See also: IRC log
<stonematt> scribe: Matt Stone
<stonematt> scribe: stonematt
<scribe> agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0011.html
<varn> varn
Reintroduction: varn
varn: works at ETS on credentionials for 30y in academia and legislature. working to pair testing and other credentials for individuals to represent themselves
<dlongley> scribe: dlongley
stonematt: A couple of weeks ago we sketched out some milestones. The first one following FPWD was a fundamental capability of issue and verify.
<manu> https://github.com/w3c/vc-data-model/milestone/3
stonematt: Wanted to spend a
moment on bringing group back together on that as our next
goal. As we get into discussion on composing/decomposing
credentials... wanted to not get into rat's nest of nuance
there and lose sight of our milestone. We will continue to
refine data model, but it should be a guide post for us --
driving towards this milestone.
... Wanted to spend time to align on that as a goal and find
out if this PR and the scope of discussion is the right one to
have in light of this objective.
<scribe> scribe: stonematt
manu: digitial bazaar agrees that is a good first objective. feedback re: cwebber2 discussion re: test suite.
<burn> FYI, the milestone was not in dispute. The chairs just wanted to remind everyone that we had it and needed to remain focused on it!
cwebber2: we need to be able to
"test against some format, like JSON-LD, but support JSON also.
discusses having a series of files w/out scipt that can be
verified
... user could simply "verify" the file, but realize that's not
good enough
... need to verify that the user's library could generate the
signatures
... wanted to avoid web server that user can submit stuff to,
b/c of increased overhead for support
... decieded to bundle a script/driver - 3 command lines
... 1) verifier - returns positive if programs verify
... would require shipping fully bundled issuer and verifier
implementation
... would have hooks to replace your own issuer/verifier
stuff
<dlongley> ok, so test suite would come with preissued credentials and some verifier code -- it could test itself and you can plug in your own implementation for issuer/verifier to the "driver".
manu: upside of this approach: simple and takes us through Rec. -- shouldn't have to redo it mid way through
<burn> +1 to test suite driver. Always best when groups do this.
manu: 1) issuer tool 2) verifier
tool 3) test suite driver tool -- 3) runs entire suite and
produces a report.
... makes developer's life simple
burn: thanks you, groups that do this are more succesful!
manu: ready to merge after a typo-fix.
<dlongley> +1 to merge
burn: any objectiions?
<burn> ACTION: Manu to merge once typo fixed [recorded in http://www.w3.org/2017/08/22-vcwg-minutes.html#action01]
no objection heard.
<manu> https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Aprivacy
<manu> https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity
<varn> subtopics as well
<Zakim> dlongley, you wanted to comment on smaller pieces
dlongley: consider refactoring
how we are putting privacy/security in the spec.
... perhaps have them be sub-topics of elements of each other
section
... provides more context for those sections
<dlongley> +1 to having both general sections and specific ones
burn: will need primary sections as well as consideration within other areas
<Zakim> manu, you wanted to mention that we may want to link from what dlongley said to security/privacy sections "Things to be aware of..." and to also note that we have lots of topics
<dlongley> +1 don't wait to refactor, but suggest that subsections can be a way people get something small in
burn: really interested in getting more contributors writing.
<burn> right dlongley, agreed with motivation to have smaller bits
manu: agree that we need called
out section b/c it was a topic during chartering.
... can't be completely diffused throughout the document
... also include content in each section that calls out areas
of concern for security/privacy
... "also be aware of..."
... we have 20 open issues in the issue tracker related to
security and/or privacy - start there. Please weigh in.
<Zakim> burn, you wanted to explain what goes into these sections
burn: typical content is - specific privacy concerns "one priv. concern is xxx; this is how we address it or why it's not relevant"
david chadwick working on issues around giving individual control around disseminating their information
scribe: have been working on this
topic w/ the Community Group
... Kim has the link as well.
... if presenter is subject, content/text maybe slightly
different than if the presenter isn't the subject
<dlongley> a simple privacy concern is "terms of use" -- when you hand over a credential to a verifier, how are the terms of use expressed or implied?
scribe: negative claims are also an issue.
<Zakim> kimhd, you wanted to ask which document (still not sure)
<dlongley> expressing terms of use (or providing a framework to do so) is in scope for data model.
<kimhd> Privacy & Security Requirements for Credentials Ecosystem: https://goo.gl/ZeyJUS
<Zakim> liam, you wanted to comment on privacy
liam: when we chartered this group, there were people who made formal objections or comments - would be good for chairs to reach out to AC forum to get use cases
<scribe> ACTION: chair to ask on ac-forum for specific privacy example concerns and use cases [recorded in http://www.w3.org/2017/08/22-vcwg-minutes.html#action02]
<Zakim> nage, you wanted to talk about subject
nage: medical records and others where subject may be 3rd party.
<dlongley> could scope it by "type of credential"
nage: context is important for terms of use
<Zakim> manu, you wanted to note acceptableUse and DO_NOT_CORRELATE issues/discussion. and to mention PING as well - reach out to them
manu: 2 open issue 1) around
defining "acceptable use" mechanism
... 2) "do not correlate" flag
<varn> one issue is related to when a party is seeking one or more claim/credential holders and how that seeker will inquire as to whether such holders exist and if so, would they want to share enough details to accommodate the seekers interest and avail themselves of the opportunity that the seeker is offering. Some subtopics--how a holder can expose part or all of a claim/credential, how the seeker will discover them/communicate offer, broker role, and holder choice
manu: would like to agenda time
for "do not correlate" discussion.
... should start reaching out to other organizations for
feedback on the FPWD
... ask for input from PING group at w3c and accesibilty
group
<Zakim> burn, you wanted to talk about readability before contacting communities
manu: also good habit to ask for feedback on a regular (~3mos) basis
<varn> how "right to be forgotten" would apply to a claim/credential and how that can be incorporated as a data element in the model or in the validation or verification so that the data can be found and "forgotten"
<burn> stonematt
<dlongley> stonematt: It might be worth while as a group to take this discussion, which is good, and over the next week or two get these placeholders in our stack so there's a list of issues that we're going to go fill out as we reach out to other orgs and parties so it's not a big black hole.
<dlongley> stonematt: That's something we could probably do as a quick PR to have an inventory of issues to go address.
<Zakim> manu, you wanted to note we have issue markers in the spec for almost all known security/privacy issues.
manu: asserts that the current
spec is good enough to share/expose and ask for feeback
... not the FPWD, the current editor spec
... asking for objections
burn: would like to have content in the security/priv section as well as issue markers
crickets...
<varn> i think it was the part that said if you suggest it you have to take responsibility for doing it
burn: would like volunteers to read doc for security/privacy issues.
<MattLarson> MattLarson can as well
<varn> varn will
<burn> Nage said he will review the markers
<manu> This is the latest: https://w3c.github.io/vc-data-model/
chadwick: where is the latest copy
<Charles_Engelke> I will review, too.
Aslo review the issues list
issues list: https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity and https://github.com/w3c/vc-data-model/issues?q=is%3Aissue+is%3Aopen+label%3Aprivacy
chadwick: terminology around "credential" and "claim"
burn: can't replace "claim" with "credential" for historical reasons
<dlongley> can't remove it, but need to keep it in a much smaller box.
<Zakim> manu, you wanted to say "no, we can't remove claim" :)
manu: claim may be resulting in
confusion around "claim", but it's the term that's in the
"charter". Credential is a loaded term and means things in
other contexts (as well as "Profile")
... need to define relationship between profile, credential,
and claim
<dlongley> also becoming a term of art.
<dlongley> (or a more popular one anyway)
<Zakim> kimhd, you wanted to discuss CCG work item overlap and how we can help
<dlongley> need an intro that is both technically accurate and politically acceptable :)
kimhd: wanted to discuss topic that she included above "privacy and security ecosystem" would/should feed this group
<Zakim> burn, you wanted to mention that claim may be an atom (but longer discussion needed to confirm that)
burn: a claim is more than a term of art and used widely. the question is "what is an atom" and "what is non-divisible"? a claim is taking on that concept
adjurn.
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/poll AC Forum/ask on ac-forum for specific privacy example concerns and use cases/ Succeeded: s/3d/3rd/ Succeeded: s/????/PING/ Succeeded: s/aksing/asking/ Present: Charles_Engelke Chris_Webber Colleen_Kennedy Dan_Burnett Dave_Chadwick Dave_Longley David_Lehn Gregg_Kellogg John_Tibbetts Kim_Duffy Manu_Sporny Matt_Larson Matt_Stone Nathan_George Richard_Varn Ted_Thibodeau Liam_Quin Found Scribe: Matt Stone Found Scribe: stonematt Inferring ScribeNick: stonematt Found Scribe: dlongley Inferring ScribeNick: dlongley Found Scribe: stonematt Inferring ScribeNick: stonematt Scribes: Matt Stone, stonematt, dlongley ScribeNicks: stonematt, dlongley Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Aug/0011.html Got date from IRC log name: 22 Aug 2017 Guessing minutes URL: http://www.w3.org/2017/08/22-vcwg-minutes.html WARNING: No person found for ACTION item: chair to ask on ac-forum for specific privacy example concerns and use cases [recorded in http://www.w3.org/2017/08/22-vcwg-minutes.html#action02] People with action items: manu[End of scribe.perl diagnostic output]