09:05:33 <RRSAgent> RRSAgent has joined #vctf
09:05:33 <RRSAgent> logging to http://www.w3.org/2016/09/21-vctf-irc
09:06:00 <ShaneM> rrsagent, make logs public
09:06:06 <ShaneM> Scribe: ShaneM
09:06:12 <betehess> I guess it's http://www.internetidentityworkshop.com/
09:06:13 <ShaneM> manu is presenting slides
09:07:29 <Sebastien> Sebastien has joined #vctf
09:09:16 <ShaneM> (scribe plans on not minuting the slides - there will be a link)
09:10:05 <ShaneM> "do you always need a digital signature?"
09:10:21 <ShaneM> It is not a requirement.  But without one it is not verifiable.  It is just a claim.
09:10:25 <ShaneM> "By secure, what do you mean?"
09:10:45 <ShaneM> You get the same kind security that you would get in any digitial signed document.  (offers to chat offline).
09:10:56 <ShaneM> "Is there anything about limiting the scope of disclosures?"
09:11:20 <ShaneM> "yes.  It is a very important property.  There are use cases documented that we want to be certain are in version one."
09:11:31 <ShaneM> manu: talks about decomposability
09:11:46 <ShaneM> "Are you handling updates to the informaiton?"
09:12:29 <ShaneM> manu: yes.  the interesting thing is that the claims are portable.  You decide where you store it.  You always hold on to the data.  An issuer can revoke a credential.  In doing that you have the choice of getting a new credential, getting it updated, etc.
09:12:46 <ShaneM> ... we do not support dynamically updating credentials out in the wild.  That's really challenging.
09:13:21 <ShaneM> "if the issuer revoked it, how would people know?"
09:13:49 <ShaneM> "Is there a way to put claims together?"
09:13:57 <ShaneM> manu: yes, claims are composeable
09:16:56 <ShaneM> (more from slides)
09:20:49 <dcosta72> the task force documents is here: http://w3c.github.io/webpayments-ig/VCTF
09:21:22 <dcosta72> architecture here: http://w3c.github.io/webpayments-ig/VCTF/architecture/
09:21:47 <ShaneM> Architecture questions?
09:21:57 <ShaneM> "How much is existing ecosystem and how much is future?"
09:22:05 <ShaneM> manu: by existing standards?
09:22:13 <ShaneM> "Who is actually running one of these?"
09:22:34 <ShaneM> manu: you can look to ETS and Pearson...  Who has deployed the technology?  A small bit.  But there are people with systems LIKE this today.
09:22:40 <ShaneM> ETS, Pearson, the DMV
09:23:07 <ShaneM> "Estonia?"
09:23:24 <ShaneM> manu: Estonia leads the world in digital identity.  Every citizen has a digital identity
09:23:49 <ShaneM> They can do many many things digitally.  The country has done it in a proprietary way, but want to move to standards.
09:24:34 <ShaneM> "The impression I am getting is that most of these use cases require not passing off the credentials"
09:24:49 <ShaneM> manu: yes.  and that is very very complex.  Let's talk about it later.
09:25:24 <ShaneM> manu: we are not doing decentralization in this first work.  If we never get to it we could use email and DNS.
09:25:49 <ShaneM> ... Rebooting web of trust is another area where people are looking at this hard problem.
09:26:36 <ShaneM> (more from slides)
09:27:04 <dan> dan has joined #vctf
09:32:40 <ShaneM> "Do we produce standards once there is an ecosystem and there is friction that needs to be sorted out, or do you build standards to drive the ecosystem?  Microsoft is clearly in the former camp"
09:33:16 <ShaneM> manu: we have a number of organizations that are deploying the ecosystem now.  They are getting feedback.  We are concerned that as large organizations get their work out there it will be hard to harmonize them later.
09:33:43 <ShaneM> ... we are deploying and getting feedback that is informing the work.  But the organizations are saying "we need standards to convince our constituents there is a standard we are working towards"
09:33:49 <ShaneM> ... having a forum is helpful to them.
09:34:08 <collier-matthew> collier-matthew has joined #vctf
09:34:43 <ShaneM> ... what we don't want to see is that the industry forces the hands of the working group.  Is that fair?
09:35:09 <ShaneM> Michael: That's fair at this level.  But it is a question of where we use W3C resources and this might be premature.  But I respect the other point of view.
09:35:15 <ShaneM> (more from slides)
09:37:54 <ShaneM> Manu asked if anyone new wants to participate.
09:38:21 <burn> burn has joined #vctf
09:38:34 <ShaneM> Thompson Reuters: yes.  we have been looking at this stuff and are very interested in selective disclosure of attributes.
09:38:58 <ShaneM> ... we also work a lot on licensing and other things.  We possibly could leverage this approach.
09:39:34 <ShaneM> "The intersection between this and distributed ledgers seems pretty clear.  How does the VCTF se this?"
09:40:02 <ShaneM> manu: this is a quickly evolving field.  There is a lot of work about Decentralized Ledgers and Verifiable Claims at the Rebooting Web Of Trust workshops.
09:40:22 <ShaneM> ... the general intent is that there is some sort of shared database (DHT) that can be used.
09:41:10 <ShaneM> ... example of first responder problem and the department of homeland security.  They are looking for ways to quickly verify that people who show up to help are actually an emergency responder.
09:41:35 <ShaneM> ... you would think that would already exist.  The reality is that it does not.  There is no infrastructure for this nationwide (in the US).
09:41:41 <collier-matthew> collier-matthew has joined #vctf
09:42:39 <KLM> KLM has joined #vctf
09:42:40 <ShaneM> manu: other use cases include fraud.  Insurance fraud when multiple claims are made against the same problem.  No good way to coordinate.
09:43:03 <ShaneM> A shared DHT with VINs and claims would be one way to address this.
09:43:06 <ShaneM> ... that's a couple of examples.
09:43:31 <ShaneM> Microsoft has been very generous with the RWoT workshops.  A lot of work is going into the research.
09:43:46 <ShaneM> ... I don't expect standards to come out of it in the next year to three years, but there is active work ongoing.
09:43:59 <ShaneM> manu: I do have one point about identity.  We avoid talking about it.
09:44:24 <ShaneM> ... we are NOT trying to solve identity on the web.  It means different things to different people.  We are worried that we would not be able to make progress if we got into that morass.
09:45:00 <ShaneM> "The right way to do this would be to ensure it is hardware security backed.  Is there anyting VCTF needs from hardware security right now?"
09:45:18 <ShaneM> manu: we have been tracking it, and we absolutely need what the group is doing.  We think you are doing what we will need to secure the ecosystem.
09:45:22 <ShaneM> ... thank you for the offer!
09:45:48 <ShaneM> "how much of the avoidance of identity management is impinging on the deployment of some use cases tomorrow?"
09:46:28 <ShaneM> ... identity is such a difficult problem.
09:46:57 <ShaneM> manu: if you characterize this as "how do I prove that I have authority over this identity?"  If you talk about it that way then it is slightly more managemenable.
09:47:26 <ShaneM> ... we need a way for strong ways to cryptographically verify that the certificate is valid.
09:48:01 <ShaneM> ... we have the ecosystem deplyed and implemented purely through polyfills in the browser. It would be better if there were support in the browsers to help ensure that the data is valid.
09:48:17 <ShaneM> "Not sure how this addresses transferrability"
09:48:45 <ShaneM> manu: thats about decentralization (and blockchain to a certain degree).  If you have an identifier on a domain, you DON'T really own that.
09:49:33 <ShaneM> ... if there a way to have a self-soverign identifier.  Can you cryptographically prove that you have control over it.  For example, you would use your browser is self-issue an identifier.  That would give you a key and an ID.  It puts it into a decentralized network.
09:49:50 <ShaneM> ... all you have done here is issue yourself an identity.
09:50:17 <ShaneM> "Since you are avoiding the issue of identity though, you would be compatible with solutions that are NOT decentralized... like what estonia is doing."
09:51:04 <ShaneM> manu: You are right.  There is nothing in the proposal that requires decentralization.  You could use SAML or OpenID Connect or whatever.  Or some future looking system like the one we are trying to createe.
09:51:33 <ShaneM> ... broad compatibility with existng identity management systems.
09:52:19 <ShaneM> "Is this a layer on top of LWT or something.  It would be nice if the architecture explained how these things relate.  I would like tosee that fleshed out in this diagram or somewhere else."
09:52:32 <ShaneM> ... learn how a W3C standard could add value to this complexity.
09:52:41 <ShaneM> ... words or a more elaborate diagram.
09:53:15 <ShaneM> "if this ultimately boils down to a standardized syntax that you use to extend SAML or whatever, or tied to a decentralized web of trust, that would be useful.  If that is what the aim is then we should say that."
09:53:30 <ShaneM> manu: I agree that we should say it better.  We have the text but it is buried.
09:53:56 <ShaneM> manu: I think that we are trying to ensure that all thigns are possible, but there are a lot f players.
09:54:46 <ShaneM> "We need to make a distinction between the owner/holder of the claims and the use of them.  It is conceivable that when a claim is issued it is issued against an identity.  It will refer to a human, but it is against the issuer really."
09:55:20 <ShaneM> ... renting a car on my behalf would not require biometrics, but other thigns like opening a bank account might require more rigorous verification.
09:55:32 <ShaneM> manu: the general class of that is delegating credential access to others.
09:55:53 <ShaneM> ... we are looking at something about macaroons from Google.
09:56:46 <ShaneM> manu: VCTF proposal is linked off of the breakout wiki.  You can learn more there.  We will share the slide deck. We meet every Tuesday at 11 AM US Eastern Time.  If you subscribe to the Credentials Community Group.
09:57:06 <ShaneM> Everything is minuted.  We record the audio for all the calls. It is a nice, friendly community.  You will get updates as we progress.
09:57:17 <ShaneM> rrsagent, make minutes
09:57:17 <RRSAgent> I have made the request to generate http://www.w3.org/2016/09/21-vctf-minutes.html ShaneM
10:08:24 <weiler> weiler has joined #vctf
10:48:55 <weiler> weiler has joined #vctf
11:57:03 <rmarques> rmarques has joined #vctf
11:59:15 <weiler> weiler has joined #vctf
12:12:52 <betehess> betehess has joined #vctf
12:29:08 <adamlake> adamlake has joined #vctf
12:47:31 <dan> dan has joined #vctf
13:12:48 <betehess> betehess has joined #vctf
13:42:06 <adamlake> adamlake has joined #vctf
14:04:01 <adamlake> adamlake has joined #vctf
15:00:35 <gkellogg> gkellogg has joined #vctf
15:17:59 <cwebber2> cwebber2 has joined #vctf
16:44:47 <gkellogg_> gkellogg_ has joined #vctf
20:39:38 <adamlake> adamlake has joined #vctf
21:50:50 <gkellogg_> gkellogg_ has joined #vctf
22:03:08 <manu> rrsagent, make minutes
22:03:08 <RRSAgent> I have made the request to generate http://www.w3.org/2016/09/21-vctf-minutes.html manu
22:03:56 <manu> Meeting: W3C TPAC 2016 Verifiable Claims Working Group Proposal Breakout Session
22:04:03 <manu> scribe: ShaneM
22:04:13 <manu> Chair: Manu
22:09:37 <manu> Present: Manu_Sporny, Chris_Webber, Natasha_Rooney, Mike_Champion, Chris_Wilson, David_Costa, Shane_McCarron, Dan_Burnett, Eric Prudhommeaux, David_Ezell, Adrian Hope Bailie, Benjamin_Young, Alexandre_Bertails, Rodolphe_Marques, and  roughly 31 people total
22:09:40 <manu> rrsagent, make minutes
22:09:40 <RRSAgent> I have made the request to generate http://www.w3.org/2016/09/21-vctf-minutes.html manu
23:12:57 <betehess> betehess has joined #vctf
23:16:58 <betehess_> betehess_ has joined #vctf