Harrison_Tang: So thanks for attending everyone will start this week's w3c ccg meeting today are we are pleased to invite the Jack and rebel from tomomi Foundation to lead and present on the topic of multi signature verifiable credentials and conditional proofs but before we get to the main agenda just want to remind everyone to couple. ✪
<john_kuo> Could Rebal mute please?
Harrison_Tang: It's tough so the first thing is the code of ethics of professional conduct just want to make sure that we hold a respectful conversation and we pay respect respectful to each other quick IP note anyone can participate in these calls however all substantive contributions to any CG work items must be members of the ccg with for IP our agreement signed make sure you have a copy 3C account and if you encounter. ✪
Harrison_Tang: any issues feel free to contact me or any of the colors. ✪
Harrison_Tang: I will send you the link and the links are also included in the email agendas I said every week. ✪
Harrison_Tang: Quick call notes these are meetings are being recorded and the meeting minutes are an audio recordings can be found in our GitHub link and we usually get out these transcriptions everything within the same week if you have any questions on that just let me know. ✪
Harrison_Tang: Uh GT chat to Q speakers so you have any questions just typing cute plus to add yourself to the Q where Q - to remove that and yes and you can do a Q&A question mark to see a who is in the cube. ✪
Harrison_Tang: That introductions and reintroduction so you're new to the community or you haven't been active and once you introduce yourself please feel free to unmute. ✪
Harrison_Tang: Okay I'll call I'll leave about 23 minutes for at the end of the meaning for introductions reintroductions as well. ✪
Harrison_Tang: Any announcements were reminders. ✪
Manu Sporny: Thanks Harrison I'm going to share a couple of things so the first note is that the verifiable credentials working group face-to-face meeting in Miami is now at capacity so we can't take any more folks in person we were at the limit to what the room can hold but you can still attend. ✪
Manu Sporny: You just need to talk with the chairs to do that the agenda has been published and this is this is the agenda which is public we're going to be talking about holder binding media types content types and how they recite we relate to VC J WS cozy those kinds of things. ✪
Manu Sporny: Points like evidence status list rendering terms of use we're going to be talking about terminology that's day 1 Day 2 will be verifiable credential data integrity and the crypto sweets around that as well as VC jot and then some issue processing and then day 3 will be a discussion around whether or not at context is going to be optional or not some industry news which will. ✪
Manu Sporny: Be off the Record so that people can share more about around what's happening so that we can all hopefully coordinate things that are going on and then. ✪
Manu Sporny: You processing and then closing out with deliverables the things that we believe we are going to be able to accomplish so that's the agenda it's on the public mailing list I can put the agenda here in the chat Channel b c WG F 2f agenda so that's that and then second announcement is and give me a second I've got to find a. ✪
Manu Sporny: Window that's going to be difficult. ✪
<christophera> @manu, is there any agenda on selective disclosure (in particular hash-based like SD-JWT and JSON-LD Merkle?
Manu Sporny: The announcements around like all the things that are going on in the working group so basically every week we get a list of things that the working group has been working on in as you might have seen that list is getting longer and longer. ✪
Manu Sporny: So there is a lot that's going on in the verifiable credentials working group right now we get a summary of meaning meaning this this group gets a summary of what goes on there from week to week but it's called the weekly you know digest here ago I found it kind of crappy version of it. ✪
Manu Sporny: You can see here they're like these are all the concurrent conversations the pair of sorry the parallel conversations that are happening right now in the verifiable credentials working group so these are all like this is just last week like these are just the items we talked about last week so 20 issues 52 comments in just you know the VC data model repository with many more repositories have in common so it's. ✪
Manu Sporny: To keep up keep up so I'm just letting you know everyone know that keep your eyes peeled every Monday at around 12 p.m. this summary sent out in we are processing a lot of issues in parallel in coming to resolution and doing PRS and closing those issues so just be you know pay attention to that going on that's it. ✪
Harrison_Tang: Thanks Bonnie yeah look at that the VC working group agenda it's a it's a basic it's like three days of good conversation so I'm actually going to invite Oliver there's a good thread around the holder binding the topic of The polder Binding so we'll have Oliver and the authors of that paper to actually be the discussion around holder by the the topic of all the binding April and then at the end there's probably other good topics in those agenda. ✪
Harrison_Tang: that we might want to invite them to. ✪
Harrison_Tang: Those discussions and actually educate some some of the folks here including myself on those issues cool any other agenda any other announcement or reminders. ✪
Harrison_Tang: So in the email I sent out there is a link to the w3c calendar so we have the agenda actually schedule the topic schedule until the mid April so if you have any other topics that people want want us to kind of put into the schedule please feel free to email any of the cultures. ✪
Harrison_Tang: All right any questions on the work items or any comments or things that people want to bring up in regards to the work items. ✪
Harrison_Tang: All right let's get to the main agenda so today we are very pleased to have Jack and Gribble Fontenot Me Foundation to present and lead a discussion on both highs signature verifiable credentials and conditional proofs I think there was a very interesting thread couple months ago in regards to this topic and there are also other you know threats in regards to what multi signature verifiable credentials and. ✪
Harrison_Tang: these kind of topics so I think it's. ✪
Harrison_Tang: It to actually have a meeting and live discussion on this topic so I'll kind of hint the end of floors to Jack and rebel and let them kind of lead these these discussions thank you Jeff. ✪
Manu Sporny: Yes I have one so first first up this is this is great like really really cool you know the whole concept of you know verifiable signatures and kind of cryptographic circuits and that sort of thing is great and totally got the use cases those make a ton of sense as well I'm wondering is this formulated in maybe I missed it earlier I saw the verification method and. ✪
Manu Sporny: And how they're all that kind of condition. ✪
Manu Sporny: Russians they're the signature itself I think is what you're walking us through right now Rebel is is the expression a single signature or is it like a modified JWT or is it Ray of signatures what does the like I see this but is this mean this means that you've basically your signature is a JWT. ✪
Manu Sporny: Other jwt's within the signature structure is that correct what is a signature look. ✪
Harrison_Tang: Sorry Christopher has acquired question Christopher. ✪
Christopher Allen: Yeah yeah one of my questions is increasingly we're looking at scenarios that where there is a mixed of mCP based thresholds which you don't actually know that the thresholds are there do you have any way of marking hey you know this is a single signature but it is in fact you know a you know a threshold to of. ✪
Christopher Allen: You know ecdsa mCP or anything you know do you deal with any of those types of issues thanks. ✪
Christopher Allen: It's a little more subtle to that but all may be taken offline. ✪
Christopher Allen: It's so aggregate of all like frost there's also one now for ecdsa that coinbase and other people are doing we're basically you're doing you know you're doing signing operations but at no point is there a single private key ever on any single machine so it is a kind of multi. ✪
Christopher Allen: Computational process Frost is the one I like to use but there's several of these. ✪
Christopher Allen: Okay just for your information they. ✪
Christopher Allen: Right but just the result is exactly the same as a regular Fingal signature but in fact was created by multiple keys so that's I just say it's more of a a you know how does an organization know that that was done. ✪
Harrison_Tang: Sorry I have a quick question so earlier you mentioned is a nest is signature and I'm wondering can you actually check and verify one of the nest of signatures or you have to do it all check and verify all signatures out at once. ✪
Harrison_Tang: Yes but then you stash the case then the sequence of the signatures quite important right you can actually get to the bottom of the stack basically at first basically right. ✪
Harrison_Tang: Got it and by the way I think still you have a very on the in the speaker cue. ✪
Phil_L_(P1): Right yeah can you hear me okay thankfully I had two questions you just answered this the second one which is order is not being checked and doesn't matter in this particular instance but the first question is just practical question can you give any sense as to how much additional size is a crude when you start having four five six embedded signatures as part of the process how much how much boat are you adding to the credential. ✪
Phil_L_(P1): Renee right right great thank you that helps. ✪
Harrison_Tang: Mommy in your in the queue like I think you have a comment. ✪
<orie> base64url No pad ; )
Manu Sporny: Thanks yeah there there's effectively you know when you Basics T4 in code something my presumption here is you're doing Basics you for URL encoding when you Basics you for encode something you have 33 percent bloat over the standard binary size and then as you embed those things inside one another the bloat kind of goes up so the more complex these signatures are just purely because of the way John. ✪
Manu Sporny: It's work and they 64 encoding Works you're going. ✪
Manu Sporny: See you know a doubling you know and then a 33 percent overhead at every single nested level in and I you know I should I think we should clearly outline that like this is not a bad thing like if you need conditional signatures of this kind and you want them to you know provide like fairly complex scenarios you are probably okay with the signature sizes getting very large. ✪
Manu Sporny: Roaches are mitigated with some of the techniques that Christopher was talking about like they're near signature formats that you know don't grow in size like this but again I mean that requires you to step away from the Jaw tooling to take advantage of those things and so it really it's really use case dependent you know I don't think people should look at this as like you know a terrible thing it's just you know one of the costs of associating. ✪
Harrison_Tang: Thank you Mom you Bob I think you're in the queue. ✪
Bob Wyman: Yeah simple question my apologies if it's dumb but question is is there anything inherent in the design that would prevent you from adding ordering conditions like a condition after will say that required weapon used some other some other signatures having been. ✪
Bob Wyman: Okay I just wanted to check if there was anything that would prevent it. ✪
Bob Wyman: Prevent one from say having a condition app. ✪
Manu Sporny: Yeah Bob if your question is around like can you determine if the sequence of signatures happen in a certain way there are other Cryptids sweets that you know provide that so for example like the data Integrity stuff that's going through the verifiable credential working group right now has the concept of set signatures like a set of signatures where you don't really care it's just you you want to make sure that there were like five signatures on this verifiable credential for whatever reason. ✪
Manu Sporny: Are supported just with base data Integrity stuff and then chained signatures so you have a chain of signatures or a series of signatures that have to follow a specific order that's a part of just kind of the Baseline data Integrity mechanism as well so there could be ways of combining like what we're looking at here with those other more. ✪
Manu Sporny: Primitives that are available in the data Integrity stuff to get to what you're what you're you know asking about and those things are going to be through you know this the standards process there are Global standards track features at this point. ✪
Harrison_Tang: Right we will take one more question and we'll that Jack and we're both like move out with the rest of the presentation the Christopher you have the for. ✪
Christopher Allen: Right thank you yeah I think one of the things that we discovered when we were working on some similar stuff I put a link into the chat for document on how to design multisig thresholds and quorums and things of that nature and is that then to be able to do the kind of next operation then you need to be able to have Smart signature operations that can refer. ✪
Christopher Allen: In a prior object because these things are when you were you talking about this particular structure is great for evaluating this this you know these things are all kind of signed at the same time of the same data but when you're trying to verify use a signature to verify that another signature was valid was valid you have this sort of layer problem because you're basically having to create. ✪
Christopher Allen: Eight code that then looks at another signature. ✪
Christopher Allen: Looking at the paint those the payload so it's a lot harder to do those and I also am a little concerned I mean we ended up not we found a way of doing it with threshold signatures instead so we ended up not doing that particular function because it was we had some questions about its security but it's hard creating Court quick creating thresholds and quorums and all that kind of stuff in ways that address all the needs that's it. ✪
Keith Kowal: Thanks for this it looks really amazing I I think the challenge I've had with these types of schemes threshold signatures and multisig is not So Much from the implementation at the graphic layer but in the region like how you you organize like multiple collecting wallets from multiple signatures or even like presenting to a signatory like what it is they're signing out maybe this probably not your scope of work but I wonder if you had any thoughts about this. ✪
Keith Kowal: About how you kind of implement this in. ✪
Harrison_Tang: Christopher do you have any comments or questions. ✪
Christopher Allen: Yes I just put into the chat the again that multisig scenario design thing yes there to answer the previous question a little there is a lot of design that is required and how to assemble and you know for instance you'll run into situations that are not reflected in the conditions but where somebody wants to be the last finer but the fact that they're the last signer is not relevant. ✪
Christopher Allen: Lay in the process of signing all the others in some kind of partial form along the way so you might have you know you know Joe and Ken are the primary signers and you know the the the the the steel the co only signs after they the first two primary signers have signed so that there's a quorum. ✪
Christopher Allen: You know that so there's some some things that can happen in the in the process of signings of processes there that really aren't reflect don't need to be reflected in the final conditions because the final condition says hey you know it's there's three of The Five People You know it's valid or two or three or whatever it happens to be so there is a lot of variance there I happen to be a big fan of you know nested thresholds 2 of 2 of. ✪
Christopher Allen: 32 Of Threes is effectively a for of. ✪
Christopher Allen: But you know it can have a lot of additional properties in the sense of you know emergency signers you know this is often important say with a verifiable credential by an institution where the you really want to have a distributed find any kind of scenario where you know if New York is down. ✪
Christopher Allen: Station or whatever things business processes can still proceed so you know if you're interested in talking more about these types of things you know this is a topic that blockchain Commons has been doing research on and we'd be glad to to do more thanks. ✪
Harrison_Tang: And Bob I think you are next in queue. ✪
Bob Wyman: Yeah I'm just curious I know that Focus here is on the technology but have you all given much thought to how a user interface might present a particularly an incomplete signature to a user to an end user not a programmer. ✪
<christophera> There are a lot of good lessons on "partial signatures" in bitcoin's PSBT standard, which has evolved. We (Blockchain Commons) have discovered a number of policy (pre-signature) problems as well.
Harrison_Tang: Right well thank you thank you Jack thank you for both thank you for by actually Christopher you have a question. ✪
Christopher Allen: Well it's more of a trying to respond to the last one the user side of this for the you know for signing things is a is a lot harder than a lot of people think because you end up having to express a signing policy in ways that are you know complex so for instance you know Joe you know. ✪
Christopher Allen: Initiate or of a you know again the pre signing kind of phase of the policy and he needs to explain why you know other parties might need to sign it or why they're you're taking advantage of an emergency signer or or you know why an emergency signers required and and you know that there is a flow of things sometimes people want to be the last sign or they don't want to be the first signer. ✪
Christopher Allen: Etc so it turns out it's a lot. ✪
Christopher Allen: A hard problem there have been some good lessons in Bitcoins partially signed Bitcoin transactions from the very first version of it which had really no made a data to later versions that allows for more metadata to be put into it so there's some lessons there I imagine other cryptocurrency work on Multi signatures may also you know give you some UI tips there but you know my my biggest. ✪
Christopher Allen: Anything is actually a lot harder you xy's and you might think it is that's it. ✪
Harrison_Tang: You Christopher Keith yeah before. ✪
Keith Kowal: Yeah I just want to follow on from that comment yeah I mean I totally agree I think if you have like a back-end let's say like a work day that how already has those kind of orchestration features available as part of their bread and butter then it's fairly like system like you know it got big H HR System can do that but it's like how do you do in a decentralized way I would suggest like we maybe need like like new parameters which basically like the purpose that you're asking someone to sign or things like that that would have to be populated so. ✪
Keith Kowal: Yeah it's just an echo it's a really tough problem and in the decentralized world and. ✪
Keith Kowal: Always back to having to build an orchestration and. ✪
Harrison_Tang: Cool I have a question for Christopher so what's the trade-off between the like the complexity flexibility of the business logic versus like performance payload and things like that like for example earlier you mentioned about thresholds signatures I think it sounds it sounds cool but what's the how much complexity like payload and performance trade-offs are there. ✪
Christopher Allen: Well for this particular approach to it the conditionals which I'm at by the way a big fan of just because of its Simplicity is yeah you know the objects get bigger and it you know it it can be kind of painful and in that regards but I don't think from a computational perspective that it's particularly challenging. ✪
Christopher Allen: The other threshold Technologies and stuff are you know sometimes don't run on small devices in particular small signing devices so for instance we had a whole conversation last week at the Silicon Salon that we host on how to accelerate you know some of those types of operations on new emerging chips. ✪
Christopher Allen: You know there's some issues with some of the more advanced cryptographic operations but one of the things I another kind of point I really want to emphasize with people is that you know this in almost all of the language around this we are talking about people signing my gut feel is that these things types of things are going to be deployed you're going to have people who sign things you're going to have come you know. ✪
<orie> How big is too big?... Are there any limits on document size of inputs?
Christopher Allen: That's fine things that you know have their own policies for how they sign it so one person may be actually represented by a quorum you know it's like it's his ring it's his phone and it's you know his company cloud service and the all those are the three you know three signatures but it's one person I also think that you might have signatures where you know this is not valid unless the accounting server says the budget is available has been approved. ✪
Christopher Allen: Put in the budget and what the budget numbers are and all that kind of stuff into the conditional you just simply say Hey you know it requires a you know you know some Quorum of accounting Surfers to say yes it you know it meets the budget and it there is no they can't sign by themselves because there's a different threshold that is the personal approval all they're doing with their threshold is dealing with the you know yes it has met you no sir. ✪
Christopher Allen: In kinds of non you know human conditions. ✪
Christopher Allen: So there's a richness there that I think is going to emerge. ✪
Harrison_Tang: Well thank you thank you Christopher we're we have two more minutes so we'll take two last comments or questions and then if you have to drop just want to give a quick note for next Tuesday we'll have Korea to talk about the ca California vital records all right pop you're next. ✪
Bob Wyman: Yeah I just wanted to support what I think it was Keith had said about purpose the reason I asked the question about presentation was it seems to me that as these conditions become more and more complex. ✪
Bob Wyman: Really complex bullion's here it'll be important to have some way to carry along some non machine data that explains to people why their signatures may be required a particular points and why they're you know why the lodge why the structure is the way it is and I just think it's important that we remember that in order to present this stuff to people. ✪
Bob Wyman: Have to explain to them have something other than the raw signature code to explain to them what they need to do and why they need to do it. ✪
<christophera> …And, some of these prelim metadata will need to be signed, but not included in final conditional.
Harrison_Tang: Thanks and Jack I think you can close the today's that discussion and presentation thanks. ✪
<christophera> If there are those interested in the pre/partial signing policy use cases & requirements, contact me.
Harrison_Tang: Yes so I think first of all in regards to getting more people involved like if you could send send me the links then I can or you can just reply back to the the the agenda that I sent out where I can stand on no set up for you to the ccg mailing list in regards to the question about how to represent conditional proof PID method I think Corey earlier made a comment that you. ✪
Harrison_Tang: might not need to create a new method you. ✪
Harrison_Tang: You can just use the web GID method and then lastly in regards to update the name and merge the pull request I can know talk to Mike unfortunately he cannot make it today I can talk to Mike and then maybe manyu and then we can if there's no objections I don't think so there's no objections we can actually just do it. ✪
Harrison_Tang: Actually I think Bumble fudgy I think you have a comment to make during the Q. ✪
<orie> I can merge PRs at DIF.
Juan Caballero: I was just going to say I don't know I think those are dormant work items that diff so I'm not even sure who you talk to about merging them in I think the I'm not sure if any companies are currently going to bump those 2 V 2 when when the VC working group has a stable feet. ✪
Juan Caballero: Did we UT and I think they will need to I think those different pose might be very V 1 or V 1 Point 1 so 0 or he says he's he's happy to help I would say that you know it's would be good to combine with a general refresh of those libraries if anyone wants to do that was on was my only suggestion. ✪
<orie> but with notable problems regarding JSON-LD.
Juan Caballero: I just meant that if your well or is or is saying in the chat that these libraries are for V 1.1 of the of the VC and the JWT expression or proofing mechanism is changing a lot. ✪
Juan Caballero: So the VC spec itself is changing so if this if did JWT and digital TV see wanted to support or migrate to or have a future version that supports V2 J WT V CS. ✪
Juan Caballero: Would be a big undertaking and that might be a good time to include this multisig stuff it might you know be a Cooperative thing if you wanted to incorporate. ✪
<christophera> BTW, if SD-JWT comes along, this will also have a huge effect on this, as signers may need raw details that are not available as they selectively disclosed in the VC they sign.
<orie> probably you want to an IETF RFC for this kind of "JWT extension".
Juan Caballero: Sorry yeah ooh ooh sorry I meant for those libraries I mean I'm saying that if you wanted some you know like a dialogue and cooperation with a company with sorry with any organization or group of people bumping those specs to the newer to have interoperability with V2 conformant JWT systems it would be a good opportunity to. ✪
<orie> seems like an IETF thing to extend JWTs, similar to how SD-JWT is at IETF.
<orie> and DPOP is at IETF.
<christophera> (We've been thinking various issues of signing/not-signing elided data in Gordian Envelopes)
Juan Caballero: There's there's sort of like I've raised to get kind of circumspectly but what I'm saying is I don't know who is actively working on those libraries so I don't think anyone will say no if you put in a non-breaking change that lets additional signature types work but if what you're looking for is more cooperation or checking each other's work then it might you might have to wait till someone bumps that lat. ✪
Juan Caballero: Or just message me or shh or just message me or said directly. ✪
Christopher Allen: It is is diff going to be doing FD job because that also has huge implications with all of this. ✪
<orie> I don't think DIF is going to do an item for that, its currently a work item of the OAuth WG at IETF.
Christopher Allen: The Selective disclosure jot version because basically you have now this problem where you know for various information is being selectively disclosed dust you know the signers may need access to information that is not available in the actual final verifiable credential which makes the multisig complicated I mean we ran into this with gordian envelopes. ✪
<orie> (re SD-JWT)
Christopher Allen: Give very clear warnings that you know you know information has been delighted that you're signing and so maybe you don't want to sign it but there are cases where you need to sign stuff that is you know that is alighted for specific use cases so again it's you know it if I if there's one thing you guys learned from all of this is that there is a whole different preflighting before signing you know. ✪
Christopher Allen: Policy process thing that we need to be able to. ✪
Christopher Allen: And some of these Technologies cause you know we need to articulate the requirements for the policies which is very separate from okay you know here is this final conditional signature that reflects after all the policies have been implemented that you know that you should continue did you can you can rely on this. ✪
Juan Caballero: So to answer your question on whether that's a work item at diff I haven't heard anyone at differing on it I know that the sum. ✪
Juan Caballero: T work and the what's called dang it not jwp work the Json web proofs work which was originally incubated at diff has I think they'd both been in been accepted to work in groups or he said in the chat that the oauth working group at ICF is working on SD J WT so I think that might be. ✪
<orie> JOSE WG at IETF was recently re-chartered, and they have asked for I-Ds to be submitted for IETF 116.
<orie> seems like exactly the kind of thing that belongs in JOSE WG at IETF.
Juan Caballero: But I can't c-diff would necessarily I can't imagine if organizations wanting to incorporate that in general purpose sort of public option Library if they're moving Target and you know I think diff diff folks would probably wait until ATF has a version of it to implement a library and even then it would probably get implemented by one company and donated rather than. ✪
Christopher Allen: I mean as I understand it St John is based on mobile driver's licenses selective disclosure so it's an important competitive feature. ✪
Juan Caballero: Yeah it might happen but I haven't heard of anyone doing it at that for donating it sad if it may well be just companies that go to market with that but I don't know. ✪
Harrison_Tang: Jack does that answer your question. ✪
Harrison_Tang: I think we might have lost Jack Jack. ✪
Harrison_Tang: Yes it does that answer your question earlier. ✪