have about it.
Kimberly Linson: Great thanks anyone want to put themselves on the Queue with a question.
Kimberly Linson: All right are there any other work items or things that have been going on in the ccg that we want to talk about is a community right now.
Kimberly Linson: All right well I'm going to give you back a couple of minutes but white before I do that Harrison do you mind sharing with everybody what we have coming next week.
Harrison_Tang: Yes so next week we invited Nick Lambert the CEO of talk to talk about the doc search and the web 3id they are going to demo the sign with a theory and functionalities and we are preparing a couple questions for him to answer so that you guys have any questions please come prepare and.
Harrison_Tang: a week after that we're going to.
Harrison_Tang: Tom's from satp to kind of talk about their work there and then after that we're going to have someone from ceramic to talk about ceramic Network and I'm going to we're actually kind of clean up the w3c calendars let me put it in the chat here and then we're going to put these schedule events in the vents so that when people have.
Harrison_Tang: you know people can.
Harrison_Tang: See what's coming in advance.
<kerri_lemoie> Thanks!
Kimberly Linson: Great thanks Harrison alright everybody thank you so much for joining us today and look forward to seeing you again next week have a great week everyone.