W3C

- DRAFT -

Verifiable Claims Working Group

19 Dec 2017

Agenda

Attendees

Present
Adrian_Gropper, Charles_Engelke, Chris_Webber, Christopher_Allen, Dan_Burnett, Dave_Longley, David_Chadwick, David_Ezell, David_Lehn, Gregg_Kellogg, Joe_Andrieu, Liam_Quin, Manu_Sporny, Matt_Larson, Matt_Stone, Nathan_George, Richard_Varn, Ted_Thibodeau
Regrets
Chair
Richard_Varn, Dan_Burnett, Matt_Stone
Scribe
nage

Contents

<JoeAndrieu_> present?

<dlongley> Zakim: who's here?

Agenda review, Introductions, Re-introductions

<manu> scribe: nage

<burn> Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Dec/0009.html

burn: here is our agenda for today, for reference it is in the topic
... any additions or suggestions?

Call for potential spring meeting locations

<burn> https://docs.google.com/spreadsheets/d/19Ndqc5pLsTu2ZmP4Wy7OlMOmskQFHPh28sMjW3ugsww/edit#gid=0

burn: a reminder that the chairs have a document where we are collecting meetings where we could co-host a F2F meeting with our group
... if you have a meeting in the first half of 2018, please add it to this list
... in January we will try to pick a specific location for a meeting in the spring

Define Milestone 2 (subject != holder)

burn: My understanding is that there was a clear agreement in the group that this topic is our next priority and it needs to happen before we focus on revocation and related topics
... the chairs wanted us to begin the discussion on "how we are going to know when we are done?"
... what do we need to incorporate, consider and address? What are the bounds and end criterion?
... we are time-boxing this discussion for 10 minutes so that we can hit it hard again in January when we resume our calls.
... would anyone like to add themselves to the queue?

JoeAndrieu_: I would like to settle on one, two, maybe three draft use cases.
... at TPAC we talked about different kinds of use cases where subject != holder and they have different complications
... we would like to make sure we have use cases that address the most important ones
... then we need to make sure we have the right adjustments to the data model

<Zakim> manu, you wanted to say +1 to use cases, and point to DavidC... and put someone in charge of pushing this topic forward.

manu: +1 to what JoeAndrieu_ just said, good use cases will help us talk about the issues

<DavidC> +1 to use cases

manu: we need a champion for this topic, someone needs to help us get to a conclusion

DavidC: I'm quite interested in this topic, and I'm happy to help push this forward

<JoeAndrieu_> +1 for DavidC leading the charge

DavidC: should we spend a few minutes suggesting what use cases we should target?
... perhaps the marriage certificate topic? Then the delegation, where the subject delegates to someone else to act on their behalf?

<Zakim> burn, you wanted to encourage moving towards github issues and PRs

DavidC: a third one where the subject doesn't know anything about the holder and doesn't have their permission.

burn: If anyone else has a different opinion on how we should proceed, we'd like to let them get that in now.
... I'm going to temporarily freeze the queue after JoeAndrieu_

stonematt: we don't want to have the delegation discussion itself, assuming delegation works
... a subset or slice of this is where a minor doesn't have rights to delegate

agropper: I would like to propose the prescription use case
... it is nice because the regulations around the use case are fairly clear.
... it has all the elements if you would

<Zakim> manu, you wanted to mention pet use case, power of attorney, booking airline tickets.

manu: focusing on the simpler use cases first will help us make progress. We should still address all of them, we just want some prioritization.
... we may also want to focus on what we believe are the most regular or popular use cases
... the "pet use case" sounds interesting, and hopefully we can use something that is relatable
... maybe there is a use case like that we end up talking about a lot
... for example "power of attorney" delegation use cases
... if we have to pick between "pets" and "power of attorney" it seems clear that we need a mechanism for ranking these
... there is also the "booking airlines" use case for providing passport information to an assistant or booking agency
... these are my three use case suggestions

burn: we are now at the end of our designated time

<agropper> The prescription use case has the credentialed physician issuer signing, the patient subject as holder choosing the pharmacy as verifier. Revocation is desirable. For controlled substance prescriptions, the regualtions are federal and clear.

<stonematt> -1 on focusing on delegation cases...

JoeAndrieu_: I have two google docs I can share

<JoeAndrieu_> http://legreq.com/pres/vc_subject_not_holder.pdf

JoeAndrieu_: the presentation from TPAC on this topic

<JoeAndrieu_> https://docs.google.com/spreadsheets/d/1sUt7OPv5B_DWa4SQcOl16ZZqLg2URwNPmsEhCrisvxM/edit?usp=sharing

JoeAndrieu_: the other item is actually the google doc for the agenda item
... I let a conversation about subject == holder, and 21 potential use cases
... they aren't well broken out, but perhaps we can introduce this tool
... in the next agenda item I'll introduce it and we may want to talk about these use cases

<Zakim> nage, you wanted to talk about "agent-type" delegation

<manu> nage: Protocol gets complex when we get start talking about delegation.

<manu> nage: The issue of subject as a vocabulary ends up being different from subject from cryptographic perspective.

<manu> nage: There are some semantics around key possession wrt. semantics of vocabulary. If we have to distinguish between those two inside of claim structure, it becomes messy. So, we may want to avoid some delegation use cases first so we can get mechanics of crypto correct... we want to make mechanics right first. We can talk about this wrt. Agents wrt. Sovrin, but if we can defer it, it would be good.

burn: because we almost immediately jumped to describing use cases, I'd like to open the queue for just one thing "is there a different direction we should do other then starting with use cases?"

ChristopherA: I guess the thing I'm finding missing or challenging when talking about data use cases is that minimization and selective disclosure, even if the holder is the subject, they may have good reasons not to disclose that
... there is a whole aspect of privacy where we want to help progressive trust
... "I am a party and I wish to present bearer credentials" but until those are accepted you may not want to reveal that you are the subject
... the privacy and selective disclosure side of this question hasn't been fully articulated

+1 to ChristopherA's comment

DavidC: if it is a bearer credential, then by its definition you can't reveal its subject
... there is an implicit assumption that you are the subject, even if you're privacy protecting who you are
... but we don't know who you are
... revealing who you are is a separate showing

burn: we'd like to give JoeAndrieu_ significant time to discuss use cases today, we will give time to continue this discussion at the meeting in January
... are there any strong objections to doing that right now

Domain Discussion of the Week (Use Cases)

JoeAndrieu_: For this week we are looking at the education use cases, which is called out in the charter

<JoeAndrieu_> Evaluation https://docs.google.com/spreadsheets/d/1sUt7OPv5B_DWa4SQcOl16ZZqLg2URwNPmsEhCrisvxM/edit?usp=sharing

JoeAndrieu_: the first tool is the evaluation page

<JoeAndrieu_> Sandbox https://docs.google.com/document/d/1kS9L9oPRqFC7WG3acym7_QalDaK5zrbKy_5-By5X664/edit?usp=sharing

JoeAndrieu_: this is the sandbox page
... what I'm going to do first is introduce those two, then we'll get some hands on, working with the first four in education
... hopefully we'll see how it is useful for the subject ?= holder conversation
... the first tab is the criteria
... the summary page, use cases, lists all the current use cases that are in the use case document or suggested in the subject != holder powerpoint from TPAC
... they are in bold (38-68)
... some are suggested in an issue
... these are all currently under consideration
... they are being pulled in from the other tabs in summary format
... if you click on one, you get the information on that use case from the use case document
... the idea is that where you see my name and values here, it is an invitation to get your thoughts into the conversation
... it isn't voting, but a tool to get information from others in front of everyone in this call
... I hope to send it out as a homework or pre-work assignment so folks have already read the use cases and have some initial conversations started
... the additional tab worth noting is Suggestions.
... we have 84 under consideration, but maybe we need another one.
... if your use case isn't here, get it in the suggestions page and I'll figure out how to fit it in
... The criteria fall into two sets empirical fact (self evident or in the charter, what tech capabilities does it illustrate -- technical uniqueness)
... the digital transcript when you unpack it is about digital evidence
... what evidence was developed throughout your education?
... we should be able to see "what is this doing uniquely", so we can narrow things down so we don't have many duplicate use cases
... the other section of criteria are "evaluated"
... these are the criteria I've boiled it down to, "how mature is the use case -- how much discussion have we had about it?"
... measured by if we have text and have had discussion

<burn> Joe, by spec text you mean text in the use cases document, right?

JoeAndrieu_: next is "compelling or emotional relevance"

<burn> As opposed to text in that data model doc

JoeAndrieu_: is it focused on something that resonates
... and then "relevant", meaning it explains why we need something different than what is already out there
... for example it explains why the current model doesn't really work
... then "complete", where it explains how verifiable credentials meet the use case
... if it isn't really solved by VCs we might want to spend more time on it
... I put down on the bottom an explanation of the numbering system
... from "nothing there" to "totally nailed it"
... the point here isn't to vote or decide, but have a good conversational tool that leads to edits in the spec text

<Zakim> manu, you wanted to mention this is great, I've never seen a WG go to this depth on use cases (and that's a shame), this is super useful (especially minimizing + distinctions)...

manu: a couple things, this is great JoeAndrieu_
... I've never see a WG go into this level of detail around use cases
... it is easy to lose our way by losing track of use cases
... kudos for setting up this tool
... we want to minimize these use cases so we don't have a lot of duplication
... is really important in ensuring we can have a lot of breadth
... so we don't get 30 duplicates of essentially the same use case
... that seems very important
... the only criticism here, is the numbering scheme is difficult, can we make it easier by having a textual description
... I've put in some suggestions as comments
... like having a drop down to pick from, so perhaps there are some enhancements we can make to get more feedback
... the other thing with use cases, is it is hard to get folks to engage unless you corner them on it
... How are you going to drive engagement? Asking for input will be difficult because folks will forget.
... can we reach out 1:1 or make more specific assignments? How do you plan on driving this forward (JoeAndrieu_)?

JoeAndrieu_: thanks for the support on the intention and effort
... the thought from the chairs was, once we understand this process a bit better, perhaps we can use 5-10 minutes a week as a "use case moment" to go through each of these different domains
... the hope is that regularity on the call will help us get to items we can pull into the spec text
... I'm open to reaching out to people through other means

DavidC: I particularly like the distinctions bit of this work
... minor point: if we go to the criteria page, the "complete criteria" seems a little strange to me
... if a use case is about visiting a doctor for a prescription, the VC only addresses its part of the use-case
... and I think we're trying to get at, do VCs solve their part of the use case, not can VCs allow you to do everything proposed
... perhaps we go back to less granularity?

<Zakim> burn, you wanted to ask why starting with education rather than subject not being holder

JoeAndrieu_: I prefer the simpler model, so we could consider it

burn: I understand that you picked education and started with that to explain how this works, I would like to see us start to discuss what next steps are here
... can we talk about what we're going to discuss next>

?

JoeAndrieu_: there is admin overhead to create tabs for discussion
... so when we look at use cases there are 21 related to subject != holder, which is too many for one week
... so it is hard to tease out what the exact topic should be

burn: because we plan to discuss subject != holder, from a use case perspective, I don't know if we need the whole framework to start that conversation, but please give some thought to that
... to help us with the time allocation

JoeAndrieu_: What is the suggestion with regard to the chair recommendation?

burn: I think 10 minutes will be enough for a status check and not much else
... you have said the use cases we have are too broad and too much for a starting point, from a chairs standpoint that will be an issue, so we need more thought on how to use these use cases to help attack that problem

JoeAndrieu_: based on the conversation today, we may still be able to have this "use case moment" but it is also clear that we need to spend a chunk of time talking about the subject != holder to flesh that out
... then we'll take it under advisement how to handle that and bring it into the January discussion
... I would like to pick one of these and have a conversation about it to see how well this tool will work for us
... here is one that is problematic, E4: online classes

(see use case description for more info)

scribe: this is in the charter because education is in the charter
... my score in this use case is that it is incomplete and the distinction when I evaluated it was about the credentials and knowing if Nick is really Nick
... that way he can get the results ascribed to his person
... but the text doesn't really show how you know it is Nick and not someone he hired to take the test
... so it doesn't address the "sharing credentials" part of the problem
... the only mention of verifiable claims was the result of the test, so perhaps my evaluation was hitting the wrong point
... so can we open this up for feedback and comment, what is the real distinction?

burn: we have about 1 minute for responses

DavidC: I do not see anything unique in this use case
... the person is providing VCs to prove he is nick and then picking up a credential for his test

<Zakim> manu, you wanted to do a quick 3 minute check in on data model PRs...

Data Model Outstanding PRs (checkin)

burn: now on to the status check

<burn> https://github.com/w3c/vc-data-model/pulls

manu: the data model check in, we don't have any new PRs
... I'm struggling to figure out what the next PRs are going to be
... we have some big topics to get through, but apart from those it seems like the spec is in pretty good shape
... the critical thing right now is getting the test suite done and multiple implementations going
... the sooner we get through that the sooner we can get to candidate req
... I don't know how much more editorial work there is to do until more happens
... Detailed reviews on the spec with changes that need to be incorporated
... the other item to focus on is actively getting people to write implementations and test against the test suite
... then we could start considering when we can move into candidate req
... "in three months" doesn't seem like a very difficult thing to do
... I hope we can have a discussion about it when we meet again

burn: I strongly disagree with you we are that close
... we have a lot of action items to resolve, and we need some discussion about, "at what point do we consider it frozen"
... thank you for brining that up so we can get it resolved

<varn> Happy Christmahanakwanziksolstestivus all

burn: we will talk to everyone in January (we are off for the next two weeks)

<stonematt> +1 to varn :)

<manu> Happy Holidays all! :)

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/12/19 17:11:23 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/Matt_Steon/Matt_Stone/
Succeeded: s/I think I am up for scribe//
Succeeded: s/(I ditched last week because of technical difficulties)//
Succeeded: s/I did not...//
Succeeded: s/Cleaning a key!//
Succeeded: s/;;;;;p';;//
Succeeded: s/preset/present/
Present: Adrian_Gropper Charles_Engelke Chris_Webber Christopher_Allen Dan_Burnett Dave_Longley David_Chadwick David_Ezell David_Lehn Gregg_Kellogg Joe_Andrieu Liam_Quin Manu_Sporny Matt_Larson Matt_Stone Nathan_George Richard_Varn Ted_Thibodeau
Found Scribe: nage
Inferring ScribeNick: nage
Agenda: https://lists.w3.org/Archives/Public/public-vc-wg/2017Dec/0009.html

WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]