The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back

W3C CCG Weekly Teleconference

Transcript for 2023-11-28

<kaliya_identity_woman> nope I'm done for the year
<harrison_tang> really? there are still events at this time of the year?
<kaliya_identity_woman> I went to a great event in London about how Art plays a role in exploring new modles of ownership.
<harrison_tang> i really don't know how you keep up your schedule. i was so tired the last time i was in london.
Our Robot Overlords are scribing.
Harrison_Tang: All right welcome welcome to this week's w3c ccg meaning so today has we're going to talk about a very interesting topic we got the mystery here to actually talk about verifiable governance government's covenants in my opinion is one of the things that we don't talk about enough we oftentimes talk about the Technologies no digital signatures and things like that but I think to have.
Harrison_Tang: a real robust trust framework.
<naomi> Really interested in this topic; Velocity is all about governance.
Harrison_Tang: Dooms the human element you do need a good document so I have a preview what the nature he's going to talk about but I'm actually quite excited about what we're going to discuss today so but before we get there just want to do a quick code of ethics and professional conduct reminder just want to make sure that you know if you agree or disagree doesn't matter about whether you have agree or disagree.
Harrison_Tang: Remember to be respectful to each other a quick intellectual property note and anyone can participate in these calls however all substantive contributions to a nice easy walk Ivan's must be members of the CG with will likely our agreement signed so if you have any questions about that or you have troubles creating a w3c account police just reach out to any of the cultures whether it's a nice.
Harrison_Tang: myself working Billy.
<kaliya_identity_woman> This is the event I went to in London and referenced above in the chat when we were chitchatting at the beginning -
Harrison_Tang: Meetings are being automatically recorded and transcribed so we publish these meeting notes usually a day or we think the next follow no following days so if you encounter some issues like for example last week we had some technical issues please just let us know and we'll try to do the best as best as I can as we can.
Harrison_Tang: next we use that Gchat.
Harrison_Tang: You two speakers so you can type in Q Plus to add yourself to the queue or q- to remove you can type in Q question mark to see who is in the queue.
Harrison_Tang: All right it's time for introductions and reintroduction so if you are new to the community relatively new to the community or you haven't been acted and want to re-engage with the community please feel free to just mute and speak.
Harrison_Tang: Try so we do this every week so if you're feeling a little bit shy right now you can always just unmute next week this is a very very open and inclusive community so feel free to just mute and see things.
Harrison_Tang: Right next announcements and reminders any announcements or reminders.
Harrison_Tang: So first of all Kimberly has sent out an email in regards to the nominations for the culture so I know there's instructions in regards to how to do that first of all you have to solve nominee and then other people can actually weigh in and things like that actually I can't believe since you're on like you might actually just explain it.
Harrison_Tang: little bit I think it you can do it.
Harrison_Tang: Explaining how this process works.
Kimberly Linson: Sure I'm happy to yes but you had it right you need to self-nominate by sending an email to the group nominations will be open until next Tuesday and then from there we'll have a two-week period for candidates to share a little bit more about themselves we're probably have a discussion and then voting will begin I don't have the email in front of me but I think it's whatever that Tuesday is that's three weeks.
Kimberly Linson: From today so thank you.
Harrison_Tang: Thanks a lot so Kimberly and I had discussed this quite a bit we hope to find technical culture to help us out and especially in shepherding and guiding you know some of the work items that we got and you know just want to give a quick shout-out to will for for actually denominations I think he is one of those technical cultures right candidates that we.
Harrison_Tang: School respectful and as well as you know want to thank him for actually raising his hand but if you know someone or wants to you know nominate yourself please feel free to do so okay.
Harrison_Tang: Any other announcements or reminders.
Harrison_Tang: All right a quick preview of what's coming so next week we'll have Sharon to give an update on jobs for the future and then the week after that on December 12 we will have Andrew to talk about mobile driver license what's new and then we'll have two weeks Hiatus for the holidays because you know Christmas and New Year's are coming so we'll have a two-week Hiatus that will resume on January.
Harrison_Tang: Nature will come back in that actually talk about credentials rendering.
<dmitri_zagidulin> woot cred rendering!
Harrison_Tang: Right before we get to the main agenda any other announcement were reminders or updates on the work items.
Harrison_Tang: All right so let's get to the mangina So today we're very excited to have them entry here to actually talk about verifier very friable governance as I actually share in the beginning this is a topic that I'm quite excited about because often times we talk about the technology the digital signature selected disclosure mechanisms which we have been you know discuss which will have been discussing in the last few months but you know.
Harrison_Tang: one of the most important.
Harrison_Tang: Things about building trust and by the way there's different definitions of trust with my favorite ones based on Game Theory which is about having that Mutual cooperation to wear a common goal right so I think having that human factor is quite important and that's why governance is actually a key aspect of that trust framework and very excited to have this conversation so the mystery the floor is yours.
Dmitri Zagidulin: Thank you so I'm really excited to be here I'm Dimitri's I could Doolin software engineer in the credentials and descent resident identity space and I would love to be able to say that we've solved.
<bumblefudge> we forgive you for making only incremental progress!
Dmitri Zagidulin: Of having bulletproof Equitable governance sadly we have not they'll give it time right super intelligent a eyes are are on the horizon I'm sure they'll sort it out for us but meanwhile what we want to talk about is the data model once you pick a system of governance.
<harrison_tang> haha
Dmitri Zagidulin: How do you how do you capture it how do you log it and how do you lock down everything with all the signatures right so large part of what we're interested in in the verifiable credential and decentralised identifiers space that's exactly why we came up with these tools so that we can get on to more complex layers like governance all right so.
Dmitri Zagidulin: What do we mean by governance going to the dictionary it's process of making decisions in a group right pretty much anything we can think about whether it's governance of block chain or a city's city council all the way up to the federal level.
Dmitri Zagidulin: It all boils down to making decisions and recording those decisions and that's what we mean by verifiable capturing the entire context everything relevant at the time who made the dislike what the decision was who made it at what time and where their keys valid right that's we care a lot about that everything so if you take nothing else from this presentation it's what governance.
Dmitri Zagidulin: It's log.
Dmitri Zagidulin: Find everything that's it let's get into the details and by the way at any point feel free to jump on the Queue to ask questions.
Dmitri Zagidulin: Right so what do we need to model governance well we should have a data model of.
Dmitri Zagidulin: Actually making the decisions and as you can probably imagine this can be arbitrarily complex so we're starting with a very simple.
Dmitri Zagidulin: Model for it right we've got data model for decisions data model for actors making those decisions which essentially for us is dids either for single actors like individuals or for groups of people like corporations nonprofits and so on and specifically we want to pay the item 3 we want to pay attention to when somebody is signing off on a decision.
Dmitri Zagidulin: Which Corporation or which group they belong to where they authorized by the group where they an officer or some other some other member of the group right so we're gonna be talking about signatures specifically this work what are we bringing here right we've got the components that we all know and love bids and verifiable credentials well we're proposing.
Dmitri Zagidulin: Simple data model for recording the decisions we're highlighting the use of South indicate identifiers so hash links.
Dmitri Zagidulin: And in addition we're talking about all right so how do we use dids to model group and group membership and similarly how do we use their Facebook credentials to assign roles and group membership right so pretty simple real quick mangodi mind muting.
Dmitri Zagidulin: No prob all right so if Nations individual roll group organization we're using them fairly intuitively.
Dmitri Zagidulin: Okay so what the governor's decision Governor's decision is we're modeling it as subject of the decision which means the decision itself the review request which is essentially the discussion of the decision and then the review result those of you attending a lot of Standards calls may be familiar with it from proposals right so we have an issue like should we add this thing to the.
Dmitri Zagidulin: Have a review request which is proposal people vote on it and then you record the result everybody we have this many pluses this many minuses that's one example of a governance decision.
Dmitri Zagidulin: First let's talk about self indicating identifiers because we're essentially in order to accurately capture the context of a verifiable governance decision.
Dmitri Zagidulin: Going to need to lock everything down cryptographically and what do we mean by that we want stable identifiers and we want.
Dmitri Zagidulin: To digest hash everything to make sure that look at the time they made this decision this was the phrasing of the thing we were discussing so what do we got for stable identifiers we've got dibs of course which were familiar with the reason I say Overkill here is we could give dids to literally everything like any meeting notes any question posed before the group anything but it's not quite the right fit because.
Dmitri Zagidulin: Was it.
Dmitri Zagidulin: Eat it's own keys or a you know paragraph 2 on the meeting agenda doesn't need its own Keys it by itself is not an actor.
Dmitri Zagidulin: We've got of course random uuid you RNs that's a pretty good Global globally unique identifier but by itself it doesn't give us the Integrity protection right we can't lock down the contents of what we're talking about and then of course we have SIDS which is just stands for Content addressable identifiers.
Dmitri Zagidulin: At the time said popularized by ipfs the we're increasingly starting to use these in the verifiable credential world to either link credentials together or link from a credential to external binaries like images and PDFs.
Dmitri Zagidulin: It's great because SIDS give us.
Dmitri Zagidulin: And integrity are deterministic to calculate and verify.
<bumblefudge> location-independent
<bumblefudge> importantly
Dmitri Zagidulin: And so basically you can think about it anywhere you put a URL if.
Dmitri Zagidulin: I if the thing you're linking to it doesn't change that often.
Dmitri Zagidulin: Use I said you should use a hash link there now wanna point out something interesting in the chat which I'll get to in just a second often or some types of content identifiers are location independent and some are not the whether or not the location Independence is important to your use case depends on the use case.
<pl/t3> Or if something needs to change, then a hashlink forces an overt conversation
Dmitri Zagidulin: In some cases it makes sense to combine the location and the content dress in others to divorce the two but here's what I mean about anytime you're using the URL consider using a hash link but only if you're linking to a stable object like a final version of a document a blob of Json a PDF and image or movie that you're finished editing Etc.
Dmitri Zagidulin: As when does it not make sense to use hatchlings well for example linking to the front page of the New York Times right because the moment you link to it the very moment it's that hash is not going to be valid because newsfeeds Twitter feeds even time stamps right those websites that be like all right the current time is this and this break that the hatchling so hash links.
Dmitri Zagidulin: We are.
Dmitri Zagidulin: Right so what are some examples of SIDS.
Dmitri Zagidulin: Location dependent or not so the general pattern is the URL and it includes in itself a digest hash.
Dmitri Zagidulin: Here's the first example.
Dmitri Zagidulin: Old is the content identifier version one widely used by ipfs they also have a version 0 which follows very similar syntax.
Dmitri Zagidulin: We have this concept of a digest Sr i-- in the verifiable credential 2.0 data model so if you look at Section Five Point four of the latest VC data model spec there's a mechanism to refer to things and provide their digest hash right so first part of digest hash is the algorithm that you using to hash and then the second part is a text and code it hash itself in the case of day.
Dmitri Zagidulin: Oh sister I it's always base64 URL encoding.
Dmitri Zagidulin: That's not the point but this overall pattern of say the algorithm and then the actual encoded hash is pretty much what's used by all SIDS and hash links right we also have the ITF individual draft multi hash that this draft 7 which essentially uses the exact same notation as ipfs acids and then of course we have an older RFC from 2013 on naming things with hashes.
Dmitri Zagidulin: As you can.
<bumblefudge> note the three slashes -- no origin
Dmitri Zagidulin: It's same sort of pattern it has its own protocol type and I which incidentally stands for named information but then it specifies the hashing algorithm and then attacks encoded hash itself so any questions about this concept.
<bumblefudge> in ni:///
Dmitri Zagidulin: Okay yes I was on points out that the particular example that I gave doesn't have a location just the hash the RC does have a way to also add a location or multiple locations but we didn't want to add it here so excellent point okay so for any given decision we're going to be using lots of content identifiers for things and dids for actors for people or corporations.
Dmitri Zagidulin: Lie or other groups.
Juan Caballero: Ipfs:/// and ipns:/// are being prototyped in chromium at the moment, work the same way (optional origin)
Dmitri Zagidulin: Let's talk about so what is the review request let's let's think of it in terms of a GitHub pull request or merge request.
Dmitri Zagidulin: Though a technical and obscure example in the one hand but on the other hand it incorporates in itself pretty much any governance decision any quote any question that you're likely to hear at a city council meeting.
Dmitri Zagidulin: Got the.
Dmitri Zagidulin: So let's think about a PR Ian in our terminology this object is going to be.
Dmitri Zagidulin: Changed files the code patch itself right that's the subject.
Dmitri Zagidulin: Get actually already uses south of indicating identifiers because gets straight up uses commit hash has like it literally takes the proposed changes hashes them and uses that as a stable identifier for any patch including the patch in a bullock West now what's a review request well.
Dmitri Zagidulin: It's an implicit or explicit set of rules that any given team organization uses to accept the pull request for example if you're single developer working on your own project.
<bumblefudge> files usually include a human-readable version of this, according to an unspoken social norm :D
Dmitri Zagidulin: Your set of acceptance is looking over briefly except right very minimal but that is the criteria so it's by me well I'm gonna accept it if you're more on the ball you at least wait for the CI for the automated tests and syntax Checkers to complete and then you accept it right but that's the that's the acceptance criteria.
Dmitri Zagidulin: Tout in chats a lot of times the cultural steps the not machine enforceable steps are spelled out on in the contributing document this is usually where you say okay we only accept pull request.
Dmitri Zagidulin: Our review requests criteria is you have to open an issue first and the automated tests have to pass green and it needs to be reviewed by two of the project maintainers and that's what the result is the review result it's a set of verifiable credentials right because when all you have is a hammer it's verifiable credentials signed by the centrioles identifiers.
Dmitri Zagidulin: Each rule each Criterion of a review request so in our GitHub sense in our GitHub example subject the changed proposed change itself the review request is whatever cultural norms the project requires such as we need two signatures from two of our members right now that's a fairly common Dev team criteria and the result.
Dmitri Zagidulin: Up votes plus ones any comments or other kind of sign-offs by project maintainers.
Dmitri Zagidulin: And then of course how do you know they're they're part of the project well GitHub has its own method of checking group membership we're going to be talking about a generic data model for specifying that.
Dmitri Zagidulin: Just to just to clarify any government's decision we're essentially modeling it or simplifying it to what's the decision about what are the steps.
Dmitri Zagidulin: What are the steps that need to be performed for the decision to be considered legitimate right so that's essentially the governance system there in a nutshell.
Dmitri Zagidulin: And the result of the decision is for each criteria the required number of people sign off and then if appropriate the overall request outcome so if it's a two-part legislature Bill there would be a verifiable credential on a sign off for each bar and then an overall did the bill pass would be signed by the group or the governing body itself so.
Dmitri Zagidulin: In the abstract as a developer I often find it really useful to look at screenshots right for pretty much anything give me screenshots give me code examples and I'll be able to I yeah okay I see what we're doing here so this is not the canonical implementation of this this is one implementation this is what interpretation of this data model used here solely for illustrative purposes right so for example.
Dmitri Zagidulin: This kind of goes back to.
Dmitri Zagidulin: The governor's decision what's the decision about 02 decision about these files.
Dmitri Zagidulin: And we're identifying them by a Content addressed identifier literally we took a directory listing of them.
Dmitri Zagidulin: Concatenated the bites of all the files took a hash of it and there's our stable identifier.
Dmitri Zagidulin: Denoting for all time that when we were deciding this is the thing we were deciding about integrity protected can't be changed Etc.
Dmitri Zagidulin: Here's a sample so for that set of files here's a sample review plan a set of criteria so what do we mean it's this in particular one is criteria applied to machine learning right one of the for those of us following in the artificial intelligence large language model and machine learning news one of the things that I'll perform often comes up is Notions of attribution and Notions of governance and equity.
Dmitri Zagidulin: Where did the training dataset come from.
Dmitri Zagidulin: Did did its authors contributing to the dataset agree can we track them can we're enumerate them afterwards how did a particular language model make the decision who quoted it who signed off on it this is the kind of stuff we're trying to capture so.
Dmitri Zagidulin: For each stop on the creation of those files the recording the training set the review by human reviewers.
Dmitri Zagidulin: We have an acceptance criteria.
<pl/t3> This sounds particularly relevant to emerging AI algorithms....
Dmitri Zagidulin: With the required number of sign-offs so what does that look like so I want to zoom out to a large what are we aiming for here we're aiming for graphical or machine-readable renders representations of decisions so this again this screenshot here applies to a Governor's decision about a large language machine learning data model.
Dmitri Zagidulin: But it would be the same if the thing being decided on is the new budget for the sales department for the next year it's criteria for acceptance and then who signed off on it so for each subject this is on the left left side here the purple icon in this particular case is the governance view you can say okay for each data set.
Dmitri Zagidulin: Looking for in terms of in terms of acceptance criteria you can you can go one step farther in.
<pl/t3> Related to @Wendy_Seltzer's question - can dependencies be captured?
Dmitri Zagidulin: In fact Bible governance in that you can add verifiable computation to it so you can you can say all right this this where the inputs and here's how the inputs were gathered here's who signed off on them here's who reviewed the them for accuracy and intellectual property restriction so on but then you can also apply computations to those inputs and then you can lock down those computations to you can say this is the algorithm that was applied here are the machines that it was applied on.
Dmitri Zagidulin: Here's who signed off on.
Dmitri Zagidulin: Reviewing the the algorithm all right so I see we can have a couple of questions on on the Q so let's go to the queue.
Dmitri Zagidulin: I think Wendy.
Wendy_Seltzer: Thanks so much this is really an interesting exploration and stop me if you're going to get to these questions later but I was curious about the granularity of decision recording and what assumptions that's making about the governance process in other words could a group to side note we don't.
Wendy_Seltzer: want to.
Wendy_Seltzer: Chord all of the the line by line the only thing that gets recorded is top level yes or no and another point about do is there a way to record what of interlocking decisions or contingent decisions call it horse trading call it compromise with some puny is willing to.
Dmitri Zagidulin: Right by make sense.
Wendy_Seltzer: Support one thing only if another pull request someplace else goes through take the package or leave it.
Dmitri Zagidulin: Absolutely makes sense I got both excellent questions yes so the the overall answer is yes all of those can be captured we're trying to make this as flexible as possible a good analogy is verifiable credentials right the v-spec just talks about the securing outer envelope the actual attributes that you put in there solely dependent on your use case and your particular organization right so you can stop a whole education history in a single day.
Dmitri Zagidulin: A fiber credential.
Dmitri Zagidulin: Outline the steps that you took in a particular class at school anything right so we're aiming for a general-purpose outer securing envelope and then inside it that's where you would capture dependencies whether its software or procedural that's where you would say which parts of the decisions are recorded and just record the outcome so so all of those things yes inside the envelope right that kind of the only way to approach this.
Dmitri Zagidulin: Again in terms of screens where's this going why what do we want to see we want to see.
Dmitri Zagidulin: We want to see our old friend the green check mark but what does the check mark mean eat means that at each step of the way both from collecting the inputs the computations and then the reviews of the computations.
Dmitri Zagidulin: Of these was recorded when appropriate like Wendy said in a verifiable credential was issued about that fact that the computation took place the review took place and who is that reviewed so in this picture here the important thing is not just the boxes that are green because we all know how to verify their Hub credential but that each green line that each Green Arrow each green link is its.
Dmitri Zagidulin: Self modeled by verifiable.
Dmitri Zagidulin: Each each box is a VC but each line between the boxes each relationship is if you see as well so here for example the.
Dmitri Zagidulin: In this particular view of the data that there's multiple views the colors represent do we know who the issuer was so green is yeah it's from a known issue or list or it passed some other acceptance criteria.
Dmitri Zagidulin: Red is no this is from a known recorded Bad actor and then gray is the usual majority of situations where it's the first time we're encountering the actor is not yet known to us and you need to apply some sort of kyc or other criteria to it.
Dmitri Zagidulin: Okay so we've got we've got this overall idea we're recording logs of decisions.
Dmitri Zagidulin: We we provided a general-purpose rapper envelope for recording a decision which is subject what it's about review request set of acceptance criteria and review criteria and then the result the overall outcome of the decision.
Dmitri Zagidulin: Let's Zoom.
Dmitri Zagidulin: In on the actors right because for every decision its who proposed it who reviewed who voted how do we represent that given The Primitives that we all know and love well let's take groups for example what do we need to model a group well it'd be great to have an identifier for the group it'll be good to have the group control some cryptographic keys because you can sign of theta Kate and crypt with them do all sorts of things.
Dmitri Zagidulin: For some.
Dmitri Zagidulin: It's important to keep a list of numbers right some some groups have secret membership where each member doesn't know who else is in the group and some groups very public and it's a group members only know who the list of members are but anyways but staff members any kind of metadata about the group right where we're trying to capture group generically for all the million different incarnations that is out there in human history and then optionally what we can do is say.
Dmitri Zagidulin: For decisions that this group takes.
Dmitri Zagidulin: Who gets to be new members and then someone or how to kick out members this is our signing policy this is our decision threshold not are all the complex human.
Dmitri Zagidulin: Asians and governance items will they be able to be expressed in a simple threshold or any sort of cryptographic signing policy no we're just saying that a small subset might be expressed by these simple policies and when you come across those those use cases here's one way to represent them so what do we have for prior because everybody likes prior art in in specifications and if not they should so what.
Dmitri Zagidulin: We have four.
Dmitri Zagidulin: Groups we have of course the venerable vCard supported by Gmail Outlook all the emailing software out there all mobile phones and operating systems oddly enough modeling a group in vCard is extremely awkward and and not well supported.
Dmitri Zagidulin: Even even by software that does recognize v-cards in general so for whatever historical reason and and some of you on this call is probably where in that group and know what the reason is and why it turned out that way but the card doesn't capture groups that well or at least the support for the group notation is not there we of course have active directory which you know directory basically a list of members and then applying either.
Dmitri Zagidulin: Distribution which is.
Dmitri Zagidulin: It's a way of saying I'm feeling list.
Dmitri Zagidulin: And War security like permissions based on that list and of course pretty much any cloud computing platform like iws Google compute anything you care has this notion of user groups and then permissions based on them.
Dmitri Zagidulin: Okay welcome back to The Primitives that we know we've got these dudes they're stable identifiers keys are involved.
Dmitri Zagidulin: To what does it did for a group look like and how do we list the members.
<benjamin_young> Might want to checkout RFC7643 SCIM--which has user and group expression and is used by GitHub (among many others):
Dmitri Zagidulin: Well a couple of options right just abstractly speaking we can literally add a new members property to each did method I mean if you wanted to we could wait until the next iteration of the did working group The did to buy no data model and we can campaign for adding a members fields to the general did the data model or we can go to each particular did method and open pull requests and be like hey would you like to add a member's group members field so that.
Dmitri Zagidulin: At in.
Dmitri Zagidulin: Is where the list of members is public or at least the list of their keys is public weekend we can put it right in the did.
<bobwyman> What does a method need to do to provide "good" group support? What is it that VCard, etc. don't provide?
Dmitri Zagidulin: Probably imagine that those are awkward approaches can't really affect the did spec we don't want to go to the you know 300 plus did methods and convince them to add what we do already have lists of keys in the data model we have list of keys for authentication list of keys for signing verify the credentials that's assertion method we have list of keys for encryption Etc Hood we use those that existing primitive that list of keys.
Dmitri Zagidulin: These are the signing members of this group or organization these are the voting members and Bob I see a question on.
Dmitri Zagidulin: I'm a child of what counts as a good group support Ian come back to that if there's time at the end of the at the end of the call that part or that claim is my own personal opinion it's not it's not that important.
Dmitri Zagidulin: Back to dids.
Dmitri Zagidulin: Our group how can we express either voting policy or signature policy and it did how can we access Express list of members.
Dmitri Zagidulin: Add a property use an existing property and that's what we're going to be doing in this proposal in addition you can have an external list of members and Link out to it and as we know the one thing called it's have in common is their bags of keys and their lists of service end points which are external links to pretty much anything so we could use the service endpoint mechanism to force in a given did.
Dmitri Zagidulin: Link to resource of FM credential that lists the group members either.
Dmitri Zagidulin: Public for public groups or content behind authorization and encryption.
Dmitri Zagidulin: So what does this look like using existing Primitives here's an example did web for a group and in the insertion method the signing Keys it has a key for the group itself we included and then in the did data model you can express keys by value by saying this is literally the value of the public key or by reference you can link to externally hosted keys so I can say here's the key for the group and here's.
Dmitri Zagidulin: The key for each of the two members.
Dmitri Zagidulin: ABS Keys meaning so what just even aside from this slide deck even aside from our new spec proposals this part is contained in the existing did and VC data model when you encounter this what does this mean what's semantics here well it's did with three keys and any statement I Neva fiber credential any one of these Keys signs can be attributed to the did itself so.
Dmitri Zagidulin: The base there.
Dmitri Zagidulin: Potential and did data model tells us a very least how to model A 1 of x.
Dmitri Zagidulin: Signing threshold method.
Dmitri Zagidulin: And those of you are probably wondering okay so just looking at this how do I tell that this is a group that I'm looking at a group aside from the fact that it's multiple keys because this could just be a person with you know multiple devices or just multiple keys that they're keeping around so during the did working group 1.0 there was an extensive discussion on well can we add a type fields to a did can we at least Mark whether this is this did belongs to an individual or group.
Dmitri Zagidulin: With or without members even just being able to say this is for a group members of private would require something like a tight so at the time the group decided no no types so what can we do now well we can add a type field which again is either.
Dmitri Zagidulin: Bring the base did spec or changing each of the Dead methods you could actually for those that use contexts use a context to denote that this is a group type or you could not have types in a did like like we currently do and know that particular did is a group or individual out-of-band meaning how did it get on your contact list in the first place right who did you who did you get it from it cetera so that's that's out of scope.
Dmitri Zagidulin: But it is just highlighting that in.
Dmitri Zagidulin: Raw did it's not obvious what the group or what it's not and then here's an example of linking to an external credential using a service point right again we have a general purpose did we have the keys the group controls and then here this particular group because it's listed members of the public can publish an external membership BC and link to it using service endpoint.
Dmitri Zagidulin: What do we got we've talked about verifiable governance log of decisions we talk about a data model for those decisions.
Dmitri Zagidulin: You almost often groups are involved hence the governance we're going to identify group says as dids.
Dmitri Zagidulin: For signing purposes we're going to use the existing did primitive the list of keys as members optionally we can have.
Dmitri Zagidulin: Either a link from the document itself to list of members or we can rely completely on out-of-band mechanisms meaning this is a did for the Medford Massachusetts post office who's who's list of members whose list of employees that's not a band go go call them up and find out if it's legal.
Dmitri Zagidulin: The remaining thing I want to talk about is so how does somebody actually sign on behalf of a group.
Dmitri Zagidulin: I want to be able to sign as the organization itself outwardly speaking the United Nations have signed off on this proposal.
Dmitri Zagidulin: We want to capture each particular individual and roll involved in a signature and we want to we want to denote that this individual signing was just not what was not just signing as themselves but was signing on behalf of the group as an officer of the group as member so we know how to find credentials as individuals right that's that's the base VC data model we have an individual did the did what does the did do it authorizes keys for signing.
Dmitri Zagidulin: Which means in a verifiable credential that did goes in the issue of field and the authorized key goes in the proof field or if you're using jwt's goes in the detached signature but it's the same deal.
Dmitri Zagidulin: There is authorized for that purpose by the jwk key set and here it is in the proof.
Dmitri Zagidulin: Same thing with an organization notice that it's absolutely the same.
Dmitri Zagidulin: The organization find some decision like.
Dmitri Zagidulin: Itself we can use existing mechanism did authorized Keys the organization signed something by its own Keys what do we mean by that who in the actual organization or group or whatever who's going to be holding the the actual signing Keys essentially you're going to be looking at an API yes of course you can do it manually you can hand over to the secretary like literally here's the printed out private key on paper and here's where you type it into Define sign it with you.
Dmitri Zagidulin: Do that but.
Dmitri Zagidulin: So you've got to be looking at Key Management systems and apis so some secure service preferably with Hardware support is going to be storing and not giving up its private key and then you're going to be writing custom logic dip it that depends on your governance to be able to say when these conditions are fulfilled go ahead and sign as the group and all that we're doing in this proposal is providing annotation for the subset simple notation for.
Dmitri Zagidulin: A subset of.
Dmitri Zagidulin: So this just a simple conceptual model right we've got organization which in itself could or could not contain groups and roles and individuals skip over that here's what everybody wants to see.
Dmitri Zagidulin: A member of the student council.
<bobwyman> Rather than signing "AS the Organization," doesn't it make more sense to sign "As someone authorized to sign FOR the Organization." (i.e. the issue isn't one of identity but rather rights.)
Dmitri Zagidulin: Old final resolution we've got a couple of options if I have a did I can sign a resolution as myself and you can ask well how do you know that you belong to the student council we add an out-of-band their fiber credential that says this did belongs to the group that's the red issuer and optionally your role is is President and that's as about points out in the queue.
<bengo> @bobwyman I agree
Dmitri Zagidulin: Instead of saying finding as the organization you're signing authorized to sign for the organization and that's exactly what we're trying to capture on these slides how are you authorized by your authorized by this VC and how is the key authorized its authorized by being in the assertion method list in a did document.
Dmitri Zagidulin: Here's an example with a roll here's an example of just the group again I'm a student council member.
Dmitri Zagidulin: I signed it there's a there's an out-of-band credential showing that I belong to the group and then lastly we can.
Dmitri Zagidulin: We can just put.
Dmitri Zagidulin: The keys are light like we did in.
Dmitri Zagidulin: In the previous example that I can scroll back to if we have time at the end.
Dmitri Zagidulin: We have a did for the group we put Alice and Bob's keys in the assertion method and now whenever Alice and Bob signs of our fiber credential you can put put the groups did in the issuer okay so I see we're coming up to time and probably have lots of questions again some governance decisions and and cryptographic decisions can be modeled as either threshold and of em or just multiple signatures for example when the.
Dmitri Zagidulin: The c-suite.
Dmitri Zagidulin: Signs off on our budget we need every single member of the c-suite to individually sign on it in whatever order right that's a valid governance structure we of course have things called ring signatures where the votes are not Amis though that particular deck is still kind of bleeding edge and then we have the ability to compose.
Dmitri Zagidulin: Hold signature requirements using Boolean logic Boolean logic using the verifiable conditions which is a spec that is work item of this very ccg and what do we mean by verifiable condition it basically means putting the logic instead of a key in the assertion method of a did you putting Boolean logic so for example you're saying verifier whenever you come across either Bob's did or Alice's.
Dmitri Zagidulin: Then that that accepts.
Dmitri Zagidulin: Acceptable as the issuer and then the verifier.
Dmitri Zagidulin: Loads the issuer did looks and parses through the verifiable conditions and if they if they match the signature verifies so encourage everyone to look at the verifiable condition spec it's linked to here in the slide deck which is in chat and will be mailed out it's a sometimes useful mechanism okay so next up some questions we would like to offer this.
Dmitri Zagidulin: This the spec or at least a right up.
Dmitri Zagidulin: How to use dids.
Dmitri Zagidulin: Or groups of membership like to were offered as a work item to the ccg which will involve mailing the list etc etc.
Dmitri Zagidulin: We want to propose a sample data model for how do you know the membership to a group or assignment to a role and again to capture the sheer richness of Human Experience a lot of can go into that data model so we want to start with a skeleton.
Dmitri Zagidulin: And Winston and continuing work on the Revival Kardashian spec that can say in order for the species to be valid either the president or the three vice president's either or all have to sign okay questions see we've got fill in the queue go ahead bill.
Dmitri Zagidulin: Yes absolutely you're correct.
PL/T3: Yeah they really thoughtful the Metreon and thought-provoking It just strikes me that you're in some sense providing an approach to an infrastructure around the emergence of Registries of a variety of types in order to provide both a framework for governance but also a way of referencing them for different purposes like issue a Registries etcetera said appreciate your your comment on that.
Dmitri Zagidulin: This this structure this data model is useful for Registries and for the governance of how to add new items to known issue of Registries there's also relevant in the field of Supply Chain management for either software supply chain hardware and so on the supply chain specs being incubated in ietf right now have this notion of Registries and in order to get a receipt from the registry you have to pass.
Dmitri Zagidulin: A number of criteria the group will specify.
<pl/t3> And notarization ;-)
Dmitri Zagidulin: The kind of thing this the seems to capture and notarization right Bob go ahead.
Bob Wyman: Yeah I just you know one thing is the comment I made I think it's really important when talking about this stuff too to not say things like you know sign you know sign as someone else I think signatures we shouldn't be trying to figure out how to allow people to masquerade we may be and I think we need to think more about in all many of these conversations we need to think more about.
<tallted_//_ted_thibodeau_(he/him)_(> onBehalfOf
Bob Wyman: Rights and authorizations going just assuming that identity is the is the answer to everything here.
<bumblefudge> morally speaking
Dmitri Zagidulin: And you're absolutely you're absolutely correct in fact in earlier versions the deck that I cut for time I had that exact slide saying that we could just do the thing where you know in a small company the boss gives their login to the secretary and the secretary can email as them right that's the sort of degenerate form of Delegation that's that's just wrong but really is realistic delegation when delegation is not supported by the software we're here.
Dmitri Zagidulin: We're actively.
Dmitri Zagidulin: Including encouraging both delegation and.
Dmitri Zagidulin: Saying how long somebody's is delegated for that's the valid from invalid to in the verifiable credential and what role they're delegated as so at 100% what you said yes.
Dmitri Zagidulin: Oh no this is important.
Bob Wyman: Okay great great and the other thing I am curious and my apologies for like trying to be vocabulary cop on that but I think it like it's such a small sort of change in the way when phrases the sentence but I think it has a tremendous impact on the way it's understood by people the the other thing is I wonder if you could say more about.
Bob Wyman: But what is necessary to have quote-unquote good group support is it why isn't why isn't being a member of the group simply a something attributed claim or something which is asserted by by such a member why do we need more than that.
Dmitri Zagidulin: So no even though.
Bob Wyman: I mean record for instance you could you can stick an attribute in a vCard.
Dmitri Zagidulin: You can you can all I was saying is that the actual contact management UI implemented both IOS and Android try and find the group functionality it's really hard to find like it's behind a bunch of UI nonsense that's what I mean by it's it's not well implemented.
Bob Wyman: Okay but that's that's interface but the data structures itself do you think groups need something more than simply the ability to associate an attribute with an a with a with with with an individual or entity.
Dmitri Zagidulin: No no I do think that all of this data structure can be expressed in vCard as well especially if you designate some fields to store keys in a vCard and and in fact one of my previous hats was startup doing contacts management and is exactly what we were doing we were putting dids in keys in v-cards literally on mobile mobile phones.
<benjamin_young> vCard Group Ontology
<tallted_//_ted_thibodeau_(he/him)_(> Must use reciprocal claims, at minimum. I.e., individual claiming membership must also be claimed as member by the group.
Dmitri Zagidulin: Yes the context was.
Harrison_Tang: I'm just curious Dimitri is that earlier you mentioned that the type in the did didn't make it like that it sounds like a good idea do you actually know the context of why the type didn't make it.
<bumblefudge> pain
Dmitri Zagidulin: Because even the tight even the fact that this did belongs to an individual and as a group is private information is pi I so out of out of caution that bit was was dropped.
Harrison_Tang: I got it thank you.
Dmitri Zagidulin: Yeah and I thought I'd points in the in the.
Dmitri Zagidulin: Individual claiming membership must have must be claimed as a member of the group yes that's what the out-of-band VCS provide their issued by the group saying Dimitri is a member or Bob is a member so I absolutely do what you said.
<econnell> Thank you, Dmitri!
Dmitri Zagidulin: Right I think you so much if you're interested in this topic will be proposing it as work items to the list so talk to you on then feel free to reach out to myself or ban loud of equity who was not able to make most of this called but created this with me here are the slide decks and chat again and thanks again.
<jeff_o_/_humanos> Thx Dimitri! Rich stuff!
Harrison_Tang: Thank you Dimitri this is an amazing presentation I'll share this that to the mailing list if you don't mind all right cool thanks all right so this concludes this week's TCG meeting thanks a lot.