The W3C Credentials Community Group

Meeting Transcriptions and Audio Recordings (2014-today)

Go Back


W3C CCG Weekly Teleconference

Transcript for 2024-03-12

Our Robot Overlords are scribing.
Harrison_Tang: Hi everyone uh welcome to this week's w3c ccg meeting uh today uh we are very excited to have my friend Andrew Bud uh the founder and CEO of I proof 1 of the leading biometric authentication uh service providers uh out there to actually present about biometric authentication um you know authentication as we know is kind of linkage between the physical digital physical identity and the digital self and uh you know it is 1 of the key uh Technologies uh in the identity stack so very very glad uh to have him here uh but before we uh get to the main agenda I just want to go over some uh quick quick uh.
Harrison_Tang: Call admin stuff.
Harrison_Tang: So first of all I just want to uh do a quick reminder on the call of ethics and professional conduct I just want to make sure that uh everyone uh be respectful and acknowledge each other's different perspectives I think uh we have been doing that quite well uh in the past years uh and I just want to do a quick uh reminder for that.
Harrison_Tang: Another quick note on the intellectual property uh anyone can participate in this calls however all substantive contributions to the ccg work guidance must be members of the ccg with 4 IP agreements signed so if you have questions in regards to uh that or your w3c account feel free to uh pin any of the cultures.
Harrison_Tang: A quick call note uh these meetings are being automatically recorded and transcribed uh so we try to publish it within the next 24 hours and uh uh actually uh the meeting minutes and the video recordings are being automatically uh published uh typically but uh the script has some issues so I'll manually send it out uh in the next 24 to 48 hours.
Harrison_Tang: Uh we use ghee chat to cue the speakers during the call as well as to take minutes uh so you can type in Q Plus to add yourself to the queue and Q minus to remove uh and that will moderate the queue.
Harrison_Tang: All right uh time for introductions and reintroductions so if you're new to the community or you.
Harrison_Tang: Haven't been active and want to re-engage with the community feel free to just unmute and.
Harrison_Tang: All right any uh any announcements or reminders.
Manu Sporny: Yeah um uh the in the verifiable credentials working group this week we are planning to take the BBS uh cryptography Suite to the candidate recommendation phase that basically means we are done with the design uh it's ready for implementation we already have 2 independent implementations which is the minimum required to.
Manu Sporny: Get the.
<manu_sporny> BBS Cryptosuite CR spec: https://w3c.github.io/vc-di-bbs/CR/2024-03-28/
Manu Sporny: We want much more uh coverage eyes on it that sort of thing so I'll put the uh BBS crypto Suite Crescent spec uh that's in the chat channel so that's the static copy that's going to go to candidate recommendation um we'll see if the vote succeeds this week if it doesn't we'll keep trying until it does um so just a heads up to implementers uh now would be the time to start uh implementing uh if you haven't already we will have an interoperability test Suite uh for you to use to demonstrate interoperability with in the next uh couple of months um that's it for the update.
Harrison_Tang: Thank you man thanks a lot.
Harrison_Tang: Great for next.
GregB: I just wanted to say on BBS um I've got example implementations including all the way through an interoperability server open source I will post that to uh.
GregB: The uh the mailing list and happy to help anybody who's trying to get to implementations together or BBs.
GregB: I meant to.
Harrison_Tang: All right man.
Manu Sporny: Yeah sorry and I realized that what I said might have sounded like word salad to people that don't know what BBS is BBS is an unlink.
Manu Sporny: Digital signature Suite the reason that it is important for individual privacy is because um.
Manu Sporny: The way most digital signatures work if you show something like a digital driver's license online the digital signature on that is not going to change which means that it is a tracking cookie wherever you use that driver's license online every single website gets the same identifier and because of that uh people can collude and track you as you go uh site to site as you use that uh digital driver's license now if the digital signature that's used uh is uses the BBS cryptography Suite the signature changes for every single site that you use it on which means that there is no longer at least in the signature a digital tracking you know cookie token that can be used to correlate you as you work across uh the the web so um if you need to do you know things like prove age or things like that uh BBS is a is a pretty good solution um because you can do it in a way where you can't be tracked online so that's why people.
Manu Sporny: Really interested in.
Manu Sporny: The BBS crypto Suite that's it.
Harrison_Tang: Thanks for the amazing explanation.
Harrison_Tang: Wait uh we had a session on EBS before I think about 67 months ago I think Greg actually met that discussion I need anything new uh should we do an update on the PBS.
GregB: Uh yes uh there are some nice enhancements in security privacy and usability that have gone into the spec and their new features and the progress of the BBS crypto Suite so I'll work with you offline to set up something.
Harrison_Tang: Great thank you thank thanks Greg I I actually really appreciate um the your presentation last time especially there was a demo that people can play with that helps uh us understand how BBs works so thanks a lot.
Harrison_Tang: Any other announcements or reminders.
Harrison_Tang: All right uh any updates on the work items.
Harrison_Tang: So we're still planning to have a session uh around April uh to talk about the ccg for work items so if you have any uh comments or new suggestions on how our guidance to be added to the uh ccg uh feel free to reach out to any of the cultures uh we will probably uh reach out to you A lot of people in regards to the updates of existing Network items as well uh actually will and I had a great call with Kim Duffy uh yesterday in regards to uh the cgg work items so uh yep stay tuned I will give the community an update uh in the next uh month or 2.
Harrison_Tang: All right any last calls for introductions reintroductions announcements reminders or work items.
Harrison_Tang: All right so let's get to the main agenda.
Harrison_Tang: Then uh very excited to have Andrew but the founder and CEO of I proof uh I proof is actually 1 of the leading uh providers for biometric authentication and what's called liveness detection so it's not just about Biometrics it's also trying to determine whether the person on the other end is alive or not um you know I actually met uh Andrew in the conference about 2 months ago and uh I thought uh it's always kind of good to have an expert to actually talk about this I know biometric authentication has been uh a controversial top topic especially in the kind of a privacy Arena so I think uh it's good to have an expert here to kind of talk about and you know what's true what are the facts and what are the myths uh because at the end of the day you know you do need to uh establish the link between the physical and digital self I mean personally I think uh biometric authentication is 1 of the key Technologies to do that so.
Harrison_Tang: Without further Ado um you know I'll let the Andrew take the stage and if you have any questions uh please uh add it to the queue and I will moderate the queue after the presentation thanks a lot.
Harrison_Tang: Andrew the floor is yours.
Harrison_Tang: Thank you Andrew this is a great presentation uh actually even better than the 1 I saw about 2 2 years ago so thank you uh any questions.
<rachel_donahue_(she/they)_-_digital_promise> WOW thank you!
Harrison_Tang: I'll be moderating the queue menu please.
Manu Sporny: Yeah Andrew fantastic presentation um just wonderful stuff um it it was eye-opening to see all the different types of attacks that at least in my mind were a year or 2 out and you're saying they're happening you know right now um and in in I think you know the thing that many of us you know are thinking about now is the irrational exuberance about what AI can do um some of that's coming true faster than than most other things do you feel like we're going to get to a point with generative AI where even the the live you know uh detection um uh uh uh uh things like you know the the changing of colors on screens where we may not be able to depend on individuals devices anymore to not inject you know generative AI feeds are we headed towards the future where there has to be trusted Hardware out at the edge uh what what do you think you know how do you think.
Manu Sporny: This stuff's.
Manu Sporny: Scales given that.
Harrison_Tang: So I have a follow-up question Andrew um when I uh when you talked about inserting the predictable like element or action like such as a control elimination uh the way I kind of think of it is kind of like adding a cryptographic salt uh to actually uh defend against the rainbow attacks okay so that analogy is true okay so if so if that analogy is true then uh I'm just curious like what do you foresee are the I guess the the front for frosters to kind of counter count counter that uh that approach because or is this problem like basically solved like using basically this cryptographic so to to defend against is the problem basically solved or do you foresee frosters coming up with new scheme and what are those new schemes are.
Harrison_Tang: Great thank you well we'll take like 1 last question uh Brandy.
Harrison_Tang: Brandy at you you're you're on mute.
Harrison_Tang: And by the way like I just want to add on uh actually uh spoke you actually got a huge attack uh late last year in regards to a car testing so it's a little bit different like credit card testing and uh yeah like the volume at the highest is like 100,000k like in that particular day so yeah this is a real thing it's not the hypothetical scenario so yeah unfortunately we were able to kind of detect it early and then they went away but I think they probably just went to attack other companies that that has a lesser security uh proof so yeah.
Harrison_Tang: Yeah cool thank you thanks Andrew this is a very very great presentation and thanks for uh taking the time uh to uh present here at w3c and uh if anybody missed this great presentation will uh publish the recording uh later uh this week so thanks a lot.
Harrison_Tang: Great all right this concludes uh this week's cgg meeting so thanks everyone Thanks for attending.
<gerald_glickman> :clap: