14:31:22 <RRSAgent> RRSAgent has joined #vcwg
14:31:22 <RRSAgent> logging to http://www.w3.org/2017/08/22-vcwg-irc
14:31:33 <burn> Meeting: Verifiable Claims Working Group
14:31:50 <burn> Chair: Dan_Burnett, Matt_Stone, Richard_Varn
14:32:08 <burn> Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0011.html
14:33:01 <burn> rrsagent, make minutes
14:33:01 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-vcwg-minutes.html burn
14:33:05 <burn> rrsagent, make logs public
14:50:03 <Charles_Engelke> Charles_Engelke has joined #vcwg
14:50:34 <burn> present+ Dan_Burnett
14:55:04 <TallTed> TallTed has joined #vcwg
14:55:37 <gkellogg> gkellogg has joined #vcwg
14:57:09 <burn> present+ Gregg_Kellogg
14:57:19 <burn> present+ Ted_Thibodeau
14:58:44 <burn> present+ Charles_Engelke
14:59:46 <burn> present+ Chris_Webber
14:59:53 <stonematt> stonematt has joined #vcwg
14:59:57 <burn> present+ Colleen_Kennedy
15:00:35 <burn> present+ Matt_Stone
15:00:57 <colleen> colleen has joined #vcwg
15:01:20 <colleen> present+ colleen_kennedy
15:01:57 <JohnTib> JohnTib has joined #vcwg
15:02:17 <dlongley> present+ Dave_Longley
15:02:48 <burn> present+ Dave_Chadwick
15:02:57 <burn> present+ John_Tibbetts
15:03:24 <stonematt> scribe: Matt Stone
15:03:32 <stonematt> scribe: stonematt
15:04:02 <stonematt> agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0011.html
15:04:12 <stonematt> Topic: introductions
15:04:22 <burn> zakim, pick a victim
15:04:22 <Zakim> Not knowing who is chairing or who scribed recently, I propose Colleen_Kennedy
15:04:37 <varn> varn has joined #vcwg
15:04:38 <burn> zakim, pick a victim
15:04:38 <Zakim> Not knowing who is chairing or who scribed recently, I propose Dave_Longley
15:04:52 <burn> zakim, pick a victim
15:04:52 <Zakim> Not knowing who is chairing or who scribed recently, I propose Ted_Thibodeau
15:05:34 <varn> varn
15:05:51 <stonematt> Reintroduction: varn
15:06:05 <burn> present+ Richard_Varn
15:06:16 <nage> nage has joined #vcwg
15:06:18 <burn> present+ Matt_Larson
15:06:30 <manu> present+ Manu_Sporny
15:06:35 <nage> present+ Nathan_George
15:06:41 <kimhd> kimhd has joined #vcwg
15:06:52 <stonematt> varn: works at ETS on credentionials for 30y in academia and legislature.  working to pair testing and other credentials for individuals to represent themselves
15:07:29 <MattLarson> MattLarson has joined #vcwg
15:07:42 <stonematt> Topic: Schedule expectations for current milestone (Issue & Verify)
15:07:52 <dlongley> scribe: dlongley
15:08:18 <manu> q+ to provide some detail on progress made on test suite w/ Chris Webber wrt. Milestone 1 (Issue & Verify)
15:08:26 <dlongley> stonematt: A couple of weeks ago we sketched out some milestones. The first one following FPWD was a fundamental capability of issue and verify.
15:08:35 <burn> present+ Kim_Duffy
15:08:51 <burn> q?
15:09:13 <manu> https://github.com/w3c/vc-data-model/milestone/3
15:09:33 <dlongley> stonematt: Wanted to spend a moment on bringing group back together on that as our next goal. As we get into discussion on composing/decomposing credentials... wanted to not get into rat's nest of nuance there and lose sight of our milestone. We will continue to refine data model, but it should be a guide post for us -- driving towards this milestone.
15:09:41 <manu> q-
15:09:49 <dlongley> stonematt: Wanted to spend time to align on that as a goal and find out if this PR and the scope of discussion is the right one to have in light of this objective.
15:10:01 <burn> q?
15:10:03 <stonematt> q?
15:10:04 <dlongley> scribe: stonematt
15:10:17 <manu> q+ wait!
15:10:27 <manu> q- wait!
15:10:30 <burn> ack manu
15:11:33 <stonematt> manu: digitial bazaar agrees that is a good first objective.  feedback re: cwebber2 discussion re: test suite.
15:12:36 <burn> FYI, the milestone was not in dispute.  The chairs just wanted to remind everyone that we had it and needed to remain focused on it!
15:13:33 <burn> Topic: test suite update
15:13:42 <stonematt> cwebber2: we need to be able to "test against some format, like JSON-LD, but support JSON also.  discusses having a series of files w/out scipt that can be verified
15:13:56 <stonematt> ... user could simply "verify" the file, but realize that's not good enough
15:14:05 <liam> present+
15:14:15 <stonematt> ... need to verify that the user's library could generate the signatures
15:14:41 <stonematt> ... wanted to avoid web server that user can submit stuff to, b/c of increased overhead for support
15:15:14 <stonematt> ... decieded to bundle a script/driver - 3 command lines
15:15:37 <stonematt> ... 1) verifier - returns positive if programs verify
15:16:05 <stonematt> ... would require shipping fully bundled issuer and verifier implementation
15:16:27 <stonematt> ... would have hooks to replace your own issuer/verifier stuff
15:16:49 <burn> q?
15:16:59 <stonematt> q+
15:17:02 <dlongley> ok, so test suite would come with preissued credentials and some verifier code -- it could test itself and you can plug in your own implementation for issuer/verifier to the "driver".
15:17:36 <stonematt> manu:  upside of this approach: simple and takes us through Rec. -- shouldn't have to redo it mid way through
15:18:22 <burn> +1 to test suite driver.  Always best when groups do this.
15:18:24 <stonematt> ... 1) issuer tool 2) verifier tool 3) test suite driver tool -- 3) runs entire suite and produces a report.
15:19:31 <burn> ack stonematt
15:19:40 <stonematt> ... makes developer's life simple
15:20:11 <stonematt> burn: thanks you, groups that do this are more succesful!
15:20:25 <stonematt> Topic: Status of PR 69
15:21:01 <stonematt> manu: ready to merge after a typo-fix.
15:21:08 <dlongley> +1 to merge
15:21:10 <stonematt> burn: any objectiions?
15:21:33 <burn> Action: Manu to merge once typo fixed
15:21:47 <stonematt> no objection heard.
15:21:48 <stonematt> Topic: Brainstorm subtopics for Privacy and Security sections
15:22:27 <manu> https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Aprivacy
15:22:32 <manu> https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity
15:22:43 <varn> subtopics as well
15:22:59 <stonematt> q?
15:23:10 <dlongley> q+ to comment on smaller pieces
15:23:30 <burn> ack dlongley
15:23:30 <Zakim> dlongley, you wanted to comment on smaller pieces
15:23:50 <stonematt> dlongley: consider refactoring how we are putting privacy/security in the spec.
15:24:25 <burn> q+
15:24:26 <manu> q+ to note that we need to keep security/privacy sections as well, as people will look for that...
15:24:30 <burn> ack burn
15:24:33 <stonematt> ... perhaps have them be sub-topics of elements of each other section
15:24:44 <manu> q-
15:24:47 <stonematt> ... provides more context for those sections
15:25:05 <dlongley> +1 to having both general sections and specific ones
15:25:08 <stonematt> burn: will need primary sections as well as consideration within other areas
15:25:10 <manu> q+ to mention that we may want to link from what dlongley said to security/privacy sections "Things to be aware of..."
15:25:43 <manu> q+ to also note that we have lots of topics for people to write about at present.
15:25:43 <burn> ack manu
15:25:44 <Zakim> manu, you wanted to mention that we may want to link from what dlongley said to security/privacy sections "Things to be aware of..." and to also note that we have lots of topics
15:25:44 <Zakim> ... for people to write about at present.
15:25:51 <dlongley> +1 don't wait to refactor, but suggest that subsections can be a way people get something small in
15:25:52 <stonematt> burn: really interested in getting more contributors writing.
15:26:12 <burn> right dlongley, agreed with motivation to have smaller bits
15:26:28 <stonematt> manu: agree that we need called out section b/c it was a topic during chartering.
15:26:46 <stonematt> ... can't be completely diffused throughout the document
15:27:17 <burn> q+ to explain what goes into these sections
15:27:22 <stonematt> ... also include content in each section that calls out areas of concern for security/privacy
15:27:34 <stonematt> ... "also be aware of..."
15:28:11 <stonematt> ... we have 20 open issues in the issue tracker related to security and/or privacy - start there.  Please weigh in.
15:28:14 <burn> ack burn
15:28:14 <Zakim> burn, you wanted to explain what goes into these sections
15:29:17 <stonematt> burn: typical content is - specific privacy concerns "one priv. concern is xxx; this is how we address it or why it's not relevant"
15:30:30 <stonematt> david chadwick working on issues around giving individual control around disseminating their information
15:30:56 <stonematt> ... have been working on this topic w/ the Community Group
15:31:03 <manu> rrsagent, make minutes
15:31:03 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-vcwg-minutes.html manu
15:31:16 <manu> rrsagent, draft minutes
15:31:16 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-vcwg-minutes.html manu
15:31:17 <stonematt> ... Kim has the link as well.
15:32:18 <nage> q+ to talk about subject
15:32:23 <stonematt> ... if presenter is subject, content/text maybe slightly different than if the presenter isn't the subject
15:32:48 <kimhd> q+ to ask which document (still not sure)
15:32:55 <dlongley> a simple privacy concern is "terms of use" -- when you hand over a credential to a verifier, how are the terms of use expressed or implied?
15:32:59 <stonematt> ... negative claims are also an issue.
15:33:03 <manu> q+ to note acceptableUse and DO_NOT_CORRELATE issues/discussion.
15:33:07 <burn> ack kimhd
15:33:07 <Zakim> kimhd, you wanted to ask which document (still not sure)
15:33:23 <dlongley> expressing terms of use (or providing a framework to do so) is in scope for data model.
15:33:42 <kimhd> Privacy & Security Requirements for Credentials Ecosystem: https://goo.gl/ZeyJUS
15:33:46 <dlongley> q?
15:33:55 <burn> ack liam
15:33:55 <Zakim> liam, you wanted to comment on privacy
15:34:34 <manu> q+ to mention PING as well - reach out to them
15:34:39 <stonematt> liam: when we chartered this group, there were people who made formal objections or comments - would be good for chairs to reach out to AC forum to get use cases
15:34:52 <stonematt> ACTION: chair to poll AC Forum
15:35:01 <burn> ack nage
15:35:01 <Zakim> nage, you wanted to talk about subject
15:35:25 <liam> s/poll AC Forum/ask on ac-forum for specific privacy example concerns and use cases/
15:35:32 <stonematt> nage: medical records and others where subject may be 3d party.
15:36:01 <stonematt> s/3d/3rd/
15:36:19 <dlongley> could scope it by "type of credential"
15:36:20 <stonematt> nage: context is important for terms of use
15:36:55 <burn> ack manu
15:36:55 <Zakim> manu, you wanted to note acceptableUse and DO_NOT_CORRELATE issues/discussion. and to mention PING as well - reach out to them
15:37:41 <stonematt> manu: 2 open issue 1) around defining "acceptable use" mechanism
15:38:01 <stonematt> ... 2) "do not correlate" flag
15:38:08 <varn> one issue is related to when a party is seeking one or more claim/credential holders and how that seeker will inquire as to whether such holders exist and if so, would they want to share enough details to accommodate the seekers interest and avail themselves of the opportunity that the seeker is offering.  Some subtopics--how a holder can expose part or all of a claim/credential, how the seeker will discover them/communicate offer, broker role, and holder choice
15:38:39 <stonematt> ... would like to agenda time for "do not correlate" discussion.
15:39:04 <stonematt> ... should start reaching out to other organizations for feedback on the FPWD
15:39:46 <burn> q+ to talk about readability before contacting communities
15:39:50 <stonematt> ... ask for input from ???? group at w3c and accesibilty group
15:40:02 <burn> s/????/PING/
15:40:29 <burn> ack burn
15:40:29 <Zakim> burn, you wanted to talk about readability before contacting communities
15:40:40 <stonematt> ... also good habit to ask for feedback on a regular (~3mos) basis
15:40:44 <varn> how "right to be forgotten" would apply to a claim/credential and how that can be incorporated as a data element in the model or in the validation or verification so that the data can be found and "forgotten"
15:41:31 <stonematt> q?
15:41:33 <stonematt> q+
15:41:39 <burn> stonematt
15:41:42 <burn> ack stonematt
15:42:54 <dlongley> stonematt: It might be worth while as a group to take this discussion, which is good, and over the next week or two get these placeholders in our stack so there's a list of issues that we're going to go fill out as we reach out to other orgs and parties so it's not a big black hole.
15:43:05 <dlongley> stonematt: That's something we could probably do as a quick PR to have an inventory of issues to go address.
15:43:05 <manu> q+ to note we have issue markers in the spec for almost all known security/privacy issues.
15:43:14 <burn> ack manu
15:43:14 <Zakim> manu, you wanted to note we have issue markers in the spec for almost all known security/privacy issues.
15:43:51 <stonematt> manu: asserts that the current spec is good enough to share/expose and ask for feeback
15:44:08 <stonematt> ... not the FPWD, the current editor spec
15:44:30 <stonematt> ... aksing for objections
15:44:39 <stonematt> s/aksing/asking/
15:45:15 <stonematt> burn: would like to have content in the security/priv section as well as issue markers
15:45:22 <stonematt> q?
15:45:54 <burn> present+ David_Lane
15:46:03 <dlongley> present- David_Lane
15:46:08 <dlongley> present+ David_Lehn
15:46:13 <stonematt> crickets...
15:46:44 <varn> i think it was the part that said if you suggest it you have to take responsibility for doing it
15:46:57 <stonematt> burn: would like volunteers to read doc for security/privacy issues.
15:47:23 <MattLarson> MattLarson can as well
15:47:26 <varn> varn will
15:47:31 <burn> Nage said he will review the markers
15:47:37 <manu> This is the latest: https://w3c.github.io/vc-data-model/
15:47:38 <stonematt> chadwick: where is the latest copy
15:47:56 <Charles_Engelke> I will review, too.
15:48:46 <stonematt> Aslo review the issues list
15:49:43 <stonematt> issues list: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity and https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Aprivacy
15:50:01 <burn> q+
15:50:07 <stonematt> chadwick: terminology around "credential" and "claim"
15:50:07 <burn> ack burn
15:51:00 <stonematt> burn: can't replace "claim" with "credential" for historical reasons
15:51:01 <manu> q+ to say "no, we can't remove claim" :)
15:51:15 <dlongley> can't remove it, but need to keep it in a much smaller box.
15:51:20 <burn> ack manu
15:51:20 <Zakim> manu, you wanted to say "no, we can't remove claim" :)
15:51:37 <kimhd> q+ to discuss CCG work item overlap and how we can help
15:52:28 <stonematt> manu: claim may be resulting in confusion around "claim", but it's the term that's in the "charter". Credential is a loaded term and means things in other contexts (as well as "Profile")
15:52:56 <stonematt> ... need to define relationship between profile, credential, and claim
15:53:05 <burn> q+ to mention that claim may be an atom (but longer discussion needed to confirm that)
15:53:27 <dlongley> also becoming a term of art.
15:53:49 <dlongley> (or a more popular one anyway)
15:54:04 <burn> ack kimhd
15:54:04 <Zakim> kimhd, you wanted to discuss CCG work item overlap and how we can help
15:55:00 <dlongley> need an intro that is both technically accurate and politically acceptable :)
15:55:13 <liam_> liam_ has joined #vcwg
15:55:38 <stonematt> kimhd: wanted to discuss topic that she included above "privacy and security ecosystem" would/should feed this group
15:55:44 <burn> ack burn
15:55:44 <Zakim> burn, you wanted to mention that claim may be an atom (but longer discussion needed to confirm that)
15:56:59 <stonematt> burn: a claim is more than a term of art and used widely.  the question is "what is an atom" and "what is non-divisible"?  a claim is taking on that concept
15:57:12 <stonematt> adjurn.
15:57:26 <burn> rrsagent, make minutes
15:57:26 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-vcwg-minutes.html burn
15:58:00 <burn> present- liam
15:58:04 <burn> present+ Liam_Quin
15:58:09 <burn> rrsagent, make minutes
15:58:09 <RRSAgent> I have made the request to generate http://www.w3.org/2017/08/22-vcwg-minutes.html burn
16:00:30 <burn> zakim, bye
16:00:30 <Zakim> leaving.  As of this point the attendees have been Dan_Burnett, Gregg_Kellogg, Ted_Thibodeau, Charles_Engelke, Chris_Webber, Colleen_Kennedy, Matt_Stone, Dave_Longley,
16:00:30 <Zakim> Zakim has left #vcwg
16:00:32 <burn> rrsagent, bye
16:00:32 <RRSAgent> I see 2 open action items saved in http://www.w3.org/2017/08/22-vcwg-actions.rdf :
16:00:32 <RRSAgent> ACTION: Manu to merge once typo fixed [1]
16:00:32 <RRSAgent>   recorded in http://www.w3.org/2017/08/22-vcwg-irc#T15-21-33
16:00:32 <RRSAgent> ACTION: chair to poll AC Forum [2]
16:00:32 <RRSAgent>   recorded in http://www.w3.org/2017/08/22-vcwg-irc#T15-34-52
16:00:33 <Zakim> ... Dave_Chadwick, John_Tibbetts, Richard_Varn, Matt_Larson, Manu_Sporny, Nathan_George, Kim_Duffy, liam, David_Lane, David_Lehn, Liam_Quin