See also: IRC log
trackbot, start meeting
<scribe> agenda: https://lists.w3.org/Archives/Public/public-webpayments-ig/2016Apr/0002.html
<scribe> scribe: Ian
dezell: Welcome
... For future agenda - liaison
dezell: There was some discussion at the AC meeting
manu: task force met last week,
discussed discussions at the FTF meeting and next steps
... we will send email to interviewees with links to charter
draft, use cases
... we will modify charter with some more explanation up
front
... expect to fine-tune charter over the next 4-6 weeks
... we've had some detail review and also some people just
skimming
... we are going to contact the interviewees and also the
surveyed people.
... then we got microsoft and google comments
<Erik> ISO is a data standard, not a technology standard
Manu: There are requests to "show a spec" and deployment
<Zakim> padler, you wanted to ask question about IG perspective on strategic impacts of relationship to claims related efforts and W3C payments activity
padler: From a W3C perspective,
it seems like a big gap to not have a plan on how we will
integrate the verification aspects
... how do we as an IG address this gap? What will be the IG
position?
<manu> great question, Pat.
<Zakim> dezell, you wanted to respond to coordination
dezell: Regarding coordination; I
think it's a core responsibility of the IG.
... we need to renew our efforts to explore the work of other
orgs
jheuer: I have a feeling that we
have taken the verifiable claims work too far in the legal,
identity space.
... in the context of web payments, i think that credentials
will need to be used for more than payments (e.g., loyalty,
etc.)
... these scenarios call for credentials
... but we should stay away from the debatable question of
legal/natural identities
... these are things that are regulated (regional)
... e.g., German electronic identity work ... is hardly ever
used because the gov wants to control transactions.
... and there is no applicability to the web
... now the gov is looking at the notion of derived identities
(from gov identity) and can be more web-like
... I think we should stay closer to "web-like identities"
manu: I think a lot of people are looking at the verifiable claims work and jumping to the conclusion that we are trying to solve identity on the web. The Charter, however, states clearly that we are not working on identity for the web
<jheuer> jheuer is aware of the differences - but public opinion seems this way. Right.
<ShaneM> I note that the use cases document does talk a little about identity in that the financial scenarios are a little bit about who someone is
<Zakim> manu, you wanted to note the "don't tell us what to do" vs. "tell us what to do" dynamic... and that we've done work, but not exposed it because we were asked not to. and to note
manu: if the charter suggests we
are trying to do web identity, please show me because that's an
error we would need to fix
... We are hearing conflicting feedback - one group saying
"don't emphasize CG work" and another group saying "we need to
see the existing proposals"
<jheuer> ...the perception is all 'legal identity' - perhaps, because the only touchpoints the fin industry has to identity are of the legal kind.
<Zakim> padler, you wanted to comment on risk of not addressing claims/credentials related work prior to subsequent standards which could build on them.
padler: One idea for moving
forward is to focus on "what we lose if we don't have this
capability"
... e.g., if you don't have the ability to represent
claims/credentials then many of the things we are going to want
to do (e.g., loyalty) will be harder to do
... coupons and loyalty are harder to do unless you have a
standard primitive
... personally, I feel that the claims/credentials are part of
the core primitives
<dlongley> +1 VC/credentials are core primitives
padler: how do we go back to that?
<manu> +1 to we should frame this as something that the IG has identified that we need - have the IG take a position on the "core primitive"
padler: I'd like to understand whether the IG is taking a position on whether this is a core position.
<manu> Ian: Manu, I recognize the conflicting feedback - my sense, though I was away and didn't see the emails, the sense I have is that if people are asking to see work, it's fair to show them work.
<manu> Ian: There is clearly ongoing discussion on extent to how long things should be incubated before going to WG... it's being actively discussed.
<manu> Ian: It seems responsive to show the work, especially if that's the work that the proponents of the charter intend to bring to the WG.
<manu> Ian: If the proponents are entirely neutral - then it's fine to say we don't have input if you don't.
<manu> Ian: Or, if the proponents of the work want to bring the CG stuff forward, then that might be interesting.
<manu> Ian: I don't think that's the Web Payments IG... I think that's the CG.
<Zakim> dezell, you wanted to ask about the role of Authorization WG, etc.
<manu> Ian: It's fair to discuss what the proponents are thinking.
dezell: Web Auth WG is just starting up. Feels like it could be helpful and might need to align with this work.
<Zakim> manu, you wanted to note what proponents may want. and to note that the credentials stuff doesn't have hardly any overlap to do w/ Web Authentication WG (IIUC).
Manu: I don't think there's a lot
of overlap with web auth wg
... or the hardware security wg
... one issue is terminology: what "credential" means
... whereas "verifiable claims" are more free-form things
... regarding "what the proponents want" we have avoided
stating that
... there are two paths...credentials CG work or updated SAML
work
<dezell> Note: "complementary" and "no overlap" are not necessarily the same thing.
(IJ thinks that reply is already useful)
<manu> Ian: I think it's very responsive to say that CCG has two paths forward... if people give responses to say "here are my issues with the credentials spec", then that's the feedback you've been seeking for years.
<manu> Ian: If it's an unfortunate gap to not have the SAML delta, given feedback on CG work, we can lean toward that if it's positive... or if folks lean toward OpenID.
IJ: it seems like you are seeking feedback and you are getting it.
manu: We took the path previously and had a number of people jump on us...
<manu> Ian: While that may be true, if you're getting feedback in membership forum, that's new.
<Zakim> padler, you wanted to raise importance of IG working to harmonize payments work with other efforts (eg. Web Authentication), but more importantly in highlighting needed
IJ: The difference now is that you are getting feedback in the membership forum
padler: We are focused on
presenting the response to a particular challenge
... I think from an IG perspective, we should be stating what
capabilities we need to fill the gaps to enable payments on the
web
... I think we need to emphasize that there is a gap and we
don't have a way to represent that somebody owns something or
can prove their age, etc.
<manu> +1 to noting that there is a gap, and we're searching for a way to fill it.
padler: I think we need to elevate this to an IG position
<ShaneM> isn't this exactly what the use cases and extended use cases help demonstrate? In particular the financial use cases.
<manu> ShaneM, yeah, I think they do.
(IJ agrees this is use cases)
padler: Maybe we need to pull out the use cases
<dlongley> yes, let's put use cases out front to respond to this
padler: I don't think the focus has been on use cases and capabilities
<Zakim> manu, you wanted to suggest concrete path forward, maybe.
padler: this underlines how important the communications are
manu: Here's one way forward....
a) We could do a high-level analysis and say "we've got use cases...to solve with technologies X, Y, Z, here's how you do it"
scribe: and show people the
options
... but none of them is standardized and that's why we want a
WG
... that will take months
... I was hoping that the WG would do it
<dlongley> i think we should say: 1. nothing here for browsers to implement, 2. here are the use cases we're trying to address
padler: Instead of focusing on
the use cases and "how" we should emphasize "why" more
... what it's important to move this forward because there are
dependencies on it for other topics like ecommerce
<dlongley> +1 to indicating we need to move forward right now
padler: I would like to hear
people's position on whether the capability to demonstrate
proof of age, etc. is a core capability
... and get agreement on that (as basis for
standardization)
<Zakim> Ian, you wanted to disagree with gap analysis as problem
Manu: Some people are agreeing
with gap but then asking for incubated material
... Second path forward is focus on charter, use cases,
description of gap, and we take a position as an IG
<manu> Ian: I wasn't agreeing with Pat at first, but agree with his subsequent comments more or less.
<manu> Ian: For now, my sense is - more responsive - right now we are thinking this could be done in one or two ways - either the CG work moves forward, or OpenID/SAML as a way forward.
IJ: You may get different types of responses from interviewees as well
shane: It's a good point that perhaps the use cases can be a driver
(IJ continues to think that the use cases should be pruned since I believe the use cases cover more ground than the charter)
ShaneM: Some of our use cases do
read like identity use cases
... we may need to finesse that so that is not the only
message
dlongley: If we go back into
incubation mode we could do this another year then find
ourselves in the same situation
... it would be broken to continue to incubate without greater
participation
... and a WG would help bring more people in
adk pad
<manu> +1 to "the endless incubation problem"
<Zakim> dlongley, you wanted to indicate problem with incubating further
<manu> we don't want to go there
padler: I am not suggesting "just
go back to incubation"; I think the challenge is comms
... The IG needs to reach consensus (or not) on whether we
believe this is a core primitive and to community more broadly
that we believe it is, and how it affects other work
(dependencies)
<manu> +1 to Pat's note that if we don't have core primitives in place, that eCommerce initiative becomes that much harder.
padler: e.g., without these core primitives, other work like ecommerce will be "exponentially ahrder"
<Zakim> dezell, you wanted to ask about capabilities.
dezell: We've heard a lot about
the use cases and what they need
... I am hearing pat suggest we state capabilities more
clearly
... thoughts on next steps?
<Erik> +1 to Pat. If you dont have credentials (ie movement of identity attributes) as a core primitive you will have a lot of problems with Payments on the Web. Financial Services (and payments) is all about KYC
manu: I am hearing two things
that we could do....
... one is for the VCTF to do a fast communication about a
problem and some ways on how to solve it, and ask people for
feedback. Or the WG could take a more general approach that
would encompass either CG/SAML approach
... the other part of it (could be done in parallel) is for the
IG to take a position
... on primitives necessary for e-Commerce
<Zakim> padler, you wanted to suggest focus on relation vs. component
padler: The focus to date has
been on the components (the claims stuff)
... I think IG taking position as critical primitive is
necessary
... but it's also important to relate the component to other
things going on at W3C
... we can communicate to membership the cost of not having
this as a critical primitive
... I am a big fan of representing "how the component(s) relate
to other goals of W3C"
<manu> +1 to Pat on getting an official IG position on this.
dezell: e-commerce workshop could give some new perspectives on how to solve this
<Zakim> dezell, you wanted to talk about ec ws
<manu> +1 to workshop to find out more about verifiable claims capabilities.
ach erik
Erik: Blockchain meeting was discussing data exchange
Dezell: 18 April