14:46:06 RRSAgent has joined #vcwg 14:46:06 logging to http://www.w3.org/2017/08/15-vcwg-irc 14:46:46 burn has changed the topic to: 15 August 2017 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0007.html 14:47:03 rrsagent, make minutes 14:47:03 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html burn 14:47:15 rrsagent, make logs public 14:47:32 Chair: Dan Burnett, Richard Varn, Matt Stone 14:47:49 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0007.html 14:53:25 TallTed has joined #vcwg 14:55:13 Charles_Engelke has joined #vcwg 14:56:08 present+ Dan_Burnett 14:57:12 present+ Ted_Thibodeau 14:59:31 stonematt has joined #vcwg 15:00:06 dezell has joined #vcwg 15:00:11 gkellogg has joined #vcwg 15:00:40 present+ Dave_Longley 15:01:18 present+ Matt_Stone 15:01:32 present+ Manu_Sporny 15:01:52 present+ Charles_Engelke 15:01:56 JoeAndrieu has joined #vcwg 15:02:00 present+ Chris_Webber 15:02:42 present+ dezell 15:03:01 Present+ Gregg_Kellogg 15:04:14 present+ Liam_Quin 15:04:34 zakim, who's here? 15:04:34 Present: Dan_Burnett, Ted_Thibodeau, Dave_Longley, Matt_Stone, Manu_Sporny, Charles_Engelke, Chris_Webber, dezell, Gregg_Kellogg, Liam_Quin 15:04:35 cwebber2 has joined #vcwg 15:04:36 On IRC I see JoeAndrieu, gkellogg, dezell, stonematt, Charles_Engelke, TallTed, RRSAgent, Zakim, burn, liam, dlehn, dlongley, manu, ChristopherA, bigbluehat, robert, deiu 15:04:42 present+ Chris_Webber 15:05:04 amigus has joined #vcwg 15:05:05 nage has joined #vcwg 15:06:19 present+ Benjamin_Young(IRC) 15:06:38 Topic: Agenda Review 15:06:53 Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0007.html 15:06:56 https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0007.html 15:07:07 present+ Adam_Migus 15:07:15 Topic: Agenda 15:07:30 Balazs has joined #vcwg 15:07:31 Add Test Suite discussion 15:07:37 amigus has joined #vcwg 15:08:28 stonematt: Data model spec discussion, guest speaker, privacy security discussion, and reserve time to talk about issuing and verification. 15:09:15 scribe: JoeAndrieu 15:09:16 scribing up 15:09:25 s/scribing up// 15:09:29 rrsagent, draft minutes 15:09:29 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html manu 15:09:48 stonematt: adding test suite discussion to agenda 15:09:55 Meeting: Verifiable Claims Working Group 15:10:03 Topic: Introductions 15:10:23 ...Any new members for introductions? 15:10:47 Re-Introduction: Dan Burnet 15:11:15 s/Burnet/Burnett/ 15:11:22 Present+ Balázs_Némethi 15:11:26 burn: Background in speech recognition. WOrked in W3C and IETF ~ 15 years. Involved because I'm personally interesting in this "Identity" problem. Solving it without using "identity " per se. 15:11:44 Topic: Taqanu and Balázs Némethi 15:12:19 Balazs: Hungarian founder of Taqanu. 15:12:21 https://www.taqanu.com/ 15:12:33 ... trying to figure out solution for banking for refugees 15:13:00 ... Interested in how identity can be looked at from different angles 15:13:18 https://www.taqanu.com/ 15:13:18 Taqanu is focusing on financial inclusion and identity. It uses new technology and financial payment tools to identify and verify individuals - allowing for access to the financial services that will accelerate integration into new lives and new homes. 15:13:20 q+ to frame 15:13:35 ack manu 15:13:35 manu, you wanted to frame 15:13:36 q? 15:14:17 manu: Over past few years, we've been talking about refugee crisis. A number of us are also involved in web payments group. Taqanu is at the intersection of several W3C groups. 15:14:44 ... payments group, this group (VCWG) which lets you establish identity and move claims over the web 15:15:27 ... interesting to have people interested in using what we're creating here. Today the refugee conversation has been largely academic, where what Balazs is doing is bringing it home. 15:15:43 ... opportunity to get his input on what tech he could actually use. 15:16:04 varn has joined #vcwg 15:16:05 rrsagent, draft minutes 15:16:05 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html burn 15:16:08 Balazs: just shared website about how the project started and what we've done in the last 1.5 years 15:16:43 ... Summer 2015 was a trigger. Living in Norway and having trouble open bank account, I started looking at how refugees would do it. 15:17:03 ... Without access to a bank account, it is extremely hard to participate in society 15:17:38 ... It was clear that the way identification is being done--these people are fleeing violence--so many people have a background and education but no way to prove who they are 15:18:04 ... Most of these people in this refugee crisis, actually have a smart phone. It's the one thing they are most likely to have. 15:18:26 ... We know that data is generated throughout out lives. 15:18:45 ... if we can connect that data along with your proof that you are a human being, that should help the situation 15:19:05 ... our digital life is built on owning a bank account and bank card in Western Society 15:19:40 zakim, who's on the phone? 15:19:40 Present: Dan_Burnett, Ted_Thibodeau, Dave_Longley, Matt_Stone, Manu_Sporny, Charles_Engelke, Chris_Webber, dezell, Gregg_Kellogg, Liam_Quin, Benjamin_Young(IRC), Adam_Migus, 15:19:41 ... how we are looking at the problem: banks are unwilling to do it because refugees aren't interesting customers. Not a lot of $$$, at risk for deportation, living on support. 15:19:44 ... Balázs_Némethi 15:19:56 ... banks have little motivation to onboard refugees 15:20:23 Present+ Nathan_George 15:20:25 kimhd has joined #vcwg 15:20:39 present- dezell 15:20:44 ... We are working together with UK financial authority ? innovation hub, how it would be possible to do digital only identification and verification 15:20:45 present+ David_Ezell 15:20:58 ... bringing in reputation network or other identification that are non-governmental ID 15:21:08 MattLarson has joined #vcwg 15:21:17 present+ JoeAndrieu 15:21:38 ... the way to start the process is a holistic move. Anyone who has a right to stay in country, you have right to bank account. 15:21:45 present+ Matt_Larson 15:21:52 ... Anyone waiting for asylum has right to wait for determination 15:22:08 present+ Richard_Varn 15:22:11 present+ Kim_Hamilton_Duffy 15:22:19 ... Even if we could approve the solution, there is risk about onboarding these risky population 15:22:37 rrsagent, draft minutes 15:22:37 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html manu 15:22:39 ... the holistic approach: digital footprint, data aggregation, plus payment method. 15:23:02 ... we have various partners and lots of additional questions to resolve 15:23:18 ... at this point things are still theoretical, but we are driving to answers 15:23:32 ... anywhere in the work, financial inclusion is a big issue 15:23:45 s/work/world 15:24:07 q? 15:24:14 q+ to ask Joe to engage 15:24:20 q? 15:24:22 ack manu 15:24:22 manu, you wanted to ask Joe to engage 15:24:27 q+ 15:24:31 sure if you scribe 15:24:41 ack JoeAndrieu 15:25:07 JoeAndrieu: Your work sounds amazing and I'm very interested in learning more and engaging more deeply. 15:25:23 JoeAndrieu: The way you describe identity, are you seeing biometrics as a part of that? Or is identity more emergent? 15:26:05 Balaz: We may need some basic identity w/o biometrics, but we are also looking at additional hardware for biometrics. So, there may be a requirement there. 15:26:24 JoeAndrieu: So, you're saying your approach does have Biometrics anchored in? 15:27:09 Balázs: Fingerprint or Face Recognition - that may be an added feature since not every phone has a fingerprint reader. We may be able to do face recognition/matching... but we are really looking at what a cheap smartphone can deliver first. 15:27:20 JoeAndrieu: So your baseline is the inexpensive smartphone. 15:27:41 q+ to ask about next steps at the end, after everyone is done. 15:27:54 JoeAndrieu: What's the architecture that you're planning on using? centralized? distributed? 15:28:31 Balázs: We are approaching this from a self-sovereign direction, where people own their data. We do not want to take the Facebook, centralized approach. We want this to be a good tool for society. We are participating in the Decentralized Identity Foundation as well. 15:28:45 I'd love to get your feedback on http://bit.ly/joram100 15:28:53 JoeAndrieu: Great, thanks - cool work - I would like to get some feedback on the Joram paper. 15:29:33 joe@legreq.com 15:29:33 JoeAndrieu: This was an academic view of what an architecture for refugee identity could look like - would love to get feedback on that. 15:29:43 s/joe@legreq.com// 15:30:05 picking up scribing 15:30:14 ack manu 15:30:14 manu, you wanted to ask about next steps at the end, after everyone is done. 15:30:35 manu: let's have some plans to engage Taqanu 15:30:42 ... alignment on goals 15:31:02 ... interested in self-sovereign, refugee crisis, individuals owning data 15:31:12 ... now to figure out how to take action 15:31:31 ... maybe joe could integrate Teqanu into existing use cases 15:31:50 ... or Teqanu could try out our tech in the field 15:31:59 ... but maybe we're a couple months away from that 15:32:11 ... maybe joe could get some more requirements 15:32:25 ... and see if we are meeting those 15:32:51 ... clearly a lot happening on regulatory side. Balaza is going to be dealing with that for a couple years. 15:33:22 ... but we can probably help the work by incorporating Teqana's needs in our requirements and subsequent development 15:33:32 q? 15:33:35 Joe: totally 15:33:56 s/Teqana/Taqanu/ 15:34:12 q? 15:34:39 burn: we had some disconnections. 15:34:53 ... manu is reconnecting 15:35:01 ... now back 15:35:24 Topic: Introduction of Test Suite 15:35:39 https://github.com/msporny/vc-test-suite 15:35:48 manu: here's a temporary link to test suite 15:36:04 ... goal is to get to brass tacks on VCs. signature mechanisms, what's required, etc. 15:36:20 ... whenever we use an example in the spec, we'll use it in the test suite 15:36:44 ... there's a general structure: composed of subsuites. Each subsuite tests certain things. 15:36:57 ... We are testing for datamodel v1.0.0 15:37:03 ... may have stuff for DIDs 15:37:10 [I missed one] 15:37:26 ... meant to be a test suite for all things Verifiable Claims 15:37:37 ... not necessarily just for the VCWG 15:37:52 ... We are going to have to check in private/public keys. 15:38:03 ... These should be test-only! Never put into production 15:38:12 ... Then directories for each subsuite 15:38:33 ... Not sure how we are going to do it. Might use W3Cs test tech. But that may be more heavy handed than we need. 15:38:46 dezell has joined #vcwg 15:38:47 ... Our tests are likely to be pass/fail. Fairly simple. 15:39:12 ... implementers are going to have to talk to one another to figure out what goes in 15:39:21 ... first version is minimal viable credential 15:39:38 ... once we have at least two implementers who work with that suite, we can move on 15:39:51 ... these are suggestions. open to ideas. please add a pull request. 15:40:17 ... This should also be pulled into the W3C organization, which Manu can't do. 15:40:51 burn: Liam? 15:41:31 manu: I've made Liam a collaborator. So just need to transfer ownership. 15:41:42 [misc github logistics] 15:42:20 burn: any other comments on test suite? 15:42:29 ... next item: use cases 15:42:29 q+ 15:42:38 ack cwebber 15:43:06 cwebber2: not sure I'm prepared to ask this question. I wanted to ask for input about how the tests will look 15:43:24 ... will we end up generating claims that other sides will verify? 15:43:33 ... sometimes these things get complicated 15:43:41 ... also, we're using JSON-LD? 15:43:44 q+ to provide some thoughts on C 15:43:52 ack manu 15:43:52 manu, you wanted to provide some thoughts on C 15:43:58 manu: all good questions 15:44:17 ... at a high level, we may want this to be super lightweight. no protocol, no client-server anything 15:44:27 ... not specifying an API, protocol 15:44:37 ... its about whether or not the data structure is valid 15:44:46 +1 to lightweight. That is all that is appropriate for this spec at this time 15:44:51 ... in the future we will need a protocol, so we should take that into account in our design 15:45:15 ... second thought is, the test needs to be against something concrete. Having decided if its JSON, JSON-LD, or XML 15:45:28 Sovrin's implementation is more of a JSON serialization 15:45:39 ... currently JSON-LD is most broadly implements, but we're open to JSON or XML if there are implementers want to step up 15:45:43 s/Having/Haven't/ 15:46:11 but not really, as the CL signatures have their own sort of serialization 15:46:21 ... The spec is currently a bit in the abstract data model. 15:46:40 ... These are the topics we need to discuss as a group 15:46:54 Topic: Use Cases status check 15:47:03 thanks 15:47:11 Burn: What's the status of the use cases document? 15:47:36 [we'll need to include an appropriate test suite liecence] 15:47:38 JoeAndrieu: I haven't done anything yet, but do have a question - what's is the best way for me to get up to speed on how to do that? 15:48:22 JoeAndrieu: I just need some help to get up to speed on how to do that. What's the best way to get bootstrapped into that. 15:48:30 ACTION: Manu to help Joe get up to speed on spec editing. 15:49:10 JoeAndrieu: I'll try to have something to report to the group in two weeks. 15:49:42 Topic: Status of PR 67 15:49:42 back on scribe 15:49:53 s/back on scribe// 15:50:14 burn: looked like a thing, but its not a thing. moving on 15:50:32 ... only 10 min left. 15:50:38 ... Let's look at PR 69 15:50:50 Topic: PR 69 15:51:06 manu: David? 15:51:22 https://github.com/w3c/vc-data-model/pull/69 15:51:55 david: if we have a claim with several attributes, how do we handle mix & matching without violating issuer integrity 15:52:15 ... suggestion is adding a group id, and each claim has an associated group id 15:52:21 s/PR 69/PR 69: Add section on bundling dependent claims./ 15:52:30 ... that way the inspector would know if claims get inappropriately mixed and matched 15:53:10 manu: we had a section not filled in in the spec in the privacy consideration sections. I put first part of David's input into that section. 15:53:21 David raised it as a separate issue here: https://github.com/w3c/vc-data-model/issues/70 15:53:38 ... David raised this as a separate issue 15:54:09 ... Typically in privacy, we tend to propose the issue, then discuss solutions, then eventually get to a contribution in spec 15:54:18 zakim, who's on the phone? 15:54:18 Present: Dan_Burnett, Ted_Thibodeau, Dave_Longley, Matt_Stone, Manu_Sporny, Charles_Engelke, Chris_Webber, Gregg_Kellogg, Liam_Quin, Benjamin_Young(IRC), Adam_Migus, 15:54:21 ... Balázs_Némethi, Nathan_George, David_Ezell, JoeAndrieu, Matt_Larson, Richard_Varn, Kim_Hamilton_Duffy 15:54:33 ... maybe we should go back & forth in the issues, then probably a future telecon around the issue 15:54:42 present+ David_Chadwick 15:55:00 ... Important nuance between data minimization and atomization of claims and what David Chadwick is proposing 15:55:09 q+ to talk about atomized 15:55:17 ack JoeAndrieu 15:55:17 JoeAndrieu, you wanted to talk about atomized 15:55:18 q? 15:55:48 JoeAndrieu: Clarification - it sounds like what David is proposing is a way to limit atomization, but underlying claims aren't further atomized. 15:56:26 david: we want to support atomization. so each credential has only one claim. 15:56:27 DavidC: The issue is how do you stop abuse by the Holder, who has all the atomized credentials. 15:56:42 concern here is that the holder can't combine atomized claims in a way that an investigator won't mis-understand relationships 15:56:50 ... but what if the credentials are bundled together in ways that are never intended 15:56:58 q+ 15:57:09 manu: may be the same thing, but stated differently 15:57:21 ... this is why its nuanced and we can use further conversatiosn 15:57:22 ack nage 15:57:33 nage: definitely a deeper topic 15:57:46 q+ to ask about next steps 15:57:50 Yes, agree with Nathan, that's what we need to discuss. 15:57:55 ... may be ways to address this better. we'll need to take this up and work to address it 15:57:55 +1 15:57:57 ack burn 15:57:57 burn, you wanted to ask about next steps 15:58:19 burn: anything more to do before we take action? 15:58:41 manu: we can pull in the PR. That's essentially an edit in Privacy section, aka, requirement not solution 15:58:52 ... we can describe the problem and say we are working on it. 15:58:59 ... with an issue marker 15:59:02 ACTION: Manu to apply PR 69 with issue note 15:59:05 ... followed by further discussion 15:59:39 burn: want more people involved in writing text 15:59:48 ... especially in privacy and security 16:00:08 ... so if you see something missing. have something to add? please add a paragraph and create PR 16:00:15 ... we'll bring this up again in future calls. 16:00:21 ... Thanks, all. 16:00:35 Balazs has left #vcwg 16:00:36 rrsagent, draft minutes 16:00:36 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html burn 16:06:38 zakim, who's on the phone? 16:06:39 Present: Dan_Burnett, Ted_Thibodeau, Dave_Longley, Matt_Stone, Manu_Sporny, Charles_Engelke, Chris_Webber, Gregg_Kellogg, Liam_Quin, Benjamin_Young(IRC), Adam_Migus, 16:06:39 ... Balázs_Némethi, Nathan_George, David_Ezell, JoeAndrieu, Matt_Larson, Richard_Varn, Kim_Hamilton_Duffy, David_Chadwick 16:07:02 rrsagent, draft minutes 16:07:02 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html burn 16:13:39 stonematt has joined #vcwg 16:20:33 present+ Balázs_Némethi, Nathan_George, David_Ezell, JoeAndrieu, Matt_Larson, Richard_Varn, Kim_Hamilton_Duffy, David_Chadwick 16:20:40 rrsagent, draft minutes 16:20:40 I have made the request to generate http://www.w3.org/2017/08/15-vcwg-minutes.html burn 16:29:00 amigus_ has joined #vcwg 17:47:56 gkellogg has joined #vcwg 18:32:28 gkellogg has joined #vcwg 18:43:49 Zakim has left #vcwg 22:27:21 gkellogg has joined #vcwg