W3C

- DRAFT -

Self-Sovereign Web Breakout Session

10 Nov 2017

Attendees

Present
Manu_Sporny, Samsung, Olivier_Yiptong, Benjamin_Young, JudyZhu, HadleyBeeman, Joerg_Huer, Reto_Gmur, Frank, Dave_Longley, Fabien_Gandon, Robert_Sanderson, Christopher_Allen, David_Wood, Ivan_Herman, Kim_Duffy, Arnaud_Le_Hors, Drummond_Reed, Nathan_George, Alexandre_Bertails, Joe_Andrieu, Gregg_Kellogg, Dominic_from_Google, Dan_Burnett, Kaliya, Matt_Stone, Richard_Varn, 10_plus_people_unidentified
Regrets
Chair
Manu_Sporny
Scribe
dlongley_

Contents

<scribe> scribe: dlongley_

manu: We will be talking about a Web we have more domain over. We get self-issued identifiers, identity, the ability to transact.
... Introduction to Oma... she will save millions of people and lives in rural India, parents unbanked.
... Oma doesn't have an official identity. She has to be at least 5 years old to get one in her country.
... A passport is out of her reach, too costly.
... These conditions reduce a number of things, access to education, access to financial services, higher education, job market, and protection from human trafficking. It's very easy to get lost if you have no identity, hard to find you if kidnapped.
... People in these positions, including Oma, we want to achieve their potential despite challenges faced. Web is playing an increasing role in rural communities, so on. Want to be clear that a lot of these are political problems that we can't solve, but we can provide technology to help.
... I will talk for several more minutes then open session.
... The Web is good at spreading information, good and bad. The Web is doing a good job at what it was designed to do, not good at moving money at a distance, establishing trust at a distance, and there's a data siloing effect that we see from the Web architecture.
... The self-sovereign Web is about working on these issues, there are gaps in the Web Platform today and we want to upgrade it to empower each of us.
... Today W3C is working on some of these issues, Web Payments, Digital Credentials, portable identifiers and data. The profit motive for corporations often has to do with automating business processes, so feel good story and good profit motive at the same time.
... There are huge benefits for corporations in fixing moving money and identity problems. Good for the world at the same time, so incentives aligned.
... These changes will help Oma.
... Some of you came here to get an overview of these things. There's a WPWG and a WCIG at W3C. Trying to make checkout, payments easier on the Web. Anyone trying to launch a new payment network has trouble because rails 40+ years old. Bitcoin doing ok. Can we leverage any of this? Get faster payments. Fundamentally WPWG current work is about going to a merchant site and doing checkout.
... At no point do you have to fill in your credit card number on the site anymore, done in browser or payment apps.
... Here's where we are with Web Payments today -- a chart showing all the people using the Web today, native support for Payment Request API is 34.% and polyfill support is 51.3% of 3.8 billion people. This is a demonstration of how far we've come in a short time.
... Web Payments help Oma's parents engage globally, give financial services through their smart phones. They don't have bank accounts but they do have smart phones (quite often, perhaps surprisingly).
... This helps them engage globally.
... Next is W3C Verifiable Claims (or Verifiable Credentials, aka). Can you prove that you have a certain professional license, do you have a certain level of education, can you send digital driver's licenses, passports, prove you are over 21 years of age, etc.
... So there's a W3C group working on verifiable credentials. There's a polyfill for moving verifiable credentials through the browser and we have the same sort of support with the polyfill but no native support yet. So 85.8% of 3.8 billion browsers. But sites must serve the polyfill and use it to achieve those numbers.
... Verifiable Credentials can help Oma and people like her apply for universities, make other assertions, etc.
... Web Identifiers. Fundamentally current Web identifiers are leased to individuals through DNS, etc. That's fine but does lead to identifier lock-in -- no identifiers for individuals, always from a website.
... Could we move to something complementary for individuals, leaving DNS for what it's good at.
... These credentials need to be tied to individuals and they need to be in control of them. That's where DIDs (decentralized identifiers) come in.
... Many of the people working on this problem are using blockchains and DHTs to issue identifiers that individuals own. Individuals can cryptographically prove ownership/possession over identifiers.
... That changes things -- people can prove identifiers are theirs and not really owned by some organization.
... or company on the Web.
... DID examples are on the slides. There are multiple organizations working on DID methods -- many different types of DIDs.
... There are a number of people unified working on this problem with different blockchains, etc.
... This is in contrast to domain name system, the identifier you tie your data to is yours and that's important.
... We need support from W3C to help push this forward. Web Payments is doing really well. There's browser deployment happening. VC is meeting Thu and Fri, there's fairly healthy progress, specs improving. Web Payments up for rechartering, if you're an AC rep please support. Please join VCWG/CCG we always want more diversity.
... We really need help from the membership, if you believe in DIDs and people and orgs owning their own DIDs is important. The credential handler API is how you move verifiable credentials around in the browser and we need browser blessing on that.
... Fundamentally that's it -- this is the work that helps create the self-sovereign Web. At this point I'd like to go into discussion mode. Are we missing something? Do people dislike the idea? Is it premature, do people think it will fail at W3C?

reto: Thanks, what seems to me is the magic of blockchain. You make it sound like this is free and safe to be permanent. Blockchain is a ledger that is copied to many hosts. There's a mechanism that is typically computation expensive to reach consensus. Even if we assume it will last forever there are costs. How much will Oma pay? Won't it be more expensive than a fee to register with DNS?

Christopher: If you want to have total control, self-sovereign identifier, where you are fundamentally the root. I think it costs $1.50 the last time I did a real test one. But all of those can be a merkleroot of a large set of them. All the people in her class, or whatever. Bitcoin is expensive, ethereum is less expensive, Sovrin and Veres One are low cost but perhaps less secure, there is choice. There is a tree of trust, can register with multiple in

dividuals at once, if you want the strongest today you can use the same system that's doing $2B of wealth.

Webber: You can get an identity that's yours for life. Either I pay a $1.50 or an NGO covers that cost. They can have this identifier and it lasts with them. The only real costs that follow after that have to do with key rotation and so forth. There's a reduction in costs then.

Allen: I don't know about Ethereum but on the Bitcoin proposal, any past Bitcoin transaction that you've ever done can be the root of trust. If you've done bitcoin txn before you don't have to pay again.

Joe: There's some understanding within the community that you don't put the claims themselves on the blockchain. To distinguish, there are claims that let you pass assertions from an issuer to a holder and then verifier, you *could* put on the blockchain but a bad privacy practice.

Herman: I come back to the original use case. Who should decide is blockchain/ non-blcokchain. When you talk about your gmail address you don't own that. I never use such an email address for identifying myself, I have my own domain. So your use case that you start with is not strong enough.

manu: You are fairly rich compared to the rest of the world.

Allen: DNS is still a centralized authroity problem. There are people who have their identities taken away from them.

herman: I know of these problems but you need a much stronger case to go through a totally different, and in many respects, an individual.

cwebber2: I have a domain, but how many people have a domain. How many have forgotten? How many people know someone who has forgotten to forget a domain?
... How many people know people who don't have a domain and never will be able to?

everyone.

cwebber2: Forgetting to pay your lease and you get kicked out. Just like an apartment. If a domain was a root of your identity you're getting kicked out of your life.
... We know all sorts of things that have centralized authorities that can lead to compromised in that sstem. While it's great for you and me that's not everyone.
... Even risks for us.

Ruben: It's like uses cases and stories. I like the story to make it concrete. We need more than one. It's not our story for some of us, the people here. So why is it interesting in a day-to-day basis, people on facebook. Do we have these stories already?

Allen: I have a story about someone doing journalism anonymously, etc. What's good enough for stories?

stonemat_: It could be "my mom needs this"

jheuer: Many people unbanked. We introduced mobile phones for creating ways for people to use money. They stepped over th eneed to create a banking system that's in the Western world that isn't needed in other places (or too costly).

stonematt: actually says "use cases don't have to be so noble and idealistic, it could be my mom does this dumb thing everyday and this would help..."

jheuer: We're not just talking about identity and banking -- we're talking about all that together. I'm not sure blockchain is the solution but it provides the fabric for all of this.

kaliya: We tried to do with OpenID and it *failed*. We trained them to use a URL for htemselves and it just didn't work.
... One of the reasons I'm most excited about this technology is that the plumbing is buried. I as the user think I have an app that does this stuff.

azaroth: My question is around linking to other things. For these sorts of problems I agree. I'm in the museum world, one of the VC we want supported would be ownership of objects. If you can demonstrate that you own this painting that's an important piece of provenance, particularly certain paintings from 1945.
... Saying I'm the creator of this piece of art, I own this piece of art.

Wood: I don't think it's a surprise to anyone here. W3C has been suspicious of this work, not always fully supportive, it's taken tremendous amount of work by Manu and others. It was interesting to see VC all over Jeff's slides today. I'd like to caution people in the room ... thinking that somehow what we have is good enough. We tend to think of these things as solved problems.
... If you saw Philip not getting his slides up on the projector, the hardest problems in CS are wifi and printing, maybe projecting. We treat these things as solved problems, we treat identity as a solved problem, our relationships to govt and payments. They aren't solved problems.

reto: Last week I read through the DID spec. I saw an implementation link, only went to Sovrin. Which isn't blockchain, which is trustees around the world managing a ledger. Similar to DNS. You can still lose identity with this method, people can die and they aren't there and people can get almost private keys. This doesn't solve all issues.

azaroth: As part of the cultural heritage domain, the ownership and creation of art objects is an issue that we're grappling with. Verifiable claims of ownership (provenance) and authorship/attribution would make the culture on the web much easier. So, how do we engage with the validation of such claims where there are identities for physical, artistic things?

reto: Bitcoin it's possible for $1.50, but one txn is 2KWH.
... Using more than capital of ireland in electricity. If this is reaches a really big share it will use much more power compensation.
... Showing credibility by showing proof of work, proof of stake, other methods coming up. I'd like to break open the magic blockchain and how it guarantees consistency, low cost, decentralization, etc.
... I'd like to see the social aspect like the SOLID project where you reach consensus, not by spending resources but by social relationships.
... Then that's cheap and sustainable.

Drummond: I'm one of the 12 trustees of the Sovrin foundation and I can explain how to address those issues. Bitcoin and Ethereum have proved that there's something that can cryptographically ... properties for smart contracts, etc. How can we design a global public utility that addresses those problems, diffuse trust, low cost, people subsidized, open source, widely scrutinized. How can you design everything around solving that problem. Creating someth

ing to work along side DNS. That's why Sovrin was created, why the source code is open as Hyperledger Indy, etc. When I give prsentations -- we're just trying to find an identifier and verifiable claims. As long as these things are interoperable and anyone can verify signatures, etc we can do it. You can still do this with DNS, there will people identifiers with URLs and with DIDs can co-exist.

nage: What your'e doing is proving ownership. You want to tokenize just the parts that are relevant to the transactions at hand. When you don't do that it turns into a supercookie then you can betray the people who have shard with you. So when using this tech you can avoid correlation. When you anchor to human readable identifiers, you get that kind of correlation. When you do a decentralized identifier you can get better security properties and properl

y model relationships and have secure interactions.

Allen: You can create decentralized identifiers that refer to people or things that aren't things. It could be a sensor, you can have censorship resistent, getting a censhopship resistent DOI -- lots of different approaches, maybe it will be Bitcion, something cheaper, etc.
... I'm an the author of SSL/TLS, I've been working with this a long time, There's a lot of new crypto these days. There's all kinds of zksnark tech that the existing internet infrastructure cannot support right now. It's not designed to make the various crypto proofs. DIDs are beginning to have that capability. We designed it with that in mind -- we are calling things proofs not signatures, etc. Being careful in designs.
... This is one of the reasons to be actively supporting it. A DID *is* a URL. It's compatible.

nage: when you anchor to DNS, which has a lexical ontology you can't selectively disclose attributes and maintain or protect the context of your real world relationships. This puts you in a place where key management is about hierarchy which isn't a natural mapping for interactions. With DIDs you can have keys for any purpose, which allows you to couple attributes to those proofs of posession as needed and opens back up the possibility of contextual
... identity and supports relationship-based key management, which helps you disclose data only within a certain context.

Allen: We aren't saying don't use tehse other methods, you can still use any URL in a VC.

jheuer: I've been in identity a long time. If identity serves a purpose then it's good. Saying "this is the solution", I don't believe that. We had a few discussions just before this, user centricity perhaps supercedes self-soveriegnty. If I really own my own keys I would have them on my device and my total control and no danger that they would be around for the next centuries proving things I don't want to be known. I would change the picture to move b

lockchain as an option.

jheuer: We started with identifiers, this year is about identifiers, authenticity detection important in the identity world. ... All the regulation and laws around a level of authentication, you need pin, devices, etc. we're forgetting about the authenticity of things here and that should be part of the story.

cwebber2: Manu can confirm when I sent him a long email, I said ... do we really need all this stuff? I do that a lot.
... That example part is actually really important (of DID methods, etc).

jheuer: User-centricity sometimes more open than distributed identifier
... Identifier will almost always need authentication associated (authenticity of data plus authentication when using a 'claim')

cwebber2: I'm now more convinced that we want a blockchain for people's long term identifiers. You may want some identifiers like for things to be transient. A couple of these ledgers are being built specifically for DIDs, but in the IPFS case, what if you wanted to generate DIDs that would be garbage tomorrow. The DID only stays alive as long as people want to use them. Bitcoin would keep things around forever which is good for things like e-gold. I'm

getting off track. Even if you're a blockchain skeptic, not all of these approaches are directly Bitcoin, and it may not be used in the way that you're generating lots of txns, please review the multiple methods and see if they do what you want, different properties.

cwebber2: Handing out DIDs are long term replacement for SSN is just one case.

kimhd: Q4 2018, Ethereum expects to be on proof of stake -- you have to be very careful that you're preserving the characteristics of the blockchain. The implementation links only referencing Sovrin we need to fix that. We did a BTCR hackathon ... many different implementations on different ledgers. To Kaliya's point, usability ... some options and method providers might provide social recovery, like designating several of your contacts to authorize you

to recover.

kimhd: DIDs for identity -- I'm in the education space, for us value is on the issuer side. Outdated, directly contact institutions, clearing houses, etc. It's a huge advantage to say this identifier is associated with this institution, etc. better.

Drummond: It's clearly a topic ... it's a new area, lot of confusion, I spend a lot of time dispelling myths. You said Sovrin isn't blockchain, it's not Bitcion. We're seeing fit-for-purpose blockchains, an explosion of them. There's a DHS sponsored presentation on that.

cwebber2 not all blockchains are bitcoin, and we even have one non-blockchain method :)

fab_gandon: a pointer to the mentioned presentation ?

Drummond: Sovrin uses public permissions expressly so that it doesn't have to use PoW, to avoid the power issue. Another misconception is that you only have one DID. Sovrin approach will be thousands, all pairwise.
... To avoid correlation. It's not just for blockchain, it's for enabling democratiization of key management, etc. There are 7 methods already today.
... I expect to get to a couple dozen of these, more than one even on a single blockchain.
... There are new things about how this is working and is fundamentally about decentralized PKI, also funded by DHS, an open standard that may go to OASIS.
... This is about decentralized PKI

hadleybeeman: I work for the UK govt and we're facing this as well. Knowing who owes what tax, to get disability benefits, help support community, people over 18 need to show it to drink, etc.

reto: hadleybeeman: "In contrast, Sovrin utilizes a “public permissioned” distributed ledger—not a blockchain—that provides public access for identity owners while permitting " -- https://sovrin.org/technology/#distributed_ledger

hadleybeeman: From a dev perspective, the easiest way to do that is to have one identifier created by the govt that is imposed on you, the model in the US. Due to GDPR, that's not an option for us in the UK. Going back to WWII and having someone be forced to present their papers we can't have that model.
... We are very much experimenting with and trying to grapple with the idea of decentralized identifiers (DIDS), please keep going, we need these problems solved.

Allen: GDPR is hugely going to be driving some of this stuff. There are a number of people looking at it and saying existing heirach-certs won't confirm to GDPR. More Jews died as a % in Holland than Germany because of SSN.
... We're very American centric sometimes and GDPR will be a driving force.

jheuer: I heard a lot of support here. Tech does not incite trust, brand does. Please come to me and tell me that's stupid or keep it in mind. It's not the tech, the brand. Some brand is needed and many brands that are relevant in many different contexts, having thousands of these things makes sense.

Drummond: Many of the biggest brands in the world interested too.

Herman: The goal of this meeting is to come to W3C at some point, work a lot on the story. Manu and I go back a long way, the way it was presented, we want to start all over again because what's there is unusable. The arguments you gave sometimes were not technological but business arguments. If that comes then you have will a tremendous pushback. And that's why I was poking you with this. You know the people and they might be much less nice than me.
... For example it has to be made very clear how a DID coexists with what is already on the Web, not that whatever is on the Web is out of the room. So how can I use the DID and use it when i want to sign into a Website.
... People may think "these guys want to fork the Web" and you don't want that reaction.

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/11/10 19:17:43 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/Ah, got it. :)//
Succeeded: s/dlongley_: Are you replaying the minutes?//
Present: Manu_Sporny Samsung Olivier_Yiptong Benjamin_Young JudyZhu HadleyBeeman Joerg_Huer Reto_Gmur Frank Dave_Longley Fabien_Gandon Robert_Sanderson Christopher_Allen David_Wood Ivan_Herman Kim_Duffy Arnaud_Le_Hors Drummond_Reed Nathan_George Alexandre_Bertails Joe_Andrieu Gregg_Kellogg Dominic_from_Google Dan_Burnett Kaliya Matt_Stone Richard_Varn 10_plus_people_unidentified
Found Scribe: dlongley_
Inferring ScribeNick: dlongley_

WARNING: No "Topic:" lines found.


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]