14:38:12 RRSAgent has joined #vcwg 14:38:12 logging to http://www.w3.org/2017/07/11-vcwg-irc 14:38:34 Meeting: Verifiable Claims Working Group 14:38:52 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Jul/0002.html 14:38:59 rrsagent, draft minutes 14:38:59 I have made the request to generate http://www.w3.org/2017/07/11-vcwg-minutes.html burn 14:39:06 rrsagent, make minutes public 14:39:06 I'm logging. I don't understand 'make minutes public', burn. Try /msg RRSAgent help 14:39:14 rrsagent, make logs public 14:39:43 Chair: DanB, MattS, RichardV 14:49:29 regrets+ Liam 14:50:19 ]I will try & monitor IRC, but will be entirely without network access next Tuesday (starting later today or early tomorrow for approx. 10 days) ] 14:50:57 JohnTib has joined #vcwg 14:52:13 Thanks Liam. If you have any updated/new information on hotel room availability for TPAC, it would be great if you could provide it in the chat at some point after we begin. 14:54:03 present+ Daniel_Burnett, Christopher_Allen, John_Tibbetts 14:55:36 Topic: Agenda review, Introductions and Reintroductions 14:56:17 present+ Colleen_Kennedy 14:56:28 zakim, who's on the phone? 14:56:28 Present: Daniel_Burnett, Christopher_Allen, John_Tibbetts, Colleen_Kennedy 14:56:56 Colleen has joined #vcwg 14:57:12 present+ Matt_Stone 14:57:25 present+ Colleen_Kennedy 14:57:40 zakim, who's on the phone? 14:57:40 Present: Daniel_Burnett, Christopher_Allen, John_Tibbetts, Colleen_Kennedy, Matt_Stone 14:57:46 nage has joined #vcwg 14:58:49 Ok, got webex & irccloud on iPhone working together. Hopefully can help me when traveling to be able to participate better. 14:59:07 present+ Adam_Migus 14:59:52 amigus has joined #vcwg 15:00:08 present+ Dave_Longley 15:00:17 gkellogg has joined #vcwg 15:00:25 present+ Ted_Thibodeau 15:00:39 I have a brief report from this week's hackathon re Verifiable Claims 15:00:58 okay. We can add that after Intros 15:01:06 TallTed has joined #vcwg 15:01:40 [I asked about rooms but didn't get a response yet] 15:01:46 present+ Nathan_George 15:02:05 present+ Christopher_Webber 15:02:17 present+ Ted_Thibodeau 15:02:30 stonematt has joined #vcwg 15:02:32 present+ Gregg_Kellogg 15:02:49 present+ Nathan_George 15:02:51 present+ 15:02:52 scribe: dlongley 15:03:08 amigus_ has joined #vcwg 15:03:15 varn has joined #vcwg 15:03:31 agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Jul/0002.html 15:03:31 burn: Christopher Allen will be giving us an update on VC hackathon. 15:03:42 zakim, pick a victim 15:03:42 Not knowing who is chairing or who scribed recently, I propose Nathan_George 15:03:51 Charles_Engelke has joined #vcwg 15:05:06 SeanBohan_Evernym has joined #vcwg 15:05:20 nage: My name is Nathan George. Software architect with Evernym. We do distributed identity, specifically project where code is located at Hyperledger Indy under Linux Foundation. We use the code base to build Sovrin. It's intended to be a global public utility for identity where folks own their own cryptographic identity and no one can take it away. People can interact with each other using it, one way is using VC. We're working to make our stuff 15:05:21 compatible with VC here. We want people to be able to use CL crypto to do selective disclosure, etc. 15:05:24 Topic: WG Face to Face meeting @ TPAC (https://www.w3.org/2017/11/TPAC/Overview.html#details) 15:06:03 burn: We'll have a F2F meeting this fall for TPAC. This is just a reminder to register and get a hotel room, fills up fast. Not sure what's available right now, haven't looked recently. Anyone have success/failure recently? 15:06:09 none 15:06:13 burn: If you haven't done it, please do so. 15:06:26 on which day(s) are we to meet at TPAC? 15:06:31 Topic: this week's hackathon re VC 15:07:10 https://github.com/WebOfTrustInfo/btcr-hackathon/blob/master/docs/verifiable-claim-did.md 15:07:11 links to items from my introduction https://github.com/hyperledger/indy-sdk and https://sovrin.org/ 15:08:47 MattLarson has joined #vcwg 15:08:55 ChristopherA: So basically, the hackathon is associated with a number of members of RWoT community. Trying to get DIDs to work with VCs. Which are basically decentralized identifiers that can be hosted on blockchains. In this particular case bitcoin. Despite documentation and a number of having history with this stuff we're finding it hard. Everything ranging from us saying we'll send this picture here. What is the whole kind of structure by which you 15:08:55 receive a VC, you then have to go through some kind of process to look at the VC information, verify it locally and then go out onto the blockchain to look for other things to let you verify the keys and such. We're finding lots of little questions that with good examples we'd be able to do better. We're having challenges because things like the playground ... one of the issues, the VC playground, things that are questionable from a crypto sense and a VC 15:08:56 sense. 15:09:49 ...: One of the issues from the spec is from the VC spec, we're confused about roles. Good news is that we have live DIDs and DDOs that are on my github. Right now it doesn't verify because the playground crypto has some problems. But hopefully by the end of the week we'll have a real start at an example on self-claim verifiable claim. 15:09:53 q? 15:10:37 ...: Hopefully a RWoT example will be up by the end of the week. If anyone's interested in participating it's not too late, lots of issues related to censorship resistance, revocation, scaling issues, so on. I can also schedule a call to talk with people at 10 PT to talk details. 15:10:48 Topic: Discuss FPWD for Data Model doc--what issues are blocking finalizing the FPWD 15:11:00 Topic: PR 56: Terminology poll report 15:11:10 https://lists.w3.org/Archives/Public/public-vc-wg/2017Jul/0000.html 15:11:14 burn: So we're still working on terminology. 15:11:28 burn: I was going to ask Manu to summarize but he can't be here today. 15:11:44 burn: A quick reminder that first the poll results are not a binding vote. They are just intended to be information for the group and for the chairs. 15:11:59 burn: The first result, we believe that there's a clear winner: Issuer. That was a clear result in all rounds. 15:12:29 burn: The second role, we believe wasn't quite as clear cut. The result "Holder" is the one that stayed ahead all throughout the instant runoff process. We believe that's reasonable as the term to use initially in the FPWD. 15:12:55 burn: We actually think the third result was unclear, people have been polarized. The word "Verifier" itself has some problems in English. Whether we're one who requests verification or one who provides it. 15:13:50 burn: The chairs suspect some of the problems we've had in the discussion and in the poll might indicate that the group has not adequately determined and separated all of the roles involved in this third term. The chairs propose we use a temporary term. Our suggestion is that we combine the two top results "Inspector-Verifier" and note that this name is still under discussion. We expect further discussion post FPWD. 15:14:08 burn: This is probably a surprise for some people, we just think it will cause more trouble to pick one of these two. 15:14:09 +1 15:14:14 burn: I'll open up the discussion now. 15:14:19 q? 15:14:27 burn: I'll go ahead at the end and make that as a formal proposal and do +1/-1 decision. 15:14:31 q+ 15:14:37 ack stonematt 15:14:38 Q+ 15:15:10 q+ 15:15:34 stonematt: Generally echoing your intro, I think you did a nice overview. We were a bit surprised, we watched the results come in, where this was the one where there was such a close call. If you notice round one inspector and verifier got equal votes. Almost no one who voted for one voted for the other highly as the subsequent rounds came in. We took that to mean more discussion is needed. 15:15:47 ack ChristopherA 15:15:53 stonematt: We spent most of the time on the "Holder" role not the "Inspector/Verifier" so was interesting. 15:16:27 q+ 15:16:36 q+ 15:16:41 ChristopherA: I just wanted to concur that I like the temporary and explicitly temporary thing for this. My gut here is ... after having a variety of calls walking through VC and it gets a little more complex outside of the data model. There are various inspection and verification things that happen, with key existence, etc. 15:16:57 ChristopherA: There's a potential problem with the holder of the keys, and the relationship with the issuer isn't always that obvious. 15:16:58 +1 on insight from implementors :) 15:17:15 ChristopherA: I'd love to have an agenda item for splitting up the roles a bit more after we get FPWD out. 15:17:16 q+ 15:17:29 burn: Yes, everything is open for discussion still and I encourage people to submit issues to github. We will discuss them. 15:17:30 ack varn 15:18:08 q- 15:18:45 ack nage 15:18:45 varn: Echoing what Christopher is saying, that's helping me get to the point where we can do FPWD with the compound term. We need to have sharper definition of roles. There are some others out there too. We have been overlapping the task and the object being handled with the role and we need the data model to get sharper with the various parts and combinations in different scenarios. We haven't deal fully with the agency issues. A verifier can be an 15:18:46 agent, others will be acting on behalf of holders. We have a lot of work to do, but we're just getting a placeholder for a name. Shouldn't cause consternation. 15:19:45 q? 15:20:10 nage: I wanted to support what Christopher said. As we've been diving into implementations and clarity between the roles becomes more clear. I'm kind of happy with the composite role (Inspector-Verifier) right now. So I think these temporary terms will serve us well to describe the issue and getting into the actual interactions that occur using the items in the data model. That will get us through the next round of the data model paper and the 15:20:11 descriptions and we can talk about how they'll be applied so roles become more clear moving forward. 15:20:20 burn: Any other comments before the formal proposal? 15:20:24 none 15:20:32 PROPOSED: For the FPWD we will use the following terms: for the first role Issuer, the second role Holder, and the third role Inspector-Verifier, with a note explaining that the third term is hyphenated because of a lack of consensus, to be resolved in future discussion. 15:20:33 +1 15:20:36 +1 15:20:37 +1 15:20:37 +1 15:20:40 +1 15:20:40 +1 15:20:41 +1 15:20:41 +1 15:20:44 +1 15:20:44 +1 from stone 15:20:48 +1 15:20:57 +1 15:21:02 +1 15:21:11 RESOLVED: For the FPWD we will use the following terms: for the first role Issuer, the second role Holder, and the third role Inspector-Verifier, with a note explaining that the third term is hyphenated because of a lack of consensus, to be resolved in future discussion. 15:21:19 burn: Thank you, everyone. 15:21:22 yay! 15:21:29 Topic: Readiness for Data Model FPWD vote 15:21:40 burn: Next item is "How ready are we to vote to publish FPWD"? 15:22:13 burn: Obviously the editors need to apply the decision we just made. It is possible that the group can agree to publish a FPWD after we apply the changes. Anything else missing that anyone else must be addressed before FPWD? 15:22:28 W+ 15:22:32 s/anyone else/anyone else believes 15:22:35 Q+ 15:22:41 ack ChristopherA 15:23:33 ChristopherA: The only minor thing that I'd really like to see is... a lot of time these documents are distributed around separate from issues. I'd like to see the names and numbers of roles are being considered. I want to make sure the doc lists the issues. Want us to be clear that those issues are open. 15:24:47 No, I'm ok with intent, "perfect is enemy of good" 15:24:51 burn: My one comment on that is that ... that sounds great. I'm a little concerned that if we miss one that you'll be unhappy and went ahead and published. I'm perfectly fine with an intent for the editors to capture what they believe are the names/numbers of roles that have been proposed and are still being discussed. As long as their is an honest attempt or do you want to see that change done and then do a vote next week? 15:25:09 burn: Any other questions or comments then? 15:25:33 PROPOSED: After updating the FPWD to incorporate the terminology decision above and Christopher's request, the group approves publication of the Data Model specification as a FPWD. 15:25:52 PROPOSED: After updating the Data Model document to incorporate the terminology decision above and Christopher's request, the group approves publication of the Data Model specification as a FPWD. 15:26:09 +1 15:26:10 +1 15:26:12 +1 15:26:12 +1 15:26:13 +1 15:26:13 +1 15:26:15 +1 15:26:15 +1 15:26:15 +1 15:26:16 +1 15:26:17 +1 15:26:28 +1 15:26:31 +1 15:26:38 RESOLVED: After updating the Data Model document to incorporate the terminology decision above and Christopher's request, the group approves publication of the Data Model specification as a FPWD. 15:26:41 "Hums" 15:27:06 Topic: Issues related to Revocation and Validation 15:27:23 https://github.com/w3c/vc-data-model/issues/9 & https://github.com/w3c/vc-data-model/issues/35 15:27:36 issues, not PRz 15:27:56 q? 15:27:59 q+ 15:28:02 burn: These were the issues that members expressed the most interest in discussion. 15:28:06 ack stonematt 15:28:10 burn: So, where do we need to go on these issues? 15:28:30 stonematt: I wanted to call out Christopher on this topic because he was bringing this up maybe a little bit based on implementation work and he may have insight. 15:28:47 ChristopherA: Let me paste an issue: 15:28:48 https://github.com/WebOfTrustInfo/btcr-hackathon/issues/25 15:29:38 q? 15:29:43 q+ 15:30:42 ChristopherA: So of the issue is -- what is the kind of revocation that there is. You can have these revocations of ancillary trust items that are independent of the revocation of the VC itself and then you have this opposite case where you have some kind of enduring proof of things being true in the past whether they are still true today. My favorite quote in there from Peter Wooley is that censorship resistance is a key thing ... it's one thing to have 15:30:42 censorship resistance at issuance, you just get a new one if something happens, the real challenge is how do you avoid it on the revocation. Depending on the many types of revocation ... not trusting a key after such and such a date but before that is ok 15:30:47 ... everyone needs to have it 15:30:59 ack stonematt 15:31:02 ChristopherA: This isn't the only place this issue came up but it's an important one. 15:31:04 q+ 15:31:46 Yes, that is accurate! 15:32:03 stonematt: We haven't really spent must time on the topic yet, I get the sense from your intro and experience and there may be a chain of things to validate to true in order for the claim to come back as verified. If that's a simple enough way to state it. Is that the right way to interpret that? From the perspective of the data model, what sort of language or terms do we need to be thinking about? 15:32:13 ack nage 15:32:18 stonematt: The claim was true at some point or was revoked, etc. or what sort of language do we want for that? 15:32:55 zakim, who's on the phone? 15:32:55 Present: Daniel_Burnett, Christopher_Allen, John_Tibbetts, Colleen_Kennedy, Matt_Stone, Adam_Migus, Dave_Longley, Ted_Thibodeau, Nathan_George, Christopher_Webber, Gregg_Kellogg, 15:32:58 ... stonematt 15:33:01 nage: There's a number of things that help with this, splitting a part the construct of whether the claim is true or whether it was revoked. Having an inventory of the things we expect the inspector/verifier to verify and in the right order and the oracles for that information will be perserved when aspects of the info changes and calling out the order ... 15:33:30 q? 15:33:38 https://github.com/WebOfTrustInfo/btcr-hackathon/issues/5 15:33:40 present+ Matt_Larson, Richard_Varn 15:33:46 nage: And how each of those checks is performed is important for privacy, dont' want to do unnecessary correlation/can undo privacy protections when doing revocation. Need to get the data model right. I know Christopher and their groups have techniques to address that and so does Sovrin. 15:33:53 nage: Making sure all of those are on the table is important. 15:33:57 q+ 15:33:58 q+ 15:33:58 Q+ 15:34:33 I am 15:35:23 ack stonematt 15:35:45 ack dlongley 15:37:20 dlongley: in the data model spec we need to define where abstractions occur, different signature mechanisms. There will be interactions between those other methods and the data model. Need to bind them somehow. Those details need to be in the signature method. We need to outline this in the DM spec. If you are going to protect these claims with cryptographic method x, these are the steps and privacy consideratiotns 15:37:30 ack ChristopherA 15:38:06 zakim, who's on the phone? 15:38:06 Present: Daniel_Burnett, Christopher_Allen, John_Tibbetts, Colleen_Kennedy, Matt_Stone, Adam_Migus, Dave_Longley, Ted_Thibodeau, Nathan_George, Christopher_Webber, Gregg_Kellogg, 15:38:09 ... stonematt, Matt_Larson, Richard_Varn 15:38:20 present+ Sean_Bohan, Charles_Engelke 15:38:23 ChristopherA: I posted a little diagram that we had started, that is not a great diagram but it shows why we're having problems with this kind of stuff. There's the integrity of the claim. That's the word we're using the bottom level. Before you try and figure out the trust model, you have to basically look at the integrity of everything. Then there's this next stage where we have to get into inspector-verification issues... 15:38:39 q? 15:39:12 present- stonematt 15:39:43 ChristopherA: You have different things being checked and purposes and on up the chain for what's required. Different kinds of revocation are significant because they aren't about the data but the trust model. I appreciate Dave saying that this goes into the signature model or whatever. My gut feeling is that it's an issuer thing and it may be a relationship between them and the inspector. The issuer can say "I'm only issuing this if you're willing to do 15:39:43 these checks", e.g. you confirm the DID, you have an authoritative check... 15:39:43 q+ 15:40:04 ack dlongley 15:40:05 ChristopherA: That may be required as part of the claim. 15:41:02 dlongley: agree that there are other aspects we want to put into data model. Some of those components might go into the methods used. There might be some not specific to the signature method that must go into the claim itself. 15:41:43 q? 15:42:11 q+ 15:42:13 q+ 15:42:38 dlongley: There may data model elements we need to define or at least extension points, where we have a common vocabulary of enumerated types that define verification requirements for claims that issuers can tag on their claims -- and inspector/verifier software can implement. 15:42:44 ack TallTed 15:45:48 TallTed: I'm getting a fairly strong sense that, as much as work has gone into this over the past works, there hasn't been a concerted effort to do process flow mapping. 15:45:50 TallTed: These are our processes, how can we make them simpler, better, code modularization. It is nitpicky and can be painful to do. One of the examples -- is people going into a restaurant, sitting down, ordering, getting food, etc. Lots of roles involved. Sometimes one person does more than one thing. Sometimes more than one person does more than one thing at a time. The terminology exercise has been exposing this problem, which is echoing in every 15:45:50 other topic that comes up. This is a complex thing, this is a complex thing -- verification of claims. There are so many things, what identifier and keys and chain of custody things, all these matter. I'm not sure that any primitives have actually been captured aside from the subject of a claim. To some extent the issuer of a claim. 15:46:45 ack stonematt 15:46:48 TallTed: I'm not sure we need to capture every possible agent relationship, partly because you can have an agent of and agent, umpteen layers deep. Trying to express that in the basic level makes that incomprehensible to both new comers and those with a fair understanding of what's going on. I think that's the thing that we need to put substantial effort into that possibly to the exclusion of everything else 15:47:09 q+ 15:47:22 I have a process comment toward end of meeting about what we can or can't share from these meetings. 15:47:48 stonematt: How do we get the group engaged to make progress? 15:47:54 q+ 15:47:58 ack dlongley 15:48:04 #RebootingWebOfTrust is good for this kind of thing 15:48:25 q+ 15:49:07 dlongley: Ted is right that we need to document more. Much of this information is tribal or in implementations but needs to be captured. We will need a process to do it. There actually has already been much discussion around this, just maybe not the documentation. 15:49:08 ack nage 15:49:52 nage: My question is that we've been trying fairly hard to avoid protocol details and how those relate to the data model. What Ted's pointing out is that there are process pieces that are important to our data vocabularies. How do we want to extract some of that tribal knowledge? 15:49:54 q+ 15:49:56 q- 15:49:59 ack varn 15:50:04 +1 we have to remember protocol is out of scope so this is tricky. 15:50:34 varn: I'm a huge fan of process mapping. This often devolves into being atomistic or synthetic. There has been work done on this and flow maps in the documentation somewhere, someone should be able to point to them. 15:50:35 we can discuss protocol as needed to understand data model. We just can't write it down :) But the CG could .... 15:50:43 q? 15:51:50 varn: We've done some to lay out of the flow of those steps. We do need to be atomistic on what the pieces are. I threw a batch of the possible names for the other roles into github. Continuing on the atomistic parts and working on teasing that out online in a scenario and that should help expose if we have the roles and tasks worked out and this can inform us and we'll get feedback and this is best done as a dynamic. 15:52:10 Q+ 15:52:25 burn: Any other questions on process moving forward, specific topics of revocation, validation, etc. Goal today was just get the discussion started. People should create issues in github and discuss there. 15:52:27 ack ChristopherA 15:52:56 q+ 15:53:29 ChristopherA: I do believe that this needs to be teased out. I think it's something that's very hard to do online and through issues. The best ways I've ever seen it done was drawing on a big whiteboard with 5-6 people constructively breaking things down into little pieces and such. That's something that RWoT is really good at. We could do it during TPAC if more people are involved there. I don't quite know how to do it online easily. It's just too big, 15:53:29 you need a big canvas to tease it all apart. 15:53:45 ChristopherA: I know October is a long time away and I'm willing to work on it before then, just not sure how. 15:53:59 burn: That was going to be my comment. Can definitely use time at TPAC for that. It's going to be a few months before we get there. 15:54:07 Q? 15:54:34 burn: I think it's worth it for people to take some time to think about this. The chairs of course are always discussing process and how to get to a resolution. Continue having discussion and chairs will continue to help guide discussion. We only have five minutes left today. 15:54:36 Process comment 15:54:40 burn: Any comments on anything else? 15:54:51 ack bur 15:54:53 q+ 15:54:53 ack burn 15:55:34 ChristopherA: This has to do with the change over to being a WG and confidentiality things there. Are the minutes public? 15:55:38 burn: All minutes are public. 15:55:40 rrsagent, draft minutes 15:55:40 I have made the request to generate http://www.w3.org/2017/07/11-vcwg-minutes.html burn 15:56:42 burn: When we send out the link to the minutes, it's publicly visible to everyone. 15:56:49 ack TallTed 15:56:50 burn: So you can point to it or to the minutes as you wish. 15:57:21 TallTed: I was not trying to suggest that the work hasn't been done, it was more of a question about putting it into a form that is consumable for others, including new participants like myself. 15:57:53 Ciao! 15:58:05 zakim, who's on the phone? 15:58:05 Present: Daniel_Burnett, Christopher_Allen, John_Tibbetts, Colleen_Kennedy, Matt_Stone, Adam_Migus, Dave_Longley, Ted_Thibodeau, Nathan_George, Christopher_Webber, Gregg_Kellogg, 15:58:08 ... Matt_Larson, Richard_Varn, Sean_Bohan, Charles_Engelke 15:58:36 s/hasn't been done/hasn't been being done/ 15:58:47 [it seems there may be rooms available in a different hotel - I'll follow up with email to member-vc-wg as soon as I can get the details] 15:58:50 zakim, draft minutes 15:58:50 I don't understand 'draft minutes', burn 15:59:05 rrsagent, draft minutes 15:59:05 I have made the request to generate http://www.w3.org/2017/07/11-vcwg-minutes.html burn 16:00:09 present+ Matt_Larson, Richard_Varn, Sean_Bohan, Charles_Engelke 16:01:06 rrsagent, draft minutes 16:01:06 I have made the request to generate http://www.w3.org/2017/07/11-vcwg-minutes.html burn 16:02:14 s/Process comment// 16:02:18 rrsagent, draft minutes 16:02:18 I have made the request to generate http://www.w3.org/2017/07/11-vcwg-minutes.html burn 16:04:43 rrsagent, bye 16:04:43 I see no action items