[MINUTES] W3C Credentials CG Call - 2017-10-31 12pm ET

Thanks to Mike Lodder for scribing this week! The minutes
for this week's Credentials CG telecon are now available:

https://w3c-ccg.github.io/meetings/2017-10-31/

Full text of the discussion follows for W3C archival purposes.
Audio from the meeting is available as well (link provided below).

----------------------------------------------------------------
Credentials CG Telecon Minutes for 2017-10-31

Agenda:
  https://lists.w3.org/Archives/Public/public-credentials/2017Oct/0116.html
Topics:
  1. Status of Action Items
  2. Credential Handler API
  3. W3C TPAC Planning
  4. Post RWoT DID Spec
Organizer:
  Kim Hamilton Duffy and Christopher Allen
Scribe:
  Mike Lodder
Present:
  Mike Lodder, Kim Hamilton Duffy, David Chadwick, Christopher 
  Allen, Ryan Grant, Dave Longley, Joe Andrieu, Manu Sporny, Susan 
  Bradford, David I. Lehn, Adrian Gropper
Audio:
  https://w3c-ccg.github.io/meetings/2017-10-31/audio.ogg

Mike Lodder is scribing.

Topic: Status of Action Items

Kim Hamilton Duffy:  Will cover the DID PR
David Chadwick:  Lifecycle document - haven't updated the 
  document to Markdown yet.
Christopher Allen:  Need more clarity on the webpage about what's 
  been reviewed work items as opposed to what still needs to be 
  reviewed
Christopher Allen: Also not sure about WoT items having been 
  approved / voted
Ryan Grant: +1
Kim Hamilton Duffy:  I will clarify work items that have been 
  voted on vs approved
Dave Longley: +1
Kim Hamilton Duffy:  Deadline passed last week for DID PR
Joe Andrieu: Can we get the PR url?
Manu Sporny:  We just want to know if the new set of changes are 
  a step in the right direction. We still need to fix some language 
  things from RWOT
Christopher Allen: +1
Kim Hamilton Duffy: Pr: 
  https://github.com/w3c-ccg/did-spec/pull/22
Manu Sporny:  Does everyone believe that the PR overall improves 
  the spec?
Christopher Allen:  No issues with PR but I haven't done a formal 
  review
Ryan Grant:  Believe the PR is ok with direction
Dave Longley: I recommend +1 for merging -- and outstanding 
  problems get a new, specific github issue
Mike Lodder: +1 Dlongley
Ryan Grant: It doesn't have "//" that results in a location
Manu Sporny:  DID are URL's, maybe introduce the concept of DID 
  needs to be redone

Topic: Credential Handler API

Kim Hamilton Duffy:  DavidC should take the lead on discussing 
  API spec
Dave Longley: +1 Reword introduction, more focus on stable ID vs. 
  "new" thing that isn't quite a URL (which it isn't)
Dave Longley: 
  https://docs.google.com/presentation/d/1qk9-6dpsZttrFr4qV-aID2L2OFTcKHL1epkzRgB8pZc/edit#slide=id.p3 
  <-- slides from David Chadwick
Kim Hamilton Duffy: Credential API github issue: 
  https://github.com/w3c-ccg/credential-handler-api/issues/1
David Chadwick:  FIDO protocol was used and keys are stored not 
  the smartphones and computers
David Chadwick:  Presented to others from JOSE / Web 
  Authentication and they say its now out of date
David Chadwick:  To look at other specs at W3C
David Chadwick:  The interface is easy to use and tested with 
  hospital patients
David Chadwick:  Hospital patients like it much better
David Chadwick:  With his interface users didn't need to enter 
  usernames or passwords
Dave Longley: https://w3c-ccg.github.io/credential-handler-api/
Dave Longley:  Web authentication should be viewed as 
  complementary vs alternative to credential handler api
Dave Longley:  What are the reasons why your approach is easier
Dave Longley:  How does this stuff work on the web?
David Chadwick:  Credentials are on the device
David Chadwick:  Its easier to use because there are less steps 
  involved
David Chadwick:  Manu's was cumbersome and complex
David Chadwick:  The phone handles the logic and allows the user 
  to choose consent
Dave Longley:  Credentials handler can potentially live on the 
  device or can live on the web in a secure location
Ryan Grant: That was/is my question: how are credentials 
  reestablished in case the device is lost?
Dave Longley:  The interface is dependent on the software 
  implementer
Dave Longley:  The point is to have the browser do the minimum 
  amount of work
David Chadwick:  The protocols need to be standardized to allow 
  for mixing and matching
Ryan Grant:  Where are the separation of concerns addressed?
David Chadwick:  I would like the protocol between the inspector 
  and holder to be standardized
Dave Longley: +1 For standardizing the "policy"/"query" and 
  response
David Chadwick:  Whatever approach we choose should be compatible 
  with how browsers are today
Ryan Grant: I understand the focus and will consider lost devices 
  a problem to be solved by implementaitons.
Manu Sporny: Agree that the way to get browser adoption is to 
  make the browser vendors do as little as possible.
Mike Lodder:  +1 Rgrant, that problem is up to the vendor To 
  solve
Dave Longley:  Credential handler api is lower than the layer 
  that DavidC was talking about
Christopher Allen: Time check. TPAC review is critical path.
David Chadwick:  Allowing multiple wallets adds lots of 
  complexity
Dave Longley:  Different wallets can provide different 
  credentials
Kim Hamilton Duffy:  Do we have any action items to close out 
  this topic
Ryan Grant: Do we have consensus that it fits?
Ryan Grant: I think so
Manu Sporny:  I don't think this is an item that gets closed out
Kim Hamilton Duffy:  Manu will guide us through TPAC

Topic: W3C TPAC Planning

Manu Sporny:  Give a heads up to W3C group about what we are 
  trying to do
Manu Sporny: A Vision for a Self-Sovereign Web: 
  https://docs.google.com/presentation/d/1woq0pZD872NvhBIu90GIZMf8MQLWCtXM1NCx8n6s0VM/edit
Joe Andrieu: +1 On slide deck, btw. That's my review. =)
Manu Sporny:  This shows how to combine: credential handler, 
  DIDs, and web payments
Manu Sporny:  And addresses some use cases
Manu Sporny:  Here's how we are doing it
Manu Sporny:  How to refine the pitch for self sovereign web
Kim Hamilton Duffy:  What time constraints are there for the 
  chairs to review our proposals
Ryan Grant: Go Oma!
Kim Hamilton Duffy:  To start a slide deck to address the action 
  items
Ryan Grant: Very visual slides, loved it
Christopher Allen: I'm limited on time. I'm hoping that I don't 
  have to spend all day Wednesday.
Ryan Grant: Meh
Christopher Allen: We said last week there will be no call next 
  week.
David Chadwick: +1

Topic: Post RWoT DID Spec

Christopher Allen: We should first dive into post #RWOT spec 
  first, then Post IIW DID spec.
Susan Bradford: Drummond is confirmed to attend
Kim Hamilton Duffy:  No meeting next week but we will dive into 
  DID spec stuff after that

Received on Tuesday, 31 October 2017 18:30:54 UTC