W3C

- DRAFT -

Verifiable Claims Working Group Telecon

12 Sep 2017

Agenda

See also: IRC log

Attendees

Present
Nathan_George, Manu_Sporny, Ted_Thibodeau, Chris_Webber, Richard_Varn, Colleen_Kennedy, Dave_Longley, Kim_Duffy, Joe_Andrieu, Matt_Larson, ChristopherA, David_Chadwick, Matt_Stone, David_Lehn
Regrets
Liam
Chair
Matt_Stone
Scribe
varn

Contents

Matt is chairing and will be a little late. will start at 5 after.

<manu> scribe: varn

Agenda Review

<manu> https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0008.html

Introductions and Re-Introductions

<manu> No intros and reintroductions... we all know each other.

W3C TPAC

Stone: TPAC please register now. We need topics or issues that need face to face dialog

<stonematt> /goo.gl/8voHZS///goo.gl/8voHZS

<stonematt> TPAC topics

<manu> TPAC Agenda: https://docs.google.com/spreadsheets/d/161h0QO8QODtS04eyLQqc6errV7RamcbS-xOPJL6S0g0/edit

Stone: use the document above to add TPAC topics with special attention to the kind of topics that would benefit from having white board discussion and robust interaction in person as well as those that are high priority
... note in your TPAC issues list how much time you think it will take
... we will prioritize these as we get closer to the event

Who is talking?

<stonematt> ChristopherA

ChristopherA: want to know if there will be a time for a VC interest group discussion and joint gathering

Stone: yes, we would like to schedule interaction with the VG IG

<ChristopherA> https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/tree/master/topics-and-advance-readings

ChristopherA: rebooting web of trust upcoming and please use link above to read up for meeting on Oct 3-5 in Boston

<ChristopherA> https://www.eventbrite.com/e/rebootingweboftrust-design-workshop-v-fall-2017-in-boston-area-usa-tickets-34984665075

<ChristopherA> #RebootingWebOfTrust is all interactive

Manu: test suite, candidate recommendation--what is needed to finish should be on list

<JoeAndrieu> where is additional TPAC information about what is happening which day? The W3.org info mentioned the Plenary on Wednesday, but when will VCWG events be occuring?

Manu: open id and saml coordination needs work
... VC use cases and various news organizations expressing interest in joining to help with verifiable sources and stories in news to combat fake news

<manu> JoeAndrieu - https://www.w3.org/2017/11/TPAC/

JoeAndrieu: where is our specific info on the TPAC site?

Manu: wednesday is plenary day. plan to be there
... VCWG meeting is Th-F all day. be there
... Web Payments WG is M-Tu
... general advice plan to be there W-F

Data Model Spec - Milestone 1

date model spec new milestone 1

<Zakim> manu, you wanted to provide some updates, hopefully for cwebber to fill in others.

Stone: what do we need to keep in mind regarding priortizing tasks on that milestone

<manu> https://github.com/w3c/vc-test-suite/tree/gh-pages/tests-1.0

Manu: Chris weber can talk about a python implementation. We are filling out test suite implementations starting with filling out test fields for minimum necessary parts of VC
... once chirs has implemention far enough along can point test suite at it and make progress.
... digital bazaar will ad java script implementation. will have two flavors running. setting up infrastructure now and then will take off

<manu> s/bizarre/bazaar/

<MattLarson> MattLarson +

Chris Weber: last week got python implementation up and running on valid signatures and now working on other running against other implementations. needs more documentation but wants it work first and make user friendly second. adding to libraries to make sure we hav enough to get going on test suits

suite

Stone: good off line discussion on separation holder and subject--needs discussion?

<Zakim> manu, you wanted to ask about implementation language...

MattLarson: acclaim produces a signed claim like the python implementation. would like to test interoperability of their verification

manu: what language is it in?

MattLarson: acclaim is Ruby
... not sure what using to do RDF but probablyGregg Kellogg's gem..

MattLarson It is proprietary not open

<dlongley> s/ Gregg Kellogg's gem/Gregg Kellogg's gem./

manu: run your implementation against the test suite and give a report on results

Privacy and Security Section Review Report

<manu> David Chadwick's feedback: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0011.html

Stone: we asked for a read of privacy and security section and diivy up the work on it
... where are we on the privacy and security spec work?

ChristopherA working on documentation and framework and will share at rebooting WOT

ChristopherA: we have changed terminology that mixes whether a claim is atomistic or a collection and the atomistic way of describing does not fit with how they have written about claime

nage: we call a handshake about a claim offer, request, and the claim to manage disclosure and then ask for proof of holder and manage that and connect to the JSON LD format. Need to articulate how and what will satisfy what elements need to be proven and how

ChristopherA: keep signature simple but able to address the needs. need to figure how individual data elements get express in what soverign calls a composit proof

Composite claims and identity is one of the key issues. there are three classes of solutions: minimization --what do you not send in a case, two is cl sig and blinding, and three is problem where all is mixed and still need to prove the whole and need to discuss that in examples for entangled data objects that have a mix of proofs and data and see if meets the requirements and somewhat dependent on protocol which is outside our scope but affects data format. maybe

all should be separate to make it easier to implement

DavidC: security and privacy issues--going on on git hub not on emails. should it also or only be on email?

<ChristopherA> I subscribe to the entire GitHub so I see all issues

DavidC: second he circulated some comments on the latest version. can discuss off line. Implementation--they have tested with hospital patients using a fido on a smart phone where service provider creates a policy allowing any combo of credentials and smart phone is a cred repository and app matche which meet the policy and which are missing

David C: need ontology like with top and nested levels like Health Card and what goes under that

<dlongley> while the ontology is external it would be good to start an issue on how to express it in the query format for the credential handler API: https://github.com/w3c-ccg/credential-handler-api/issues

DavidC: eg any student from any university or is it a specific kind of university that is nested under ontological understaning of University. Proofing--id is public key and in what is issued by all public credential and linked since key is same. do not need to request how to do a proof because inherent in model

<Zakim> manu, you wanted to respond to nage - much of that sounds like our requirements, so that's good, but we need details at this point... just noting alignment in requirements. and to

DavidC: talked w3c and suggeste usin web auth...waiting on more funding to do that

manu: response to nathan--raised a number of requirement sovereign has aligned with digital bazaar and payments--the response mech is the same as has been out a few years--this is what i need and say not what doc like dL but need prove age that is on Drivers License. how to respond to that request. vc, v profile,v credential or whatever to send proof back. expect differences if doing zkp type stuff. will have a video demo in a few weeks. overall aligned on req
... want comments early on before vc spec too baked. documentation later. even if half baked will still be useful and understood. if something at RWOT is good enough we can use it.
... re DavidC--git hub or email? w3c increasing asking to avoid email. because hard to thread them and finalze them and note changes in spec based on discussion. use spec text in discussion helps with ensuring IP buttoned, who made what contribution and when and imp for IPR reasons and if not big load on chairs and misses the IPR needs when published. go to github the suscribe to repository to get email notices
... david C hospital use case re fido and web auth--any req that spen does not support and can run your implementation through test suite and see if it helps your use case for Health care

DavidC: some of the work is older and proprietary but looks like spec covers it so far. ok for now.

<JoeAndrieu> +1 for remapping/mapping to enable greater Holder control

nathan: one concept raised in various forms--making the ontology from issuer into verifiers language that is unified and brittle for constructs not present in issuers claims so holder may need to reformulate. verifier needs to say what they are willing to accept and how. issuer, holder, and verifier system need to b tied but not have the exact same hierarchical understanding for each to do their part and receive desired value

DavidC: re ontology--can be multiple sets of ontologies for each community like banking which would not interface much or at all with health except in minor ways like payment. do not need global ontology but each app needs a mini ontology for that purpose and can use internal mapping to translate the common ontology in indivdual internal representations

<Zakim> manu, you wanted to ask nage to just sketch out a protocol exchange in an issue... (I expect he's already moving along those lines) and to respond to DavidC's ontology discussion -

<ChristopherA> I have to bow out, heading to credentials call

Manu: re ontology--agree we will have integrated vertical ontologies and spec covers that. is there tension between nathan's not tightly coupled ontology and davidC's need for some commonalities on which you hang meaning and do extensions and internal transforms to use
... suggest raise issue with simple example of the kind of ways that the ontology and need for flexibility is explicated and demonstrated to convey the issue

JoeAndrieu: future agend item suggestion for update on use cases and please add to next week.

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/09/12 16:01:20 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/that's a protected Gdoc...//
Succeeded: s/https://goo.gl/8voHZS//
Succeeded: s/lie to/like to/
Succeeded: s/like, not lie//
Succeeded: s/colleen_kennedy/Colleen_Kennedy/
Succeeded: s/MattStone/Matt_Stone/
Succeeded: s/bizarre/bazaar/
FAILED: s/bizarre/bazaar/
Succeeded: s/RDS/RDF/
Succeeded: s/MattlarsonIt/MattLarson It/
Succeeded: s/______/Gregg Kellogg's gem./
FAILED: s/______/Gregg Kellogg's gem./
Succeeded: s/______/ Gregg Kellogg's gem/
Succeeded: s/ChristopherA:/nage:/
Succeeded: s/JASON/JSON/
Succeeded: s/digital bizare/digital bazaar/
Present: Nathan_George Manu_Sporny Ted_Thibodeau Chris_Webber Richard_Varn Colleen_Kennedy Dave_Longley Kim_Duffy Joe_Andrieu Matt_Larson ChristopherA David_Chadwick Matt_Stone David_Lehn
Regrets: Liam
Found Scribe: varn
Inferring ScribeNick: varn
Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Sep/0008.html
Got date from IRC log name: 12 Sep 2017
Guessing minutes URL: http://www.w3.org/2017/09/12-vcwg-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]