The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

W3C CCG Weekly Teleconference

Transcript for 2023-08-29

Our Robot Overlords are scribing.
Harrison_Tang: Watching Oliver I'll do the quick intro first and then I'll kill you.
Harrison_Tang: Sounds good right so hello and welcome to this week's w3c ccg meeting so this week we are very glad to have Oliver here to present and lead a discussion on open ID for verifiable credentials and verifiable presentations so before we get to them in agenda just want to do a quick reminder on code of ethics and professional conduct just want to make sure that you know we acknowledge and respect each other's privacy.
Harrison_Tang: perspectives feel free to make any comments and things like that.
Harrison_Tang: Silence you know you keep in mind of the code of ethics all right quick I denote anyone can participate in these calls however all substantive contributions to atcg work items must be members of the ccg with full IP our agreement sign I make sure you have that w3c account and you have any problems or encounter any issues in regards to sign up to a w3c account or the mailing list just let it.
Harrison_Tang: any of the cultures know.
Harrison_Tang: these meetings.
Harrison_Tang: Corded and it's automatically transcribed we do try to publish these meeting minutes within a day or two but if you need it a little bit sooner just that any of us know.
Harrison_Tang: We used to teach at to Q speakers during the call so you can type in Q Plus to add yourself to the Q where Q minus 2 to remove.
Harrison_Tang: All right any introductions or reintroductions if you are new to the community or if you are if you haven't been active and want to rename engage with the community please feel free to just unmute and introduce yourself.
Benjamin Collins: Okay I'll do a quick introduction my name is Ben I'm from transmute and glad to be on the call today.
Harrison_Tang: Anyone else feel free to mute I'll mute.
Xavi_Aracil: Yes and let me introduce myself and tell me that you like from one attack and curly based on in Barcelona Spain very happy to be here.
Harrison_Tang: All right announcements or reminders you have any announcements or any reminders feel free to just allow yourself to the qy me.
Erica Connell: Hi everyone yes it's Erica I just wanted to give a friendly reminder that we're building the web of trust is coming up September 18th through the 22nd in Cologne Germany I will put a link to the Eventbrite in the chat all are welcome and their scholarships and sponsorships available as well thanks that's all.
Harrison_Tang: Thank you Erica Clea.
Kaliya Young: Hi all so friendly I'm Commander that we've got the internet identity Workshop coming up October 10 through 12 in Mountain View California and we also have sponsorships available I'm going to put a link in the chat so folks who have don't know about a how affordable sponsorship is can.
Kaliya Young: To learn more about it.
Kaliya Young: I have quite a few slots available and it's a key component of helping the event run so I'll put a link to the main website and also that sponsorship document for folks to look at thanks so much.
Harrison_Tang: Any other announcements were reminders.
<kaliya_identitywoman> Event Website coming up October 10-12.
Harrison_Tang: All right a quick preview of what's coming so next week I will have already Mike Barack and others to kind of give a update on the traceability and then after that we have machine identity in Federated system so Justin Reacher will talk about that and then after that we'll talk about Fido to and wipe all thin and then the seconder September 26th will have selected disclosures 48.
Harrison_Tang: equities of value will be the discussion on that.
Harrison_Tang: Any other announcements were reminders.
Orie Steele: Paris and just confirming that traceability status updates happening next week.
Orie Steele: Okay I think I have my dates wrong thank you.
Harrison_Tang: Thank you no thank you again sorry for the confusion to regards to the scheduling and things like that so thanks thanks Lori.
Harrison_Tang: All right any updates or comments on the work items.
Harrison_Tang: Okay well let's get to the main agenda so this week as mentioned earlier we're very glad to have Oliver taking the time to present and be the discussions on open ID for verifiable credentials and verifiable quick presentation so I thank you Oliver for taking the time to present here and the floor is yours.
Harrison_Tang: All-American go on me.
<kaliya_identitywoman> Link to learn more about our sponsorships for IIW. It costs as much to sponsor IIW as it does to attend an event like Identiverse ;)
Harrison_Tang: If you don't mind like if you don't mind can you introduce yourself a little bit and then we can get right into the presentation thanks.
<kristina> announcement! a new WG dedicated to OID4VC is starting this thursday in OIDF!
Kristina: Sorry Oliver if you can go back to the previous late just a nod to confuse people open ID for credential Asians and presentations or based on OS so we are talking about existing all of us relying parties and OSS authorization servers being able to leverage right all those of course backs so those two are completely based on all us like you do not need to understand up that you connect to be able to do that right so only.
Kristina: Of the provider which is synonymous with syndication piece is still based on connect just being really clear because you know that's why it's called open idea for a fabric with an shows and not of midi connector profiled for credentials to because it's fundamentally based on all of us who I deliver.
<orie> Does the new working group mean that all new verifiable credentials protocol work should happen at OIDF, or is the OAuth WG at IETF planning to do protocol work for VCs ?
<dmitri_zagidulin> ooh great question Orie
<orie> afaik, IETF OAuth will need a new charter to do that kind of thing, so maybe OIDF willl absorb all the related work.
Harrison_Tang: Sorry sorry I'll live it like do you mind taking like a couple questions right now or you want to do it again.
Harrison_Tang: I'm on it to the queue so Dimitri.
Dmitri Zagidulin: Thanks I wanted to ask question before we got too much from from the previous slides I wanted to ask about the you mentioned that people can use existing open ID issuers also open ID Lupe's identity providers for issuing credentials like having having having tried to do that at least in the JavaScript and the node ecosystem I find that.
Dmitri Zagidulin: That they're not able to write the like.
Dmitri Zagidulin: The VCI specs introduced new parameters new API endpoints that the existing issuers don't have what am I doing wrong.
<orie> might be a good question for stack overflow... how to add custom claims to `id_token` from AS
Kristina: Seriously I don't think anything is wrong right so again they are reusing all of us authorization servers and when you'll get to the issuance part it will be clear but what issues spec does it introduces a new resource server which you can leverage using your existing authorization server and for existing authorization server you can actually use it without modifications if you're using a scope parameter to identify which.
Kristina: attention seeker requesting like for example.
Kristina: Shouldn't we are reusing Azure active directory which is an existing authorization server which does not take any modifications because it takes billion transactions a day to issue credentials so you add eraser which is a new component which you need to add from a scratch that's true you need to work that but from the authorization server perspective you can reuse up.
Dmitri Zagidulin: I see I see I think I was blocked by the server I was using doesn't understand the credential definition property and some of the other properties in the request.
Kristina: Yeah so that's our our that's translation details so if you instead try to use scope but that would need you know the wallet and the a sure knows that this scope stands for this credential so you can map it back to format type whatever you need once you define that that should be more straightforward.
<orie> we removed scope requirements from the trace-api to support these cases recently.
<orie> (we had conflicting scope requirements, that we removed).
<orie> everytime I see presentation exchange, json pointers, I imagine doctor strange searching for possible futures where the avengers don't loose.
<dmitri_zagidulin> lol
<orie> would really love to see this working over SMS based phones.
<dmitri_zagidulin> how does the web-based issuer open the wallet app?
<orie> protocol handlers and deep links I assume.
Harrison_Tang: Yes Ori please.
Orie Steele: So this EP working group at open ID Foundation I think in the previous slide you mentioned you know some of these open ID Foundation protocols already support see bore and compact credential format so they're not attached to just Jason and base64 URL encoded credential formats is that correct.
Orie Steele: But my question specific to the DCP working group meaning that there will be protocol work on non Json represented credential formats at that working group all right.
Kristina: I mean we will be sorry and this would be working with we will be working on opening day for a fabric credentials protocols that is three that Oliver talked about and also we have additional strayed documents being contributed security analysis userinfo profile for dma act and they ble part they are all agnostic for credential format and yes they will support the Seaboard based binary Pro formats as well.
Orie Steele: In terms of the protocols that are being built there are they limited to mobile wallets only or is there room in there for cloud identity service agent workload identity you know cases where you have a credential holder that isn't a human and doesn't have a mobile phone.
Kristina: Yeah so as Oliver mentioned nothing from prodigal perspective limits the wallet to be a native app work the mobile wallet so yeah we do support all the protocol itself does support the words with the back in the cloud component or browser-based words I think that's slightly different from where you're going at which is kind of more server-to-server organization Awards organization server kind of presentation so.
Kristina: well technically because.
<orie> like wimse, etc...
Kristina: And all of us granted that's up you can already do that but we have received recently increasing number of enquiries how can people do this organization to organization kind of scenario so we will be looking into that more.
<orie> "workfload and service identity"
<kristina> i need to catch up on wimse..
Kristina: What's patreon the cube do they send me three.
Kristina: Thank you - the sorry Oliver.
Dmitri Zagidulin: Yeah I took myself off the queue although could you drop them URL to The Whimsy spec.
Dmitri Zagidulin: X if anybody has the URL to The Whimsy spec handy the one that Oreos mentioning and thank you.
<orie> i wil join when you switch to github
<orie> and not before
Harrison_Tang: Thank you Oliver Christian.
<orie> <3 !!!!
Kristina: Or we are changing to GitHub this Thursday so you'll be able to have no more excuses not to drink.
Kristina: But yeah no you you don't have to be an opening the foundation member to join the working of actually as long as you sign an IPR agreement you can join the the coals right away yeah so if anyone's interested they barrier to just call in and listen in to the call is there was a really low you need to be a member if you once we go to implementers draft and you want to vote on specification that's when you need a membership.
Harrison_Tang: And Christina just to clarify earlier you mentioned that there's a new working group form is that the digital credentials protocol working group or is it something else.
<orie> and its a paid membership like W3C? or free to participate like IETF ?
<denver> is it possible to share slides?
Kristina: Correct yeah so we were doing all this work under the ability connect working group in a paint Foundation until this point but as you can see it's not connect really it's based on all of us but still about identity so yeah we have a dedicated working group to this and that will be using GitHub which we are all really excited about.
Harrison_Tang: And I think already has a question is is that pay membership like w3c or free to participate for the open ID working group.
<tallted_//_ted_thibodeau_(he/him)_(> WIMSE == "Workload Identity in Multi-Service Environment" (not "Women in Math, Science & Engineering" which is first suggestion from some search engines...)
<orie> my goal is to not pay another SDO, I'm happy to sign IPR agreements.
Kristina: Yeah so if your goal is to be able to comment on the issues to the PRS approve your took be ours based on you know and I pr protect with matter like obey Foundation does not require they membership so you can do that you know as long as you sign the IPR and you tell us that there no you know know I pr concerns basically that's what we most care about the obviously organizational membership is appreciated but that's.
Kristina: more if you want to get voters.
<harrison_tang> ;(
Kristina: And where's our organization is going like how budget is being spent what not like for a spec writing you don't need membership.
<orie> awesome!
<kaliya_identitywoman> and individual memberhsip at OpenID is $50
Kristina: You're right it's 50.
Harrison_Tang: Any other questions.
<orie> just like an Apple developer license : )
Harrison_Tang: So this is a roughly a newbie question but I know that there are multiple different kind of protocols were competing standards right like open i0 open ID right we see like we're seeing here and there's the date calm and there's no VC apis and things like that I know the open ID my impression is I hope ID is the most most popular it has the most options right now but I'm just curious why.
Harrison_Tang: what are the kind of pros and cons and question.
Harrison_Tang: We're which standards or protocols makes more sense what the kind of the trade-offs.
Harrison_Tang: All right you want to go next.
<kaliya_identitywoman> <3 thanks Orie :)
Orie Steele: I'm gonna duck the defend your favorite protocol War bait but I wanted to ask regarding presentation exchange as a component in open ID connect family specifications what is the sort of open ID Foundation view of presentation exchange from diff is that specification stable enough to build on.
<dmitri_zagidulin> @Orie - thanks, I had that same question
Orie Steele: Ietf should it grow up more at diff should it move to open ID Foundation just because as far as I'm aware this is the first time anything in the open ID ecosystem has taken a dependency on a specification that wasn't developed at ietf or you know another reputable standards organization so I'm interested in open ID foundations view of presentation exchange as a dependency mandatory to support sort of sub.
Orie Steele: Asian that's it.
Kristina: Or decided to substitute one tricky question with another one yeah.
Kristina: But okay so.
Kristina: Everything you say is correct but right now.
<orie> yes, its true, thats called a backflip kick : )
Kristina: We are we appreciate the so we we have resumed closely working with c-diff PE editors we had a couple of calls so we had couple of remaining concerns so one was security so reg ex Json schema and allowing anything pretty much like around that so they are.
Kristina: are good.
<orie> regex / redoss is a real thing.
Kristina: Happening around you know maybe you know prohibiting the usage of reg ex and Jason pass for example so that conversation is ongoing another part is.
Kristina: Yeah so I think right now the plan is to get a try to work with the presentation exchange editors working group to get the specification to a really stable reliable state which gives those minimum functionalities and what we do observe is so because the open the deeper VC protocols allow you know instance.
Kristina: ability points you need a pro.
Kristina: For example the ice mdl like they have a clear-cut profile to say this is sequential format this or identifier sister kept of sweets what not right but people do is that they tend to add requirements and of a presentation exchange like for example the Mbox folks did at certain like Okay so this identifier has to be a doctype or like this you know should be this so that's what we observe realistically.
Kristina: If both of us are going sorry.
Kristina: Yeah into sorry quickly build up on a previous question right.
Kristina: Yeah as much as yes you probably need some additional work on top of your existing reservation servers they.
Kristina: There is a variable formed ecosystem so I think that kind of people willing to leverage existing knowledge existing infrastructure has been kind of a good pushing force so far.
<orie> nothing says confidence, like moving a spec to a tougher arena of combat... I would like to see DIF specs make it to IETF or ISO, and not stay stuck at DIF.... personally.
Harrison_Tang: All right any other questions.
Dmitri Zagidulin: Iif I've got a question what's the what's the current state of the art thinking in the open ID for VC + VP groups in terms of wallet selection like what's the I remember there was some talk about may be working on a while it's selector or yeah it's like what's the what's the latest thinking.
<kaliya_identitywoman> Wallet INVOCATION!!!! :)
<dmitri_zagidulin> nice
<orie> mDoc Request API supports wallet selection?
Kristina: Yeah so Dimitri I we haven't invented a voiceover actor yet I think to thing that's happening is one is kind of negotiations with the browser vendors and I think there'd be some conversation that tpack in few weeks where we are trying to make sure that if there is a wallet selector provided by you know browser vendors what not it should you know work for like different protocols and not just.
Kristina: just the you know API so that.
Dmitri Zagidulin: Thank you that's huge.
Kristina: To have a nice wallet so action does not lock you into the API provided by the browser's I think that's one side of conversations ya know like we need all your help like to do that because right now is the direction is oh you want the wallet selector now you're forced to use this API so we don't want that Ray so I think that's kind of where all your help us appreciate it another side of conversation is the wallet at the station recent conversation so I think that's the different ecosystem at yours are starting to think about how do they.
Kristina: you know make sure that the reliable trust about good wallet so I think.
<kaliya_identitywoman> Where is the work going on re: wallet invocation capabilities - like this is really key and can't just be pushed off "into the future"
Kristina: You're starting to see is or these direction we're thinking of is they wallet may be registered as a general kind of custom URL scheme but the wallet you'll have to send the word at the station to get the actual request objects that are very far for example so the malicious wallet might be able to you know start the flow but they won't be able to get the actual request and continue so those kind of kind of mechanisms.
Dmitri Zagidulin: Thanks I know we're almost at the top of the hour but Orie is asking in chat if you could say a few more words about doc request API Oliver mentioned that there's some sort of custom UI could you say a little more about that how does MDOC deal with while its election / invocation.
Kristina: It's an existing yet right so what's and ISO standard right now is basically profile of open 84 BC re so what we have been talking about is true at the same time like browsers are trying to leverage that Forum to you know give like look here's an API so the I think there is some first versions of those apis for you know different companies or building but they are not standardized yet that work to standardize those is hot.
Kristina: how is about to be happenin.
Kristina: If ever sing like you know goes.
<kristina> openid4vp-mdoc:// :D
<dmitri_zagidulin> thank you Oliver, thank you Kristina!!
Harrison_Tang: All right thank you I think we're at time just want to say thank you Oliver thank you Christina for coming here and answering our spicy and tough questions was Oliver and Christina has mentioned earlier there's a new working Group Forum on digital credentials protocols we send the link right here the meeting is that every third every other Thursday at 2:00 2:00 UTC is that correct or.
Kristina: It's every Thursday sorry yeah it's every Thursday yeah it just they Time Changes by our but we don't know how I think at least one of the new DCP working of course will be Thursday thanks for p.m. German time 8:00 a.m. or 7:00 a.m. Pacific but we do have requests for a pack folks sitting might do something like a rotating Coast like they say working with us so you'll see.
Harrison_Tang: All right thank you thanks a lot alright this concludes today's call you have any last.
Harrison_Tang: Maybe in this click right this concludes this week's meeting so thanks thanks a lot.