W3C

- DRAFT -

Credentials TPAC breakout

28 Oct 2015

See also: IRC log

Attendees

Present
Regrets
Chair
manu
Scribe
yaso

Contents

A Path Toward A Credentials WG at W3C

<dezell> scribe: yaso

m4nu: the spec is called Identity credentials spec, it's a working title
... some examples of credentials: driver's license, etc.. this are all examples of credentials
... education orgs like universities and the job market wants to make sure that someone can prove their education
... banking sector ensuring that you're regulatory compliant, control substances, and things like certifications
... there even a group of certifications that you can get around corrosion engineering
... the credentials CC have about 1 year
... 67 members, weekly telcos
... we' re going to pilot projects so it is not theoretical
... we have been trying to get something started around this work on w3c for about 1 year, we want to see Use Cases from companies that they are spending money on
... the question that we ask is: what is the most compelling use case that you company has
... and what types of technologies do you use today to credentials, and what kind of things do you want from this ecosystem
... what a ecosystem should be able to do?
... we have payments orgs, education orgs, healthcare, government, NGO,
... all of this orgs are interested in the credentials work
... the 1st question: what kind of capabilities want to see as priority in the work,
... as you can see, just about everything was raising, we had about 70% of the answers said that this items are important

<AxelPolleres> will notes/slides be made available?

m4nu: we asked if do existent technologies address the user credential needs, what technologies do you use today
... this is not automated for this organizations, we need to go back and find out what they are using, I think that one of the things that pops out here is that orgs still uses very manual processes to do credentials
... next question: do these technologies meet your needs? 9 answered that don't know, many said they meet some of our credential needs, but not all of them
... we (the Credentials CG) have this people called holders - those who receive credentials, issuers - those who issue credentials, identity providers - who store credentials and credential consumers - those who request credentials
... what we're trying to do here is make sure that there is going to be thousands of tools so these orgs can use to communicate between each other
... we do have reference implementations
... we are at TPAC, we have a demo, if you want to see, come find me
... part of the outcome of that meeting was "seems like the orgs are interested in doing this job" - we have to answer those question in a way that makes sense
... this is an open question to the room: "what else do we need to get the work done at w3c"

Discussion

kiyoung: payments instruments also could involve credentials in the use - is that in the scope?

m4nu: personally, yes. But we have to talk w/ w3c members

<kiyoung> I think instruments and credentials connected seamlessly.

<azaroth> +1 on the congratulations, seems like a very solid evidence basis for moving forwards

<Zakim> dezell, you wanted to ask about payment instruments

<AxelPolleres> How’s that related to eID … there are quite some efforts for integrating/standardizing eIDs e.g. in EU, https://www.eid-stork.eu/ … probably known here… I guess even if you say identity itself is out of scope, one should at least be interoperable with such efforts? Is that on the agenda?

<Zakim> AxelPolleres, you wanted to ask about identity

m4nu: identity is just a collection of credentials
... that is how identity is in scope

dezell: we have some folks here w/interest at ietf

for me, one of the people who managers the app layers at ietf - I think this would definitely tie some other things at ietf

<Ian> @@: Start with credentials ; don't focus on identity; that's the right approach

m4nu: the work is getting problem getting started, that's because there was so many fails, people are shy to say "we're starting again"
... this is something that is still unsolved and it's an issue that orgs are struggling with

ian: we did not have a chance to dive in

m4nu: the issue are the social structures around trust, and how do we map this to the web

<kodonog> to the scribe: the names from the IETF discussion are Barry Leiba (IETF), Karen O'Donoghue (ISOC), and Heather Flanagan (RFC Series Editor)

thanks kodonog

Ian: the challenges is not creating attributes to credentials
... are there mechanism that will help establish meaning and trust?

m4nu: the group is working in linked data and other strategies so the organization can trace from where the credential came from, other strategy: you submit your credential to a institution and this institution can verify
... educational orgs are very interested, this approaches seems to work for them

AxelPolleres: this is an approach to establish trust frameworks

<jheuer> * Axel = Asel Nennker

thanks jheuer

sorry AxelPolleres is the "tab" autocomplete

I have one request

?: there was some discussion about credential management API

? = keiji

m4nu: the only thing that we are unsure now is where this is stored

<jheuer> Credential draft scope: an abstraction for verifiable attributes, includes payment instruments (bascially doing payment authorization), and it might be useful for identity use as well (though not prioritized)

m4nu: we are playing around with the holder definition
... for example: you can hold a credential that talks about someone else

AdrianHB: the other thing was: considering use cases where the subject is a thing

<azaroth> This software agent has the credentials to act on behalf of ... etc.

<azaroth> So +1

m4nu: in the format that we have right now, it's designed to represent any kind of thing

nick: other people at w3c could have some valuable inputs to the conversation

<Ian> (which charter?)

nick: it's not totally clear for me the scope, seems that there is a lot of things on the table, difficult to say what should not be there

<Ian> (Ian feels strongly that the "storage" question should be addressed by allowing different parties to store information...including the browser.)

nick: there is no browsers at the cc so far

m4nu: there is a spec, we tried to narrow the scope down
... we believe that we can talk about a credential format
... and then we can talk about browser api

<m4nu> s/Discussion\/Discussion

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/10/28 12:58:34 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/xx/s/
Succeeded: i/scribe: yaso/Topic: A Path Toward A Credentials WG at W3C
Succeeded: i/payments instruments also/Topic: Discussion
FAILED: s/Discussion\/Discussion/
Found Scribe: yaso
Inferring ScribeNick: yaso

WARNING: No "Present: ... " found!
Possibly Present: AdrianHB AxelPolleres BartvanLeeuwen Dezell_ Ian Jim Jmr Laurent MattPisut MattSaxon azaroth barryleiba credentials dezell inserted jheuer joined kiyoung kodonog kura left m4nu nick
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

Got date from IRC log name: 28 Oct 2015
Guessing minutes URL: http://www.w3.org/2015/10/28-credentials-minutes.html
People with action items:
[End of scribe.perl diagnostic output]