diff --git a/2021-02-17/audio.ogg b/2021-02-17/audio.ogg new file mode 100644 index 00000000..3c6cd1a0 Binary files /dev/null and b/2021-02-17/audio.ogg differ diff --git a/2021-02-17/group.txt b/2021-02-17/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-02-17/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-02-17/irc.log b/2021-02-17/irc.log new file mode 100644 index 00000000..24b30cc9 --- /dev/null +++ b/2021-02-17/irc.log @@ -0,0 +1,298 @@ +[2021-02-17T17:59:55.202Z] present+ +[2021-02-17T18:00:08.131Z] present+ +[2021-02-17T18:02:43.217Z] present+ +[2021-02-17T18:03:16.576Z] robbie jones, present+ +[2021-02-17T18:04:15.191Z] present+ +[2021-02-17T18:04:22.183Z] present+ +[2021-02-17T18:04:36.253Z] present+ +[2021-02-17T18:04:39.953Z] present+ jonathan_holt +[2021-02-17T18:04:46.022Z] present+ +[2021-02-17T18:05:50.778Z] regrets +[2021-02-17T18:07:12.598Z] scribe: cel +[2021-02-17T18:07:18.918Z] wayne: moving to intros and reintros +[2021-02-17T18:07:32.490Z] ... feel free to introduce self if first time. would love to hear from you and your interested in the CG +[2021-02-17T18:07:38.342Z] present+ +[2021-02-17T18:07:39.513Z] present+ +[2021-02-17T18:07:41.298Z] ... are there any folks to introduce themselves? +[2021-02-17T18:07:43.231Z] ... last call +[2021-02-17T18:07:43.539Z] present+ +[2021-02-17T18:07:43.892Z] queue+ +[2021-02-17T18:07:51.288Z] q? +[2021-02-17T18:07:55.087Z] ... moving to reintros +[2021-02-17T18:08:01.197Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Feb/0087.html +[2021-02-17T18:08:02.897Z] q? +[2021-02-17T18:08:30.247Z] michael: first time in a while. wanted to say hello +[2021-02-17T18:08:32.095Z] present+ +[2021-02-17T18:08:42.372Z] *I can't hear him at all* +[2021-02-17T18:08:49.887Z] wayne: reintros? +[2021-02-17T18:09:03.157Z] sorry all, having a problem with the mic. Happy to be here! +[2021-02-17T18:09:18.753Z] wayne: moving on to announcements and reminders +[2021-02-17T18:09:31.069Z] That's correct +[2021-02-17T18:09:36.403Z] ... thoughtful bionetrics workshop march 8th , 11th, 12th +[2021-02-17T18:09:44.800Z] ... DID WG trying to move towards CR, requesting help with test suite +[2021-02-17T18:09:58.138Z] ... if you company is using DIDs and interested in testability, a good way to contribute +[2021-02-17T18:10:02.155Z] https://github.com/w3c-ccg/did-test-suite +[2021-02-17T18:10:03.002Z] present+ +[2021-02-17T18:10:07.120Z] ... instructions in repo and DID WG notes +[2021-02-17T18:10:15.298Z] ... other announcements? +[2021-02-17T18:10:16.635Z] q+ +[2021-02-17T18:10:21.009Z] ack heather +[2021-02-17T18:10:28.116Z] heathervescent: election nomination period is open for another week +[2021-02-17T18:10:39.687Z] wayne: heather sent a very detailed email on how to nominate and what the process is +[2021-02-17T18:10:55.325Z] ... if would like to help out as chair, we appreciate your self-nomination or nominate someone else who you think would make a great chair. 3 year term +[2021-02-17T18:11:01.909Z] ... any other announcements or reminders? +[2021-02-17T18:11:06.538Z] https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 +[2021-02-17T18:11:11.629Z] Hi GeunHyung_Kim, welcome! Thanks for making this time!~ +[2021-02-17T18:11:13.142Z] ... moving on. we're going to discuss some work items. pasted ^ +[2021-02-17T18:11:17.906Z] Present+ +[2021-02-17T18:11:20.976Z] ... one more announcement +[2021-02-17T18:11:43.908Z] ... Kick-off date for infrastructure task force. believe on wednessday feb 24, 11am eastern / 8am pacific? +[2021-02-17T18:11:51.913Z] ... will be sending out email calendar invite +[2021-02-17T18:11:54.349Z] present+ brent_zundel +[2021-02-17T18:12:03.321Z] Thanks, It's too early morning. +[2021-02-17T18:12:04.417Z] ... back to work items. vaccination cert vocab proposal to review. tobias initiated +[2021-02-17T18:12:13.181Z] ... coming in late from other call; will ask him when he gets here +[2021-02-17T18:12:23.388Z] ... next item: hold VC maintenance meeting to discuss PRs for inclusion +[2021-02-17T18:12:51.570Z] ... effectively, the VC maintenance WG works on finding maintenance items - editorial or substantive changes considered part of maintenance as decided by chairs. more details to follow +[2021-02-17T18:13:15.713Z] ... chairs: brent zundell (chair, DID WG) and myself +[2021-02-17T18:13:26.968Z] to faciliate transition of many work items from CCG to maintenance of the spec itself +[2021-02-17T18:13:45.562Z] ... goal is to keep things without breaking implementations +[2021-02-17T18:14:00.763Z] ... not to cause chaos - work better suited for next version of VC spec +[2021-02-17T18:14:14.101Z] Brent: thanks for the recap +[2021-02-17T18:14:48.774Z] Brent: all of the work to discuss issues, raise PRs, go back and forth on PRs, and to determine which PRs the editors want to merge, all this work happens in CCG +[2021-02-17T18:15:16.064Z] in the WG side, when editors and CCG folks say it is ready to go, then the maintenance WG meets, discusses the changes, says yes or not yet +[2021-02-17T18:15:39.675Z] Brent: chairs intend to be active in conversations. once things move to WG level, should not be surprises +[2021-02-17T18:16:01.759Z] .. did a pass of open issues, made quick determination, labeled some maintenance (chairs feel issue could be worked on as part of maintenance charter) +[2021-02-17T18:16:09.301Z] ... also labeled as substantive or editorial. +[2021-02-17T18:16:18.243Z] ... editorial goes in quickly, substantive requires more conversation +[2021-02-17T18:16:24.015Z] ... labeled some deferred. may need a new label +[2021-02-17T18:16:46.828Z] ... defer doesn't mean not ever, means we have concerns and not immediately clear if maintenance. work should continue on these +[2021-02-17T18:16:59.096Z] wayne: any questions to brent on the VC maint process? +[2021-02-17T18:17:23.985Z] ... should be able to have a doc to describe the proces shortly +[2021-02-17T18:17:41.839Z] ... next issue, going to try to close now. we have made charter amendments to address concerns of the last election - the first one this CG held, i believe +[2021-02-17T18:17:47.659Z] https://github.com/w3c-ccg/community/issues/136 +[2021-02-17T18:18:18.129Z] ... lot of learnings from it - how to do voting, what is voter eligilbility, etc. if curious, review comments and mailing list. charter amendment passed. minor concerns addressed. closing issues. can reopen if you have something to add. +[2021-02-17T18:18:22.931Z] present+ +[2021-02-17T18:18:38.804Z] present+ +[2021-02-17T18:18:39.236Z] q+ to provide background on w3id.org +[2021-02-17T18:18:52.178Z] ... we have finished going through the work items. going to move through a community panel discussion going through separate items. beginning at w3.org. different group but related +[2021-02-17T18:18:53.401Z] present+ +[2021-02-17T18:18:55.434Z] present+ +[2021-02-17T18:19:29.365Z] q? +[2021-02-17T18:19:33.385Z] ... also talking about vaccination work item, part of larger family of vocabularity work items, why they help and exist. and discussion on linked data security, why exists, how different from JWT. your questions to be answered in these panels. +[2021-02-17T18:19:44.498Z] manu: thanks. sharing screen +[2021-02-17T18:20:00.469Z] ... w3id.org was created many years ago +[2021-02-17T18:20:15.430Z] ... in general, when people talk about it, what they are talking about is a redirection service +[2021-02-17T18:20:28.443Z] ... basically a link on the web that when you go to it will send you somewhere else. +[2021-02-17T18:20:41.100Z] ... why? websites and domains come and go. sometimes you need a permanent identifier on the web. +[2021-02-17T18:20:56.814Z] ... need to make sure that the link you are using will always take you to the right place, over 10, 20, 30, 40 years +[2021-02-17T18:21:07.685Z] ... a place to give people a place to register long-lived identifiers +[2021-02-17T18:21:15.503Z] ... use for many of the vocabularity things we are talking about +[2021-02-17T18:21:45.956Z] ... when we talk about linked data security vocab, or traceability vocab, or citizenship vocab, want a link people can remember and use for many years. may change over time. +[2021-02-17T18:22:16.804Z] ... link may start out at ccg but then moves w3c wg, then may move to permanent location at Library of Congress, or W3C (which is backed up by the LoC) +[2021-02-17T18:22:25.799Z] ... w3id.org landing page +[2021-02-17T18:22:33.937Z] ... talks about purpose of the site, how to create a new identifier +[2021-02-17T18:22:42.279Z] ... anyone can create a new identifier +[2021-02-17T18:22:50.711Z] ... by GitHub PR, or mailing list +[2021-02-17T18:23:13.641Z] ... everything in a GitHub repository. have been 5000 changes to endpoints registered. 400 people contributed +[2021-02-17T18:23:19.104Z] ... over many years. +[2021-02-17T18:23:31.882Z] ... https://github.com/perma-id/w3id.org/ +[2021-02-17T18:23:49.120Z] ... every week there are many pull requests, people tirelessly pushing it forward. many projects. +[2021-02-17T18:24:16.189Z] ... security vocab CCG location on w3id.org +[2021-02-17T18:24:31.837Z] q? +[2021-02-17T18:24:34.430Z] ... can see last change, who maintains this particular redirect +[2021-02-17T18:24:37.260Z] ack Manu +[2021-02-17T18:24:46.197Z] ... https://github.com/perma-id/w3id.org/tree/master/security +[2021-02-17T18:24:47.332Z] q+ +[2021-02-17T18:24:51.793Z] ack wayne +[2021-02-17T18:24:51.930Z] ... questions on w3id.org or what it does? +[2021-02-17T18:25:11.130Z] wayne: question. about infrastructure and governance, who decides yes or know? are there ever conflicts? +[2021-02-17T18:25:36.079Z] manu: governance is super-loose. people that actually manage PRs: a handful of 4-5 people. seems crazy but that is where we are right now. +[2021-02-17T18:25:57.743Z] ... typically if you do a PR, Daniel will look at it, Dave Lain?, Dave Longley might +[2021-02-17T18:26:09.021Z] ... generally things don't get rejected unless you are trying to break something +[2021-02-17T18:26:18.902Z] ... we don't get many jerks +[2021-02-17T18:26:23.126Z] purly additive changes never get rejected... changes to an existing redirect tend to require approval from maintainers. +[2021-02-17T18:26:44.091Z] ... only modifications suggested may be for performance or to fix accidents in other areas, suggesting move to have better control +[2021-02-17T18:27:04.550Z] ... that is the day-to-day decision making. there isn't a whole lot of process but it is documented +[2021-02-17T18:27:17.654Z] q+ +[2021-02-17T18:27:18.745Z] ... doesn't seem to need to change. about who hosts it: that is different +[2021-02-17T18:27:27.837Z] ack wayne +[2021-02-17T18:27:32.609Z] wayne: who hosts it, and what happens when it goes wrong? +[2021-02-17T18:27:43.525Z] manu: digital bazaar paying for last 10 years. on a rackspace server. +[2021-02-17T18:27:55.133Z] ... a set of companies prepared to take over if something happens +[2021-02-17T18:28:14.428Z] ... issue is that this list is 7 years old, having refreshed, only companies still around are Digital Bazaar, OpenLink Software, and Applied Testing and Tech +[2021-02-17T18:28:19.950Z] ... everyone else moved on or failed, etc +[2021-02-17T18:28:38.936Z] If only github supported htaccess files.... +[2021-02-17T18:28:39.123Z] ... criticality of things to be done: need more orgs to share management/redunancy if something happens +[2021-02-17T18:29:03.239Z] ... if site down, its ok, there is repo +[2021-02-17T18:29:03.463Z] q+ to note about why the server does not matter +[2021-02-17T18:29:14.526Z] ... the other companies have access to the domain name as well +[2021-02-17T18:29:18.773Z] ... or at least, they did +[2021-02-17T18:29:33.075Z] ... may want to address as a WG or community +[2021-02-17T18:29:37.095Z] ack orie +[2021-02-17T18:29:38.063Z] wayne: other questions +[2021-02-17T18:30:05.097Z] q+ to agree with Orie, and then talk about the sad things. +[2021-02-17T18:30:11.064Z] Orie: if doing right, never make network request. should not rely on it +[2021-02-17T18:30:42.376Z] Orie: may follow redirect that would end on it, but actual file is hosted on GitHub, hosted by Microsoft +[2021-02-17T18:31:00.434Z] ... if GitHub goes down, people will get angry and get it back up again +[2021-02-17T18:31:21.987Z] ... you should not be relying on presence of this server for anything. redirects it points to are hosted on other servers +[2021-02-17T18:31:40.235Z] ... what is going away: you should ask about the referents +[2021-02-17T18:31:42.306Z] q? +[2021-02-17T18:31:46.372Z] ack manu +[2021-02-17T18:31:52.454Z] manu: +1 to what Orie said +[2021-02-17T18:32:13.295Z] people also fail to wash their hands after using the bathroom. +[2021-02-17T18:32:20.038Z] ... sad part: while true, you should never rely on w3id.org, people do all the time, software not correct. typically research projects or not in production +[2021-02-17T18:32:35.162Z] ... we originally went to w3c to ask to put it there, they said no +[2021-02-17T18:32:54.156Z] ... because they used to host XML schema/NS files on w3c, and it brought w3c servers down to knees on fairly frequent basis +[2021-02-17T18:33:07.916Z] ... because some developer would release a tool that would become popular that would always pull from w3c servers +[2021-02-17T18:33:20.069Z] ... deployment → DDoS W3C because not caching +[2021-02-17T18:33:28.562Z] q+ to agan say how to handle bad developers +[2021-02-17T18:33:42.762Z] ... that still continues to this day, unfortunately, devs don't always read the documentation, deploy things that were toys but become production +[2021-02-17T18:33:56.576Z] ack Orie +[2021-02-17T18:34:04.149Z] ... good news: we don't tend to feel that since it is only redirects, provider can deal with it and does appropriate caching +[2021-02-17T18:34:16.552Z] Orie: every time this comes up, manu says the same thing, and I say the same thing afterwards. +[2021-02-17T18:34:23.077Z] ... that bad behavior is not to be tolerated by the community +[2021-02-17T18:34:39.883Z] ... developer should be held accountable +[2021-02-17T18:34:55.007Z] ... don't do it! if you do, you are a bad dev contributing to DDOS +[2021-02-17T18:35:17.615Z] wayne: vaccination work item by tobias +[2021-02-17T18:35:22.131Z] q+ +[2021-02-17T18:35:28.378Z] ack Tobias +[2021-02-17T18:35:37.927Z] w3id.org/vaccination +[2021-02-17T18:35:45.083Z] Tobias_Looker: requested to CCG for new work item ^ +[2021-02-17T18:35:50.213Z] https://github.com/w3c-ccg/community/issues/182 +[2021-02-17T18:36:11.529Z] ... many are aware of initiatives for this use case +[2021-02-17T18:36:27.080Z] ... formally defining a vocabulary with accompanying JSON-LD context +[2021-02-17T18:36:37.281Z] ... familiar to those working with other vocabularities +[2021-02-17T18:36:47.552Z] ... extending for the use case of vaccination certificates +[2021-02-17T18:36:48.346Z] Looking at the vocabulary at https://w3id.org/vaccination/ <--- CBOR-LD encoding... NOICE! +[2021-02-17T18:36:55.194Z] ... welcoming contributions. early days. +[2021-02-17T18:37:02.518Z] ... mailing list thread suggested many people with ideas +[2021-02-17T18:37:04.914Z] q? +[2021-02-17T18:37:09.001Z] q+ +[2021-02-17T18:37:09.951Z] wayne: thanks. any questions or comments? add to q +[2021-02-17T18:37:18.162Z] ack jonathan +[2021-02-17T18:37:51.890Z] jonathan: bunch of work going on in different standards bodies. i've been involved in vaccination vocabularies since before covid +[2021-02-17T18:38:07.963Z] ... already done in robust HL7-FHIR(?) +[2021-02-17T18:38:15.083Z] ... definitions +[2021-02-17T18:38:30.597Z] ... building on work from Josh (?) from Microsoft +[2021-02-17T18:38:34.918Z] q+ +[2021-02-17T18:38:42.957Z] ... i hate to redo the work already out there that is 10 years old +[2021-02-17T18:38:44.332Z] +1 for Jonathon's comment. We need to collaborate +[2021-02-17T18:38:44.713Z] ack manu +[2021-02-17T18:38:47.476Z] q+ +[2021-02-17T18:39:08.933Z] see https://www.hl7.org/fhir/ +[2021-02-17T18:39:13.766Z] manu: +1 to work item. i am participating in VCI work, Josh Mandel leading, Jonathan participating +[2021-02-17T18:39:23.689Z] ... big use of HL7. a lot of VCI stuff trying to integrate that +[2021-02-17T18:39:35.428Z] ... trying to make sure all these different initiatives are aligned. cannot ignore HL7 +[2021-02-17T18:39:48.853Z] ... question is to tobias - the good thing here is that there is a good VC wrapper around this +[2021-02-17T18:40:04.978Z] ... what goes inside the credential subject, how to keep the other work aligned +[2021-02-17T18:40:34.360Z] ack Tobias +[2021-02-17T18:40:34.539Z] ... other people gravitating to VCs, but slightly different. could lead to massive noninteroperability. what is being done to align them? +[2021-02-17T18:40:57.307Z] Tobias_Looker: we are interested in the RDF representation +[2021-02-17T18:41:07.431Z] ... added the features required to make it easier to express this +[2021-02-17T18:41:14.544Z] ... welcome other with further expertise to align +[2021-02-17T18:41:27.775Z] ... at end of day, would be great for this vocab to be a recomposition of other definitions like HL7 +[2021-02-17T18:41:31.839Z] VCI - https://vaccinationcredential.org/ +[2021-02-17T18:41:40.097Z] ... composing it into the form required is what that becomes. +[2021-02-17T18:41:50.847Z] ... also adding any associated documentation to make it relevant in the context of VCs +[2021-02-17T18:41:52.616Z] q+ to ask Tobias to speak to CBOR-LD aspects. +[2021-02-17T18:42:02.367Z] ... work item evolving to be a thin mapping later would be ideal +[2021-02-17T18:42:20.613Z] q+ +[2021-02-17T18:42:24.723Z] wayne: commend this behavior of commenting on past specifications without techno-arrogance +[2021-02-17T18:42:31.047Z] ack manu +[2021-02-17T18:42:41.673Z] manu: Tobias, can you speak about the CBOR-LD? +[2021-02-17T18:42:49.665Z] ... gets the scan size for the QR code down +[2021-02-17T18:42:56.924Z] ... why is having a printable version important? +[2021-02-17T18:42:58.234Z] John Walker at CCI has been wroking on a FHIR to JSON-LD translator +[2021-02-17T18:43:04.718Z] Vaccine Credential FHIR Implementation Guide - http://build.fhir.org/ig/dvci/vaccine-credential-ig/branches/main/ +[2021-02-17T18:43:06.343Z] To build on existing work within FHIR +[2021-02-17T18:43:25.040Z] Tobias_Looker: CBOR-LD (by Digital Bazaar) a cool tool to be able to losslessly convert a JSON-LD document while preserving semantics in a terser form +[2021-02-17T18:43:35.013Z] SMART Health Cards Framework - https://smarthealth.cards/ +[2021-02-17T18:43:41.866Z] ... initiatives we are a part of: around the world, tech in general, access to tech, is varied. +[2021-02-17T18:43:58.618Z] ... many of opinion that credentials should not start from the assumption that the holder has access to a device or the internet +[2021-02-17T18:44:12.166Z] q+ +[2021-02-17T18:44:13.210Z] ... how do we integrate the lowest-tech solutions - paper-based mediums +[2021-02-17T18:44:38.046Z] ... one approach is to take a VC and print it out as QR code. it is verifible, sigs intact. +[2021-02-17T18:44:54.434Z] Associated Repos - https://github.com/dvci/vaccine-credential-ig & https://github.com/smart-on-fhir/health-cards/ +[2021-02-17T18:44:58.458Z] ... fundamental limitation on info to encode in a QR code before it becomes unscannable with common cameras +[2021-02-17T18:45:10.102Z] ... JSON-LD: verbose. must look for techniques to get info into more compressed form +[2021-02-17T18:45:32.371Z] ... due to Digital Bazaar's approach pioneered with CBOR-LD, we have an approach to bring it down to a terse form +[2021-02-17T18:45:46.595Z] ack jonathan +[2021-02-17T18:45:51.714Z] ... discussion underway. how for VCs to cater to a host of less-talked about use cases +[2021-02-17T18:46:08.447Z] jonathan: i'm a physician. involved in DID and VCs for 2 years. just got covid vaccination last week +[2021-02-17T18:46:22.543Z] q+ to agree with jonathan +[2021-02-17T18:46:23.779Z] ... even though work in this space, i got a paper card. will be volunteering to vaccinate thousands of people +[2021-02-17T18:46:34.771Z] ... hesitant that vaccination should be the driving use case for VCs +[2021-02-17T18:46:46.848Z] ... optimistic if can be synergize quickly, but also realist about impl details +[2021-02-17T18:46:48.586Z] ack agropper +[2021-02-17T18:47:09.430Z] agropper: we seem to have a run on physicians commenting here. i too am pretty negative on using vaccination as a use case for VCs as QR codes +[2021-02-17T18:47:33.248Z] ... though i certainly understand there are going to be many uses for long-lasting credentials to carry in wallet for years +[2021-02-17T18:47:45.900Z] q+ use case on qr codes +[2021-02-17T18:47:55.824Z] q+ to respond to adrians +[2021-02-17T18:47:59.164Z] To see John Walkers work on FHIR to JSON-LD he presented this morning at the DIF Healthcare working group - https://us02web.zoom.us/rec/play/aNxTM4SsEXVC43HPTuwLMjNahLv6sdbKEoqYcCteVvRj2FI24y4jRnSGmngboAyYX5VhIzR83-FSLOYh.eaG-ZCFPOkT15niN?continueMode=true&_x_zm_rtaid=ClSYZSifROCmOKBq_z3xug.1613587563233.3b5f44e4e71aabc67494b03eb9b26674&_x_zm_rhtaid=423 +[2021-02-17T18:48:04.992Z] ... the problem with the vaccine use case: presumes that the mechanism has you there in person. in reality, not only are these things used very seldom (revocation/changes), you have to have the same mechanism for testing +[2021-02-17T18:48:15.175Z] ... test results show up when the person is no longer there to present a paper credential +[2021-02-17T18:48:42.081Z] ... what i've done and what is already happening (e.g. in India): people will have and control an online account. they will put their credentials in the online account, and control it in various authorization mechanisms +[2021-02-17T18:48:56.572Z] There is work going on within the US vaccine credential working group - specifically consdiering how people can get a digital vaccination record out of the state level IIS systems. +[2021-02-17T18:49:02.469Z] ... don't have descrimination issues about mobile devices. don't assume that QR code has anything other than a pointer +[2021-02-17T18:49:10.013Z] ack Manu +[2021-02-17T18:49:15.467Z] ... recommend QR code points to an authorization server, or many a DID, but not a VC +[2021-02-17T18:49:20.963Z] the India DIVOC project is giving people a JSON-LD VC in paper form - not a pointer. +[2021-02-17T18:49:40.477Z] manu: agree with what jonathan and adrian have said. i am also skeptical we will be able to roll out anything before everyone just has a piece of paper to use +[2021-02-17T18:49:58.426Z] ... why work on this: i think it's useful for the future in general. 3-5 year time frame, lot of interest +[2021-02-17T18:50:00.329Z] https://divoc.egov.org.in/ +[2021-02-17T18:50:13.711Z] ... work we do now will probably miss this pandemic, but there may be another +[2021-02-17T18:50:37.718Z] ... Privacy implications with putting personal id in the item +[2021-02-17T18:51:11.440Z] ... what might do better: provide authorization through printed document. using a ZKAP with CBOR-LD. effectively an auth token to access medical record +[2021-02-17T18:51:36.037Z] ... can use to update records sitting in EDV, while give them something they can maybe print out every month or two (but may expire) +[2021-02-17T18:51:59.319Z] wayne: personally i prefer this to happen in the open rather than under wraps. by collaborating in public, anyone can raise concerns. +[2021-02-17T18:52:12.817Z] ... more scrutiny than deciding in a closed room +[2021-02-17T18:52:28.694Z] ... EFF taking a measured approached. recognizes VC spec recognizes privacy concern of long-term identifiers +[2021-02-17T18:52:41.466Z] ... Have tools to call out specific behaviors without damning a whole technology +[2021-02-17T18:52:50.847Z] ... allows for better discussion. starts with spirit of openness +[2021-02-17T18:52:51.370Z] q- +[2021-02-17T18:53:01.213Z] ... moving on, ahve to cover vocab items and linked data security +[2021-02-17T18:53:13.709Z] q- +[2021-02-17T18:53:50.973Z] Tobias_Looker: totally agree with a lot of points made. Adrian's points: by reference or by value, vacc cert in QR code has pros and cons to approaches. keep to hear feedback. competing requirements. offline verification: requires encoded directly +[2021-02-17T18:54:01.128Z] ... some people opted to have sharded across multiple QR codes +[2021-02-17T18:54:04.650Z] real world use case for us for the QR paper is on farm labor - complicated issue, but doing it in the open is quite helpful for us +[2021-02-17T18:54:37.207Z] wayne: take cursory overview, expound on in further discussions +[2021-02-17T18:54:51.509Z] mprorock: farm labor use cases. important topic for discussion in ML and issues +[2021-02-17T18:55:11.658Z] wayne: last 6 minutes of meeting. love to continue vaccination discussions on ML +[2021-02-17T18:55:19.386Z] ... Why vocabularies? +[2021-02-17T18:55:32.011Z] ... what necessary about them, what can they help with +[2021-02-17T18:55:34.122Z] q+ +[2021-02-17T18:55:39.442Z] ack dmitriz +[2021-02-17T18:55:49.385Z] ... maybe even remind us of JSON-LD +[2021-02-17T18:56:03.959Z] dmitriz: couple quick comments about vocabularies, as a developer of both JSON-LD and libraries in general +[2021-02-17T18:56:12.316Z] ... you can think of vocabs as loose schemas and conversion maps +[2021-02-17T18:56:31.835Z] ... two biggest benefits i see that they give: 1. schema migration. have a data model and then stuff changes +[2021-02-17T18:56:43.502Z] ... vocab allows you to change schema and migrate without breaking stuff +[2021-02-17T18:56:50.933Z] ... other thing: vocabularies allow for really good compression +[2021-02-17T18:57:00.172Z] ... more than other mechanisms, including Zip, etc. +[2021-02-17T18:57:15.198Z] ... because vocabularies provide a schema-like engine, they also serve as compression dictionaries +[2021-02-17T18:57:34.987Z] ... surprising upshot: when you use data structures using JSON-LD using vocabularies, you get unmatched levels of compression +[2021-02-17T18:57:40.344Z] ... starts to matter with QR codes, etc +[2021-02-17T18:57:46.717Z] q+ +[2021-02-17T18:57:49.212Z] wayne: Vocabularies? +[2021-02-17T18:57:49.564Z] ack Manu +[2021-02-17T18:58:07.467Z] manu: slightly different direction. vocabularies are fundamentally how you know that you are talking about the same thing +[2021-02-17T18:58:21.820Z] +1 manu ontology and interchange of information +[2021-02-17T18:58:37.793Z] ... think about having convo with someone: happens in a context. if meet up at IIW, convo and words probably in English, using identity vocabulary that all of us kindof know +[2021-02-17T18:58:50.698Z] ... vocab: how two different things know that they are talking about the same thing. true for JSON-LD and true for machines +[2021-02-17T18:59:01.679Z] ... machines talking to eachother have to be sure they are talking about the same thing +[2021-02-17T18:59:08.898Z] A very interesting CCI/LFPH project translating FHIR messages (and the IEEE standards jonathan mentioned) into LD was presented last week here (recording and minutes): https://github.com/decentralized-identity/healthcare/blob/main/agenda.md#february-10-2021---note-new-time-7am-pacific-4pm-cet---fhir-and-oca-with-some-talk-about-cci-vci +[2021-02-17T18:59:17.112Z] q? +[2021-02-17T18:59:20.252Z] ... vaccination vocab, etc., create language for machines to use so that they know what they are talking about, a shipment, crop, etc. +[2021-02-17T18:59:30.332Z] q+ to mention collaboration wrt vocabularies +[2021-02-17T18:59:32.724Z] may be of interest to people thinking about LD as a translation-booster for FHIR into multiple output VC formats :D +[2021-02-17T18:59:35.309Z] ... about semantics and understanding the info we are exchanging. fundamental to what we are doing in the CCG +[2021-02-17T18:59:37.198Z] ack JoeA +[2021-02-17T18:59:52.041Z] ... credential is fundamentally talking about something; need a vocabulary for that. +[2021-02-17T19:00:02.689Z] JoeAndrieu: key thing about vocabulary is that is shared +[2021-02-17T19:00:08.286Z] ubuntu semantics :D +[2021-02-17T19:00:13.809Z] ... by working on it in the open, increases its sharability +[2021-02-17T19:00:20.140Z] wayne: thanks. will reconvene next week +[2021-02-17T19:00:28.619Z] Thanks all +[2021-02-17T19:00:32.644Z] present+ +[2021-02-17T19:00:52.170Z] kicking to turn off cgbot..... diff --git a/2021-03-03/audio.ogg b/2021-03-03/audio.ogg new file mode 100644 index 00000000..b6eb415f Binary files /dev/null and b/2021-03-03/audio.ogg differ diff --git a/2021-03-03/group.txt b/2021-03-03/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-03-03/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-03-03/irc.log b/2021-03-03/irc.log new file mode 100644 index 00000000..e00e2639 --- /dev/null +++ b/2021-03-03/irc.log @@ -0,0 +1,302 @@ +[2021-03-03T18:00:21.881Z] present+ +[2021-03-03T18:00:24.670Z] present+ +[2021-03-03T18:00:41.016Z] Present+ +[2021-03-03T18:00:41.127Z] present+ +[2021-03-03T18:01:19.369Z] present+ +[2021-03-03T18:02:36.613Z] present+ +[2021-03-03T18:02:49.601Z] present+ +[2021-03-03T18:02:57.423Z] present+ +[2021-03-03T18:03:02.293Z] present+ +[2021-03-03T18:03:27.678Z] present+ +[2021-03-03T18:03:28.820Z] present+ +[2021-03-03T18:03:34.116Z] present+ +[2021-03-03T18:03:42.412Z] present+ +[2021-03-03T18:03:46.808Z] present+ +[2021-03-03T18:04:35.122Z] present+ +[2021-03-03T18:04:49.435Z] present+ +[2021-03-03T18:04:49.935Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Mar/0012.html +[2021-03-03T18:04:50.970Z] scribe+ +[2021-03-03T18:05:13.112Z] wayne: Introductions and re-introductions +[2021-03-03T18:06:04.926Z] TroyRonda: Hi, I'm Troy from SecureKey. +[2021-03-03T18:06:10.482Z] wayne: what brings you to this CCG call? :) +[2021-03-03T18:06:26.513Z] TroyRonda: a late-night message asking me to present on did:orb! +[2021-03-03T18:06:38.740Z] wayne: Moving on to announcements. +[2021-03-03T18:06:46.158Z] I love the did orb emoji +[2021-03-03T18:06:49.054Z] ... the Thoughtful Biometrics Workshop is in progress +[2021-03-03T18:07:09.740Z] ... any other announcements or reminders? +[2021-03-03T18:07:29.523Z] manu: the DID Core Specification is in its final review before it goes into CR (Candidate Recommendation) phase +[2021-03-03T18:07:44.862Z] ... that means - we were feature frozen (as of last July). the spec is now more or less locked in. +[2021-03-03T18:07:57.456Z] https://www.w3.org/TR/2021/WD-did-core-20210302/ +[2021-03-03T18:08:02.014Z] ... meaning, the group feels it's done with the technical work, and now moving on to the test suite & implementation phase +[2021-03-03T18:08:12.436Z] ... the specific version that we're freezing is in chat above. +[2021-03-03T18:08:30.892Z] ... so, if you were waiting for a good time to review it, this is it. Starting next Tues, if the vote goes well, the DID Core spec will be at CR. +[2021-03-03T18:08:40.884Z] ... this stage lasts for about 2 months. we try to get a ton of implementations in 2-3 months. +[2021-03-03T18:09:11.955Z] ... sometimes we find bugs in the spec, and have to go into a second CR phase (another 2 months or so). Which means, in 4 months or so, we'll have a good idea whether we're on track to a legit global standard +[2021-03-03T18:09:25.301Z] ... and it's looking good, on that trajectory. (possibly by Sept this year, at the latest). +[2021-03-03T18:09:32.102Z] ... so, it's great bedtime reading! highly recommended! +[2021-03-03T18:09:55.133Z] wayne: minor correction - not just /great/ bedtime reading, it's downright /ravishing/ +[2021-03-03T18:09:56.159Z] erruptions of cheers for manu, markus, drummond and every one else involved! +[2021-03-03T18:10:11.787Z] wayne: on to Work Item review +[2021-03-03T18:10:16.684Z] https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 +[2021-03-03T18:10:18.934Z] ... two action items we'll update on +[2021-03-03T18:10:28.593Z] ... the VC Maintenance Meeting +[2021-03-03T18:10:49.222Z] ... we're working on a work item within the CCG that will describe the VC Data Model Spec maintenance projects +[2021-03-03T18:10:57.057Z] ... second item - Asia/Pacific meeting. +[2021-03-03T18:11:15.543Z] ... the Infrastructure Taskforce met, we were just talking about various long-standing issues +[2021-03-03T18:11:24.932Z] https://github.com/w3c-ccg/infrastructure/issues +[2021-03-03T18:11:37.534Z] ... you can view all the issues (link above), which serve as the minutes of the meeting. +[2021-03-03T18:12:04.975Z] https://github.com/w3c-ccg/community/issues/139 +[2021-03-03T18:12:07.317Z] ... re Asia/Pacific meeting - time and date TBD, but Infra Taskforce will propose. +[2021-03-03T18:12:20.334Z] wayne: moving on - DID Core Test Suite. +[2021-03-03T18:12:27.568Z] ... we have Brent here who is co-chair of the DID WG. +[2021-03-03T18:12:45.225Z] brentz: as Manu mentioned, we are moments away from transitioning to CR +[2021-03-03T18:12:51.411Z] ... this means we are heavily involved in constructing the Test Suite +[2021-03-03T18:12:57.033Z] ... its purpose is twofold - +[2021-03-03T18:13:03.539Z] ... first, to demonstrate the spec is implementable +[2021-03-03T18:13:15.412Z] ... second, to show that each of the features in the spec has implementation support +[2021-03-03T18:13:24.290Z] ... so not only /can/ it be implemented, but that it has been. +[2021-03-03T18:13:38.177Z] ... important to demonstrate this to W3C management, that it's ready to move from CR into the next phase +[2021-03-03T18:13:49.815Z] ... the Test Suite is the vehicle by which we can get the most hands-on real world feedback for the spec +[2021-03-03T18:14:00.709Z] ... we fully anticipate it'll uncover bugs in the standard that'll need to be addressed +[2021-03-03T18:14:13.814Z] ... the basic structure of the test suite is - we have divided up the normative issues of the spec into different feature sets +[2021-03-03T18:14:20.554Z] ... tests are being written as we speak, for those feature sets. +[2021-03-03T18:14:34.850Z] ... once those are together, they'll be fairly clear instructions for every implementer, +[2021-03-03T18:14:45.733Z] ... to test their implementation (of a DID Method) against the spec +[2021-03-03T18:14:57.708Z] ... the different feature sets are described in issues in the DID Test Suite repo +[2021-03-03T18:15:11.727Z] ... you'll see that each of the feature sets have been assigned to someone. but I'm positive those people would love help +[2021-03-03T18:15:17.387Z] present+ +[2021-03-03T18:15:19.273Z] ... so anyone interested in helping should jump in and do so +[2021-03-03T18:15:23.690Z] ... Any questions? +[2021-03-03T18:15:25.709Z] q? +[2021-03-03T18:15:30.375Z] https://github.com/w3c/did-test-suite/issues +[2021-03-03T18:15:42.565Z] wayne: Brent has dropped a link to the test suite +[2021-03-03T18:15:47.488Z] ... feel free to engage with issues there! +[2021-03-03T18:15:57.519Z] ... if no questions/comments to Brent, moving on to next item +[2021-03-03T18:15:59.431Z] https://trustbloc.github.io/did-method-orb/ +[2021-03-03T18:16:03.688Z] topic: did:orb Method +[2021-03-03T18:16:21.166Z] wayne: over to you, Troy +[2021-03-03T18:16:39.630Z] Troy_Ronda: thank you. I pasted a link to the spec in the chat. ::sharing screen:: +[2021-03-03T18:17:21.181Z] ... did:orb - a little bit of background +[2021-03-03T18:17:36.879Z] ... we have previous experience in implementing DID Methods on Hyperledger Fabric, using the Sidetree protocol defined in DIF +[2021-03-03T18:17:50.542Z] ... did:orb is taking those experiences we had with Sidetree and HL Fabric, and trying to shift it into a more open Federation model +[2021-03-03T18:18:01.447Z] ... meaning, anyone participating can replicate all of the prior state from other participants in the network +[2021-03-03T18:18:09.506Z] ... and be able to follow and join between the different systems +[2021-03-03T18:18:26.426Z] ... the important characteristic of Sidetree that we brought with us is - the DID is Self-Certifying +[2021-03-03T18:18:35.080Z] ... the DID suffix is bound to the did document, cryptographically +[2021-03-03T18:18:45.168Z] ... the DID Docs are forming their own chain, from inception to the current. +[2021-03-03T18:19:00.178Z] ... so, we're not relying on a traditional consensus model to decide whether a DID Doc is valid; +[2021-03-03T18:19:06.184Z] ... it's validated by the controller's signature +[2021-03-03T18:19:19.034Z] ... we have a VDR for did doc storage +[2021-03-03T18:19:31.115Z] ... we have an endorsement model (from Fabric) for propagation +[2021-03-03T18:19:39.130Z] ... ok, so, on to the first motivation - enabling open Federation +[2021-03-03T18:19:49.922Z] ... we didn't want to be coupled by a blockchain or DLT, either public or permissioned +[2021-03-03T18:20:01.166Z] ... we wanted to decouple propagation coordination into an agnostic protocol +[2021-03-03T18:20:16.247Z] ... this also meant decoupling the transaction graph from a particular ledger, and storing it on content-addressed storage +[2021-03-03T18:20:29.360Z] ... decoupling it from a DLT was important, and allowing multiple ledgers/did methods on the backend +[2021-03-03T18:20:45.768Z] ... as compared to our previous efforts on HL Fabric, this is reduced to a log aspect, rather than coordination aspec +[2021-03-03T18:20:55.824Z] ... the other main motivation was to have an open federation & replication model +[2021-03-03T18:21:08.158Z] ... meaning, VDR servers could participate in replication, and choose who to replicate with +[2021-03-03T18:21:17.594Z] ... so as not to lock-in to a particular VDR or DLT +[2021-03-03T18:21:24.786Z] ... while minimizing trust in the network and servers as much as we could +[2021-03-03T18:21:37.736Z] ... when we talk about CAS (content-addressed storage), DHTs like IPFS come up +[2021-03-03T18:21:49.233Z] ... but we wanted to have a method that also can be stored on web APIs, in addition to DHTs +[2021-03-03T18:21:59.504Z] ... since we can't always just use IPFS, although it has nice discovery properties +[2021-03-03T18:22:09.337Z] ... so, we've allowed for both Web and IPFS discovery models +[2021-03-03T18:22:21.196Z] https://trustbloc.github.io/did-method-orb/#format +[2021-03-03T18:22:31.796Z] ... so for example, we can have did:orb:web: +[2021-03-03T18:22:45.954Z] ... did suffix referring to the unique did document initial state +[2021-03-03T18:22:55.352Z] ... as specified in Sidetree +[2021-03-03T18:23:05.622Z] ... and then forms a chain of did updates +[2021-03-03T18:23:21.724Z] ... the discovery APIs for the web is based on WebFinger and DID Discovery, +[2021-03-03T18:23:26.901Z] ... and the DHT one is based on IPFS +[2021-03-03T18:23:42.524Z] ... Portability Requirement -- needed to be able to migrate between ledgers, while maintaing transactions +[2021-03-03T18:24:05.683Z] ... we did this by building an immutable graph (discoverable from the DID string itself, since it's an identifier of a particular point in the graph) +[2021-03-03T18:24:25.400Z] ... since this is a graph-based model, the resolving server need to be able to grab the latest transaction, +[2021-03-03T18:24:45.038Z] ... so a DID has an Origin property, that the DID Controller is claiming knows the latest transactions / DID's latest state +[2021-03-03T18:24:57.125Z] ... one of the ways we do that is by updating the initial (canonical) DID +[2021-03-03T18:25:10.620Z] ... so, by changing the Origin, it signals that a new canonical DID is available +[2021-03-03T18:25:37.297Z] ... Witnesses observe VDR objects (batches of DID updates) +[2021-03-03T18:25:51.261Z] ... what they're doing it is promising to incorporate the objects into their ledgers +[2021-03-03T18:25:57.605Z] ... this is based on Certificate Transparency spec +[2021-03-03T18:26:10.861Z] ... includes the Merge Delay mechanism, etc. +[2021-03-03T18:26:23.764Z] ... we wanted witnesses to be able to be monitored, make sure they honor their promises +[2021-03-03T18:26:30.817Z] ... if you know Sidetree, you may know of the Late Publishing issue, +[2021-03-03T18:26:38.087Z] ... where the DID Controller is creating a branch in their own operation graph +[2021-03-03T18:26:44.092Z] ... so we do use Witness timings to resolve late publishing +[2021-03-03T18:26:53.177Z] ... each system can decide which witnesses it considers to be trusted +[2021-03-03T18:27:01.911Z] ... and the Origin witness (set by did controller) can break ties +[2021-03-03T18:27:17.822Z] ... I'll speed through the last couple points +[2021-03-03T18:27:23.398Z] ... the last motivation was to leverage existings specs +[2021-03-03T18:27:27.486Z] ... of course it's DID Spec compliant +[2021-03-03T18:27:35.668Z] ... Sidetree protocol to encode updates in batches +[2021-03-03T18:27:56.899Z] ... (that's the anchor credential - see spec for details) +[2021-03-03T18:28:08.384Z] ... JSON-LD Proofs from witnesses are forming a proof chain on top of the anchor credential +[2021-03-03T18:28:15.686Z] ... we did extended Certificate Transparency for VCs +[2021-03-03T18:28:25.948Z] ... we used ActivityPub for propagation, WebFinger for web-based discovery, +[2021-03-03T18:28:33.949Z] ... and for CAS, used IPFS for content identifiers and encodings +[2021-03-03T18:28:39.233Z] ... questions? +[2021-03-03T18:28:40.312Z] q+ to say this is awesome work and how do we engage further +[2021-03-03T18:28:47.416Z] ack Manu +[2021-03-03T18:28:53.863Z] manu: this is awesome stuff, Troy, thank you! +[2021-03-03T18:28:59.926Z] ... I know this is an enormous amount of work +[2021-03-03T18:29:16.726Z] ... I've got a thousand questions, would be great for the community to explore this stuff +[2021-03-03T18:29:25.760Z] ... Troy, chairs, how do we have more discussions around DID Methods? +[2021-03-03T18:29:38.851Z] ... there's not just two different things in did:orb, there's many, so what's the best way to engage +[2021-03-03T18:29:47.705Z] ... on this specific did method, and on methods in general? +[2021-03-03T18:30:04.910Z] heathervescent: let us know, we can schedule discussions of particular methods +[2021-03-03T18:30:20.660Z] Troy_Ronda: as we get the implementation going, we want to explore the best place to put this spec +[2021-03-03T18:30:27.503Z] ... we do want to see this as a Community specification, +[2021-03-03T18:30:36.578Z] ... so, we're looking for the best location for the spec & implementation work +[2021-03-03T18:30:45.596Z] ... obviously CCG and DIF are both interesting candidates for this +[2021-03-03T18:30:54.580Z] ... since it's related to DIF Sidetree, but also W3C Specs +[2021-03-03T18:31:02.840Z] wayne: we'd certainly welcome this is a Work Item in the group +[2021-03-03T18:31:34.737Z] ... and it'll be interesting to talk with W3C staff as far as forming working groups for particular (sets of adjacent) DID Methods +[2021-03-03T18:31:40.399Z] ... any other questions for Troy? +[2021-03-03T18:31:41.112Z] q+ +[2021-03-03T18:31:44.057Z] ack Wayne_Chang +[2021-03-03T18:31:44.626Z] ... ok, I have one more question +[2021-03-03T18:31:56.716Z] ... Troy, do you think you can walk us through an exmaple through DID Resolution & update? +[2021-03-03T18:32:01.869Z] Implementation: https://github.com/trustbloc/orb +[2021-03-03T18:32:02.083Z] ... picking a particular ledger / VDR +[2021-03-03T18:33:19.600Z] wayne: screen shares Orb Network Topology slide. +[2021-03-03T18:33:48.998Z] Troy_Ronda: on this diagram (slide 9), is the network topology +[2021-03-03T18:33:56.896Z] ... several Orb servers playing different roles in a transaction +[2021-03-03T18:34:18.683Z] ... what happens for creating/updating a DID -- a controller picks an Orb server, and submits an operation via the REST API +[2021-03-03T18:34:28.283Z] ... the API queues it up to a Sidetree batch +[2021-03-03T18:34:37.589Z] ... which basically strings together patches +[2021-03-03T18:34:46.905Z] ... the batch file is written to the CAS, which is a pluggable module +[2021-03-03T18:34:54.428Z] ... web is built in, IPFS also possible +[2021-03-03T18:35:00.232Z] ... that creates the Anchor Writer +[2021-03-03T18:35:12.387Z] ... that holds a reference to the CID of the Sidetree Batch +[2021-03-03T18:35:19.328Z] ... sends an ActivityPub message +[2021-03-03T18:35:33.257Z] ... notifies any Witnesses (collected from its own settings, as well as the Origins of DID Docs in the batch) +[2021-03-03T18:35:47.350Z] ... sends an AP message of an Offer, which is an Anchor credential signed by the originating Orb server +[2021-03-03T18:36:18.270Z] ... the receiver Witness signs off, commits to updating it into its ledger, and returns an Endorsement result (an AP Like activity actually) +[2021-03-03T18:36:39.054Z] ... the Orb server collects all these LD Proofs (endorsements etc), and writes it to the CAS +[2021-03-03T18:37:04.420Z] ... once written to the CAS, it gives it both to its own observer, but also uses the info to update any DIDs that it might have. Sends it to its Followers (ActivityPub style) +[2021-03-03T18:37:29.761Z] ... the creation of an Anchor Credential is sent as an AP 'Create' Message +[2021-03-03T18:37:37.439Z] ... so that's on the write side. on the Read side, +[2021-03-03T18:37:52.942Z] ... the resolver would call the Sidetree Rest API (the normal http binding for DID Resolution spec) +[2021-03-03T18:38:13.153Z] ... (there's some replication-related details) +[2021-03-03T18:38:27.496Z] ... so it's possible to discover new Orb servers via did resolution +[2021-03-03T18:38:31.934Z] ... so that's roughly the topology +[2021-03-03T18:38:49.713Z] ... if you're using IPFS, you can put ipfs: and the CID right into the DID identifier +[2021-03-03T18:39:03.438Z] wayne: thank you, excellent overview +[2021-03-03T18:39:11.458Z] q? +[2021-03-03T18:39:13.956Z] ... and a lot of people would be excited to engage further +[2021-03-03T18:39:16.768Z] q+ +[2021-03-03T18:39:22.284Z] ack TallTed +[2021-03-03T18:39:28.068Z] TallTed: is there a link to the slides pdf? +[2021-03-03T18:39:52.678Z] Troy_Ronda: I'll try to find a place to post it. or just email it to me. +[2021-03-03T18:40:03.927Z] wayne: you can send it to the mailing list +[2021-03-03T18:40:10.721Z] ... ok, on to final topic, +[2021-03-03T18:40:23.166Z] ... very important to understand how linked data relates to verifiability +[2021-03-03T18:40:30.928Z] ... so, Manu is joining us to talk about LD Proofs +[2021-03-03T18:40:37.750Z] https://lists.w3.org/Archives/Public/public-credentials/2021Feb/att-0134/2021-Linked-Data-Security.pdf +[2021-03-03T18:40:45.452Z] manu: I'll paste the slides into the chat channel +[2021-03-03T18:40:55.989Z] manu: (Linked Data Security slide deck) +[2021-03-03T18:41:06.747Z] ... at a high level, there's a set of work happening in the CCG around Linked Data Security +[2021-03-03T18:41:22.345Z] ... so, we use Linked Data for a lot of things in the group. primarily, VCs are based on LD +[2021-03-03T18:41:39.524Z] ... when you express information, you want to protect it (by digitally signing it, etc) +[2021-03-03T18:42:07.091Z] ... so that's what Linked Data Security work is concerned with +[2021-03-03T18:42:14.741Z] ... ok, so, why are we talking about this now? +[2021-03-03T18:42:34.584Z] ... we sent out this Linked Data Security Roadmap out to the mailing list a few days ago. this slide just shows the related W3C Standards +[2021-03-03T18:42:45.497Z] ... some of these, we've been working on for close to a decade +[2021-03-03T18:42:47.043Z] ... so most of this stuff is not new +[2021-03-03T18:42:54.981Z] ... started with JSON-LD, with Canonicalization, +[2021-03-03T18:42:58.560Z] ... and continued on from there. +[2021-03-03T18:43:20.510Z] ... fundamentally, the VC specs largely depend on LD Signatures. you can use JWTs to sign VCs as well, but many deployments use LD Security signatures +[2021-03-03T18:43:42.574Z] ... as you can see from the roadmap, this is where we are today, and this is a whoooole bunch of work that is starting up that needs to be done in the coming months +[2021-03-03T18:43:50.546Z] ... here's a Layer Cake (tm) stack +[2021-03-03T18:44:06.283Z] ... foundation is - Canonicalization. +[2021-03-03T18:44:14.975Z] ... (rdf dataset canonicalization) +[2021-03-03T18:44:24.465Z] ... on top of that, Linked Data Proofs, and Linked Data Signatures +[2021-03-03T18:44:33.253Z] ... and on top of that, the individual cryptographic suites we're using +[2021-03-03T18:44:45.564Z] ... so, really, what we're trying to do, is just protect the information we're publishing. +[2021-03-03T18:44:48.571Z] ... make it tamper-resistant +[2021-03-03T18:45:07.328Z] ... that's what the proofs are for +[2021-03-03T18:45:25.915Z] ... so, we have a structured document with some information, and then a protection for that information +[2021-03-03T18:45:32.364Z] ... so lets look at RDF Dataset Canonicalization +[2021-03-03T18:45:45.463Z] ... it transforms an input to a /deterministic/ output +[2021-03-03T18:45:53.814Z] ... this is a fundamental cryptographic builidng block +[2021-03-03T18:46:09.930Z] ... why did it take so long? it's had to go through 2 mathematical formal proofs, with peer review +[2021-03-03T18:46:16.451Z] ... so, that took a while to get em peer reviewd & published +[2021-03-03T18:46:36.911Z] ... so basically, it's a fancy way of deterministically canonicalizing a structured document / graph. +[2021-03-03T18:47:08.269Z] ... canonicalization is crucial. because even with simple json, if you naively sign it on the string contents, even whitespace changes the signature +[2021-03-03T18:47:25.125Z] ... so canonicalization allows the input to be standardized, so that the signatures (and verifications) work on the same value +[2021-03-03T18:47:49.209Z] ... so for example, this is not done in the JOSE environment (no canonicalization) +[2021-03-03T18:47:54.179Z] ... so this just pre-formats the data for signing. +[2021-03-03T18:48:04.959Z] ... Next up we have Linked Data Proofs +[2021-03-03T18:48:33.512Z] ... these express various protective measures such as - digital signatures (just one mechanism), proof of work, proof of existence, of elapsed time, etc +[2021-03-03T18:48:45.626Z] ... digital signatures is what most people are used to +[2021-03-03T18:48:51.503Z] ... and all these methods have different tradeoffs/characteristics +[2021-03-03T18:48:59.469Z] ... so LD Proofs unify all these methods +[2021-03-03T18:49:30.586Z] ... think of it as a physical safe for paperwork, but you can surround it with a moat filled with laser sharks. so, multiple ways to protect things, +[2021-03-03T18:49:36.152Z] ... and using em together sometimes helps. +[2021-03-03T18:49:44.297Z] +1 laser sharks +[2021-03-03T18:50:02.306Z] ... here's an example Proof of Work +[2021-03-03T18:50:09.887Z] ... sort of a Bitcoin-y way of protecting things +[2021-03-03T18:50:17.504Z] Sharks w/ lasers do work in certain cases :) +[2021-03-03T18:50:26.530Z] ... it's great, generates a ton of heat, burns calories, etc. +[2021-03-03T18:50:45.818Z] ... so Proofs are the fundamental building block. so let's zoom in on LD Signatures +[2021-03-03T18:50:54.960Z] ... they're a type of proof, we use it to express digital signatures +[2021-03-03T18:51:00.427Z] ... here's an example. +[2021-03-03T18:51:21.900Z] ... it's got all the properties you'd expect - type, metadata, algorithm, etc +[2021-03-03T18:51:30.648Z] ... let's continue up the stack +[2021-03-03T18:51:44.763Z] ... when you get to the individual crypto suites -- these are basically recommended ways of doing something +[2021-03-03T18:51:48.886Z] ... you can think of them as recipes. +[2021-03-03T18:52:03.551Z] ... there are many different recipes you can use to create your proofs. +[2021-03-03T18:52:26.825Z] ... crypto suites typically bundle / recommend several things that work together. a signing algorithm, a hashing algorithm, a canonicalization alg. +[2021-03-03T18:52:34.341Z] ... so, it's a recommended recipe for protecting data. +[2021-03-03T18:52:48.142Z] ... for example - Ed25519VerificationKey2020 crypto suite +[2021-03-03T18:53:04.002Z] ... in the suite, it talks about the public key format, what a signature looks like, what hash alg to use, etc. +[2021-03-03T18:53:12.162Z] ... so that's fundamentally it. this is what we mean by Linked Data Security +[2021-03-03T18:53:12.758Z] q+ why is Equihash not on LDS +[2021-03-03T18:53:22.125Z] ... it's this layer cake / this set of specifications +[2021-03-03T18:53:31.751Z] ... so where do we go from here? +[2021-03-03T18:53:52.380Z] ... this stuff has been incubating for a decade now. we have math proofs in place, we have all this stuff lined up, including VCs as a usecase +[2021-03-03T18:54:04.504Z] ... the next step is proposing an official W3C Working Group +[2021-03-03T18:54:19.989Z] ... in the next 6 months, there's going to be a charter proposed to W3C membership, for formation of a working group +[2021-03-03T18:54:24.894Z] ... so that's it! +[2021-03-03T18:54:29.708Z] q? +[2021-03-03T18:54:34.969Z] ack cel +[2021-03-03T18:54:47.907Z] cel: why is Equihash not on top of linked data signatures diagram? +[2021-03-03T18:54:59.007Z] manu: great question. Equihash is a /type/ of proof. it's not actually a signature +[2021-03-03T18:55:04.159Z] ... it's basically a Proof of Work +[2021-03-03T18:55:08.844Z] q+ +[2021-03-03T18:55:11.996Z] ack W +[2021-03-03T18:55:13.682Z] so it's an example of something that sits on top of LD Proofs, but not LD Sigs +[2021-03-03T18:55:22.595Z] q+ around best practices for stacking proofs +[2021-03-03T18:55:25.716Z] wayne: I've been going through a lot of these specs of curves & algs, +[2021-03-03T18:55:41.862Z] ... I was wondering - is there a canonicalization of actual cryptographic functions? +[2021-03-03T18:55:50.263Z] manu: not sure I understand the question +[2021-03-03T18:56:05.178Z] wayne: does it come with standard steps / algorithms? +[2021-03-03T18:56:06.489Z] manu: yes +[2021-03-03T18:56:27.210Z] manu: one caveat - the specs are a bit old and out of date now (need to catch up to implementations / deployments) +[2021-03-03T18:56:45.807Z] ... but they all have boilerplate step-by-step language +[2021-03-03T18:57:04.326Z] wayne: what about like pseudocode, in CS terms? +[2021-03-03T18:57:13.849Z] manu: right, so, those generalized algs are in the specs itself +[2021-03-03T18:57:24.572Z] ... they of course need updating - PRs welcome :) +[2021-03-03T18:57:29.561Z] wayne: other questions? +[2021-03-03T18:57:29.952Z] q? +[2021-03-03T18:57:32.426Z] ack mprorock +[2021-03-03T18:57:44.211Z] mprorock: one of the things we're dealing with a lot of combinations of various proofs +[2021-03-03T18:57:52.250Z] ... for example, genetic sampling use case +[2021-03-03T18:58:07.303Z] ... is there a good method / starting place to read about how to combine digital sigs and other proofs? +[2021-03-03T18:58:14.164Z] ... is a VC the best way to account for that? +[2021-03-03T18:58:21.975Z] manu: yeah, the easiest thing is to reach for a VC +[2021-03-03T18:58:32.111Z] ... the thing about LD Proofs is, you can attach them to any kind of document +[2021-03-03T18:58:38.702Z] ... and VCs are just one specific form +[2021-03-03T18:58:52.324Z] ... for your use cases, I would specifically recommend a VC. +[2021-03-03T18:58:59.305Z] ... cause you have a chain-of-custody issues, and so on +[2021-03-03T18:59:14.606Z] ... the other thing that's interesting with LD Sigs is -- you can /refer/ to other VCs, bundle them together +[2021-03-03T18:59:20.874Z] ... unfortunately we're at time +[2021-03-03T18:59:32.388Z] mprorock: that would be a great topic for future meetings! +[2021-03-03T18:59:35.921Z] q+ +[2021-03-03T18:59:39.821Z] ack heather +[2021-03-03T18:59:53.361Z] heathervescent: shout-out for next week, we're having two meet and greets between the Solid Project and the CCG +[2021-03-03T19:00:21.173Z] ... CCG is presenting to Solid a week from today at 7am Pacific (10am Eastern) (regular solid call time), and Solid is presenting to the CCG at this time next week +[2021-03-03T19:00:35.485Z] ... during our usual call, and hopefully Tim Berners-Lee is joining for a note +[2021-03-03T19:00:48.830Z] wayne: hope to see all of you there! +[2021-03-03T19:01:51.777Z] kicking everyone to let cbot shutdown +[2021-03-03T19:01:57.695Z] (please don't take it personally) diff --git a/2021-05-11/audio.ogg b/2021-05-11/audio.ogg new file mode 100644 index 00000000..e639ae06 Binary files /dev/null and b/2021-05-11/audio.ogg differ diff --git a/2021-05-11/group.txt b/2021-05-11/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-05-11/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-05-11/irc.log b/2021-05-11/irc.log new file mode 100644 index 00000000..8ce87a9e --- /dev/null +++ b/2021-05-11/irc.log @@ -0,0 +1,210 @@ +[2021-05-11T16:02:46.390Z] present+ +[2021-05-11T16:02:47.917Z] present+ +[2021-05-11T16:02:51.236Z] present+ +[2021-05-11T16:02:57.845Z] present+ +[2021-05-11T16:03:01.277Z] present+ +[2021-05-11T16:03:03.605Z] present+ +[2021-05-11T16:03:04.217Z] present+ +[2021-05-11T16:03:25.399Z] present+ +[2021-05-11T16:03:31.979Z] present+ +[2021-05-11T16:03:38.257Z] present+ +[2021-05-11T16:03:49.771Z] present+ +[2021-05-11T16:04:30.021Z] q- +[2021-05-11T16:04:35.111Z] present+ +[2021-05-11T16:05:16.542Z] present+ +[2021-05-11T16:05:22.704Z] scribe+ Mahmoud +[2021-05-11T16:05:42.512Z] Woo! Thanks for volunteering, Mahmoud! +[2021-05-11T16:05:50.884Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021May/0056.html +[2021-05-11T16:06:07.226Z] Topic: Introductions & Reintroductions +[2021-05-11T16:06:12.878Z] Wayne: Introductions, anyone want to introduce themselves? +[2021-05-11T16:06:15.978Z] q? +[2021-05-11T16:06:49.662Z] Mahmoud: I'll help with scribe topics. Thank you for volunteering!! +[2021-05-11T16:06:56.897Z] Wayne: any reintroductions any projects you want to share? would anyone like to reintroduce themselves? +[2021-05-11T16:07:14.160Z] Topic: Announcements & Reminders +[2021-05-11T16:07:14.985Z] Wayne: Announcements: no announcements right now would anyone like to add any? +[2021-05-11T16:07:21.688Z] q? +[2021-05-11T16:07:28.468Z] q+ +[2021-05-11T16:07:42.116Z] ack brent +[2021-05-11T16:08:50.620Z] brent: DID spec reminder, need feedback to progress. Added myself to introduce theres a claims and credentiasl working group at DIF to define VP protocol that makes use of different community layers called the WACKI presentation exchange protocol, reach out to me for any questions. it aims to be a way for anyone to submit a VP Request and get a VP in return +[2021-05-11T16:09:00.319Z] q+ +[2021-05-11T16:09:11.264Z] ack Manu +[2021-05-11T16:09:26.833Z] Manu: CCG has work item for VP request what are the overlaps with the DIF work? +[2021-05-11T16:10:04.110Z] q+ +[2021-05-11T16:10:18.605Z] ack Manu +[2021-05-11T16:10:20.351Z] Brent: we hope theres lots of overlap, limitations are that CCG appears to be http-centric. DIF aims to be transport agnostic. there is broad interest in making a solution that is similar regardless of transport +[2021-05-11T16:11:16.857Z] q? +[2021-05-11T16:11:24.623Z] Manu: CCG VP request Spec is meant to be agnostic. We might be at a collision course if the specs end up very different. There are current concerns about CCG spec not being well formed. Just a heads up there might be misalignment potential and we should work on getting things merged properly and be vigilant +[2021-05-11T16:11:29.788Z] https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 +[2021-05-11T16:11:32.066Z] Topic: Action Items +[2021-05-11T16:11:56.498Z] WACI Presentation Exchange: https://github.com/decentralized-identity/waci-presentation-exchange +[2021-05-11T16:12:14.290Z] Wayne: Two action items: +* traceability api lots of discussion and no objcetions. will activate repo and work item, name to be finalized probably going to be traceability interop +[2021-05-11T16:13:11.693Z] wayne: ... * Meeting at 11 am EST 8 PST 5 CET? to discuss outstanding PR to determining if this is actually PR for maintenance or just feature requests +[2021-05-11T16:13:16.074Z] https://github.com/w3c/vc-data-model/pull/774 +[2021-05-11T16:13:25.245Z] Topic: Review Process for VC data model +[2021-05-11T16:15:15.677Z] wayne: VC-Data-Model, after lots of disucssions with members of community, discussing how are we going to respond to PRs, we have decided we will only focus on PRs that address inconsistencies. This is nto an easy process and will take some work and depending on change type will be marked as editorial or substantive. Editorials will be added, substantive will stay as open PR. +[2021-05-11T16:15:48.888Z] q? +[2021-05-11T16:15:49.868Z] wayne: ... We will call for feedback from community and ask people to meet two mondays from now. +[2021-05-11T16:16:59.352Z] q+ +[2021-05-11T16:17:02.414Z] ...: Roadmap for 2021 : +* editorial V 1.1 +* Substantive v1.2 +* Start planning VC v1.2 +* fix v1 of spec -- some pain points include updating context, still open for discussion +[2021-05-11T16:17:02.760Z] ack brent +[2021-05-11T16:18:22.985Z] brent: Thanks for what you said. We are unforunately limited due to scope of maintenance work, we can only focus on mistakes. It doesnt mean we can only do editorial fixes, we can do substantive changes but they are only going to be bug fixes. This doesnt mean work for v2 is on hold, please raise issues so we can have discussion it will automatically rolled into future versions +[2021-05-11T16:18:25.442Z] q? +[2021-05-11T16:18:36.980Z] wayne: thanks for additional context. any more comments? +[2021-05-11T16:18:51.681Z] Topic: IIW Recap Discussion +[2021-05-11T16:19:07.328Z] wayne: moving on to discussion on IIW, now that people have had time to reflect are there any topics people wnat to discuss? +[2021-05-11T16:19:14.306Z] q+ +[2021-05-11T16:19:15.196Z] q+ +[2021-05-11T16:19:21.472Z] ack agropper +[2021-05-11T16:21:04.931Z] Adrian: I tried to look at the conversations at IIW on protocol work, DIF and W3C work, and tehre were many sessions around protocols, my impression was that very little of the work was from the holder perspective for many reasons. All the work appears to be centered around verifier and issuer, attempted to hold a session on third day and wanted to raise issue for the group to discuss, looking forward to hear from peple involved at IIW who are here and what we can do to take care of holders +[2021-05-11T16:21:12.002Z] Wayne: anyone want to provide input? +[2021-05-11T16:21:15.531Z] holder not necessarily the subject! This is VERY important to keep clear in all conversation, especially outside the group! +[2021-05-11T16:21:48.212Z] ...: are you willing to give examples of holders which may be different from subject and what those protocols are? +[2021-05-11T16:23:33.207Z] Adrian: the problem i see is that message oriented protocols put the cost of processing on the recipient. To the extent people are using DIDs and sending messages to the hodler and asking t odo things witht the wallet for example, without the ability to delegate or ask for refundable deposit to offset cost of processign we are treating Issuers/Verifiers/Hodlers as sovereigns rather than SSI. I'm looking for ways to deal with this asymmetry by either introducing anti-spam protocols and allow holder to delegate without censorship of issuer/verifier +[2021-05-11T16:23:52.118Z] present+ +[2021-05-11T16:24:33.847Z] q+ +[2021-05-11T16:25:13.183Z] ack Manu +[2021-05-11T16:25:23.301Z] ack agropper +[2021-05-11T16:25:29.147Z] Manu: I get your conern Adrian and share it. I havent seen that concern manifest itself on any existing protocols so it would help to name names, and show these attack vectors. I dont think any of us want to do that. I think there may be a gap in udnerstanding of what these protocols are trying to do whether CHAPI DIDcomm etc. THe holder in each of those are very much in the center. So i dont understand where is the problem? that would really help me if we can talk about it as an attack vector +[2021-05-11T16:25:52.106Z] q+ to note that delegation in scope +[2021-05-11T16:26:29.118Z] Adrian: for example delegation is not explicitly in scope for any of what you mentioned so unless you give the hodler the ability to delegate freely to a fiduciary similar to a patient delagating to doctor or an accused to delegate to lawyer, so you really cant be Self Sovereign unless you can delegate +[2021-05-11T16:26:32.544Z] ack manu +[2021-05-11T16:26:48.424Z] Manu: Chapi enables Delegation through ZCAPS so it can be atleast be done in that way. +[2021-05-11T16:26:57.894Z] Adrian: ZCAPS is not a protocol in the same sense +[2021-05-11T16:27:36.661Z] +1 vc-http-api from our side as plans for delegation +[2021-05-11T16:27:58.369Z] q? +[2021-05-11T16:27:59.514Z] present+ +[2021-05-11T16:28:00.340Z] Manu: there are demonstrable systems that do this today. so asserting you cant do it today isnt accurate. there are companies that are planning on supporting delegation and authorization through VC-HTTP-API. Not sure were DIDcomm is I'm not an expert. This discussion is important because theres a communication gap between implementers and rest of community +[2021-05-11T16:28:14.205Z] wayne: Would an implementer of delegation be willing to share their approach? +[2021-05-11T16:28:45.629Z] manu: I can speak but it probably warrants a presentation. +[2021-05-11T16:28:49.371Z] q+ +[2021-05-11T16:28:53.879Z] ack Manu +[2021-05-11T16:29:00.246Z] wayne: this might warrant longer discussion but a 2 sentence epxlanation might be nice +[2021-05-11T16:30:14.409Z] Manu: for an imperfect ex. our Issuers/Wallets etc enable delegation by goign to a site and asking for access to an EDV and the site would be able to request a delegation of a portion of your EDV to write to it. +* you go to site +* site requests delegate access +* site writes to your EDV +[2021-05-11T16:30:55.569Z] ...: we have other examples of VC-http-api where you can request delegation for ZCAPS where you invoke a ZCAP agaisnt that api and the api doesnt care if its you who the presenter is +[2021-05-11T16:31:02.886Z] for ref https://w3c-ccg.github.io/zcap-ld/ +[2021-05-11T16:31:05.045Z] q? +[2021-05-11T16:31:09.216Z] ...: thats why its confusing to me when i can see that these protocols already are delegating. +[2021-05-11T16:31:13.941Z] wayne: any other IIW topics? +[2021-05-11T16:31:15.426Z] I will note that all of this is horribly documented :) +[2021-05-11T16:31:30.750Z] +1 documentation needs improvement +[2021-05-11T16:31:31.695Z] ... and it's only folks working in the code that can see this stuff (easily) working today. +[2021-05-11T16:31:42.141Z] ... and even then it's difficult. +[2021-05-11T16:32:25.023Z] wayne: wanted to bring up the explosion of did methods. there are now 94+ with more being registered day by day. Some have misgivigns that this will make resolvers struggle to access all of them. Others thing its good because it allows for a variety of decisions based on usecase. any thoughts? +[2021-05-11T16:32:39.152Z] q+ +[2021-05-11T16:32:41.638Z] wayne: Markus any thoughts? +[2021-05-11T16:32:45.259Z] ack markus +[2021-05-11T16:33:07.333Z] I count 100 DID methods currently +[2021-05-11T16:33:13.361Z] in did-spec-registries +[2021-05-11T16:34:29.924Z] q+ to note that implementations aren't necessarily streaming in... so, perhaps it's not as bad as we think? +[2021-05-11T16:34:41.690Z] just because you can..... +[2021-05-11T16:35:05.277Z] Markus: Universal Resolver is more of a community project where we've had similar disucssions at DIF where its being maintained. As far as this topic is concerned i think people are creating methods when existing methods could be used. The original intention was to support different underlying registreis and systems and i think the rationale should be more robust only when you cant use existing systems. on the other hand i think it enables interop. On another note i dont think you need to support ALL methods and your use case should be able to have its own Trust/Gov frameworks that tell you which methods are acceptable +[2021-05-11T16:35:17.333Z] ...: i dont think theres a simple answer to this. +[2021-05-11T16:35:19.172Z] ack manu +[2021-05-11T16:36:43.581Z] Manu: one itneresting test is requesting implementations of registered methods, we've sent out an email asking for implementations to test against the infrastructure. We havent gotten a flood to date, should have a clearer picture in a couple of weeks, to make us understand how driven these spec writers are which should let us know the delta between spec writers and implementers. We may need to raise the bar to what it takes to get into the registry +[2021-05-11T16:36:58.528Z] ...: may be too easy to get in as all it needs is conceptual +[2021-05-11T16:37:16.371Z] q+ did methods in practical use +[2021-05-11T16:37:18.974Z] present+ +[2021-05-11T16:37:24.355Z] ack mprorock +[2021-05-11T16:37:26.118Z] ...: we may come to understand that 60% of methods may not be implemented or that they are actually implementing many of them +[2021-05-11T16:37:29.843Z] super late to the call, sry. +[2021-05-11T16:37:59.971Z] q? +[2021-05-11T16:38:18.125Z] q+ +[2021-05-11T16:38:19.444Z] mike: I think your concerns are well said, on our standpoint we're looking typically looking at our customers/systems and crosschecking with crypto. currently we're supporitng did:key/web and looking toe explor edid:v1 +[2021-05-11T16:38:20.970Z] q+ +[2021-05-11T16:38:31.125Z] Q+ +[2021-05-11T16:39:01.423Z] ack Wayne_Chang +[2021-05-11T16:39:07.853Z] q+ to ask if "where are things converging, finally?"... "where are things diverging?" +[2021-05-11T16:39:07.902Z] ...: activity side should be supported by action there appears to be lots of overlap. Some example thats interesting is securekeys' work on showing categories of systems based onimlementations. +[2021-05-11T16:39:09.118Z] ledger portability is a lot of complexity, but it can also be the holy grail feature of dids. +[2021-05-11T16:39:31.903Z] +1 orie +[2021-05-11T16:39:57.863Z] q+ advantages of items like did:web +[2021-05-11T16:40:04.451Z] q? +[2021-05-11T16:40:18.933Z] wayne: i really wanted to +1 on different sources of VC registries and we need to make it interop then we need DID methods to work with other systems. even if theyre in the camp of theres one true method that we need to converge on, I think its going to run into real challenges based on hardware improvements. +[2021-05-11T16:40:21.825Z] and remember, each did method can pick an unbounded number of potentially non interoperable representations... so its even worse when you add cross representation interop to cross did method interop. +[2021-05-11T16:40:45.952Z] q? +[2021-05-11T16:40:46.038Z] ...: looking to improve rubrick to become more testable, like is it able to issue ED25519 key etc. +[2021-05-11T16:40:49.506Z] ack Mahmoud +[2021-05-11T16:41:27.204Z] Mahmoud_Alkhraishi: One thing that has been raised is too many DID methods is a nightmare for developers to get started. What really helped was community members giving a starting point: look at 1, 2, and 3. +[2021-05-11T16:41:43.979Z] Mahmoud_Alkhraishi: How feasible would it be to have "recommended methods" in the spec for new developers to get started. +[2021-05-11T16:41:47.797Z] q? +[2021-05-11T16:41:48.253Z] 1.) did:key, 2.) did:web... 3.) pick a blockchain and representation religion +[2021-05-11T16:41:50.194Z] ack Kim +[2021-05-11T16:41:54.990Z] +1 orie +[2021-05-11T16:41:57.333Z] q+ to address "these are recommended methods" -- sounds like a DIF thing, maybe. +[2021-05-11T16:42:51.173Z] q- manu +[2021-05-11T16:42:54.501Z] q- manu +[2021-05-11T16:44:02.499Z] q? +[2021-05-11T16:44:05.620Z] ack mprorock +[2021-05-11T16:44:06.531Z] Kim: recommending seems out of scope of CCG. im not worried because i think we need to popularize rubrick. We had simple criteria, like cost/opensource/crypto/does it support rotation etc. With those heuristics we reduced it to two/three methods as a way to sift through methods. I realize keeping track is a huge burden so i see the value of the rubrick approach +[2021-05-11T16:44:19.999Z] +1 Kim's rubrics +[2021-05-11T16:44:32.984Z] q+ to note we have to stop talking about did:web as one thing until there is a conformance test suite. +[2021-05-11T16:45:17.333Z] ack Manu +[2021-05-11T16:45:20.595Z] mike: DID:WEB was great because it had easy adoption especially on the enterprise side, so when we look at orgs that have gone to great lengths on the cybersecurity aspect of it, it works well and fits great with those orgs. +[2021-05-11T16:45:32.900Z] lol, yes +[2021-05-11T16:45:37.896Z] LOL Manu +[2021-05-11T16:46:05.760Z] q+ +[2021-05-11T16:46:16.920Z] that is part of our motivation for that interop profile on the trace side +[2021-05-11T16:46:19.712Z] manu: we need to make DID:WEB a drinking game. we keep talking about it like its one thing but theres huge confusion in marketplace as to what it is. Would love to have a conformance test suite and what features are htey really usuing. like what signing certs etc. everytime people talk about did:Web its ambigiuous +[2021-05-11T16:46:28.553Z] also +1 Kim's rubrics +[2021-05-11T16:46:57.625Z] I wouldn't say protocols re diverging +[2021-05-11T16:46:59.724Z] q? +[2021-05-11T16:47:02.066Z] q+ +[2021-05-11T16:47:04.484Z] ack ag +[2021-05-11T16:47:13.490Z] manu: interested to hear from IIW on whats converging and whats diverging. +for ex: BBS finally have a selective discolusure scheme. unfortunatly theres many protocols coming up. itneresting to see what other poitns peple found. +[2021-05-11T16:47:50.726Z] But if did:web takes off, how will we sell expensive blockchain solutions/ +[2021-05-11T16:47:55.970Z] /s :) +[2021-05-11T16:48:29.704Z] We are using did:web for issuers in DCC deployments. I can talk to that some time. +[2021-05-11T16:48:30.933Z] did:web will never take off unless we have interop with it :) +[2021-05-11T16:48:32.417Z] adrian: i think its incumbent on us as a community to be clear on how DID:web should/could be used as its an essential component of SSI as it has an expectation that the issuer/verifier would be using DID:web for good reason. To me as kim started to allude to we have DID:key and DID:web which appear very obvious and then we have everything else. Not sure what Manu meant by drinking game, but if its not a useful framing then we should have that discussion +[2021-05-11T16:48:33.450Z] hahaha Orie - but to be fair, expensive blockchain solutions do provide features & affordances that did:web doesnt :) +[2021-05-11T16:48:34.106Z] ack or +[2021-05-11T16:50:03.958Z] Orie: to provide backround on protocol assertions are diverging, i actually think gheyre converging we know theres OIDF DIF CCG theres some converging happening with CCG and DIF around protocols either by picking from existing communities or make our own. We're in a position now to start embracing leading indicators and helping them break through. This time IIW felt ocllaborative and constructive and it felt good to have didcomm and others to get closer and closer and see a path to unification +[2021-05-11T16:50:11.672Z] ..: are you ok wit htraceabliity-interop for repo +[2021-05-11T16:50:14.169Z] q? +[2021-05-11T16:50:15.942Z] Orie: sure +[2021-05-11T16:50:35.009Z] wayne: any other IIW questions? any other topics sessions they wanna disucss? +[2021-05-11T16:50:38.591Z] q+ +[2021-05-11T16:50:43.071Z] ack Manu +[2021-05-11T16:50:51.581Z] q+ +[2021-05-11T16:52:02.908Z] ack agro +[2021-05-11T16:52:03.571Z] luckily there are the same people working in all of those groups :) +[2021-05-11T16:52:08.355Z] Manu: Whats nagging at me is that i want t obelieve that protocols are converging. typically when you see work happening on multiple different gorups its clear theyre diverging. when different specs pop up and while i want t obelieve everyone has the best intention if groups of people are working on different things its almost guaranteed to diverge in some way. The second you dont have everyone in the same room you have divergence even if it shows up down the line +[2021-05-11T16:52:19.245Z] including Adrian, myself, etc.. +[2021-05-11T16:52:30.777Z] +q to speak to DID Resolvers going forward +[2021-05-11T16:53:48.208Z] Adrian: i want to agree with manu, i dont really see the convergence and dont think all these groups is helpful. IIW: there were 4-8 sessions on Keri/trust frames and alternatives to verifiable data registries of the ilk KERI represents and this seems to have opened up a different path that isnt based on any ledger, but rathe rits a challenge to side-tree protocols by talking about witnesses notaries etc. and am curious if others noticied this too +[2021-05-11T16:53:51.891Z] q? +[2021-05-11T16:54:52.225Z] heh it is another early thing. but definitely a divergent one :) +[2021-05-11T16:54:57.985Z] Kaliya: IIW is an open forum where agenda is created by people there. I see it as an interesting development but it seems really early that while cool and interesting doesnt really change what is currently being worked on. +[2021-05-11T16:55:04.400Z] q? +[2021-05-11T16:55:06.466Z] ack Anil +[2021-05-11T16:56:53.204Z] q? +[2021-05-11T16:56:54.898Z] Anil: Just going back to earleir conversations about did methnod choices etc. I think one of the underrated aspects is the global resolution capabilities, we're coming to the realization that resolution is a core infra capability where people need to understand and they need to deploy ala DNS servers. the question is if you're going t odo that are tehre test suites that test did resolution capabilities? Would love to have a conversation on resolution's future and how do we know its being done correctly? +[2021-05-11T16:56:57.440Z] q+ +[2021-05-11T16:56:57.731Z] q+ resolution was supposed to be separate. +[2021-05-11T16:57:01.082Z] ...: and conversation on future +[2021-05-11T16:57:04.077Z] q- manu +[2021-05-11T16:57:05.394Z] did resolution barely made it into did core... and its pretty poorly tested via a data model only approach... we need http/grpc/etc resolution test suite. +[2021-05-11T16:57:06.273Z] ack markus +[2021-05-11T16:58:12.590Z] q? +[2021-05-11T16:58:19.422Z] Markus: In the did working group theres been discussion on resolution and how it fits in and theres been discussions on the boundaries /scope and the result is the DID core does not define concrete protocols but only an abstract interface. therefore test suite does not actually invoke or test implementations but that could be its own test item +[2021-05-11T16:58:21.295Z] q+ +[2021-05-11T16:59:20.901Z] Work item on DID Resolution exists: https://w3c-ccg.github.io/did-resolution/ +[2021-05-11T16:59:26.415Z] wayne: Back to what i was saying about method traits theres been some aspects, theres some implications on your security method whether its did:web or a blockchain based method which puts them into different categories. Would be interested to collab and work on this together +[2021-05-11T16:59:32.666Z] q+ +[2021-05-11T16:59:36.240Z] ack agr +[2021-05-11T16:59:38.239Z] ack way +[2021-05-11T16:59:40.892Z] ...: might be ag reat way to extend current did-resolution work item +[2021-05-11T17:00:16.214Z] adrian: should we be elevating the importance revocation and rubricks when talkign about the did:methods? right now it seems all over the place, maybe justifiable so. +[2021-05-11T17:00:35.782Z] wayne: two important tpoics going forward: +* delegation +* revocation +[2021-05-11T17:00:38.541Z] wayne; thansk for coming diff --git a/2021-07-06/irc.log b/2021-07-06/irc.log index 19260cdc..7c3784a7 100644 --- a/2021-07-06/irc.log +++ b/2021-07-06/irc.log @@ -15,6 +15,7 @@ [2021-07-06T16:04:17.085Z] present+ [2021-07-06T16:04:49.715Z] i can scribe [2021-07-06T16:04:57.387Z] as soon as i fix my audio :( +[2021-07-06T16:04:57.387Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0005.html [2021-07-06T16:05:27.869Z] present+ [2021-07-06T16:05:38.069Z] scribe: Bumblefudge [2021-07-06T16:06:00.150Z] Topic: introductions and reintros diff --git a/2021-07-20/audio.ogg b/2021-07-20/audio.ogg new file mode 100644 index 00000000..77257ca2 Binary files /dev/null and b/2021-07-20/audio.ogg differ diff --git a/2021-07-20/group.txt b/2021-07-20/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-07-20/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-07-20/irc.log b/2021-07-20/irc.log new file mode 100644 index 00000000..9f3581a7 --- /dev/null +++ b/2021-07-20/irc.log @@ -0,0 +1,276 @@ +[2021-07-20T15:58:37.265Z] present+ +[2021-07-20T15:58:37.266Z] present+ +[2021-07-20T15:59:30.889Z] present+ +[2021-07-20T16:00:01.959Z] present+ +[2021-07-20T16:00:22.256Z] present+ +[2021-07-20T16:00:24.139Z] present+ +[2021-07-20T16:00:36.553Z] present+ +[2021-07-20T16:00:41.171Z] present+ +[2021-07-20T16:01:26.983Z] present+ +[2021-07-20T16:01:36.364Z] present+ +[2021-07-20T16:01:36.542Z] present+ +[2021-07-20T16:01:44.282Z] present+ +[2021-07-20T16:01:53.124Z] present+ +[2021-07-20T16:02:20.706Z] present+ +[2021-07-20T16:02:23.316Z] present+ +[2021-07-20T16:02:29.753Z] present+ +[2021-07-20T16:02:34.840Z] present+ +[2021-07-20T16:03:07.585Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0121.html +[2021-07-20T16:03:08.585Z] NEXT MEETING: +Kerri Lemoie will update the group on Open Badges, If he is available, Anthony Camilleri will provide a quick overview on Europass, and we will get some thoughts from Identity and supply chain focused thought leaders on techniques in those spaces that may aid or streamline EDU focused efforts (Orie Steele, and Tobias Looker). + +Tuesday, July 20th 2021 +Time: Tuesdays, at 9am PT, Noon ET, 5pm GMT, 6pm CET / 6AM+1 NZDT +(see: https://www.timeanddate.com/worldclock/converter.html?iso=20210720T160000&p1=tz_pt&p2=tz_et&p3=tz_cest&p4=tz_bst) + +Text Chat: + http://irc.w3.org/?channels=ccg + irc://irc.w3.org:6665/#ccg + +Jitsi Teleconf: + https://meet.w3c-ccg.org/weekly + +Voice: + US phone: tel:+1.602.932.2243;1 + +We are working on SIP dial-in and international phone numbers. + +Duration: 60 minutes + +MINUTES FROM LAST MEETING: +https://w3c-ccg.github.io/meetings/ + +MEETING MODERATOR: Michael Prorock +PROPOSED AGENDA: +1. Agenda Review (2 minutes) +2. IP Note: (1 minute) +Anyone can participate in these calls. However, all substantive contributors to any CCG Work Items must be members of the CCG with full IPR agreements signed. https://www.w3.org/community/credentials/join + a. Ensure you have a W3 account: https://www.w3.org/accounts/request + b. W3C COMMUNITY CONTRIBUTOR LICENSE AGREEMENT (CLA): https://www.w3.org/community/about/agreements/cla/ +3. Call Notes (1 minute) + a. These minutes and an audio recording of everything said on this call are archived at https://w3c-ccg.github.io/meetings/ + b. We use IRC to queue speakers during the call as well as to take minutes. http://irc.w3.org/?channels=ccg or http://irc.w3.org:6665/#ccg or the Jitsi text chat. + c. All attendees should type “present+” to get your name on the attendee list in the transcript. + d. In IRC type “q+” to add yourself to the queue, with an optional reminder, e.g., “q+ to mention something”. The “to” is required. + e. If you’re not on IRC, simply ask to be put on the queue. + f. Please be brief so the rest of the queue get a chance to chime in. You can always q+ again. + g. NOTE: This meeting is held by voice, not by IRC. Off-topic IRC comments are subject to deletion from the record. We work hard to manage a single thread of conversation so everyone can participate and be heard. Please respect the group process by joining the queue when you have something to contribute. +4. Scribe Selection (2 minutes) +We need a volunteer to scribe. Scribe List: https://docs.google.com/document/d/1LkqZ10z7FeV3EgMIQEJ9achEYMzy1d_2S90Q_lQ0y8M/edit?usp=sharing +5. Introductions & Reintroductions (5 minutes --> :11) (see scribe doc for reintroduce column) +6. Announcements & Reminders (2 minutes) +https://w3c-ccg.github.io/announcements/ +7. Progress on Action Items (5 minutes --> :18) +https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 +8. Open Badges (Kerri Lemoie) (15mins+) +9. Europass (Anthony Camilleri) +10. Reactions and broader thoughts / cross domain (Orie & Tobias) (10mins) +11. General Q&A and Discussion +[2021-07-20T16:03:20.772Z] present+ +[2021-07-20T16:03:52.908Z] present+ +[2021-07-20T16:05:30.644Z] hi Mike +[2021-07-20T16:05:33.572Z] i can scrigbe +[2021-07-20T16:05:35.725Z] scribe* +[2021-07-20T16:05:38.519Z] present+ +[2021-07-20T16:05:40.293Z] scribe+ +[2021-07-20T16:05:40.956Z] thanks mahmoud! +[2021-07-20T16:06:04.157Z] /me regrets not being able to scribe today +[2021-07-20T16:06:08.882Z] Mike: Scribe selection, IPR note and intro to meeting +[2021-07-20T16:06:09.625Z] q+ +[2021-07-20T16:06:18.690Z] ...: Introductions! +[2021-07-20T16:06:36.708Z] present+ +[2021-07-20T16:06:41.761Z] Mike Varley: Saying hi to those who haven't met me. Architect at Secure Key and work on the VC- HTTP-API work and happy to be here. +[2021-07-20T16:06:54.543Z] Mike: any other re-intros? +[2021-07-20T16:07:15.568Z] present+ +[2021-07-20T16:07:17.249Z] mprorok: moving on. Looking for upcoming announcements. +[2021-07-20T16:07:18.998Z] https://w3c-ccg.github.io/announcements/ +[2021-07-20T16:07:19.294Z] present+ +[2021-07-20T16:07:33.442Z] q+ +[2021-07-20T16:07:47.133Z] https://internetidentityworkshop.com/ +[2021-07-20T16:07:49.809Z] Heather: Reminder there are a couple of special IIW meetings. +[2021-07-20T16:08:16.575Z] ack manu +[2021-07-20T16:08:20.390Z] q? +[2021-07-20T16:08:26.963Z] present+ +[2021-07-20T16:08:26.999Z] ack Mike_ +[2021-07-20T16:08:38.818Z] Here is Kaliya's email about the IIW special tpics: https://lists.w3.org/Archives/Public/public-credentials/2021Jul/0110.html +[2021-07-20T16:08:43.392Z] Woohoo! Congrats! +[2021-07-20T16:09:18.037Z] Beat me by a second Heather! Nice draw! Thx +[2021-07-20T16:09:23.374Z] Manu: the DID working group, voted to transition the did: spec to the proposed recommendation stage, this is the last stage of work on the spec by hte group. The next stage is the W3C votes on the vote to become a standard or not. This is mostly autopilot and the expectation is after the month it transitions into a standard. +[2021-07-20T16:09:37.572Z] Awesome news, Manu! +[2021-07-20T16:09:54.370Z] ...: huge props to the community for incubating the work and transitioning it to a full Spec! we almost have another global standard under our belt +[2021-07-20T16:10:03.394Z] Congrats...we almost DID it :) +[2021-07-20T16:10:09.179Z] mike: did the provision around enabling features go through? +[2021-07-20T16:11:04.364Z] Manu: no it failed! we were going to enable a mode in the spec to update it in the core spec with a quick turnaround of 3-6 months but there we re a nubmer of legitimate objections including we had a DID spec registries to update and there was a desire for stability. +[2021-07-20T16:11:13.512Z] q+ +[2021-07-20T16:11:18.826Z] ...: this will all be in the minutes which will be published soon. This is not a bad thing. +[2021-07-20T16:11:29.244Z] Mike: was curious to see how this new process would shake out. +[2021-07-20T16:11:31.259Z] q? +[2021-07-20T16:11:36.686Z] An announcement that there will be presentation to IMSGLOBAL for a new version of the Open Badge Model (OBv3) this Thursday morning. While the presentation is restricted to IMSGLOBAL members, there is an open GitHub where the proposal can be found (https://github.com/IMSGlobal/openbadges-specification) and comments can be offered. +[2021-07-20T16:11:38.153Z] ack heath +[2021-07-20T16:11:52.395Z] present+ +[2021-07-20T16:11:59.063Z] present+ +[2021-07-20T16:12:37.715Z] Note this OBv3 is to move the Open Badge to be fully compliant VC in the Verified Credential ecosystem. +[2021-07-20T16:12:44.784Z] Heather: Congrats everyone! One of the reasons i want to be involved in CCG. I'm wondering if theres interest of a timeline or a recap of how the idea came out, got into CCG, both to tell the story of hte work and to share the process! Curios if theres interest in putting something together from the community. +[2021-07-20T16:13:15.012Z] q? +[2021-07-20T16:13:15.340Z] I think it's a really good thing to document history -- we do have transcriptions, but no one is going to go back and read everything. There will be many parents (of success) :) +[2021-07-20T16:13:19.365Z] Yup! That's what I was thinking +[2021-07-20T16:13:20.969Z] Thanks P1 - I'm going to be presenting the Obv3 proposal today. +[2021-07-20T16:13:21.965Z] Mike: i think thats a great question, and I have an interest and would help facilitate work on that from the broader community +[2021-07-20T16:13:37.685Z] :-) +[2021-07-20T16:13:48.072Z] q? +[2021-07-20T16:13:58.051Z] Heather: Part of this is myself selfishly wanting to help other folks to understand and get the story of how it happened +[2021-07-20T16:14:20.588Z] ...: this is a community effort and there are a lot of folks in the community +[2021-07-20T16:14:22.304Z] Sounds great! +[2021-07-20T16:14:30.310Z] Q+ +[2021-07-20T16:14:39.100Z] q? +[2021-07-20T16:14:44.865Z] present+ +[2021-07-20T16:14:51.284Z] I have the https://www.eventbrite.com/e/user-experience-in-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-159946001797 +[2021-07-20T16:15:10.480Z] Kaliya: I jsut wnated to share that this week we have the UX workshop as a special IIW topic and in two weeks we have one on the business of SSI +[2021-07-20T16:15:12.961Z] q? +[2021-07-20T16:15:30.245Z] q- identitywoman +[2021-07-20T16:15:57.302Z] The business of SSI - IIW Special Topic event - https://www.eventbrite.com/e/the-business-of-ssi-an-iiw-special-topic-12-day-virtual-event-tickets-161249943923 +[2021-07-20T16:16:06.388Z] Mike: i met Keri on the 101 group and thats my first real cross intersection of people working on the vc-edu and open badges and we thought it would be very helpful since theres great headway on the open badges side, talking about where things are , where theyre going and more! +[2021-07-20T16:16:43.959Z] https://docs.google.com/presentation/d/13-NI6UGFZb5rCoLLTVTI8w2eN3BdVsPGhYRuoLCmBN8/edit#slide=id.p +[2021-07-20T16:17:00.315Z] Kerri: The link shared are the slides for the discussion today +[2021-07-20T16:17:03.004Z] PDF proposal: https://github.com/concentricsky/openbadges-specification/blob/feature/ob3/proposals/OBv3p0/Proposal-Open-Badges-3.0.pdf +[2021-07-20T16:17:17.470Z] PR: https://github.com/IMSGlobal/openbadges-specification/pull/303 +[2021-07-20T16:17:20.071Z] ...: a link to PDF for the proposal and a link to the PR where we'd love your input +[2021-07-20T16:18:13.958Z] Kerri: as Mike and phil mentioned in the chat we're proposing open badges as aligned with the VC data model +[2021-07-20T16:18:42.200Z] present+ +[2021-07-20T16:18:49.111Z] ...: the VC Edu task force is working on making a recommendation, considering theres a plethora of standards already existing and how can we wrap them all into a unified envelope +[2021-07-20T16:19:47.951Z] ...: Lets try it with a single standard achievement (open badges) and see how it goes. Ive been working with it for quite a while ( 10 years). this needs to be validated by IMS global who will be asked to approve so we can work on it and improve. This is afirst take at the proposal and is by no means finished +[2021-07-20T16:20:02.971Z] present+ +[2021-07-20T16:20:08.388Z] ...: ope nbadges is a recognition system using digital badges to recognize skills and achievements outside formal institutions +[2021-07-20T16:20:25.559Z] ... how it works is tehres a digital graphic and theres metadata in the photo that has the achievement. +[2021-07-20T16:20:38.689Z] q? +[2021-07-20T16:21:15.306Z] ....: this data is hosted by the issuer and if it goes away it can 404. this can be signed by the issuer and does not have the properties of time/verifiability that VCs do. +[2021-07-20T16:21:19.727Z] present+ +[2021-07-20T16:21:22.075Z] present+ +[2021-07-20T16:21:36.516Z] ...: Open badges contributed to the very first VC use cases, in 2015 we started mvoing them to JSON-LD +[2021-07-20T16:22:11.493Z] ...: i work for Concentric Sky, and we're very much about open standards and interop and we believe in SSI and giving people control over their info +[2021-07-20T16:22:41.194Z] ...: some of this work started a long time ago, (2018) there have been issues at IMS global and we've been discussing this in VC-EDU +[2021-07-20T16:23:13.301Z] ...: because its a well known standard we've realized that we can keep trying to make it work between both VCs and Open badges, we said lets go all in and make Open Badges native VCs. +[2021-07-20T16:23:19.891Z] ...: these are the over all design goals +[2021-07-20T16:24:09.586Z] ...: Align with VC Data Model; Issuer and Recipient URIs; Badge Creater concept; Integrate CLR; Skill Assertions; Verifiable Presentations +[2021-07-20T16:24:12.936Z] q+ to ask about issuer/receipient DIDs -- what does the market need? +[2021-07-20T16:24:55.585Z] present+ +[2021-07-20T16:25:29.202Z] ...: We're looking to add open badges community and you should all roughly know what a VC assertion is: crypto proof, tamper evident, an assertion and makes badge baking optional ( putting metadata in an image) +[2021-07-20T16:25:50.505Z] ...: Images have been a main point of open badges because theyre hosted its usually an html with an image, what we're suggestign is it could be optional. +[2021-07-20T16:26:07.561Z] ...: we believe this increases trustworthiness in open badges and allow integrations to VC wallets +[2021-07-20T16:26:58.513Z] ...: on the left is the current spec , the right hand side is current proposal where the badge class is part of the credential subject and it could be the issuer or someone else. and we ofcourse want to use teh VC proof +[2021-07-20T16:27:39.311Z] q? +[2021-07-20T16:27:39.354Z] ...: because we have the isseur at the assertion level, the recipients have been emails sicne the begining and usually they like using emails not urls, we would like to eventually make a shift to dids/urls +[2021-07-20T16:27:41.270Z] ack manu +[2021-07-20T16:27:58.659Z] Manu: the VC spec is like any URL will work, mailto with an email, http url or did etc. +[2021-07-20T16:28:04.196Z] mailto would work. +[2021-07-20T16:28:29.571Z] ...: we had contemplated do we want to work on did:web and standardize it, is there an industry need to adopt, hwere does the industry seem to want to go +[2021-07-20T16:28:44.998Z] <3 did:web !!! +[2021-07-20T16:28:49.057Z] Kerri: it varies i think we need ot use did:web because itll be a while till peole understand dids and i think the VCC wallet +[2021-07-20T16:29:06.900Z] Kerri: Digital Credential Consortium learner wallet *** not VCC +[2021-07-20T16:29:39.624Z] present+ +[2021-07-20T16:30:08.253Z] Kerri: This is what i was saying earlier abouyt badge creator, the issuer is referenced by the badge, and the issuer makes hte badge, there has been calls for extensions and there are many times where the creators of the credentials arent doingthe assessment of the task +[2021-07-20T16:31:02.799Z] +1 for Rubrics! +[2021-07-20T16:31:03.667Z] ...: Two properties that are being looked at from the IMS global CLR global badges achievemnt type, people downplay badges whats a badge etc. Adding this type would generalise and solidify that understanding and would show levels of mastery and tying achievements to descriptors. if interested look int oopen skills network +[2021-07-20T16:31:14.950Z] OSN https:openskillsnetwork.org +[2021-07-20T16:32:10.131Z] ...: Skill assertion is just skipping the badge class, and make an assertion referencing the single skill like: i know how to write proposal, and the assertion is kerri can write proposal. This forgoes the need for a badge class and simplifies the standard and allows assertions that are simpler +[2021-07-20T16:33:19.211Z] q+ to ask about challenges +[2021-07-20T16:33:21.849Z] ...: VPs are ver y new to open badges, most peopel share them on social media, and they might email them to someone. I had a convo with someone about VCs, folks are very much printing badges etc. We have wallets that allow bundling of badges and allow people to have control over their own credentials. this is new to open badges even if not just this community +[2021-07-20T16:33:23.662Z] q? +[2021-07-20T16:33:29.376Z] q+ +[2021-07-20T16:33:43.895Z] q- +[2021-07-20T16:33:45.880Z] Useful writeup from Kerri as well - https://kayaelle.medium.com/the-future-of-open-badges-is-verifiable-bce27664a668 +[2021-07-20T16:33:49.746Z] q+ to ask about challenges +[2021-07-20T16:34:01.848Z] Note the RSDs have additional metadata beyond the descriptor, though to date they are blank (text) fields. There is also a URL alignment field associated with RSD. +[2021-07-20T16:34:07.076Z] Mike: before we dive into questions i wanted to pre-seed the discussion topic a bit to bring in two poeple who don't work in EDU and will ask for commentary from Orie and Mike Varley +[2021-07-20T16:34:33.013Z] +1 to quick commentary/reaction! :) +[2021-07-20T16:34:34.097Z] ...: we found overlap from edu and other groups wanted to get some quick commentary and reaction from them first in the interest of cross-pollinating +[2021-07-20T16:34:36.770Z] I like the format. +[2021-07-20T16:34:55.863Z] <3 +[2021-07-20T16:35:31.034Z] Orie: Generally excited about open badges, one of the things thats challenging is theres many use cases where you want them verifiable but never publicly share them, which can be challenging and lead to challenges with issuer/subject id methods +[2021-07-20T16:35:50.389Z] ...: public credentiasl lead to public reputation which is either a feature or defect depending on where you stand +[2021-07-20T16:35:59.539Z] q+ +[2021-07-20T16:36:22.701Z] q- +[2021-07-20T16:36:27.972Z] ...: i liekd the PR and tehres number of consdierations on graphic encoding of credentials which i'm not prepared to talka bout rn. DCC has made some great choices. +[2021-07-20T16:36:56.204Z] q+ to talk about CBOR-LD for JSON-LD +[2021-07-20T16:36:58.505Z] Mike: i know we've run into many printing VCs, Qrs etc and this is definitely a hting in the EDU world. +[2021-07-20T16:37:10.579Z] q? +[2021-07-20T16:37:37.375Z] mvarley: i think this initiative and combinign with VCs could be very powerful and have long reaching arms in the use-cases and industries weve worked with. +[2021-07-20T16:37:42.898Z] present+ +[2021-07-20T16:39:28.868Z] ...: while we've mostly focused on who you are, we've run into many industries where credentials and qualifiecations run into play where it intersects with personal workflows, like i need to open a resturant and know what certs i need, it also fits into the supply chain work we've seen, like is this person trained to operate a forklift etc. Building that kind of portfolio of credentials is important and i wanted to relate it back to another topic, there are scenarios of people who have found themselves homeless, and want t oget into the workforce, and they want to get trainign certs and its very difficult when its paper based. +[2021-07-20T16:39:41.971Z] ...: having an e-format woudl make this muc hsimpler so very excited for hits work +[2021-07-20T16:40:14.762Z] ack agropper +[2021-07-20T16:40:17.795Z] Mike: appreciate that tie in to individual skill validation, as its something we see in teh food/ag space where an open badge is issued for osmoene in the food processing plant which can then be linked to a VC for shipment etc. +[2021-07-20T16:40:19.004Z] q? +[2021-07-20T16:40:42.799Z] "Proof that presenter has control of the credentials" +[2021-07-20T16:40:44.611Z] Adrian: back to Kerris' last slide: something about proving that the subject of the credential is the holder of their credential +[2021-07-20T16:41:04.047Z] ...: but not necessarily possession? +[2021-07-20T16:41:10.853Z] sounds like textbook vp definition.... +[2021-07-20T16:41:23.666Z] from the spec section of subject and holder. +[2021-07-20T16:41:24.080Z] +1 +[2021-07-20T16:41:28.763Z] +1 control +[2021-07-20T16:41:38.449Z] KErri: i think we still have room to learn, but it hink we just wanted to make that something like this is possible, im not sure about possession/ control. +[2021-07-20T16:41:46.114Z] Presenter is necessarily a Holder +[2021-07-20T16:41:46.123Z] +1 manu & orie +[2021-07-20T16:41:47.669Z] Adrian: just looking for a usecase for that brief example. +[2021-07-20T16:42:06.483Z] possession is required to perform verification, but it doesn't need to come from the holder +[2021-07-20T16:42:10.813Z] neither is necessarily the Subject +[2021-07-20T16:42:31.031Z] Kerri: because there isnt a way for someone to have a brief way, just because you have an open badge does not mean you actually have the open badge, isnt that an identity not a control issue. +[2021-07-20T16:42:33.621Z] ack Manu +[2021-07-20T16:42:39.413Z] q? +[2021-07-20T16:42:54.552Z] See: https://www.w3.org/TR/vc-data-model/#subject-holder-relationships +[2021-07-20T16:43:00.297Z] Adrian: isnt that an identity not a control issue? +Kerri: sorry cant answer atm. +[2021-07-20T16:43:42.012Z] Manu: great proposal so far, what kind of pushback are you getting so far? why cant we take our current format rn and shove in a VC and work with it? what do you feel is the biggest soucrce of friction and challenge in moving it forward in IMS. +[2021-07-20T16:43:53.792Z] adrian IMO, identity is established by VCs rather than the other way around +[2021-07-20T16:44:15.498Z] There's always a competing specification :P +[2021-07-20T16:44:27.564Z] Kerri: IMS has a comprehensive learner record Spec and we're looking for how they align with Open badges and CLRs and some of the people who are working there are wondering why we arent including CLRs in the initial prposal and i think thats where some friciton is. +[2021-07-20T16:44:35.044Z] ... and there is always room to align (or diverge). +[2021-07-20T16:44:39.562Z] Q +[2021-07-20T16:44:45.249Z] Q+ +[2021-07-20T16:45:01.325Z] ...: some is also from people who are working 2.0 and dont want to shift, and theres always a version gap and mayb e some tiem before we get people up to speed to latest version +[2021-07-20T16:45:36.479Z] ...: tehres also some gap as most people assosciate html as part of the spec when it isnt. and tehres some friciton there as the backend json is the spec not the html. people can still keep their prettyHTML. +[2021-07-20T16:45:37.438Z] ack Orie +[2021-07-20T16:47:09.194Z] Orie: i wanted to talk about VC encoding that is machine readable, QR code is pretty much impossible for a credential that says somethign extensive about the VC. CBOR-LD has had some work to help compress the work and the binary representation isnt a VC spec compliant format and so if you have JSON-LD VCs you can convert to CBOR-LD bakc and forth up to a certain size limit +[2021-07-20T16:47:12.628Z] +1 @manu..always ;) +[2021-07-20T16:47:13.057Z] ack Phil_L +[2021-07-20T16:47:16.298Z] Yes, exactly what Orie said AND there is a digital signature on the VC -- they're verifiable QR Codes. +[2021-07-20T16:47:16.798Z] use DIDmeme to produce steganographed VC in photo of badgewearer (instead of QRcode)! ;-) +[2021-07-20T16:47:39.622Z] :) +[2021-07-20T16:47:52.574Z] Kerri: somewhat related to the badge images, i always wanted the image to associated with the achievement. I wanted each image to have a reflection of the image itself and be verifiable. +[2021-07-20T16:48:13.112Z] q? +[2021-07-20T16:48:46.254Z] Phil: +1 to the CBOR-LD approach. It was intriguing and powerful, looking at some of the pushbacks and concerns int he context of ims global. +[2021-07-20T16:49:19.550Z] ...: there is another thing tha tis more associated with an interest that is more institutional and that extends not jsut to all the courses they have taken but also to competencies they have achieved. +[2021-07-20T16:50:18.795Z] ...: the CLR tends to make it big and allows each to make them signed and wrap together with an envelope of a VC but to do that wrapping is a separate application adn that is done before that badge in teh wrapped VC form is able to sent to a wallet. tehres an added complication that the CLR does not natively support a VP. +[2021-07-20T16:50:33.348Z] q? +[2021-07-20T16:50:58.075Z] q+ +[2021-07-20T16:51:04.797Z] Mike: i find this area fascinating and public facing and can look innocuous. +[2021-07-20T16:51:08.365Z] ack manu +[2021-07-20T16:51:35.365Z] Comments here: https://github.com/IMSGlobal/openbadges-specification/pull/303 +[2021-07-20T16:51:35.739Z] Manu: What can we do as a community to supoprt you? i think most of us are supportive of it, what can we do to help IMS global make the transition +[2021-07-20T16:51:48.637Z] Kerri: first thing is make comments on the PR, any comments go a long way. +[2021-07-20T16:52:09.133Z] Phil: that will go into teh record of the conversation, unfortunately its limited to IMS global members, and so its closed to teh public +[2021-07-20T16:52:23.860Z] present+ +[2021-07-20T16:52:45.555Z] Thank you, crystal clear +[2021-07-20T16:52:46.745Z] ...: the second thing is anythign tha tmight reflect communities you represent and anything tha tmight show the selection of badges you might use in hte communities. statements to the alignment of the approach would be wonderful +[2021-07-20T16:52:54.508Z] Kerri: the examples discussed today would be great. +[2021-07-20T16:53:02.129Z] q? +[2021-07-20T16:53:08.089Z] Kerri: once its approved, im sure we'll be leaning on you for all kinds of supports to get it done well +[2021-07-20T16:53:41.631Z] q+ +[2021-07-20T16:53:54.771Z] ack kerri +[2021-07-20T16:53:54.856Z] q+ thanks to Mike for a great call +[2021-07-20T16:54:03.640Z] Kerri: Wanted to say thank you for having us and for the support. +[2021-07-20T16:54:18.498Z] Mike: i dont think theres enough cross polination and i think therse also room for cross-interop +[2021-07-20T16:54:33.262Z] ...: thats one of the most powerful things in the community. +[2021-07-20T16:54:34.580Z] ack hea +[2021-07-20T16:54:37.410Z] q? +[2021-07-20T16:54:41.576Z] +1 cross-pollinate y’all! 🐝 +[2021-07-20T16:54:45.940Z] +1! +[2021-07-20T16:54:59.279Z] Heather: just wanted to say thanks to you mike for running a great meeting, and looking forward to having you in the mix going forward. +[2021-07-20T16:54:59.461Z] lols at "cross-pollinate y'all" :) +[2021-07-20T16:55:08.445Z] Mike: anyone else have any comments? +[2021-07-20T16:55:09.094Z] great radio voice 🎙 +[2021-07-20T16:55:19.758Z] Mike: if not thank you for your time +[2021-07-20T16:55:28.642Z] Thanks Mahmoud for scribing +[2021-07-20T16:55:29.678Z] :beer: +[2021-07-20T16:55:40.530Z] Thank you +[2021-07-20T16:55:41.052Z] :wave: diff --git a/2021-08-03/audio.ogg b/2021-08-03/audio.ogg new file mode 100644 index 00000000..9938e080 Binary files /dev/null and b/2021-08-03/audio.ogg differ diff --git a/2021-08-03/group.txt b/2021-08-03/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-08-03/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-08-03/irc.log b/2021-08-03/irc.log new file mode 100644 index 00000000..757a859b --- /dev/null +++ b/2021-08-03/irc.log @@ -0,0 +1,251 @@ +[2021-08-03T16:01:22.225Z] present+ +[2021-08-03T16:01:22.226Z] present+ +[2021-08-03T16:01:26.394Z] present+ +[2021-08-03T16:01:26.668Z] present+ +[2021-08-03T16:01:28.242Z] present+ +[2021-08-03T16:01:36.618Z] present+ +[2021-08-03T16:02:01.741Z] present+ +[2021-08-03T16:02:12.485Z] present+ +[2021-08-03T16:02:56.457Z] present+ +[2021-08-03T16:03:03.560Z] present+ +[2021-08-03T16:03:54.968Z] present+ +[2021-08-03T16:04:08.427Z] present+ +[2021-08-03T16:05:05.026Z] present+ +[2021-08-03T16:05:09.935Z] present+ +[2021-08-03T16:05:51.663Z] present+ +[2021-08-03T16:06:13.230Z] I can scribe +[2021-08-03T16:06:13.622Z] /me can't this week sorry! +[2021-08-03T16:06:18.773Z] scribe+ Orie +[2021-08-03T16:06:33.106Z] Scribe: Orie +[2021-08-03T16:06:35.156Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0011.html +[2021-08-03T16:06:52.835Z] Topic: Introductions +[2021-08-03T16:07:07.081Z] wayne: anyone want to introduce themselves? +[2021-08-03T16:07:30.608Z] audio problems? +[2021-08-03T16:07:31.176Z] ... chris? +[2021-08-03T16:08:12.002Z] awesome to have you on! +[2021-08-03T16:08:12.459Z] Welcome to the group, Chris! :) +[2021-08-03T16:08:32.705Z] q+ +[2021-08-03T16:08:33.101Z] chris: I just started at DIF, working coms +[2021-08-03T16:08:36.795Z] ack Manu +[2021-08-03T16:08:41.769Z] Topic: Announcements +[2021-08-03T16:08:46.383Z] present+ +[2021-08-03T16:08:54.348Z] manu: see the mailing list, the DID spec is now a proposed rec. +[2021-08-03T16:08:59.071Z] W3C DID v1.0 is Proposed Rec: https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0030.html +[2021-08-03T16:09:03.752Z] present+ +[2021-08-03T16:09:20.518Z] ... this means the WG is done... this is v1.0... next voting happens +[2021-08-03T16:09:43.128Z] present+ +[2021-08-03T16:09:46.050Z] ... likely to become a standard, important for you to have your AC rep vote. +[2021-08-03T16:10:01.454Z] ... voting open till end of the month +[2021-08-03T16:10:20.925Z] ... there will be a press release, we're looking for large production deployments of DIDs +[2021-08-03T16:10:32.166Z] ... looking for quotes regarding DIDs and their use +[2021-08-03T16:10:47.827Z] ... september timeframe for the press releasee +[2021-08-03T16:11:06.116Z] present+ +[2021-08-03T16:11:12.364Z] wayne: thanks, as you know this work started here in the CCG, congrats all +[2021-08-03T16:11:22.732Z] +1 +[2021-08-03T16:11:26.435Z] present+ +[2021-08-03T16:11:28.426Z] ... also note that the authors list was data driven +[2021-08-03T16:11:36.009Z] a much appreciated extra mile +[2021-08-03T16:11:55.512Z] present+ +[2021-08-03T16:11:58.190Z] wayne: other announcements? +[2021-08-03T16:12:03.110Z] q? +[2021-08-03T16:12:05.289Z] present+ +[2021-08-03T16:12:17.975Z] business model upcoming +[2021-08-03T16:12:22.354Z] wayne: IIW is having special sessions, tickets are available +[2021-08-03T16:12:23.880Z] q? +[2021-08-03T16:12:25.000Z] one-day UX miniconf was last week +[2021-08-03T16:12:46.609Z] Topic: Action Items +[2021-08-03T16:13:01.207Z] https://github.com/w3c-ccg/community/issues/203 +[2021-08-03T16:13:10.976Z] q+ +[2021-08-03T16:13:17.814Z] wayne: heather can you introduce this? +[2021-08-03T16:14:04.660Z] +[2021-08-03T16:14:07.117Z] present+ +[2021-08-03T16:14:12.583Z] ack mprorock +[2021-08-03T16:14:14.576Z] heather: someone has these, not sure who +[2021-08-03T16:14:23.887Z] q+ +[2021-08-03T16:14:33.537Z] mike: I see 203... i've got that one +[2021-08-03T16:14:58.661Z] ack Heather +[2021-08-03T16:15:07.188Z] heather: is the infra task force not managing this? +[2021-08-03T16:15:20.323Z] wayne: ... maybe +[2021-08-03T16:15:32.671Z] present+ +[2021-08-03T16:15:45.461Z] wayne: mike, go ahead +[2021-08-03T16:15:45.605Z] present+ +[2021-08-03T16:16:27.241Z] mike: quick recap... my goals, etc... we need to incubate things that can become open standards... I want to see... +[2021-08-03T16:16:46.902Z] ... 1. creating an environment where we can incubate and abopt standards. +[2021-08-03T16:17:02.749Z] ... 2. invite new stakeholders, and make our work more approachable +[2021-08-03T16:17:21.420Z] ... 3. emphasize testability and interoperability demonstration +[2021-08-03T16:17:28.424Z] present+ +[2021-08-03T16:18:01.351Z] ... demonstrating potential commercial impact, addressing concerns for personal privacy, right to repair... providing open alternatives to proprietary specs, promoting a public good. +[2021-08-03T16:18:15.641Z] ... some stuff takes forever to make progress... +[2021-08-03T16:18:26.004Z] ... but we all need testable interoperability... +[2021-08-03T16:18:47.397Z] q+ to share some thoughts on what Mike shared... agree, and worry about what if we don't do some work. +[2021-08-03T16:19:10.553Z] ... also considering, increased attention from external parties, government sides but also enterprise side +[2021-08-03T16:19:15.568Z] Re: Updates - there is the launch of the Learning and Employment Record Network of the T3 Innovation Network (US Chamber of Commerce Fdn) next week - see and look for the LERN . There is, like in W3C, a sign up (no cost/obligation). The kickoff meeting is itself is planned for 8/11/2021 at 2 pm EDT (1hr). Connection details fill follow shortly. +https://www.t3networkhub.org/ +[2021-08-03T16:19:30.001Z] ... folks want to have interoperability +[2021-08-03T16:19:48.574Z] ... we need to continue to make things more professional, and explain things better +[2021-08-03T16:20:05.796Z] ... supporting both technical and nontechnical contributors +[2021-08-03T16:20:16.253Z] ... and audiences +[2021-08-03T16:20:23.342Z] ... provide a "landing ground" for DIDs and VCs +[2021-08-03T16:20:41.083Z] ... explaing both tech and business implications +[2021-08-03T16:21:08.637Z] present+ +[2021-08-03T16:21:09.947Z] ... other item, how can we look at cross pollination of ideas, for example education, supply chain, ssi, etc... +[2021-08-03T16:21:18.853Z] +1 for cross pollination to leverage multiple communities +[2021-08-03T16:21:20.059Z] ... glad to see all the DIF folks here +[2021-08-03T16:21:26.302Z] 💪 +[2021-08-03T16:21:36.158Z] ... also good to see SOLID community here as well +[2021-08-03T16:21:47.503Z] ack manu +[2021-08-03T16:21:53.173Z] ... thats my ramble, any questions? +[2021-08-03T16:22:09.631Z] q+ +[2021-08-03T16:22:12.850Z] manu: thanks, +1 to all that.... I wanted to speak to some specifics +[2021-08-03T16:22:27.372Z] ... on your first point, I think we are ding that one ok... +[2021-08-03T16:22:39.897Z] Fantastic non-ramble Mike! +[2021-08-03T16:22:42.822Z] ... +1 to inviting new stakeholders +[2021-08-03T16:22:50.594Z] present+ +[2021-08-03T16:22:55.731Z] ... I have a concern, for each of these points +[2021-08-03T16:23:23.179Z] ... for example, invite new stakeholders... as some of you know, DHS requested feedback on mDL... +[2021-08-03T16:23:44.566Z] ... there are other communities saying folks should look at VCs for mDL... +[2021-08-03T16:23:59.623Z] ... but we don't have good contact with those communities ... +[2021-08-03T16:24:13.046Z] ... these are concrete communities that we can pull in and engage with... +[2021-08-03T16:24:43.831Z] ... regarding test suites.... we should keep trying +[2021-08-03T16:24:58.509Z] ... how do we "productionize vocab and test suites" +[2021-08-03T16:25:27.126Z] ... there are some things we are not watching closesly enough... +[2021-08-03T16:25:42.511Z] present+ +[2021-08-03T16:25:49.498Z] ... there is less engagement on LD Security, but that work needs to be done... +[2021-08-03T16:25:55.296Z] present+ +[2021-08-03T16:26:12.605Z] ... we need to make sure we don't put that cart before the horse wrt dependencies +[2021-08-03T16:26:31.407Z] ... there are things on fire that need to be tended too, right now +[2021-08-03T16:26:37.095Z] q? +[2021-08-03T16:26:55.954Z] mike: prioritization is important... +[2021-08-03T16:27:09.419Z] @Manu VaxCerts work and "did not work out as expected" << Maybe ... Personally am a believer in "Last Person Standing" and not "First Mover Advantage" when it comes to certain things ... :-) +[2021-08-03T16:27:11.061Z] ... the issues you raised are related... +[2021-08-03T16:27:52.110Z] ... we need fundamentals, in order to support the higher layers +[2021-08-03T16:28:01.355Z] ... its easy to get burned out in this environement +[2021-08-03T16:28:20.924Z] present+ +[2021-08-03T16:28:29.041Z] ... lets try harder +[2021-08-03T16:28:36.068Z] ack Phil +[2021-08-03T16:28:47.291Z] Phil_L_(P1): I want to +1 all that +[2021-08-03T16:29:11.872Z] @Anil -- Well, let's just say it certainly didn't change the short-term direction of the big vendors working on SMART Health Cards. :) -- but yes, this is a long game, that point is taken. +[2021-08-03T16:29:20.571Z] ... the <...> record, is looking at the space of business and education +[2021-08-03T16:29:38.383Z] ... we don't need another set of meetings... how can we align this new initiative? +[2021-08-03T16:30:03.847Z] ... VHR standards group is looking at Resume's and VCs... +[2021-08-03T16:30:20.614Z] ... thats an opp, they are just getting their head around JSON-LD +[2021-08-03T16:30:43.551Z] ... manu is right, there are fires... there are standards being proposed about alternatives to VCs +[2021-08-03T16:30:51.503Z] ... need to help in form decision making +[2021-08-03T16:31:09.552Z] ... LERN network is looking forward to working together on this +[2021-08-03T16:31:24.208Z] ... there is an interest in analytics +[2021-08-03T16:31:35.701Z] ... and privacy preserving usage statistics +[2021-08-03T16:32:09.165Z] mike: any links to these items are welcome +[2021-08-03T16:32:21.205Z] ... please continue to raise issues, or ping me directly +[2021-08-03T16:32:31.320Z] q? +[2021-08-03T16:32:37.178Z] q+ on standards as competitors to VCs ... and tooling. +[2021-08-03T16:32:41.084Z] ack manu +[2021-08-03T16:32:55.119Z] present+ +[2021-08-03T16:32:55.419Z] manu: what are the things we are not doing well? +[2021-08-03T16:33:06.115Z] ... we are not good at doing tooling well... it sucks +[2021-08-03T16:33:14.841Z] present+ +[2021-08-03T16:33:15.442Z] q+ +[2021-08-03T16:33:33.702Z] ... we have a tooling deficit that makes developing tooling difficult +[2021-08-03T16:34:02.316Z] ... JWTs are so easy, to use, its hard to tell people to do harder things... +[2021-08-03T16:34:15.364Z] ... it takes investment to make tooling easier +[2021-08-03T16:34:37.357Z] quick note - i think i stated 101 meeting as this afternoon, that should be corrected to next week, aug 10 +[2021-08-03T16:35:07.957Z] ... the other thing, sometimes we hear about how VCs are being attempted to be included, but then large vendors objecting to them, and forcing their removal. +[2021-08-03T16:35:10.266Z] https://www.t3networkhub.org/ for information about the LERN and related T3 Innovation Networks (Jobs and Workforce Data Network, Open Competency and Frameworks Network, Data and Technology Standards Network) +[2021-08-03T16:35:25.972Z] ... it happened in a closed door standards setting body +[2021-08-03T16:35:32.159Z] Historical info on the LER work at http://lerhub.org +[2021-08-03T16:35:48.599Z] ... some people view this communities work as a threat, and are actively hostile to open standards +[2021-08-03T16:35:52.928Z] ... how do we address that? +[2021-08-03T16:36:11.442Z] ... these fires can turn into existential threats +[2021-08-03T16:36:16.173Z] scribe+ +[2021-08-03T16:36:20.710Z] mike: I am also concerned by this +[2021-08-03T16:36:45.747Z] ... I agree tooling is a part of this +[2021-08-03T16:36:59.083Z] q? +[2021-08-03T16:37:04.715Z] ... this is why cross polination is important +[2021-08-03T16:37:16.503Z] ... some groups are better at tooling than others +[2021-08-03T16:37:26.790Z] ack Orie +[2021-08-03T16:37:38.912Z] thank you to manu for scribe assist +[2021-08-03T16:37:50.276Z] Orie: I queued because I was triggered by what Manu said -- no tooling to generate JSON-LD Contexts... +[2021-08-03T16:38:31.427Z] ... there is a tool in Traceability that generates JSON-LD Context for Traceability vocab, generate vocab from same thing... schema document is empty and build from JSON Schema, we also make sure you can issue VCs from that. +[2021-08-03T16:38:46.099Z] /me realizes he's months overdue on a documentation PR for that tooling +[2021-08-03T16:38:47.121Z] https://github.com/w3c-ccg/traceability-vocab/issues/154 +[2021-08-03T16:39:13.673Z] (thanks to mike for the documentation that DOES exist in the meantime) +[2021-08-03T16:39:14.208Z] q? +[2021-08-03T16:39:16.211Z] ... so, on every merge to main, every vocab element is still valid and still producing valid credentials. There are tooling issues out there, but one of the important things out there, small focused groups with clear objective and clear scope defined... if you don't have that, you can have a lot of debate on scope and not a lot of improvement on tooling/tests. +[2021-08-03T16:40:14.057Z] Orie: Classic example is VC HTTP API, not heavy focus on tooling, big group, not focus on tooling/implementation, don't bundle tooling debate on open standards debate... maybe split work items to smaller groups to tech savvy to tech groups, business folks to business discussions, separation of concerns is important when working on these things. +[2021-08-03T16:40:20.944Z] mike: +1 to all that +[2021-08-03T16:40:53.317Z] wayne: there is a curse of knowledge, but we don't document things well enough for folks to understand... +[2021-08-03T16:41:07.367Z] ... CCG 101 is important for addressing that +[2021-08-03T16:41:19.138Z] ... this leads to "what is an appropriate work item" +[2021-08-03T16:41:46.067Z] ... how can we make sure work items are serving the appropriate audiences? +[2021-08-03T16:42:10.034Z] ... sometimes implementers have needs that don't reflect WG consensus +[2021-08-03T16:42:56.064Z] ... regarding the VC-HTTP-API, sometimes there is exploratory work, that conveys instability and distracts from fundamental stability +[2021-08-03T16:43:12.967Z] ... do we allow DID Methods? +[2021-08-03T16:43:35.281Z] ... do we have criteria for evaluating work items? +[2021-08-03T16:43:41.737Z] q? +[2021-08-03T16:43:41.908Z] q+ to try and summarize the work item types we have right now. +[2021-08-03T16:43:50.302Z] ... do all work items need to support all audiences? +[2021-08-03T16:43:55.506Z] ack manu +[2021-08-03T16:45:04.033Z] manu: looking at what we have done in the past, we have worked on standards here... the other thing we seem to work on, are vocabularies... vax, trace, edu, permanent resident cards, etc... +[2021-08-03T16:45:19.191Z] ... and then there are guides, but then its hard for me to categorize things +[2021-08-03T16:45:32.606Z] ... there are people working on did methods here... +[2021-08-03T16:45:39.946Z] ... policy papers? +[2021-08-03T16:46:02.062Z] q+ +[2021-08-03T16:46:10.469Z] ack Orie +[2021-08-03T16:46:11.360Z] ... are there other classes of item? +[2021-08-03T16:46:55.127Z] +1 test suites - implicit, but should be called out - especially test suites that are based on standard test approaches +[2021-08-03T16:47:09.646Z] Orie: Test suites are the primary work item that wasn't mentioned, I agree with what you mentioned, Manu... if I were to prioritize -- 1) things that are standards track, 2) vocabularies that are standards track items, 3) test suites... everything else is below the top 3, below the work listed but important. +[2021-08-03T16:48:58.002Z] Orie: The CCG is inherently biased, some of the work we've tried to do to fix the bias, has had a negative impact... standards-track work items good to have non-technical folks engaged... test suites don't need non-technical folks engaged, it's a negative sort of input. Working on both things are valuable, but when you mix technical and non-technical discussion, it's bad... what audiences is a work item targeted at, how are audiences being managed? Chairs +[2021-08-03T16:48:58.082Z] should be managing audiences -- with test suites, really important that they demonstrate interop, but are harmed by non-technical input. +[2021-08-03T16:49:53.505Z] present+ +[2021-08-03T16:50:09.567Z] q? +[2021-08-03T16:50:10.218Z] q+ +[2021-08-03T16:50:11.489Z] Orie: Speaking for Traceability folks, we have two work items that manage that difference... one is vocabulary oriented, and one is test oriented. It's helpful because we get great focused engagement from folks that are relevant. Separation of concerns is critical, we can't have an unbounded classes of items... without clear definition around them, I'd object to working on them. +[2021-08-03T16:50:12.911Z] ack Phil +[2021-08-03T16:50:18.557Z] q+ +[2021-08-03T16:50:39.180Z] Phil_L_(P1): regarding Manu's comment... +[2021-08-03T16:50:59.299Z] ... test suites are important, but test suites require continued tending +[2021-08-03T16:51:37.058Z] ...they require continued management, and contribution... we need to think beyond creation, towards maintence +[2021-08-03T16:51:52.336Z] ack mprorock +[2021-08-03T16:52:02.737Z] mike: I echo what orie siad +[2021-08-03T16:52:15.758Z] ... test suits have an ongoing engaugement +[2021-08-03T16:52:22.073Z] ... things take effort +[2021-08-03T16:52:34.136Z] for test suites and work around interoperability - there is the Interoperability Working group at DIF (myself Snore, and David Waite are the chairs) +[2021-08-03T16:52:40.240Z] ... we need to make sure our test suites are built on "industry standards" +[2021-08-03T16:52:40.885Z] ^^ +[2021-08-03T16:53:07.865Z] +1 to Kaliya, great place to work on test suites or just recruit contributors/reviewers to test suites happening here +[2021-08-03T16:53:08.239Z] ... one of the key things manu asked, was policy and response side? +[2021-08-03T16:53:10.238Z] q+ +[2021-08-03T16:53:29.363Z] ... what is the desire to make statements regarding policy decisions? +[2021-08-03T16:53:53.154Z] +1 Kaliya - another example of the need for collaboration and avoid duplicative efforts. +[2021-08-03T16:53:58.057Z] ... can we build consensus at all? +[2021-08-03T16:54:17.213Z] ... i'm loath to attempt to repond, if we don't have consensus. +[2021-08-03T16:54:19.924Z] ack Heather +[2021-08-03T16:55:00.519Z] heather: this community is traditional technical, which is a liability if its a narrow way of looking at things. +[2021-08-03T16:55:15.940Z] ... what I heard from Orie sounded "gate-keepy" +[2021-08-03T16:55:38.369Z] ... this community is already "gate-keepy" +[2021-08-03T16:56:06.108Z] ... how can we stay open to diversity of views, backgrounds and experiences, while executing and having deliverables... +[2021-08-03T16:56:42.217Z] ... curious how we can have both sides addressed? +[2021-08-03T16:56:49.887Z] ack Kim +[2021-08-03T16:56:59.414Z] q+ +[2021-08-03T16:57:20.815Z] Kim: test suites are one of the most important things +[2021-08-03T16:57:42.269Z] ... the avoid dilution of the standards... they support the standards... +1 to all that +[2021-08-03T16:57:43.648Z] ack mpro +[2021-08-03T16:57:45.202Z] I agree with heather's we need to find the right balance. +[2021-08-03T16:57:53.170Z] +100 to what Kim just said... test suites prevent standards dilution. +[2021-08-03T16:58:05.277Z] mike: I think there is a lot gate-keeping +[2021-08-03T16:58:08.294Z] if we had functional working THINGS +[2021-08-03T16:58:12.840Z] that helps adoption. +[2021-08-03T16:58:20.221Z] and we need more progress so adoption is easy. +[2021-08-03T16:58:29.774Z] ... separating and focusing has addressed this well... its a balance +[2021-08-03T16:58:44.528Z] ... we still run meetings off meeting and workflow tools +[2021-08-03T16:59:05.335Z] ... tooling impacts contribution +[2021-08-03T16:59:06.388Z] I can barely file an issue (in fact I don't know that i ever have). +[2021-08-03T16:59:14.966Z] q? +[2021-08-03T16:59:15.067Z] ... some folks can't use github +[2021-08-03T16:59:20.635Z] We might just want to make community positions, one at a atime, and refer to them when these sorts of inputs come in. +[2021-08-03T16:59:21.322Z] q+ +[2021-08-03T16:59:23.581Z] ack manu +[2021-08-03T16:59:40.564Z] manu: +1 to what heather said, we need to take all forms on input +[2021-08-03T16:59:48.386Z] ... we have core principles +[2021-08-03T16:59:50.145Z] +1 kaliya - especially of note, as a lot of times your input is some of the best that we actually need to pay attention to ;) +[2021-08-03T17:00:09.232Z] ... maybe we can externalize our core principles? +[2021-08-03T17:00:35.869Z] +1 manu - might be painful to standardize a bit - but this is a key thing diff --git a/2021-08-10/audio.ogg b/2021-08-10/audio.ogg new file mode 100644 index 00000000..d2e819d8 Binary files /dev/null and b/2021-08-10/audio.ogg differ diff --git a/2021-08-10/group.txt b/2021-08-10/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-08-10/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-08-10/irc.log b/2021-08-10/irc.log new file mode 100644 index 00000000..547e862d --- /dev/null +++ b/2021-08-10/irc.log @@ -0,0 +1,313 @@ +[2021-08-10T15:57:37.236Z] present+ +[2021-08-10T15:57:37.238Z] present+ +[2021-08-10T15:58:09.581Z] present+ +[2021-08-10T16:00:30.920Z] present+ +[2021-08-10T16:00:32.639Z] present+ +[2021-08-10T16:00:47.088Z] present+ +[2021-08-10T16:00:49.123Z] present+ +[2021-08-10T16:00:59.680Z] present+ +[2021-08-10T16:01:08.965Z] present+ +[2021-08-10T16:01:12.766Z] present+ +[2021-08-10T16:01:19.656Z] present+ +[2021-08-10T16:01:22.581Z] present+ +[2021-08-10T16:01:44.103Z] present+ +[2021-08-10T16:01:45.114Z] present+ +[2021-08-10T16:01:48.920Z] present+ +[2021-08-10T16:01:52.312Z] present+ +[2021-08-10T16:02:07.098Z] present+ +[2021-08-10T16:02:22.261Z] present+ +[2021-08-10T16:02:35.464Z] present+ +[2021-08-10T16:02:35.771Z] present+ +[2021-08-10T16:02:41.333Z] present+ +[2021-08-10T16:02:42.448Z] present+ +[2021-08-10T16:02:57.244Z] What is WACI-PEx, project status, alignment with CCG projects - Brent Zundel, Orie Steele, Juan Caballero +[2021-08-10T16:03:24.277Z] present+ +[2021-08-10T16:03:39.903Z] present+ +[2021-08-10T16:03:48.926Z] present+ +[2021-08-10T16:04:01.869Z] present+ +[2021-08-10T16:04:04.368Z] present+ +[2021-08-10T16:04:40.801Z] present+ +[2021-08-10T16:04:42.294Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0073.html +[2021-08-10T16:04:43.394Z] P Note: (1 minute) +Anyone can participate in these calls. However, all substantive contributors to any CCG Work Items must be members of the CCG with full IPR agreements signed. https://www.w3.org/community/credentials/join + a. Ensure you have a W3 account: https://www.w3.org/accounts/request + b. W3C COMMUNITY CONTRIBUTOR LICENSE AGREEMENT (CLA): https://www.w3.org/community/about/agreements/cla/ +3. Call Notes (1 minute) + a. These minutes and an audio recording of everything said on this call are archived at https://w3c-ccg.github.io/meetings/ + b. We use IRC to queue speakers during the call as well as to take minutes. http://irc.w3.org/?channels=ccg or http://irc.w3.org:6665/#ccg or the Jitsi text chat. + c. All attendees should type “present+” to get your name on the attendee list in the transcript. + d. In IRC type “q+” to add yourself to the queue, with an optional reminder, e.g., “q+ to mention something”. The “to” is required. + e. If you’re not on IRC, simply ask to be put on the queue. + f. Please be brief so the rest of the queue get a chance to chime in. You can always q+ again. + g. NOTE: This meeting is held by voice, not by IRC. Off-topic IRC comments are subject to deletion from the record. We work hard to manage a single thread of conversation so everyone can participate and be heard. Please respect the group process by joining the queue when you have something to contribute. +[2021-08-10T16:04:49.133Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0073.html +[2021-08-10T16:04:59.417Z] present+ +[2021-08-10T16:05:01.090Z] :-) +[2021-08-10T16:05:29.275Z] Thanks Manu! +[2021-08-10T16:05:36.111Z] scribe: cel +[2021-08-10T16:05:39.524Z] present+ +[2021-08-10T16:06:10.743Z] mprorock: Taking just a quick minute for intros and reintros. Anyone new to the call or hasn't been on for a while, please q+ or jump right in to introduce yourself +[2021-08-10T16:06:18.017Z] hey Andrew! +[2021-08-10T16:06:18.161Z] q+ +[2021-08-10T16:06:24.408Z] Yay! Andrew! Great to see you here!!! +[2021-08-10T16:06:35.130Z] AndrewHughes: I've been away from CCG for a little while. Rejoining and looking forward to participoating more. I do international standards mostly at the ISO level, on digital identity and mobile identity +[2021-08-10T16:06:39.210Z] ack chris_kelly +[2021-08-10T16:06:43.204Z] present+ +[2021-08-10T16:06:47.419Z] mprorock: Fantastic, looking forward to seeing m ore of you +[2021-08-10T16:06:52.057Z] q? +[2021-08-10T16:07:24.028Z] ChrisKelly: Hi, I've started in the Communications position at DIF, https://identity.foundation/ +[2021-08-10T16:07:35.913Z] https://github.com/w3c/did-imp-guide +[2021-08-10T16:08:00.197Z] q+ DID Core testimonials and DID Imp Guide. +[2021-08-10T16:08:06.738Z] ack manu +[2021-08-10T16:08:09.874Z] present+ +[2021-08-10T16:08:23.668Z] mprorock: Great, we like DIF +[2021-08-10T16:08:25.892Z] mprorock: DID Implementation Guide is moving along. Please review so it can move along path of standardization. Any other commments? +[2021-08-10T16:08:35.296Z] present+ +[2021-08-10T16:08:45.575Z] manu: ... Please vote in favor of making DID Core a global standard. There will be a press release. +[2021-08-10T16:09:08.208Z] ... When W3C does a press release, it asks for testimonials. Anyone who is doing DIDs and VCs broadly. +[2021-08-10T16:09:26.001Z] ... For examples, look through W3C press releases. If you're interested in doing a testimonial, please send to the mailing list. +[2021-08-10T16:09:33.021Z] q+ +[2021-08-10T16:09:38.694Z] ... (Not all are guaranteed to get in) +[2021-08-10T16:09:51.268Z] q? +[2021-08-10T16:09:56.694Z] ... The highlight is on people/organizations deploying DIDs, VCs, etc. +[2021-08-10T16:10:20.387Z] ... On the DID Implementation Guide: DID WG just talked about this: it's a bit shaky if we're getting enough movement on it to publish by the end of the DID WG Charter +[2021-08-10T16:10:28.317Z] ... There is desire to publish it, but it needs editorial cleanup +[2021-08-10T16:10:43.069Z] ... There are a number of statements without rationale. While folks agree to it, people reading it don't know +[2021-08-10T16:10:55.074Z] ... Editorial work needed. Charles volunteered to help with some. You and Orie need to be aware... +[2021-08-10T16:11:01.002Z] yes, PRs welcome. +[2021-08-10T16:11:10.882Z] I cannot merge PRs in the repo saddly +[2021-08-10T16:11:14.303Z] ; ) +[2021-08-10T16:11:19.561Z] mprorock: Absolutely, I made a PR... will be doing more ... Some PRs need to be merged for editorial cleanup. All PRs are welcome. +[2021-08-10T16:11:28.387Z] ... (Neither Orie nor I can merge PRs on that repo) +[2021-08-10T16:11:36.285Z] ... Anything else? +[2021-08-10T16:11:42.879Z] https://github.com/w3c/did-imp-guide/pull/11#issuecomment-895401235 +[2021-08-10T16:11:45.395Z] ack Heather +[2021-08-10T16:11:48.277Z] manu: You should ask Ivan for merge rights... +[2021-08-10T16:11:50.057Z] q? +[2021-08-10T16:12:12.447Z] Heather_Vescent: Thanks, Mike. Manu, that is exciting about a press release. I'll be a broken record... Hopefully you guys will reach out to a diverse group to quote. +[2021-08-10T16:12:34.816Z] ... We have people with a lot of backgrounds. Having worked on Diversity and Inclusion... In order to include those voices, which may be more hesistant, you have to go out and ask them. +[2021-08-10T16:12:35.494Z] q+ to note yes, that's why I'm speaking up here... +[2021-08-10T16:12:57.475Z] ... I hope that whoever is coordinating that will. I will be annoyed if I do not see a quote from a woman. +[2021-08-10T16:13:07.496Z] ... If I can support, I will +[2021-08-10T16:13:19.132Z] ack manu +[2021-08-10T16:13:21.060Z] +1 diversity of viewpoints +[2021-08-10T16:13:23.167Z] .. By highlighting those voices, it helps to increase diversity and inclusion in the future. +[2021-08-10T16:13:25.728Z] q? +[2021-08-10T16:13:37.886Z] How can I actively help with this Manu? +[2021-08-10T16:13:52.085Z] Do you wan tto put me in touch with her or visa versa? +[2021-08-10T16:13:58.009Z] And THANK YOU for raising this Manu. +[2021-08-10T16:13:58.920Z] manu: Thank you for saying that, Heather. Yes, please help. I don't think that's a W3C strong point... It is on Coralie's list of things to look for. We need all the help we can get, to get those diverse voices in here. +[2021-08-10T16:14:26.240Z] ... That's why I'm speaking about it here. If you want to reach out to them, please. If you know people who should be staying things about this stuff, reach directly out to them, tell them to send quotes to the mailing list. +[2021-08-10T16:14:42.154Z] topic: WACI-PEx +[2021-08-10T16:15:04.106Z] Brent is a hero +[2021-08-10T16:15:10.521Z] brent: Hi. With permission I will share my screen. Orie, Juan and I discussed briefly, they will do most of the talking. +[2021-08-10T16:15:16.810Z] The hero that we need. +[2021-08-10T16:15:19.882Z] ... For questions, please feel free to interrupt as we go. +[2021-08-10T16:15:38.114Z] ... [Screen sharing: Wallet and Credential Interactions] +[2021-08-10T16:15:40.254Z] NOTE: for interruptions please q + +[2021-08-10T16:15:45.295Z] ... I will begin with an intro, where did this come from. +[2021-08-10T16:15:58.994Z] ... The genesis started with the Good Health Pass collaborative/initiative/blueprint... +[2021-08-10T16:16:37.556Z] ... We were 50+ orgs, 200+ people... We got together in various groups to try to solve some problems surrounding vaccinations, sharing, in a travel context, to do so safely, with privacy. +[2021-08-10T16:16:49.580Z] ... In the midst of that, had IIW. As you know, people show up to talk about things they care about. +[2021-08-10T16:17:19.484Z] ... So we ended up having 4-5 sessions about the missing piece of how to request and present the information... There isn't a widely-agreed-upon method for a verifier to say here's what I want, and a holder to give it to them. +[2021-08-10T16:17:37.770Z] present+ +[2021-08-10T16:17:50.447Z] ... There were approaches... DIDComm has one, doesn't have to be over HTTP; flexible. VC Data Model a core component: definitely want to use Verifiable Presentations. +[2021-08-10T16:18:05.245Z] ... Presentation Exchange (DIF) provides a model for submissions +[2021-08-10T16:18:17.284Z] ... Aries, OIDC... various protocols. +[2021-08-10T16:18:39.256Z] ... Through the discussion, it ended up being called a layer cake. (for a while it was called the Killer Whale Jello Salad, but that didn't convey...) +[2021-08-10T16:18:40.093Z] present+ +[2021-08-10T16:18:55.698Z] ... Picture of components and where they fit [screen sharing Section 3] +[2021-08-10T16:19:00.836Z] present+ +[2021-08-10T16:19:17.117Z] ... Protocol for communication between a prover and a verifier. Rely on DIDs and DID documents, to establish a DIDComm communication channel. +[2021-08-10T16:19:24.933Z] ... Using elements from a Aries Present Proof protocol +[2021-08-10T16:19:32.889Z] ... Here's a message to request a proof, present a proof, the presentation itself +[2021-08-10T16:19:46.788Z] ... Within that, want to use Presentation Exchange, attach a message in submission and back to verifier +[2021-08-10T16:19:59.499Z] ... This is version 0.1, of what we hope will be a much more general protocol. +[2021-08-10T16:20:26.902Z] ... In this example we are specifically a BBS+ VC in a VP... Requiring a LD frame to be included... +[2021-08-10T16:20:42.342Z] q+ +[2021-08-10T16:20:42.791Z] ... Trying to take pieces that people are already using, and put together in a way that we can agree on. This is the stack. +[2021-08-10T16:20:55.176Z] https://identity.foundation/arewewaciyet/ +[2021-08-10T16:20:59.136Z] ack manu +[2021-08-10T16:21:08.252Z] q? +[2021-08-10T16:21:16.260Z] that link you can use to see the killerwhale jello salad yoruself. +[2021-08-10T16:21:26.071Z] manu: Super helpful. i have looked at the spec, not in detail yet. Question: I'm wondering if DIDComm at the bottom is an absolute requirement. We have other mechanisms. CHAPI exists. It looks like we're heading towards VC HTTP API moving presentations back and forth. +[2021-08-10T16:21:33.040Z] q+ to ask about HL +[2021-08-10T16:21:46.722Z] q+ query languages question +[2021-08-10T16:21:51.601Z] q+ to explain that PE is protocol agnostic +[2021-08-10T16:21:59.229Z] ... I think one of the goals we want is to maybe more multiple different protocols over these channels. For example, CHAPI is protocol-agnostic. In theory you can move DIDComm over CHAPI. Even VC HTTP API will probably end up there. +[2021-08-10T16:22:00.383Z] q- +[2021-08-10T16:22:10.031Z] ... Two approaches: assume bottom layer is there, or don't. +[2021-08-10T16:22:10.260Z] q+ +[2021-08-10T16:22:13.852Z] q- +[2021-08-10T16:22:20.403Z] present+ +[2021-08-10T16:22:32.032Z] ... Do we want a bunch of tiny protocols to put over the pipe, or want to say, no, we will fix the bottom layer? What was the discussion like? +[2021-08-10T16:24:04.858Z] ack orie +[2021-08-10T16:24:05.422Z] brent AFAICR, yes, we want to be as general as possible in the future. Want to use over CHAPI or VC HTTP API. Want people to able to use OIDC, use what they have and create something great for everybody, in the long-term. For 0.1, because we wanted to have something as fully-specified as possible for the Good Health Pass blueprint, we constrained ourselves to the signature types required by the +[2021-08-10T16:24:05.717Z] Great, thank you Brent, that was helpful. +[2021-08-10T16:24:07.892Z] blueprint. For this one, I don't think we had a choice but to constrain ourselves to DIDComm over HTTP - which we hope will fold easily into VC HTTP API, to plug it in, that is the goal, broadening this has been a design goal from the beginning. We'll see how well we did as we move into 1.0 +[2021-08-10T16:24:15.346Z] q+ kim +[2021-08-10T16:24:44.429Z] Orie: to restate, Presentation Exchange is protocol and assertion format agnostic. PE can move things that are not VCs/VPS - it just moves JSON around. DIDComm is also transport-agnostic - it can be moved over HTTP or NFC. +[2021-08-10T16:24:54.245Z] present+ +[2021-08-10T16:25:08.044Z] present+ +[2021-08-10T16:25:12.980Z] ... Speaking to VC HTTP API and CHAPI, I have implemented support for this flow in both of them previous. In VC HTTP API, the protocol is handled by HTTP endpoints - the infamous cross-trust-domain endpoints. +[2021-08-10T16:25:25.050Z] ... And then for CHAPI, Request/QueryByFrame is the mechanism, the same format. +[2021-08-10T16:25:41.097Z] ... Technically, CHAPI and VC HTTP API already support requests for presentations in the same format. +[2021-08-10T16:25:56.438Z] ... DIDComm is transport agnostic - believe it will support non-HTTP +[2021-08-10T16:26:07.035Z] ack adrian +[2021-08-10T16:26:10.733Z] ... So implement once and then can do over other transports, rather than different protocols +[2021-08-10T16:26:12.064Z] q? +[2021-08-10T16:26:50.915Z] Adrian: Nobody will be particularly surprised that when I look for a diagram that has a request phase to, presumably, a data subject, that I think in terms of an authorization protocol rather than a communication protocol. +[2021-08-10T16:27:27.773Z] ... My question to the group, relative to the recent question or two: Are we really convinced that we want to have two orthoganal dimensions to how requests are processed (not sure if orthogonal is right term) - one for messaging, and one for authorization. +[2021-08-10T16:27:37.972Z] authorization is always implemented in messaging protoccols +[2021-08-10T16:27:39.700Z] ... How, across the various protocols in these groups. How are we going to answer that question? +[2021-08-10T16:27:47.889Z] mprock: brent, or Orie, any thoughts? +[2021-08-10T16:27:59.865Z] brent: Authorization is always implemented in messaging protocols. I believe DIDComm handles that. Orie? +[2021-08-10T16:28:07.213Z] q+ to ask about query language frameworks +[2021-08-10T16:28:29.626Z] Orie: The important part of authorization is consent from the holder is a pain. Typically holder must allow or not. If they allow, a response is sent that contains their selective disclosure. +[2021-08-10T16:28:59.689Z] ... In DIDComm, that is messages encrypted with JWE. In other protocols (VC HTTP API), it's plaintext objects over TLS. With CHAPI, plaintext messages through browser windows +[2021-08-10T16:29:10.756Z] ack kim +[2021-08-10T16:29:16.575Z] ... OIDC.... messages over an encrypted channel. +[2021-08-10T16:29:48.282Z] yes, PE spec and DIDComm v2 are "pre-standards" +[2021-08-10T16:29:51.883Z] Kim: To reframe, I have the same question. There are lot of "new"/pre-standards in that layer cake. I get the idea is to pick things that people in the room implementing it can agree on. +[2021-08-10T16:29:53.588Z] q+ to note that we're kinda almost doing the right thing (pluggable components), but also probably failing in some way (complexity)... focus on whatever we do being wrong, what's the escape hatch? +[2021-08-10T16:30:20.247Z] q- +[2021-08-10T16:30:20.742Z] ... But suppose someone says I don't want to introduce DIDComm, and I want to use JWTs. That's a pretty simply thing, that maybe I want to use Presentation Exchange or some protocol over HTTPI. The original protocol was like that. +[2021-08-10T16:30:38.139Z] ... How do we think it is a good way for people who want different layer cakes to propose their own? +[2021-08-10T16:30:39.452Z] q+ (waiting for a break in the action to ask about query languages) +[2021-08-10T16:30:52.641Z] ... Could these be called different WACIs? My current approach is I forked the older one... +[2021-08-10T16:31:14.723Z] ... I'm curious, if the editors have thought about how other layer cakes can do their own way. Not to be competitive, but to document choices in a standard way. +[2021-08-10T16:31:48.237Z] brent: We've thought a lot about what we want to include, and that generality, but to recommend a particular architectural approach, those are conversations we look forward to having... to figure out how to do that. +[2021-08-10T16:31:48.897Z] ack manu +[2021-08-10T16:31:54.426Z] q? +[2021-08-10T16:32:14.052Z] I think forking the original spec, is a good approach.. you are just replacing DIDComm v2 with original WACI... both are "pre standards" +[2021-08-10T16:32:37.551Z] both use JOSE +[2021-08-10T16:32:44.292Z] manu: I would like us to start diving into the details, I think that may be informative. To play off what Kim mentioned, looking at the layer diagram, I think it's good that this group is starting to get layering. ... Layering stacks together that were created by different people, a very positive thing. +[2021-08-10T16:33:02.401Z] ... The downside is complexity. So many ways to put the blocks together, we end up with a noninteroperable scenario in the end. +[2021-08-10T16:33:14.255Z] ... We should be creating components, and trying to converge in the end of it. +[2021-08-10T16:33:23.207Z] /me lol +[2021-08-10T16:33:40.737Z] ... The other idea is that everything we are doing now may be wrong. It's a high likelyhood that any subset of these components is a wrong one in the future. +[2021-08-10T16:33:53.557Z] ... Hopefully folks are thinking about this as they put these things together. +[2021-08-10T16:33:54.618Z] q+ +[2021-08-10T16:34:03.408Z] q- +[2021-08-10T16:34:28.050Z] ack andrew +[2021-08-10T16:34:34.565Z] brent: We are thinking about. I encourage anyone who can to join the conversation. We're sharing this v0.1 here, we think it has the components we need now, and making it more modular and general moving forward will work. Want to keep having conversations. +[2021-08-10T16:34:37.957Z] q? +[2021-08-10T16:34:44.051Z] q+ +[2021-08-10T16:34:47.796Z] <3 OPA :) +[2021-08-10T16:34:57.152Z] Andrew: Has any discussion happened about using standardized frameworks for querying languages, such as OPA, or REGO? +[2021-08-10T16:35:10.363Z] See also https://www.openpolicyagent.org/docs/latest/policy-language/ +[2021-08-10T16:35:13.186Z] ack orie +[2021-08-10T16:35:14.712Z] brent: Only thing I think of here is presentation exchange relies on JSON Schema to filter and describe things. +[2021-08-10T16:35:21.726Z] q? +[2021-08-10T16:35:52.780Z] Orie: Excellent question. In the current WACI-PEx, there are two language constraints that are relevant. First is JSON Schema. PEx relies on JSON Schema. WACI-PEx relies on PEx (Presentation Exchange) +[2021-08-10T16:35:58.446Z] ... The other is LD Framing +[2021-08-10T16:36:27.364Z] ... There has been a lot of discussion about whether JSON-LD Framing is necessary. Folks have been writing code to eliminate it so can deterministically build it from the input descriptors (attributes). +[2021-08-10T16:36:50.437Z] ... That's an exciting reduction in complexity, but also an increase in complexity... to present credentials with selective disclosure. +[2021-08-10T16:37:00.981Z] ... Additional languages have not been discussed significantly. +[2021-08-10T16:37:14.850Z] Andrew: My near-term interest is in Policy languages. I'll follow up later. +[2021-08-10T16:37:27.689Z] Andrew: https://github.com/decentralized-identity/crypto-wg/pull/13 +[2021-08-10T16:37:41.210Z] brent: Walking through the spec, this part talks about each component... +[2021-08-10T16:37:47.674Z] ... [Section 3.5 and 4] +[2021-08-10T16:38:15.508Z] ... Then the context for each component... In order to use the, in what way... For example, presentation definition supports a property... must be a LDP, one of these proof types. +[2021-08-10T16:38:39.950Z] ... So when a verifier says what they want, they say ... the proof types they want. +[2021-08-10T16:38:52.542Z] ... The context constrains some of the layers, so that we have better interop in v0.1 +[2021-08-10T16:39:33.857Z] ... Similarly, we say we need a frame. JSON Schema for Presentation Exchange doesn't allow arbitrary properties. So in addition to requiring a frame object, we say, since the presentation definition is a different spec handled by a different group, we say here is the JSON Schema you can use to validate the presentation definition. +[2021-08-10T16:39:43.412Z] See also https://github.com/w3c-ccg/vc-http-api/blob/main/holder.yml#L120 +[2021-08-10T16:39:43.900Z] dropping thank you +[2021-08-10T16:39:47.664Z] ... Identical to for a regular presentation definition, but with a frame object. +[2021-08-10T16:40:39.300Z] ... This reflects our general tactic of relying on other specs but pulling information into this spec so we don't have to rely on them... We've started the process of adding a frame property - first step to constructing one deterministically from the input descriptors - that conversation is starting, but we didn't want to wait for it in order to let it be usable. +[2021-08-10T16:40:56.672Z] ... Similar for DIDComm... Must need a service property. Supporting routing keys. +[2021-08-10T16:41:15.130Z] ... Much of this language taken wholesale from the DIDComm v2 spec, which is under development; we didn't want to wait for that spec to finish. +[2021-08-10T16:41:38.011Z] ... It's possible that in time we will be able to say, just use DIDComm, and minimize that section. But for now... pulling that in. +[2021-08-10T16:41:56.796Z] ... One thing where feedback is appreciated is in examples; we try to make them as real-world as possible +[2021-08-10T16:42:21.295Z] ... Let us know if the examples don't make sense +[2021-08-10T16:42:31.571Z] ... [Section 6] +[2021-08-10T16:42:51.474Z] ... [Section 7] Interoperability profile gives steps... Generate QR code, encoding, example. +[2021-08-10T16:43:00.530Z] q+ +[2021-08-10T16:43:11.321Z] ... When it's processed, here's what could happen. Step by step: here's a QR code, request presentation message... +[2021-08-10T16:43:15.073Z] q+ to ask about interop testing approaches, etc +[2021-08-10T16:43:15.459Z] ... Finally the proof that is presented +[2021-08-10T16:43:25.608Z] ... Most of the space is taken up by the proofs. +[2021-08-10T16:43:31.709Z] ... Then the optional ACK, I got it +[2021-08-10T16:43:38.002Z] payloads in these examples can already be produced by the vc-http-api +[2021-08-10T16:43:43.117Z] today +[2021-08-10T16:43:57.959Z] ... One thing we loved about WACI is how simple and straightforward it was. We hope and feel that the elements we incorporated were a way to bring as many people into the room as possible who were already working on these things. +[2021-08-10T16:44:34.975Z] ... Specifically out of scope is deterministic rendering of the JSON-LD frame, different transports. For 0.1, trying to be constrained. Only two months overdue, which in standards world is kindof miraculous. +[2021-08-10T16:44:38.680Z] ... Started in May +[2021-08-10T16:44:47.310Z] to be fair - the blueprint was also delayed and comes out on Thursday :) +[2021-08-10T16:44:56.859Z] having regular calls that only discuss issues, really helps +[2021-08-10T16:44:58.282Z] q+ to support implement first as a great way to develop this stuff, note concerns around complexity, and (perhaps agree to top-level presentation request/response format)? +[2021-08-10T16:44:59.588Z] present+ +[2021-08-10T16:44:59.769Z] ... We think someone could take it and implement against it. If folks want to try, please try, and raise issues. +[2021-08-10T16:45:10.344Z] We are going to talk about this at DIF Interop tomorrow and consider the path to testing amongst implementations soon. +[2021-08-10T16:45:19.487Z] ... We welcome feedback, issues, folks jumping in. DIF is easy to join, for individuals especially. +[2021-08-10T16:45:34.490Z] mprorock: Thanks. Impressed with the pace of progress. +[2021-08-10T16:45:35.562Z] ack adrian +[2021-08-10T16:45:39.910Z] q? +[2021-08-10T16:45:58.351Z] repository where issues can be raised: https://github.com/decentralized-identity/waci-presentation-exchange/issues +[2021-08-10T16:46:02.067Z] Adrian: Thank you. This is a very long document, and I'm trying to wrap my head around it. I wonder if there is an appendix or summary of the absolute requirements that this is meant to fulfill. +[2021-08-10T16:46:40.357Z] My exhaustive list for high-level requirements that we are trying to work into it: Selective discloure, combining VCs into a presentation (via linked secrets or other mechanism), allowing for ZKPs, and whether can be done without DIDs. +[2021-08-10T16:46:44.490Z] Adrian you forgot works with HTTP, and supports message level encryption +[2021-08-10T16:46:56.925Z] but the rest is correct, for the most parrtt +[2021-08-10T16:46:58.059Z] ... Are these the right must-haves? Are they listed anywhere, in introduction or charter? Before getting into protocols. +[2021-08-10T16:47:34.438Z] brent: We tried to reflect those requirements in the abstract and introduction. As far as having a brief list, honestly each of the things we point to is larger than the spec. e.g. Good Health Pass blueprint +[2021-08-10T16:47:53.065Z] q? +[2021-08-10T16:47:55.934Z] q+ +[2021-08-10T16:47:56.839Z] ... We point to notes from conversations from IIW, also longer than the specification ended up being. The summary is in the spec already, rather than something we are pointing to. +[2021-08-10T16:48:07.321Z] PRs welcome Adrian :) +[2021-08-10T16:48:30.658Z] Adrian: What I'm looking at on the screen doesn't list them. Not talking about pointing to other things - the four things we must have. Are those four things the right four things, and are they listed as such in the document? +[2021-08-10T16:49:05.284Z] brent: If I recall the four things... didn't sound like anything off to me. If you would be willing to raise an issue, about putting them in the doc, I think someone might make a PR to put them in +[2021-08-10T16:49:16.600Z] Adrian: I will +[2021-08-10T16:49:28.360Z] ack orie +[2021-08-10T16:49:31.902Z] q? +[2021-08-10T16:49:42.345Z] Orie: There are two stages to the fundamental interactions between issuers, holders and verifiers. First stage: issuer to holder exchange - how the holder gets their credentials. +[2021-08-10T16:50:04.379Z] ... This flow originally was proposed for the holder to verifier part. Assuming you have credentials, how to present them to a verifier. +[2021-08-10T16:50:21.163Z] ... In particular, with the changes.... for selective disclosure +[2021-08-10T16:50:32.626Z] ... This spec is primarily for holder to verifier. +[2021-08-10T16:50:58.993Z] ... Other thing missing from your list: that the protocol works, and it uses HTTP - which we wanted so it can be testable. +[2021-08-10T16:51:00.143Z] ack mprorock +[2021-08-10T16:51:13.513Z] q+ to cover interop ttesting +[2021-08-10T16:51:19.489Z] mprorock: I wanted to ask around what are the plans for interop testing? Test suites? Implementations, Open source or otherwise? +[2021-08-10T16:51:25.170Z] ack orie +[2021-08-10T16:52:03.200Z] Orie: Right now, with the examples we have, we're about at the same places as the VC HTTP API for these endpoints. Have endpoints for conducting exchanges, have examples. +[2021-08-10T16:52:15.673Z] ... VC HTTP API doesn't have test cases for the exchange, even though the data exists. +[2021-08-10T16:52:23.510Z] ... This spec doesn't have examples(?) either +[2021-08-10T16:52:37.423Z] ... Next step is to create tests... that both of these specs support. +[2021-08-10T16:52:53.199Z] ... From the implementation, can generate interoperable test vectors. That's the next step. +[2021-08-10T16:53:04.141Z] ... Folks are working on implementing this protocol. +[2021-08-10T16:53:25.308Z] ... Integration point with VC HTTP API: I'd love to see support for these kind of exchanges supported in the VC HTTP API. +[2021-08-10T16:53:44.735Z] ... Main difference is that this spec relies on message-level encryption and is transport-agnostic, while VC HTTP API relies on transport-level encryption, and is HTTP-only. +[2021-08-10T16:54:06.544Z] ... We'd love to see an implementation that supports interoperable presentation exchange with this specification, on top of the VC HTTP API. +[2021-08-10T16:54:16.743Z] ack manu +[2021-08-10T16:54:25.632Z] q? +[2021-08-10T16:54:25.668Z] ... My hope is the next time I spend a weekend to expand the VC HTTP API, can extend it to support this specification. +[2021-08-10T16:54:31.462Z] this is not imp firstt +[2021-08-10T16:54:35.956Z] there are no imps yet. +[2021-08-10T16:54:51.876Z] manu: Hand-wringing a bit... +1 to putting it together, kudos to the editor. Some fairly deep concerns around complexity in the specification. +[2021-08-10T16:55:06.662Z] ... LD Framing is a complexity, we shoul try hard to eliminate. Ideally that complexity doesn't hit the entire ecosystem. +[2021-08-10T16:55:27.832Z] ... Same thing with JSON Schema. There are ways... don't want to impose as the first thing people step into. +[2021-08-10T16:55:39.064Z] ... Concerns about complexity, enabling the ecosystem. +[2021-08-10T16:55:39.718Z] https://w3c-ccg.github.io/vp-request-spec/#format +[2021-08-10T16:55:39.992Z] https://github.com/decentralized-identity/presentation-exchange is the place to attack the complexity (JSON Schema and JSON-LD frame) +[2021-08-10T16:56:11.806Z] ... We do have a VP Request spec, that has existed for multiple years, not documented as well as this, but exists and we have done interop with it. +[2021-08-10T16:56:21.793Z] https://w3c-ccg.github.io/vp-request-spec/#peer-to-peer +[2021-08-10T16:56:36.311Z] ^ currently does not document query by frame at all +[2021-08-10T16:56:39.117Z] ... Need to make sure that the request mechanism has the flexibility to completely eliminate LD Framing and JSON Schema. It should be an option, but should be able to use simpler query languages. +[2021-08-10T16:56:42.496Z] what is LD-framing? +[2021-08-10T16:56:49.686Z] https://www.w3.org/TR/json-ld11-framing/ +[2021-08-10T16:57:22.856Z] +1 +[2021-08-10T16:57:43.825Z] manu: Inevitable, I think we're on a collission course. VC HTTP API ... is where I think the big conflict will happen. But we need to enable ways of doing things. Typically wrong in first go-around. +[2021-08-10T16:58:01.663Z] what if folks want to swap out HTTP ? +[2021-08-10T16:58:05.144Z] ... Please focus on things to allow people to swap out components, so if people want to run DIDComm over VC HTTP API, can do that, but not default. +[2021-08-10T16:58:10.566Z] ... +1 to the work +[2021-08-10T16:58:28.652Z] +1 to integration course... +[2021-08-10T16:58:29.622Z] brent: In response, only thing I would change is that rather than being on a collision course, my naively hopeful view is that we are on an integration course. +[2021-08-10T16:58:30.713Z] we are on an integration course +[2021-08-10T16:58:32.681Z] +1 integration course +[2021-08-10T16:58:45.314Z] ... We didn't built this to complete, but because we need it now; and we hope it will integrate with the other efforts. +[2021-08-10T16:58:46.055Z] we have overlapping members that are managing this. +[2021-08-10T16:58:59.312Z] manu: +1, I believe we are operating in good faith +[2021-08-10T16:59:11.604Z] jello combo +[2021-08-10T16:59:26.702Z] mprorock: Good analogy, hopefully we wind up with a magically combined boat rather than a bunch of titantic shards. +[2021-08-10T16:59:44.241Z] ... Thanks all. Happy Tuesday +[2021-08-10T17:00:01.073Z] present+ diff --git a/2021-08-24/audio.ogg b/2021-08-24/audio.ogg new file mode 100644 index 00000000..7e72f9fc Binary files /dev/null and b/2021-08-24/audio.ogg differ diff --git a/2021-08-24/irc.log b/2021-08-24/irc.log new file mode 100644 index 00000000..870d16f0 --- /dev/null +++ b/2021-08-24/irc.log @@ -0,0 +1,205 @@ +[2021-08-24T16:01:22.191Z] present+ +[2021-08-24T16:01:22.191Z] present+ +[2021-08-24T16:01:22.192Z] present+ +[2021-08-24T16:01:22.674Z] present+ +[2021-08-24T16:01:28.711Z] present+ +[2021-08-24T16:01:29.272Z] present+ +[2021-08-24T16:01:45.523Z] Bret Jordan is here +[2021-08-24T16:02:01.657Z] present+ +[2021-08-24T16:02:05.886Z] present+ +[2021-08-24T16:02:47.939Z] present+ +[2021-08-24T16:02:52.777Z] present+ +[2021-08-24T16:03:02.422Z] present+ +[2021-08-24T16:03:16.220Z] present+ +[2021-08-24T16:04:09.531Z] present+ +[2021-08-24T16:04:40.771Z] present+ +[2021-08-24T16:05:30.188Z] I would volunteer, but can't scribe today +[2021-08-24T16:06:13.443Z] juan theres static +[2021-08-24T16:06:16.051Z] present+ +[2021-08-24T16:06:24.166Z] Scribe: by_caballero +[2021-08-24T16:06:24.166Z] Agenda: https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0359.html +[2021-08-24T16:06:36.974Z] Topic: Introductions +[2021-08-24T16:06:49.259Z] present+ +[2021-08-24T16:06:49.410Z] Wayne: announcements and reminders +[2021-08-24T16:06:55.812Z] q+ +[2021-08-24T16:07:06.031Z] https://internetidentityworkshop.com/ +[2021-08-24T16:07:08.923Z] ack Heather +[2021-08-24T16:07:26.010Z] present+ +[2021-08-24T16:07:32.195Z] Heather: update re: CCG calendar +[2021-08-24T16:07:44.588Z] ...: Tues 7Sep and Tues 14Sep will be cancelled +[2021-08-24T16:07:49.920Z] q+ to mention DID vote ending EOM +[2021-08-24T16:08:02.468Z] ...: SVIP will have an open allday event on 14Sep and we invite people to attend that +[2021-08-24T16:08:42.943Z] ack Manu +[2021-08-24T16:08:43.996Z] ... 13-15Sept there will be three allday events, and the 14th will be open to the public, with many SVIP companies presenting, and I will be moderating a panel there +[2021-08-24T16:09:07.649Z] Manu: quick reminder that the did-core specification is out for a vote before CR status is cemented +[2021-08-24T16:09:17.035Z] ... voting closes 31st of this month (tuesday next) +[2021-08-24T16:09:25.005Z] SVIP Demo Week, September 14-17: https://www.dhs.gov/science-and-technology/svip +[2021-08-24T16:09:47.198Z] ... many W3C member companies that rely centrally on DIDs have NOT VOTED yet, please get the word out and remind them +[2021-08-24T16:09:52.380Z] q? +[2021-08-24T16:09:55.682Z] ack Kaliya +[2021-08-24T16:10:03.247Z] Detailed information about the SVIP Demo week: https://www.dhs.gov/science-and-technology/svip-demo-week +[2021-08-24T16:10:19.603Z] Kaliya: IIW 12-14 October, early bird ticket price closes this week! +[2021-08-24T16:10:21.588Z] q? +[2021-08-24T16:10:37.108Z] Topic: Progress and Action Items +[2021-08-24T16:10:47.578Z] https://github.com/w3c-ccg/community/issues?q=is%3Aopen+is%3Aissue+label%3A%22action%3A+review+next%22 +[2021-08-24T16:10:47.871Z] present+ +[2021-08-24T16:10:59.781Z] DID Core vote: https://www.w3.org/2002/09/wbs/33280/did-core-pr/ +[2021-08-24T16:11:02.836Z] Wayne: Call for status update on DID:PKH and DID:TZ respectively +[2021-08-24T16:11:13.448Z] q+ to note concern. +[2021-08-24T16:12:25.355Z] ack Manu +[2021-08-24T16:12:25.957Z] Heather: We have not had resolution on whether/when DID Methods are appropriate work items for CCG, we will try for next week's meeting and/or initiate a mailing list thread +[2021-08-24T16:12:38.442Z] q+ +[2021-08-24T16:13:05.655Z] Manu: There are >100 DID Methods currently registered... are we ready for those floodgates to open? How many of those might want to co-develop or iterate here? +[2021-08-24T16:13:44.985Z] ... : I think things like did:web and did:key could be the watermark because they're already in wide shared use +[2021-08-24T16:13:45.479Z] present+ +[2021-08-24T16:13:56.789Z] q+ +[2021-08-24T16:14:05.650Z] ack Heather +[2021-08-24T16:14:16.494Z] manu: I have deep reservations that might grow into an objection +[2021-08-24T16:14:46.983Z] Heather: I share those concerns, and I think taking a breath to consider this in ecosystem terms, not just a problem/solution approach +[2021-08-24T16:14:58.778Z] did:pkh feels more "can be done in the CCG" than did:tz. +[2021-08-24T16:15:06.784Z] ...: Is there urgency in finding a venue for these work items? +[2021-08-24T16:15:22.771Z] Wayne: I think PKH is more urgent and much closer to did:key +[2021-08-24T16:15:38.625Z] +1 to did : pkh being something easier to make a decision on in CCG than did : tz +[2021-08-24T16:15:38.767Z] ...: and one proposal is even to just consider it an extension of did:key +[2021-08-24T16:16:11.640Z] heather: I will get something on paper and try for this week +[2021-08-24T16:16:22.085Z] q? +[2021-08-24T16:16:24.074Z] ack by_ +[2021-08-24T16:16:43.267Z] scribe+ +[2021-08-24T16:16:50.574Z] q+ to respond to Juan. +[2021-08-24T16:17:16.049Z] by_caballero: maybe it's about many CCG member users, drawing distinction between adoption & adoptability +[2021-08-24T16:17:17.605Z] ack Manu +[2021-08-24T16:17:32.013Z] present+ +[2021-08-24T16:18:17.506Z] manu: i think the did:pkh work sounds easier to justify because it's neutral and shared; did:tz or methods incentivized to create (or manufacture) community adoption would be in a very different category for me +[2021-08-24T16:18:46.861Z] ... to me a blockchain-specific did method should be out of scope for CCG categorically +[2021-08-24T16:18:48.282Z] q? +[2021-08-24T16:18:50.560Z] thanks manu! +[2021-08-24T16:19:21.588Z] Topic: Bret Jordan's introduction to the JWS/CT draft spec at IETF +[2021-08-24T16:19:55.169Z] Bret: Broadcom, CTO's office, lots of IETF and ITU work under my belt +[2021-08-24T16:20:01.359Z] Just to be clear, the chairs will discuss the CCG scope prior to sharing our recommendations with the community via the mailing list. So the leadership team will discuss next week, we will not discuss it in the main CCG call. +[2021-08-24T16:20:04.848Z] ... not much W3C yet but that can change! +[2021-08-24T16:20:31.530Z] ... here to talk about our draft spec +[2021-08-24T16:20:32.373Z] https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ +[2021-08-24T16:21:02.844Z] Bret: We've done some work to enable JSON signatures to be more usable for developers +[2021-08-24T16:21:18.062Z] present+ +[2021-08-24T16:21:22.417Z] ... many people in the cryptographic/infrastructure community are pushing for a whole-industry move to CBOR +[2021-08-24T16:21:46.739Z] ... but JSON is so entrenched in Web2 and there are ways we can improve it and secure it without requiring a major shift +[2021-08-24T16:22:25.959Z] ... basically we combined detached signatures and the JCS canonicalization to allow signing over clear text +[2021-08-24T16:23:21.494Z] ... passing JSON data across boundaries, even large datasets, with signatures is good, but it's hard to get signatures into the JWS standard as specified +[2021-08-24T16:24:07.572Z] present+ +[2021-08-24T16:24:16.988Z] ... being able to sign objects in clear text, concatenate signatures or countersign, etc are all features that can't really be done in JWT in its basic form +[2021-08-24T16:25:07.353Z] ... for example, the I-JSON profile (which is basically almost all JSONs used) was our starting point, so rules +[2021-08-24T16:25:18.866Z] ... like no two identical keys, no arbitrary headers, etc +[2021-08-24T16:25:55.985Z] ... (slide showing the components of a standard JWS: header.payload.sig, or, in detached mode, header..sig (payload detached) +[2021-08-24T16:26:26.155Z] ... simple RAW header like {"alg":"RS256"} +[2021-08-24T16:27:20.358Z] ... example JWS in base64 with .s ; JWS was designed for authorization tokens, not for signing data +[2021-08-24T16:27:59.627Z] present+ +[2021-08-24T16:27:59.654Z] ... another starting point was an earlier RFC that all of us worked on, the JCS scheme (RFC-8785) +[2021-08-24T16:28:47.953Z] ... canonicalizes and stringifies JWTs into a valid JSON object with none of the whitespace and prettiness +[2021-08-24T16:29:20.561Z] ... steps in JWS/CT signing: +[2021-08-24T16:29:34.474Z] ... 1 create a JSON object, maybe even a very big one +[2021-08-24T16:29:50.953Z] ... 2 canonicalize to a string, using a library or a home-rolled canonicalization function +[2021-08-24T16:30:36.715Z] ... 3 base64 that canonicalized string (any ol' JWS library will produce the same string for payload) +[2021-08-24T16:30:55.359Z] ... 4 sign, then attach headers and signature object (both base64'd ) +[2021-08-24T16:31:25.479Z] ... note: multiple signatures, metadata that can be attached to that signature string (i'll show examples of that later) +[2021-08-24T16:31:59.965Z] ... verification steps +[2021-08-24T16:32:28.349Z] ... 1 : parse the object --> header, [payload,] signature +[2021-08-24T16:32:52.896Z] ... 2 base64 decode signature +[2021-08-24T16:33:04.435Z] ... 3 fetch payload +[2021-08-24T16:33:21.541Z] ... 4 canonicalize, compare to base64 version +[2021-08-24T16:33:38.115Z] ... (scribe note: i may have bungled that last bit, check slides if you have them) +[2021-08-24T16:33:51.117Z] ... path forward +[2021-08-24T16:34:04.292Z] q+ to make a few comments / ask a few questions. +[2021-08-24T16:34:18.409Z] ... at IETF, we recently presented this to dispatch and sec-dispatch and asked it move forward through independent publication path +[2021-08-24T16:34:42.011Z] q+ relation to draft-erdtman-jose-cleartext-jws +[2021-08-24T16:34:42.630Z] ... some people were pulling for a new WG, but others wanted to publish it as-is and it's now in the IETF editor's queue +[2021-08-24T16:34:57.875Z] ... you can look at it here +[2021-08-24T16:34:59.820Z] https://datatracker.ietf.org/doc/draft-jordan-jws-ct/ +[2021-08-24T16:35:25.993Z] Bret: forward path is to start working on a further spec after this is published +[2021-08-24T16:35:49.586Z] ... that describes the signature object being stored in plain text +[2021-08-24T16:36:12.469Z] ... Anders has worked on related stuff for webPKI and banking contexts (plaintext signature) +[2021-08-24T16:36:26.481Z] ... we've also worked on related work at OASIS in the security playbook WG +[2021-08-24T16:36:51.651Z] ... , where we are particularly interested in signature metadata that exposes signatures to graph analysis +[2021-08-24T16:37:10.969Z] ... so for us, this cleartext RFC is the second of three RFCs that build on each other +[2021-08-24T16:37:23.721Z] q? +[2021-08-24T16:37:23.832Z] q+ +[2021-08-24T16:37:26.474Z] ack manu +[2021-08-24T16:37:28.497Z] ... i should break for questions now +[2021-08-24T16:37:51.140Z] manu: this is fantastic stuff, thank you for bringing this! +[2021-08-24T16:38:05.709Z] ... my first question is have you looked at the linked data proof signature work? i see a lot of similarities +[2021-08-24T16:38:16.430Z] https://w3c-ccg.github.io/ld-proofs/ +[2021-08-24T16:38:29.517Z] Bret: I have looked it briefly and, tbh, less closely than Anders, who couldn't be here +[2021-08-24T16:38:48.739Z] q+ to note similarities and where we are -- work started in 2015, W3C group to move it forward, etc. +[2021-08-24T16:38:56.674Z] ... I got involved on the JCS side to edit and promote the work already done and get traction for it +[2021-08-24T16:39:01.357Z] present+ +[2021-08-24T16:39:14.104Z] q? +[2021-08-24T16:39:15.043Z] ... and i can see shared goals and problems +[2021-08-24T16:39:25.302Z] q+ Kim +[2021-08-24T16:39:57.042Z] cel: i was looking at the earlier draft from 2018 and was wondering what changed over 2 years and 4 drafts +[2021-08-24T16:40:53.600Z] q? +[2021-08-24T16:40:56.345Z] ack cel +[2021-08-24T16:40:58.284Z] ack agropper +[2021-08-24T16:41:06.890Z] Bret: Anders had all this WebPKI and banking experience and problems to solve, I had my cyberthreat intelligence and cybersec playbook and broadcom problems that I brought to the table... +[2021-08-24T16:41:22.253Z] ... and yeah, it's evolved a bit but mostly for clarity, not major changes in approach +[2021-08-24T16:41:28.853Z] Adrian: I have a question for the group +[2021-08-24T16:41:42.406Z] ... about expectations about signatures +[2021-08-24T16:41:44.202Z] present+ +[2021-08-24T16:42:24.846Z] q+ to ask for link to slidedeck and/or dispatch to mailing list (or github associated with minutes?) for permanent archive +[2021-08-24T16:42:42.307Z] q? +[2021-08-24T16:42:46.361Z] ... but I'm wondering how directly the end-user can interact with signatures; is this a form of signature verification that is optimized to live in a wallet, a browser, or a third place? +[2021-08-24T16:42:50.774Z] ack Manu +[2021-08-24T16:43:25.967Z] Manu: I like the solution, there's 80% overlap with the LDP work IMHO, and there's a W3C working group trying to standardize that further +[2021-08-24T16:44:01.805Z] ... and the delta between what W3C is trying to push forward and what you're proposing are close enough that I think aligning might avoid major incompatibility that differ minorly +[2021-08-24T16:44:37.268Z] alignment wouldn't be a super huge lift.. there'd need to be a field specifying the canonicalization algorithm (not assuming JCS) +[2021-08-24T16:44:43.222Z] Bret: I think there is definitely an place for alignment! our current draft is somewhat backwards-looking +[2021-08-24T16:44:55.467Z] ... and oriented towards doing what can be done without any breaking changes or new tooling +[2021-08-24T16:45:07.002Z] q? +[2021-08-24T16:45:15.660Z] ... whereas our next draft (3rd in the series) would be a great place to align with the LPD work on what goes into those clear-text signature objects +[2021-08-24T16:45:17.605Z] ack Kim +[2021-08-24T16:45:18.732Z] q? +[2021-08-24T16:45:22.594Z] q+ +[2021-08-24T16:45:38.536Z] potentially also a field specifying the path to target obj instead of assuming direct parent of "signature" property is it +[2021-08-24T16:45:50.861Z] +1 +[2021-08-24T16:46:01.560Z] Kim: I want to come back to a difference with LDP +[2021-08-24T16:46:05.409Z] present+ +[2021-08-24T16:46:33.044Z] q+ to ask how JOSE core architects responded to "canonicalization". +[2021-08-24T16:46:39.966Z] ...: specifically, the design constraint that no "weird new standards" or changes to envelopes or standard tooling really spoke to me +[2021-08-24T16:47:12.912Z] ...: because we have had a lot of problems with @Context and other things that don't quite fit the model of existing systems +[2021-08-24T16:47:39.587Z] present+ +[2021-08-24T16:48:16.788Z] Bret: I think my approach was informed by years in the stix and taxii communities , walking the floor of RSA and speaking to 100s of CTOs +[2021-08-24T16:48:46.183Z] ... and the resounding feedback from all of them was "no new things, we can add a library but not replace old ones" +[2021-08-24T16:49:36.399Z] q? +[2021-08-24T16:49:39.924Z] ack TallTed +[2021-08-24T16:49:41.517Z] ... we have been testing it with streams, with multi-GB JSON files, and have gotten this to work without disqualifying anyone's data models or requiring any profile more restrictive than ijson +[2021-08-24T16:49:59.257Z] tallted: i wanted to ask for the slide deck be linked or added to the archive space +[2021-08-24T16:50:32.407Z] q? +[2021-08-24T16:50:47.194Z] ack by_c +[2021-08-24T16:51:52.351Z] bret: again, this spec is just a stepping stone; we've already started working on the draft of the signature metadata +[2021-08-24T16:52:09.920Z] ... but won't publish a draft until this is out of the editor's queue +[2021-08-24T16:52:21.555Z] ... here is an example of the signature block (screenshares) +[2021-08-24T16:52:56.390Z] ... I want to hear from this community what properties should go into this signature block +[2021-08-24T16:53:08.450Z] ... this draft establishes possibilities +[2021-08-24T16:53:13.722Z] ack Manu +[2021-08-24T16:54:02.802Z] Manu: I want to reiterate that the LDP group at W3C is forming to decide and propose exactly what you're asking-- the potential (optional and mandatory) contents of the signature block +[2021-08-24T16:54:31.371Z] ... and I was curious about the canonicalization issue +[2021-08-24T16:54:53.510Z] ... which lots of people push back on (the "don't you remember XMLSignatures?" crowd) +[2021-08-24T16:55:12.039Z] ... is canonicalization with support possible? +[2021-08-24T16:55:53.025Z] Bret: We took the JCS spec to the JOSE WG and BoF meetings, and people kept saying no no no use CBOR instead, abandon hope all ye who would canonicalize +[2021-08-24T16:56:08.821Z] ... but coming back with benchmarked, performant working code changed the conversation a bit +[2021-08-24T16:56:31.235Z] ... and so did litigating over and over again that XML's problems were not in [I-]JSON +[2021-08-24T16:56:54.814Z] ... there is a reason almost no one uses JSON that isn't I-JSON; canonicalizing I-JSON was a lot easier +[2021-08-24T16:57:04.744Z] ... and publishing it independently also helped +[2021-08-24T16:57:25.058Z] q? +[2021-08-24T16:57:29.292Z] ... although 1/3 of the people in the dispatch group is starting to see value here +[2021-08-24T16:57:37.390Z] q+ to say we're very interested in supporting the owrk +[2021-08-24T16:57:39.751Z] ... and did their humming thing +[2021-08-24T16:57:59.494Z] ... so, not quite enough to form a WG but enough to say there's real support, and close to WG critical hum mass +[2021-08-24T16:58:40.201Z] ... I used to tell Anders that our goal was handing this to a product manager, whose architect could assess it as a weekend's work +[2021-08-24T16:58:52.997Z] ack Manu +[2021-08-24T16:58:58.734Z] q+ +[2021-08-24T16:59:00.172Z] ... we have been getting traction by trying to keep the spec "weekendy" and not worrying too much about critical mass in the IETF +[2021-08-24T16:59:31.125Z] Manu: Let me just say explicitly that we are very supportive of this work and looking to contribute. I've been working with Anders for a decade, and I know how hard it's been to get this work this far +[2021-08-24T16:59:48.070Z] ack Wayne +[2021-08-24T17:00:00.891Z] Bret: I think this would be very valuable to the market and enable so many interesting new possibilities +[2021-08-24T17:00:02.248Z] +1 to that +[2021-08-24T17:00:34.145Z] Wayne: One note I will make is that canonicalization has enabled clear text signatures and we are happy to see that pattern repeated +[2021-08-24T17:00:38.841Z] thanks all diff --git a/2021-11-30/irc.log b/2021-11-30/irc.log index 5ad1ee93..8fd5552b 100644 --- a/2021-11-30/irc.log +++ b/2021-11-30/irc.log @@ -19,9 +19,8 @@ [2021-11-30T17:03:29.523Z] present+ [2021-11-30T17:03:32.594Z] present+ [2021-11-30T17:03:48.803Z] Heather: Intro, continuation of 9/28 CCG Call and IIW sessions led by our guest, Andrew Hughes (Ping Identity) -[2021-11-30T17:04:19.369Z] ...: one set of questions we didn't have time for the last time this topic was discussed was the backstory of ISO WG decision-making and timelines +[2021-11-30T17:04:19.369Z] ... one set of questions we didn't have time for the last time this topic was discussed was the backstory of ISO WG decision-making and timelines [2021-11-30T17:04:22.309Z] did jitsi break audio in latest chrome? -[2021-11-30T17:04:26.051Z] s/...:/.../ [2021-11-30T17:04:51.614Z] present+ [2021-11-30T17:05:18.082Z] heather: manu sent out an email about VC-mDL vocab recently, and i assume we will have time for that in Q&A without upstaging or stealing time from the main event [2021-11-30T17:05:36.326Z] andrew: sgtm @@ -122,13 +121,12 @@ [2021-11-30T17:34:45.815Z] andrew: Requests and responses (protocol work) [2021-11-30T17:34:54.334Z] sure [2021-11-30T17:34:54.405Z] ... sidenote: uL presented on this to CCG in detail -[2021-11-30T17:35:31.112Z] ... multiple documents and namespaces allowed in a single request/response +[2021-11-30T17:35:31.112Z] ... multiple documetns and namespaces allowed in a single request/response [2021-11-30T17:35:49.938Z] ... but mDL (18013-5) is one such document type and namespace -[2021-11-30T17:36:24.654Z] ... (for the international DLs); AMVA has added an additional namespace for state-level data models/overlays -[2021-11-30T17:36:41.494Z] Adrian, can you mute yourself please? -[2021-11-30T17:36:42.100Z] ... s/AMVA/AAMVA/* +[2021-11-30T17:36:24.654Z] ... (for the international DLs); AAMVA has added an additional namespace for state-level data models/overlays +[2021-11-30T17:36:41.494Z] Adrian,can you mute yourself please? [2021-11-30T17:37:16.469Z] Andrew: although there are many private and state-level stakeholders, decision process has largely focused on NATIONAL scale -[2021-11-30T17:37:34.954Z] ... motivations (IMHO and not my employers') +[2021-11-30T17:37:34.954Z] ... motiviations (IMHO and not my employers') [2021-11-30T17:38:11.274Z] ... issuer-centric (i.e. state drivers' bureaus); issuance definition deferred [2021-11-30T17:38:46.004Z] ... identification document was a secondary consideration, which happened in a later stage of the design after core drivers' licensing use-cases were fleshed out [2021-11-30T17:40:08.925Z] Andrew: Contextualizing the adoption path and likely future of the spec: too issuer-centric to get widespread private sector uptake; not web-native enough to get widespread web uptake; co-existence with more web-native standards like VC seems a realistic hope to hold, imho diff --git a/2021-12-14/group.txt b/2021-12-14/group.txt new file mode 100644 index 00000000..5bca5166 --- /dev/null +++ b/2021-12-14/group.txt @@ -0,0 +1 @@ +Credentials CG diff --git a/2021-12-14/irc.log b/2021-12-14/irc.log new file mode 100644 index 00000000..6fe2e8e2 --- /dev/null +++ b/2021-12-14/irc.log @@ -0,0 +1,187 @@ +[2021-12-14T17:00:31.379Z] present+ +[2021-12-14T17:00:32.576Z] present+ +[2021-12-14T17:00:40.999Z] present+ +[2021-12-14T17:00:47.090Z] present+ +[2021-12-14T17:00:51.870Z] present+ +[2021-12-14T17:00:59.785Z] present+ +[2021-12-14T17:01:09.133Z] present+ +[2021-12-14T17:01:17.326Z] present+ +[2021-12-14T17:01:17.531Z] present+ +[2021-12-14T17:01:25.560Z] present+ +[2021-12-14T17:01:36.580Z] Hey all, just giving folks time to join - several people coming from other meetings +[2021-12-14T17:02:03.708Z] present+ +[2021-12-14T17:02:06.094Z] present+ +[2021-12-14T17:02:13.185Z] present+ +[2021-12-14T17:02:39.705Z] present+ +[2021-12-14T17:02:52.376Z] last week i did not have audio. it appears i don't have audio again. +[2021-12-14T17:02:55.433Z] present+ +[2021-12-14T17:03:08.010Z] @rgrant same +[2021-12-14T17:03:24.196Z] chrome issue depending on version of chrome +[2021-12-14T17:03:33.843Z] present+ +[2021-12-14T17:03:34.792Z] present+ +[2021-12-14T17:03:39.115Z] present+ +[2021-12-14T17:03:53.114Z] present+ +[2021-12-14T17:04:05.610Z] firefox should be working ok on audio +[2021-12-14T17:04:18.402Z] present+ +[2021-12-14T17:04:20.291Z] present+ +[2021-12-14T17:04:21.787Z] Jitsi does so many weird things... Anyone with no audio (*not* just in Chrome), try dropping and rejoining a time or three. It took me 3 joins to have Jitsi Meet.app recognize that it had mic, camera, and speaker permissions. +[2021-12-14T17:04:21.790Z] present+ +[2021-12-14T17:04:24.340Z] present+ +[2021-12-14T17:05:02.294Z] present+ +[2021-12-14T17:05:09.731Z] https://lists.w3.org/Archives/Public/public-credentials/2021Dec/0053.html +[2021-12-14T17:05:49.806Z] present+ +[2021-12-14T17:06:02.671Z] present+ +[2021-12-14T17:06:05.122Z] present+ +[2021-12-14T17:06:46.121Z] present+ +[2021-12-14T17:07:08.004Z] anyone spoke yet? or am i having an audio issue? +[2021-12-14T17:07:13.952Z] https://www.w3.org/community/credentials/join +[2021-12-14T17:07:26.447Z] present+ +[2021-12-14T17:07:30.109Z] present+ +[2021-12-14T17:07:35.493Z] there are a few folks having audio issues +[2021-12-14T17:07:36.366Z] present+ +[2021-12-14T17:07:40.531Z] Harrison - some jitsi issues with audio +[2021-12-14T17:07:45.801Z] present+ +[2021-12-14T17:07:55.066Z] present+ +[2021-12-14T17:07:59.838Z] You have to not use chrome +[2021-12-14T17:08:01.410Z] present+ +[2021-12-14T17:08:12.602Z] present+ +[2021-12-14T17:08:13.571Z] you're good +[2021-12-14T17:08:13.968Z] reccommend trying Firefox +[2021-12-14T17:08:14.127Z] I can hear you +[2021-12-14T17:08:17.220Z] yes +[2021-12-14T17:08:17.510Z] present+ +[2021-12-14T17:08:17.726Z] now that i am off chrome +[2021-12-14T17:08:37.563Z] sure +[2021-12-14T17:08:53.981Z] present+ +[2021-12-14T17:09:02.290Z] Chris_Abernethy_(mesur.io): US phone: +1 602 932 2243 x1 +[2021-12-14T17:09:03.371Z] scribe+ +[2021-12-14T17:09:17.934Z] Mike: introductions and re +[2021-12-14T17:09:34.287Z] .... Announcements +[2021-12-14T17:09:39.896Z] q+ +[2021-12-14T17:10:01.723Z] mike: last meeting of the year +[2021-12-14T17:10:19.703Z] present+ +[2021-12-14T17:10:27.413Z] q- +[2021-12-14T17:10:52.403Z] q+ to add topic ask for pointers to Jitsi infrastructure repository +[2021-12-14T17:10:56.335Z] scribe aside: was just going to announce that this week did-pkh IS meeting and apologies to TalLTed for not getting it into the CCG calendar sooner +[2021-12-14T17:10:59.544Z] https://github.com/w3c-ccg/did-pkh/blob/main/did-pkh-method-draft.md +[2021-12-14T17:11:21.812Z] brent: update from did-core wg and w3c ac +[2021-12-14T17:11:37.355Z] present+ +[2021-12-14T17:11:49.779Z] present+ +[2021-12-14T17:11:53.667Z] is there audio? +[2021-12-14T17:12:02.682Z] present+ +[2021-12-14T17:12:12.865Z] audio issue in chrome at a minimum - Firefox appears to be working +[2021-12-14T17:12:40.541Z] present+ +[2021-12-14T17:12:44.129Z] brent: director has stepped down at a time and now the W3C is transitioning to a directorless, more autonomous org +[2021-12-14T17:13:12.834Z] q? +[2021-12-14T17:13:16.977Z] present+ +[2021-12-14T17:13:24.304Z] ... leaving the advisory board and TAG to form an advisory COUNCIL that will advise on this issue +[2021-12-14T17:13:26.898Z] present+ +[2021-12-14T17:13:54.664Z] @rgrant - i think manu has the best set of links re jitsi +[2021-12-14T17:13:57.867Z] ... and latest communications are saying hopefully by feb there will be an AC formed and ready to advise +[2021-12-14T17:14:13.110Z] q+ to add to some other options on DID Core FOs. +[2021-12-14T17:15:03.861Z] q+ on jitsi upgrades over holidays. +[2021-12-14T17:15:13.114Z] ack rgrant +[2021-12-14T17:15:18.023Z] ack manu +[2021-12-14T17:15:20.288Z] q? +[2021-12-14T17:16:02.063Z] manu: postscript: W3C recommendation debate is not confidential or members-only, we're allowed to discuss with nonmembers +[2021-12-14T17:16:34.322Z] ... the "nuclear option" of a flat vote/plebiscite is being floated +[2021-12-14T17:17:32.706Z] present+ +[2021-12-14T17:17:42.100Z] ... and allegations of bad faith are leading some to consider a plebiscite poll or in parallel to the AC process; the director's opinion could be seen as just 1 of 3 inputs +[2021-12-14T17:18:12.147Z] present+ +[2021-12-14T17:18:16.587Z] ... and could be put in a sealed envelope while the other 2 come in; formal objection council is a 2nd, 3rd is advisory council (reps 400+ companies) +[2021-12-14T17:19:12.636Z] ... parallelizing these three inquests is definitely possible; someone, any member, could propose this in AC, +[2021-12-14T17:19:53.989Z] +1 on arguments seem to be being made in good faith. +[2021-12-14T17:20:09.721Z] q? +[2021-12-14T17:20:18.535Z] q- +[2021-12-14T17:20:25.365Z] mike: I just want to reiterate that many observers, myself included, see no evidence of bad-faith argumentation; conversation sometimes rabbitholes down unproductive side-topics but on the main/net seem to be driven by good-faith positions +[2021-12-14T17:22:09.370Z] Topic: Main event, guest Eric Siow from Intell +[2021-12-14T17:23:13.053Z] ESiow: I want to give an overview of W3C and its history and future +[2021-12-14T17:23:31.371Z] ... I have joined Advisory Board and have helped in particular with financial planning and long view +[2021-12-14T17:23:50.988Z] ... and I want to emphasize I'm speaking from a personal perspective and not representing the org I am giving my interpretation about +[2021-12-14T17:24:41.814Z] ... When Tim founded the w3c it was a very different world; it's not a baby any more. Tim has not been very active in the org for many years now +[2021-12-14T17:25:04.836Z] present+ +[2021-12-14T17:25:55.895Z] ... W3C is not a single legal entity, actually; in each country, you are not writing checks to W3C when you pay dues, but to stewards (mostly universities); the W3C staff technically work for those orgs +[2021-12-14T17:26:39.551Z] ... There are four different sets of books, four different fiscal years, etc; making W3C function as a single org across this underlying organizational federation has been a real challenge. +[2021-12-14T17:27:21.451Z] ... Similarly, we aren't really one community. Each member and sub-community is driven by different business urgencies and organized around different shared values +[2021-12-14T17:27:34.936Z] ... the Centralized/decentralized stress fracture within the membership is causing me a lot of concern +[2021-12-14T17:28:41.329Z] ... I am more concerned about how we make community-wide decisions without a director than I am about this particular decision +[2021-12-14T17:29:29.564Z] ... Borrowing from judicial governance, I think we are trying to figure out what the "law of the land" is here, and bracket member agendas and feelings (and sub-community values) as much as possible +[2021-12-14T17:29:53.144Z] ... the difficulty here is in finding shared the principles and framing that can be the most objective +[2021-12-14T17:30:36.715Z] ... the council has to be consistent here and base its decisions squarely on principles +[2021-12-14T17:31:56.722Z] q? +[2021-12-14T17:32:17.597Z] ... Stepping back a little, though, there is also a real question of innovation here; how the principles can reflect a changing membership and its fissures and divergence of values +[2021-12-14T17:33:37.075Z] ... When I first joined, David Singer from Apple worked closely with me to find a model for fundraising and organizational restructuring that would keep the AC objective and with all the same member rights (voting on specs, etc) +[2021-12-14T17:34:39.013Z] ... but creating a sponsorship mechanism with a few additional privileges has created a lasting misinterpretation that W3C is a "pay to play" organization +[2021-12-14T17:35:28.310Z] ... We need to make clear that the Board handles (and ONLY handles) management of finance, oversight, and high-level org'z'l , HR, and strategic issues, nothing that touches specification +[2021-12-14T17:36:46.393Z] present+ +[2021-12-14T17:37:09.220Z] present+ +[2021-12-14T17:37:17.818Z] ... for ex., if Intel is going to step up, i would need to go to my management and explain what we get out of sponsorship versus the 77K/yr we already pay for membership +[2021-12-14T17:37:35.584Z] present+ +[2021-12-14T17:37:52.545Z] ... and that's a hard sell, since it gives no additional benefit on the standardization work, only financial oversight/stewardship of the org +[2021-12-14T17:38:25.142Z] present+ +[2021-12-14T17:38:35.430Z] Wow, yeah, that is really sad to state it that way, W3C is living hand to mouth. +[2021-12-14T17:38:40.046Z] ... and the W3C is still living hand to mouth after all these years; in the last major stock market downturn, w3c had to get bailed out by the internet society. the problem isn't no money, it's no structural resilience +[2021-12-14T17:39:08.255Z] present+ +[2021-12-14T17:39:11.534Z] ... and we made a commitment to the internet society to implement some structural changes +[2021-12-14T17:41:01.297Z] ... the model of sponsors stepping up and "spinning up" an autonomous org (leaving behind the host orgs) hasn't really panned out; it's looking like sticking to the four-hosts model is safer, and more in line with the expectations of the internet society +[2021-12-14T17:41:40.920Z] present+ +[2021-12-14T17:41:54.621Z] ... in my past, i've raised a lot of money, and I really don't think that's the biggest issue here; politics is making it hard here, it's all quite complicated +[2021-12-14T17:42:22.487Z] ... i am very worried that it will be too hard to inspire confidence and cement commitments from these sponsors +[2021-12-14T17:42:46.933Z] ... because the governance and politics make it nebulous and uncertain from their point of view +[2021-12-14T17:42:47.460Z] Thank you Eric! +[2021-12-14T17:43:10.295Z] what a great presentation, thank you. +[2021-12-14T17:43:12.507Z] q+ +[2021-12-14T17:43:27.211Z] q+ to ask about a shift from informal/cooperative AC member votes, in FOs, to adversarial due process (rules of evidence, outline of topics like a court brief) +[2021-12-14T17:43:37.093Z] ack Heather +[2021-12-14T17:43:46.252Z] Mike: Thanks for this presentation, it's very timely as people +[2021-12-14T17:44:01.180Z] ... are lately a little unclear on what the best home is for certain work that spans many domains +[2021-12-14T17:44:04.192Z] if the politics / funding fails - IYO what then? +[2021-12-14T17:44:26.646Z] Heather: Thanks for this presentation, and I share your concern for the organizational issues +[2021-12-14T17:44:28.240Z] present+ +[2021-12-14T17:45:41.104Z] ... how do we get more perspectives into the W3C that help the organizational issues +[2021-12-14T17:45:56.773Z] ... and reduce unintended consequences +[2021-12-14T17:46:11.114Z] well stated heather +[2021-12-14T17:46:17.305Z] q? +[2021-12-14T17:47:01.331Z] q+ Have you considered alternative legal forms? e.g a multi-stakeholder co-operative with a broad base? +[2021-12-14T17:47:56.226Z] ESiow: Before my 15 years at intell, i worked over 2 decades in banking and finance and consortium-governance +[2021-12-14T17:49:17.139Z] I love this Eric. +[2021-12-14T17:49:20.834Z] ... I am not an engineer, and I have been working both in Intel and at W3C to align incentives and business cases to build consortia and collaborations that are reasonably stable and built on firm commitments to rollouts and production timelines +[2021-12-14T17:50:23.493Z] ... we are having a harder time with the commitments and the definition of success than the R&D; i want the W3M to set fewer goals and hit more of them +[2021-12-14T17:50:47.091Z] q? +[2021-12-14T17:51:54.148Z] ... There are many ways to foster these kinds of conversations +[2021-12-14T17:52:02.764Z] +1 WOT +[2021-12-14T17:52:36.310Z] yes, +1 to WOT +[2021-12-14T17:52:41.077Z] surveillance city more like it +[2021-12-14T17:53:00.760Z] its called "improving user experience" when it happens in a browser ; ) +[2021-12-14T17:53:17.776Z] ... I've been working with a brilliant engineer at Intel from the Web of Things group, which includes Siemens and W3M, to hone a scope that can be effective in researching what specs would be adopted if written by this kind of group +[2021-12-14T17:53:19.539Z] lol @orie +[2021-12-14T17:53:54.851Z] surveillance is potential WOT downside. but if it's my house of things that are keeping *me* up to date on their status, like fire alarm going off, like fuel tank empty, like water pressure lost... those are potential WOT upsides +[2021-12-14T17:54:09.572Z] ... starting from more centralized states and governments that have the kind of city governance that could commit long-term and participate in the design process that drives specification +[2021-12-14T17:55:40.081Z] ... but back to the question of how to foster good conversations, i think it's a combo of bottoms-up (from engineers and product leaders) and top-down (from the advisory board and W3C leadership) +[2021-12-14T17:55:50.676Z] ack rgrant +[2021-12-14T17:56:08.819Z] q? +[2021-12-14T17:57:12.435Z] rgrant: WRT the FO process, I think it's an open question how much process is appropriate when moving away from director-focused processes +[2021-12-14T17:58:10.066Z] ... I can't find the link but I remember reading somewhere that the process shouldn't be too adversarial or formalized/legalistic, yet I see pros and cons to both ends of this spectrum and i'm curious to hear more about that +[2021-12-14T17:59:16.400Z] my question is not about specific principles, but due process. +[2021-12-14T17:59:26.388Z] ESiow: Maybe I should caveat my earlier analogy to legal processes; I don't think a principles-based process necessarily needs to be a legalistic or philosophical debate; the principles should serve as guidelines +[2021-12-14T17:59:56.314Z] ... a recent question was whether a stance on global warming is a consistent principle; i'd like to see a minimization of conflicts being elevated to the AC +[2021-12-14T18:00:39.940Z] rgrant: are you saying that people need to talk more and earlier so that less things end in FOs? +[2021-12-14T18:00:56.569Z] juancaballero: no i'm not saying that. i'm hearing that +[2021-12-14T18:01:22.889Z] ESiow: Yes, but that earlier talk wouldn't prevent FOs unless there were agreed upon principles +[2021-12-14T18:01:35.464Z] q? +[2021-12-14T18:01:42.842Z] ack Nick +[2021-12-14T18:02:03.059Z] Have a follow-up call, thanks for the presentation. +[2021-12-14T18:02:41.344Z] Nick_Meyne: Coming from a background in multi-stakeholder cooperative; is that kind of org a possible fit for W3C? +[2021-12-14T18:03:05.420Z] ESiow: I have looked at that, for fundraising and otherwise; +[2021-12-14T18:03:31.193Z] Thank you Eric. This was a great session. Thanks also to Mike for setting it up! +[2021-12-14T18:03:52.725Z] ... one way of raising more money is just to raise fees, for ex.; the logical pushback was that doubling fees would greatly reduce number of members, possibly enough to nullify the additional revenue; +[2021-12-14T18:04:30.782Z] Thanks all, I have another call. Really great session. +[2021-12-14T18:04:47.844Z] ... moving to a more co-op structure might have good consequences in the long term, but it wouldn't help our more immediate problems, which include gaining confidence from the sponsors +[2021-12-14T18:04:49.252Z] thanks heather! +[2021-12-14T18:06:21.566Z] Mike: Thanks for this, and important to note that many of the most active members of this CG are startups that are grateful for the wide memberhsip base and low fees compared to other standardization orgs +[2021-12-14T18:06:25.624Z] Thank you Eric, for the candor and your perceptions about prioritizing core issues the W3C needs to address. +[2021-12-14T18:07:06.348Z] ESiow: Intel is not a browser vendor, our strategic goal is to preserve a broad-based org where everyone can meet +[2021-12-14T18:07:27.871Z] Happy holidays everyone! +[2021-12-14T18:07:41.331Z] Mike: Thanks all, we'll see everyone next year! +[2021-12-14T18:07:41.670Z] happy holidays +[2021-12-14T18:07:43.689Z] Thank you!! \ No newline at end of file diff --git a/scribe-tool/people.json b/scribe-tool/people.json index cd1ea9ca..7408dbbb 100644 --- a/scribe-tool/people.json +++ b/scribe-tool/people.json @@ -1585,6 +1585,8 @@ "homepage": "https://www.linkedin.com/in/mkhraishi/" }, "Chris Kelly": { + + "alias": ["chris_kelly", "Chris_Kelly", "Chris_Kelly_(DIF)"], "homepage": "https://learningproof.xyz/" }, "Evan Tedesco": { @@ -1629,6 +1631,12 @@ ], "homepage": "https://www.linkedin.com/in/mjkuo/" }, + "Eric Siow": { + "alias": [ + "ESiow" + ], + "homepage": "https://www.linkedin.com/in/esiow/" + }, "Timothy Summers": { "alias": [ "Timothy_Summers", "timothy_summers"