<christopher_allen> has any voice started? All is quiet.
Harrison_Tang: So hello everyone welcome to this week's w3c ccg meeting so today our main topic we actually invited Dan Yamamoto Causeway Socko uh yeah Suzuki and ug Suga to come here and present the link database verifiable credential with selected disclosures on the accessibility. ✪
Harrison_Tang: Before we get to this man agenda just want to do some admins first but want to thank them in advance for jumping out here because it's actually one am Japan time so so this is definitely quite an honor for them to actually join us as w3c she G here today. ✪
<kimberly_wilson_linson> Christopher - you might need to reboot. We have audio
Harrison_Tang: Right so quick agenda just want to do some quick reminders for the code of ethics and professional conduct reminder and yeah they know I think we've been doing very well just make sure that we remain respectful to one another never seen he did you know kind of disrespectful arguments in this channel before but just want to do a quick reminder again all right IP note anyone can participate in these calls however. ✪
Harrison_Tang: Gigi walk items must be members of the ccg with for IP our agreement sign so you have any questions about that just reach out to any of the cultures. ✪
Harrison_Tang: All right these calls are recorded and it's automatically transcribed and we try to publish the transcription within a couple days. ✪
<kazue> present +
Harrison_Tang: Use the Gchat to Q speakers so you can type in Q Plus to add yourself to the queue or q- to remove it and you can do Q question mark to see who is in the cube all right let's get to the introductions and reintroductions anyone who is new to the all right Greg. ✪
Greg Bernstein: Hi I've been hanging out on the channel for a while but most of my work has been on some of the signatures stuff and in particular I've been working on with the dif and the ietf folks on BBS signatures so particularly interested in this call and I do have some demos that you can try if you want to get more into BBS signatures which offer selective disclosure and so that's why I'm particularly. ✪
Greg Bernstein: Since about BBS or in particular I have a JavaScript implementation that's up on npm give you just ask me a question but real interested in this glad to be having this topic presented thanks a bunch. ✪
Harrison_Tang: Thank you Greg and then I probably would like to follow up with you later maybe this week to see if we could schedule a session on PBS in the church later this year yeah. ✪
Harrison_Tang: All right then do you mind kind of introduce yourself a little bit since you're the main main speaker today yeah. ✪
Harrison_Tang: Thank you thank you Dan and Kazooie do you mind actually introduce yourself a little bit thank you. ✪
Harrison_Tang: Is the honor for you guys to join us and sorry to call on us UK I do you mind and hopefully I pronounced your name correctly but do you mind actually unmute and introduce yourself a little bit. ✪
Harrison_Tang: Thank you thank you I mean it's 1 a.m. in Japan so I totally understand and lastly you g do you mind actually I'm you and introducers introduce yourself a little bit. ✪
Kaliya Young: Just quickly internet identity Workshop is coming up in two weeks if you have not registered please do so because we are likely to sell out and then more importantly I'm working with folks in Zurich to bring an unconference with the same format that we use at iwt Europe the digital identity unconference Europe dice happening. ✪
Kaliya Young: And Zurich so if you are based in Europe please consider joining us there and if you work with people who are in Europe please encourage them to consider joining us there. ✪
Christopher Allen: Yes if you hadn't heard it yet the next rebooting web of trust is September 18 through 20 s in Cologne Germany this is where we work on papers and projects and work together to ship them before the end of the event or at least the first draft and we're also having a publication day on April 13th as. ✪
Christopher Allen: For the six hopefully seven papers that have gone final since the the last one so if you're interested in participating in that look at the go-to web of Trust on info that's all. ✪
Harrison_Tang: Thank you thanks Christopher I'm on you you have the floor. ✪
Manu Sporny: Thanks Harrison two things the first one is that the VC Jason schemas work that has been incubated in the ccg has been adopted by the verifiable credentials working group I will put a link to that in here you see JSON schemas in this is a request to the ccg chairs to you know make a call for support. ✪
Manu Sporny: To move that into the new group really what. ✪
Manu Sporny: Look we're looking for objections to move that work into the VC WG since they already accepted it as a work item up to the chairs on when to schedule that the second item is that at ietf 116 I was able to present some of the work that we've been doing in this group for the last couple of years on Multi formats so you know if you used. ✪
Manu Sporny: Was there multi-format show up in those things and the ITF has given us a space to standardize that work potentially as a mini working group or the independent submissions track if you're interested in following this work I will put a link to the email mailing list in here there will be discussion starting this week on that mailing mailing list about. ✪
Manu Sporny: Whether we should do a mini working group at ittf. ✪
Manu Sporny: Just take it independent standards track so please join if you would like to help move multi formats forward that's it. ✪
Harrison_Tang: Any other announcements and reminders. ✪
Harrison_Tang: Okay what about updates on the work items. ✪
Harrison_Tang: All right so let's get you the man agenda again we're very very honor to have Dan Causeway she Gaya and Yugi to present on the topic of linked database verifiable credentials with selected disclosures I'm going to ability and predicate proves actually just want to give a quick shout-out to Christopher to actually I was chatting with Christopher about our. ✪
Harrison_Tang: and calendar and then he is the one who actually. ✪
Topic: Data Integrity-based Selective Disclosure and Predicate Proofs
Harrison_Tang: Reduce Dan Causeway and others to to us so a quick shout out to him and as we know selected disclosure unlinked ability part of the predicate proves and these kind of concepts are important topics in our community so very very happy to have Dan and others actually take the time to stay out until like 1:00 2:00 a.m. Japan time to give this talk so let's give them the. ✪
Harrison_Tang: a quick shout-out virtual clap clap Santa. ✪
Harrison_Tang: And I think the floors yours then. ✪
Harrison_Tang: Oh yes honey do you have any comments. ✪
<christopher_allen> (the limitation of positive integer proofs is part of what makes bulletproofs so fast)
<christopher_allen> (The limit is just slightly less than 2^32, so a pretty large integer range, it can do lots of things, gt; lt, inside-range; outside-range, etc.)
<greg_bernstein> Note that holder does not need secret key!
<manu_sporny> ^ thank you for that Christopher, super helpful... didn't know it could do inside/outside
<christopher_allen> @manu it can also do other things like averages, means, etc. with multiple sources.
<manu_sporny> @Greg, could you elaborate more on "holder doesn't need secret key" -- you mean that the only thing you need to do a reveal is the original BBS signed document itself, right?
<christopher_allen> @manu "Is the average of these 300 VCs >80%"
<greg_bernstein> The holder produces a proof from signature, issuers public key, and revealed messages. No secret key (either holders or issuers).
<christopher_allen> There are other zk-proofs that don't have this limitation, but are 10x-100x slower.
<markus_sabadello> Current work in W3C RDF Canonicalization and Hash WG: https://github.com/w3c/rdf-canon, https://www.w3.org/groups/wg/rch
<kazue_sako> Bullet proofs can be combined to prove arbitrary range, a<x<b
<manu_sporny> ^ @Christopher, averages are super important for variations of "K-anonymity"
<christopher_allen> ^ @manu, precisely! I think in Taiwan they say that health data is considered anonymous (legally) if it is in groups of at least 300.
<manu_sporny> @Greg -- important to know that -- that is, "theft of ZKP VC can result in impersonation" -- which can be counteracted (to some degree) with a binding to a private key (presuming private key isn't stolen as well).
<kazue_sako> Gregg, I think you meant that holder does not need secret key of the issuer! Indeed.
<greg_bernstein> Yes
<greg_bernstein> Theft, impersonation, are problems...
<kazue_sako> So Holder has his own secret key to prove that he is 'correct', that is a binding VC.
<manu_sporny> @Kazue yes, that's what I understood as well. also, hi! Long time no see! Thank you for saving me the last time I was in Japan! :)
<christopher_allen> ^ @manu I'm also looking into how these sd/anti-correlation techniques can also be integrated into did:docs.
<kazue_sako> Dan and my students are working on those binding VC.
<manu_sporny> @Kazue good to know -- very important from a use case perspective... the re-mapping stuff that DanY is covering right now is vitally important as well.
<kazue_sako> My student is working on using CHAPI and issue binding VC using blind signatures!
<manu_sporny> ^ oh, very interesting! Let us know how we can help!
<greg_bernstein> Very interesting Kazue!
<manu_sporny> One of the harder problems is the presentation request language... how does a Verifier ask for the ZKP fragments that Dan is mentioning.
<kazue_sako> @Manu, indeed. We were trying to copy 'presentation request language' from somewhere...
<sandy_aggarwal> Dan & Kazue - I work for Mizuho Bank and would be glad to connect with your team to discuss this project. Are you collaborating with any banks in Japan?
<kazue_sako> Did OpenID Foundation had some work on presentation request language..?
<manu_sporny> It looks like the presentation request language you're using is JSON-LD Framing (in the Playground)
<manu_sporny> While OpenID Foundation was working on presentation exchange, looks like you're using the existing JSON-LD Framing specifications for that (which is good, given it's already a standard).
Harrison_Tang: Alright I'll moderate don't worry about it so sir yeah please. ✪
<bengo> ���� this is rad
Christopher Allen: Wait yeah thank you Dan very much in team for coming today I've been pushing for a long time that we have to be a lot more serious about selective disclosure I mean I think we have now a range of of different approaches to selective disclosure ranging from you know hash-based disclosure of a list in SD jot hash-based disclose. ✪
Christopher Allen: Um we have the ability to do it with trees with gordian envelope and all three of these do not have some of the unlink ability capabilities that this is and then at you know at the other end of the spectrum are not only these kinds of selective disclosure but also their ways to bind this to things like d ID documents and such so I really am am pushing that you. ✪
Christopher Allen: And that we begin to get to the point where we can mandate not just you know say oh this is an optional sweep at mandate that you know our future constructions must have some form of selective disclosure even if it's just a simple one because I think anything less than that is a real real you know human rights and privacy issue as you see with this example with with vaccine credentials and other Healthcare data and. ✪
Christopher Allen: Man who mentioned that you know the ability to aggregate data. ✪
Christopher Allen: It is really important for health but it's also really risky for for privacy so I'm hoping we'll have more discussion about these types of things and you know I'm hoping that the ccg can you know dive into some of these specifics in the future and really move toward you know saying this is the minimum requirement that we have some form of. ✪
Phil_L_(P1): Yes I didn't hear what you didn't hear your voice can you hear. ✪
Phil_L_(P1): Okay well thank you very much I have a really perhaps naive question but I'm wondering what prevents the second credential with the particular information about the vaccine from being something borrowed from a third party and not really the individuals and I'm wondering if the end quad term Wise Construction that you've described is what is preventing that sort of connection of a second. ✪
Phil_L_(P1): Individual of the first credential if that makes sense. ✪
<christopher_allen> The combination of binding the 2nd VC to the 1st is unique per presentation, so it can't be correlated.
<christopher_allen> ^ @Dan I'm trying to collect more scenarios for SD/non-corellation use cases.
Phil_L_(P1): I understand the selective disclosure part and the end of the hiding of particular pieces of it I think you were saying that the that the proof method also proves that the credential subject in the first credential is the credential subject in the second credential is that right. ✪
Phil_L_(P1): The other words if I if I'm the person and X2 and your person your as a separate person that has this vaccine what prevents me from using that the the vaccine that you got as as my claim that I have gotten it when and I'm not selectively preventing disclosure of these other pieces of information I still want to make sure that it's that that original person is the. ✪
Manu Sporny: Yeah two things I just wanted to say thank you to Dan in Yugi and Kazooie for working on this stuff it's really fantastic work so thank you you know for for pushing this stuff forward for those of you in the community that are not aware the BBS signature stuff is expected to go into last call at ietf over the summer that's basically where. ✪
Manu Sporny: We're done with the base construction at the cryptographic layer in as many of you know the verifiable credentials working group has adopted the BBS crypto sweet that bills on top of that that uses this mechanism that that day and just presented today or subsets the mechanism that Dan presented today so I just wanted to make it clear to everyone in the group that this is a very real thing that is going to be that is. ✪
Manu Sporny: Is already on standards tracks at ietf. ✪
<christopher_allen> ^ @Dan @Kazue I'd be interested in discussing opportunities for binding to keys in did:docs.
Manu Sporny: W3c and we expect it to be you know a standardized probably early next year to mid next year at some point so that's that's great so that's the first item the second item goes to fill your question in what was said in the chat as well as Dan's response to that is that in the base construction BBS is is is so good. ✪
Manu Sporny: Then Amity that if you were to steal that credential you could impersonate the the individual in so there are other things that are required to kind of rebind that in ways that don't make it very easy to steal the credential and impersonate so as Dan was mentioning there's this holder binding stuff that's being talked about there's tying to a cryptographic key that's an addition there and of course when you start. ✪
<greg_bernstein> There is also a notion of "required reveal statements"
<christopher_allen> ^ @manu I suspect there may also be some capability to salting type approaches if you have any key material of the verifier.
Manu Sporny: You start losing some of the anonymity aspects and so the you know the quest is to find the right balance for the use case there are a lot of there are a lot more considerations that you have to take into account when you're trying to provide this kind of unlink ability and selective disclosure that you never had to think about when you're doing the kind of the standard digital signatures that we've been doing for. ✪
<christopher_allen> …So when you get the request from the Verifier, what you give them will be unique to them, and can't be reused.
<phil_l_(p1)> Thanks Manu for that clarification
Manu Sporny: So that's just something to keep in mind that there is no when you get into this kind of space there is no one right answer you effectively have this toolbox of cryptographic Primitives that you can put together in certain ways and they tend to be very specific to the type of use case that you're trying to achieve but the good news here is that fundamentally the basis these cryptographic toolkit things are going to have Global standards behind them. ✪
Manu Sporny: In the next two years which means that then we can start deploying them. ✪
Manu Sporny: In real-world production use cases that's it. ✪
Harrison_Tang: And you want to make some concluding comments. ✪
<christopher_allen> @Dan your fluency is great!
<kerri_lemoie> That was excellent. Thank you!
Harrison_Tang: No no thank you I think your English is perfect so thank you for taking the time and thanks again then Kazooie she Gaya ugj for actually coming here they and I didn't fly almost 2 a.m. in Japan some thank you thank you for coming here at w3c shiji today. ✪
Harrison_Tang: All right so this concludes this week's at w3c shiji meeting if you want to see what's coming just go to the content calendar that I sent out every week right have a good one thank you bye. ✪